Cybersecurity Glossary

A 

• Access Control: Mechanisms that manage how users can interact with resources in a computing environment. 
• Advanced Encryption Standard (AES): A symmetric encryption algorithm widely used across the globe to secure data. 
• Advanced Persistent Threat (APT): A prolonged and targeted cyber attack where an intruder gains access to a network and remains undetected for an extended period. 
• Adware: Software that automatically displays or downloads advertising material when a user is online. 
• Air Gap: A security measure that involves isolating a computer or network and preventing it from establishing an external connection. 
• Artificial Intelligence (AI) in Cybersecurity: The use of machine learning algorithms and AI to detect threats and protect against cyber attacks. 
• Attack Surface: The sum of the different points where an unauthorized user can try to enter data to or extract data from an environment. 
• Authentication: The process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an IT system. 

B 

• Backdoor: A method by which an unauthorized user bypasses normal security controls to gain access to a system. 
• Behavioral Analysis: The study of behavior patterns to identify abnormal activities that might indicate a security breach. 
• Black-Box: It refers to a practice where testers simulate real-world attacks on networks, software, or systems without any insights into the code, architecture, or system design. 
• Blockchain Security: The measures taken to secure blockchain networks and applications from cyber threats. 
• Botnet: A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge. 
• Brute Force Attack: A trial-and-error method used to decode encrypted data such as passwords or Data Encryption Standard (DES) keys. 
• Brute Force Protection: Techniques or tools used to defend against brute force attacks, such as account lockout policies. 
• Bug Bounty Program: A deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. 
• Business Continuity Planning (BCP): The process involved in creating a system of prevention and recovery from potential threats to a company. 

C 

• Certificate Authority (CA): An entity that issues digital certificates to verify the authenticity of entities and their public keys. 
• Cipher: An algorithm for performing encryption or decryption. 
• Clickjacking: A malicious technique where users are tricked into clicking on something different from what they perceive, potentially revealing confidential information or taking control of their computers. 
• Cloud Security: Measures and policies designed to protect data, applications, and infrastructure associated with cloud computing. 
• Command and Control (C2 or C&C): A set of processes used by cyber attackers to maintain communications with compromised systems within a target network. 
• Compliance: Ensuring that an organization follows the required regulations and standards for security. 
• Cross-Site Scripting (XSS): A vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. 
• Cryptography: The practice of securing information by transforming it into an unreadable format, only accessible by those with the decryption key. 
• Cyberespionage: The act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information, often for economic, political, or military advantage. 
• Cybersecurity Framework: A set of guidelines and best practices to help organizations build and improve their cybersecurity posture. 

D 

• Data Breach: The unauthorized access and retrieval of sensitive information by an individual, group, or software system. 
• Data Exfiltration: The unauthorized transfer of data from a computer or other device. 
• Data Loss Prevention (DLP): Technologies and processes that detect and prevent data breaches, exfiltration, or unwanted destruction of sensitive data.  
• Dark Web: A part of the internet that is not indexed by traditional search engines and requires specific software, configurations, or authorization to access, often used for illicit activities. 
• Deep Packet Inspection (DPI): A form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point. 
• Denial of Service (DoS): An attack aimed at making a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services. 
• Digital Forensics: The process of uncovering and interpreting electronic data for use in a court of law. 
• Distributed Denial of Service (DDoS): A type of DoS attack where multiple compromised systems are used to target a single system, causing a denial of service. 

E 

• Encryption: The process of converting information or data into a code to prevent unauthorized access. 
• Endpoint: Any device that connects to a network, such as computers, smartphones, or IoT devices. 
• Endpoint Detection and Response (EDR): Tools focused on detecting, investigating, and mitigating suspicious activities and issues on endpoints. 
• Endpoint Protection Platform (EPP): Solutions deployed to endpoints (such as workstations and servers) to prevent file-based malware, detect malicious activity, and provide remediation capabilities. 
• Endpoint Security: The practice of securing end-user devices like desktops, laptops, and mobile devices from cyber threats. 
• Exploit: A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. 
• Exploit Code: Software or scripts that take advantage of a bug or vulnerability to cause unintended behavior in software or hardware. 
• Exploit Kit: A toolkit used to exploit security holes in software applications, often distributed via malicious websites. 

F 

• False Positive: An alert that incorrectly indicates the presence of a threat, such as a virus or malware. 
• File Integrity Monitoring (FIM): A process that ensures files are in their correct state by monitoring and detecting any changes. 
• Fileless Malware: A type of malicious software that uses legitimate programs to infect a computer, avoiding detection by not writing its code directly to disk. 
• Firewall: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. 
• Firewall Rule: A set of criteria that determines whether network traffic should be allowed or blocked. 
• Firmware: The permanent software programmed into a read-only memory that provides low-level control for a device’s specific hardware. 
• Forensics: The application of scientific methods and techniques to investigate crimes and gather evidence related to cyber attacks. 
• Full Disk Encryption (FDE): Encryption technology that encrypts all the data on a disk to protect information at rest. 

G 

• Gateway: A network node that connects two different networks, often performing protocol translation to enable communication between them. 
• General Data Protection Regulation (GDPR): A regulation in EU law on data protection and privacy in the European Union and the European Economic Area. 
• Geofencing: A technology that uses GPS or RFID to create a virtual geographic boundary, enabling software to trigger a response when a device enters or leaves a particular area. 
• Grey Hat Hacker: A hacker who may violate laws or ethical standards but does not have the malicious intent of a black hat hacker. 
• Grid Computing Security: Measures to protect grid computing environments, where computational resources are distributed across multiple locations. 
• Group Policy: A feature of Windows that provides centralized management and configuration of operating systems, applications, and users’ settings. 
• Guest Network: A separate network designed to provide internet access to visitors while isolating them from the main network to enhance security. 
• Guided Hacking: The process of teaching or assisting individuals in hacking techniques, often with a focus on ethical hacking and cybersecurity education. 

H 

• Hardware Security Module (HSM): A physical device that manages digital keys and provides cryptographic processing. 
• Hash Collision: An event where two different inputs produce the same hash output. 
• Hash Function: A function that converts an input (or ‘message’) into a fixed-size string of bytes, typically a digest that represents the data uniquely. 
• Hashing: The process of converting an input (or ‘message’) into a fixed-size string of characters, which is typically a digest that uniquely represents the data.  
• Hacker: Someone who seeks and exploits weaknesses in a computer system or network. 
• Honeynet: A network of honeypots designed to attract and analyze attacks. 
• Honeypot: A security mechanism set to detect, deflect, or study hacking attempts by presenting a seemingly legitimate target. 
• Host Intrusion Detection System (HIDS): A system that monitors and analyzes the internals of a computing system for signs of suspicious activity. 

I 

• Identity and Access Management (IAM): Framework of policies and technologies for ensuring that the right individuals have the appropriate access to technology resources. 
• Incident Management: The process of identifying, managing, recording, and analyzing security threats or incidents in real-time. 
• Incident Response: The organized approach to addressing and managing the aftermath of a security breach or cyber attack. 
• Insider Threat: A security risk that originates from within the targeted organization, often involving current or former employees or contractors.  
• Integrity: The assurance that information is trustworthy and accurate. 
• Intrusion Detection System (IDS): Software that monitors a network or systems for malicious activity or policy violations. 
• Intrusion Prevention System (IPS): A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. 
• IP Spoofing: The creation of Internet Protocol (IP) packets with a false source IP address to conceal the identity of the sender or impersonate another computing system. 

J 

• Jailbreaking: The process of removing restrictions imposed by the manufacturer on devices running the iOS operating system through the use of software and hardware exploits. 
• Jamming Attack: A type of attack that involves intentionally interfering with wireless communications by broadcasting radio signals that disrupt the normal operations of wireless networks. 
• JavaScript Malware: Malicious software that is written in JavaScript and can be executed in a web browser to perform harmful actions. 
• Jitter: In the context of network security, it refers to the variability in packet delay in a network, which can affect the performance and reliability of real-time communications. 
• Juice Jacking: A type of cyber attack where a charging port is used to transfer malware to a device or steal data from it.  
• Jump Server (Jump Box): A secure computer that administrators use to connect to devices in a different security zone, minimizing the attack surface. 
• Just-In-Time (JIT) Access: A security concept where users are granted access to resources only when they need it and for the shortest time necessary to reduce the risk of unauthorized access. 
• JWT (JSON Web Token): A compact, URL-safe means of representing claims to be transferred between two parties. Used for authentication and information exchange. 

K 

• Key Exchange: The process of exchanging cryptographic keys between entities to establish a secure communication channel. 
• Keylogger: A type of surveillance software that has the capability to record every keystroke you make to log a file, usually encrypted. 
• Kerberos: A network authentication protocol designed to provide strong authentication for client-server applications by using secret-key cryptography. 
• Kill Chain: A military concept used in cybersecurity to describe the stages of a cyber attack from reconnaissance to exfiltration. 

L 

• Least Privilege: The practice of limiting access rights for users to the bare minimum permissions they need to perform their work. 
• Log Analysis: The process of reviewing, interpreting, and understanding computer-generated records (logs) to help detect and investigate security incidents. 
• Logic Bomb: A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. 
• Log Management: The practice of collecting, storing, and analyzing logs to detect and respond to security incidents. 

M 

• Malvertising: The use of online advertising to spread malware. 
• Malware: Malicious software designed to harm, exploit, or otherwise compromise the integrity of a computer system. 
• Man-in-the-Middle (MitM) Attack: An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. 
• Managed Security Service Provider (MSSP): A third-party company that provides security services to monitor and manage security devices and systems. 
• Memory Forensics: The analysis of volatile data in a computer’s memory to uncover evidence of malicious activity. 
• Multi-Factor Authentication (MFA): A security system that requires more than one method of authentication to verify the user’s identity. 
• Multi-Cloud Security: Security measures and strategies designed to protect data and applications across multiple cloud environments. 
• Multi-Tenancy: A single instance of software serving multiple customers, each considered a tenant. 

N 

• Network Access Control (NAC): A security solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network. 
• Network Forensics: The monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. 
• Network Security Protocol: A formal set of rules and conventions that dictates how data is transferred over a network to ensure secure communication. 
• Network Segmentation: The practice of dividing a network into smaller parts to improve security and performance. 
• Nonce: A number or bit string used only once, often in authentication protocols. 
• Next-Generation Firewall (NGFW): A hardware or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application, port, and protocol levels. 

O 

• OSINT (Open Source Intelligence): The practice of collecting and analyzing publicly available information from various sources, such as social media, websites, and public records, to gather actionable intelligence. 
• OAuth (Open Authorization): An open standard for access delegation, commonly used as a way to grant websites or applications limited access to a user’s information without exposing passwords. 
• OBIEE (Oracle Business Intelligence Enterprise Edition): A comprehensive suite of enterprise BI products that delivers a full range of capabilities including interactive dashboards, ad-hoc queries, and alerts. 
• Obfuscation: The practice of making something obscure or unclear, often used in programming to make code difficult to understand and prevent reverse engineering. 
• Offline Attack: A type of cyber attack where the attacker has access to encrypted data and attempts to decrypt it without being connected to the network or system from which the data originated. 
• On-Premises Security: Security measures and protocols implemented within an organization’s physical location, protecting on-site data centers and local networks. 
• OT (Operational Technology): Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an organization, often used in industrial environments. 
• OWASP (Open Web Application Security Project): A non-profit foundation that works to improve the security of software through community-led open-source software projects, conferences, and local chapters. 
• Over-the-Air (OTA) Updates: Wireless delivery of new software or data to mobile devices and other networked equipment, allowing updates without physical connections. 
• Overlay Attack: A type of attack where a malicious layer is placed over a legitimate application interface, tricking users into entering sensitive information into the malicious layer. 

P 

• Password Manager: A software application or hardware device that helps users store and manage their passwords securely. 
• Patch Management: The process of distributing and applying updates to software. 
• Penetration Testing: A method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders. 
• Pharming: A cyber attack intended to redirect a website’s traffic to another, fraudulent site. 
• Phishing: A cyber attack that uses disguised emails as a weapon to trick recipients into revealing personal information. 
• Privilege Escalation: When a user gains higher access levels than what was initially granted. 
• Proxy Server: A server that acts as an intermediary for requests from clients seeking resources from other servers. 
• Public Key Infrastructure (PKI): A set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. 

Q 

• Quarantine: The isolation of data or files that are suspected to be infected with malware, to prevent further spread and damage. 
• Query String: A part of a URL that assigns values to specified parameters, often used in web applications to retrieve data. 
• Queue Attack: An attack that involves manipulating or exploiting a queue, such as a print queue or message queue, to disrupt normal operations or gain unauthorized access. 
• Quick Response (QR) Code Attack: A type of attack where malicious QR codes are used to direct users to phishing sites or initiate the download of malware. 
• Quota Management: The process of setting limits on the amount of resources (such as disk space, bandwidth, or data usage) that a user or system can consume to ensure fair distribution and prevent abuse. 

R 

• Rainbow Table: A precomputed table for reversing cryptographic hash functions, mainly used in cracking password hashes.  
• Ransomware: Malicious software that encrypts a victim’s files, with the attacker demanding a ransom to restore access. 
• Ransomware-as-a-Service (RaaS): A business model for ransomware developers where they lease out ransomware variants to affiliates in exchange for a share of the ransom payments. 
• Red Team: A group of security professionals who act as adversaries to identify and exploit vulnerabilities in an organization’s security posture. 
• Red Teaming: A full-scope, multi-layered attack simulation designed to measure how well an organization’s people, networks, applications, and physical security controls can withstand an attack. 
• Remote Desktop Protocol (RDP): A network communication protocol that enables secure remote connections between a client machine and a server, allowing users to control and manage computers from different locations as if they were physically present.
• Risk Assessment: The identification and analysis of potential risks that could negatively impact an organization’s assets, operations, or individuals. 
• Rootkit: A collection of software tools that enable an unauthorized user to gain control of a computer system without being detected. 
• Rogue Security Software: Malicious software that misleads users into believing their computer has a virus, and is often designed to steal money. 

S 

• Sandboxing: A security mechanism for separating running programs to prevent malware from spreading. 
• Security Event and Management (SEAM) Rules: Predefined conditions within a Security Information and Event Management (SIEM) system that trigger actions to detect, analyze, and respond to security events and incidents.  
• Security Information and Event Management (SIEM): A set of tools and services offering a holistic view of an organization’s information security. 
• Security Operations Center (SOC): A centralized unit that deals with security issues on an organizational and technical level. 
• Security Token: A physical device or digital token used to prove one’s identity electronically. 
• Social Engineering: The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. 
• Software-Defined Networking (SDN): An approach to network management that enables dynamic, programmatically efficient network configuration. 
• Spear phishing: A targeted phishing attack using personalized messages crafted from detailed research to deceive specific individuals or organizations, aiming to steal sensitive information or compromise systems.  
• Spoofing: A technique where an attacker masquerades as a legitimate entity to deceive victims. 
• Supply Chain Attack: A cyber attack that seeks to damage an organization by targeting less secure elements in the supply network. 

T 

• Threat Hunting: The proactive search for cyber threats that are lurking undetected in a network. 
• Threat Intelligence: Information about threats and threat actors that helps mitigate harmful events in cyberspace.  
• Threat Vector: A path or means by which a hacker (or cracker) can gain access to a computer or network server to deliver a payload or malicious outcome. 
• Threat Modeling: The process of identifying potential threats to a system and determining the value of each potential threat. 
• Token Ring: A network configuration where devices are connected in a circular format and data passes through each device in one direction until it reaches its destination. 
• Tokenization: The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. 
• Trojan Horse: A type of malware that is often disguised as legitimate software. 
• Two-Factor Authentication (2FA): A security process in which the user provides two different authentication factors to verify themselves. 

U 

• Unified Threat Management (UTM): A security solution that integrates multiple security services and features into a single device or platform. 
• URL Spoofing: A technique used by cyber attackers to deceive users into believing they are navigating to a legitimate website when in fact they are visiting a malicious one. 
• User and Entity Behavior Analytics (UEBA): A cybersecurity process that uses machine learning to analyze and monitor user and entity behaviors to detect potential insider threats. 
• User Education and Awareness Training: Programs designed to teach employees about the importance of cybersecurity and how to recognize and respond to cyber threats. 

V 

• Virtual Local Area Network (VLAN): A logical subdivision of a network that can group devices from different physical LANs, enhancing security and reducing broadcast traffic. 
• Virtual Private Network (VPN): A technology that creates a safe and encrypted connection over a less secure network, such as the internet. 
• Virtualization Security: Measures taken to protect virtualized environments, which can include servers, desktops, and applications. 
• Virus: A type of malware that, when executed, replicates by inserting copies of itself into other computer programs or data files. 
• Vulnerability: A weakness in a system, application, or network that can be exploited to gain unauthorized access. 
• Vulnerability Assessment: The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. 
• Vulnerability Scanner: A tool designed to identify vulnerabilities in systems, networks, or applications by scanning and analyzing them. 

W 

• Watering Hole Attack: A targeted attack where the attacker guesses or observes which websites an organization frequently uses and infects one or more of them with malware. 
• Web Application Firewall (WAF): A security device or software designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. 
• Whaling: A specific form of phishing that targets high-profile individuals such as senior executives within a company. 
• Whitelisting: The practice of allowing only pre-approved and specified applications, IP addresses, or email addresses to perform certain actions or access certain resources. 
• White Hat: An ethical hacker who uses their skills to improve security by exposing vulnerabilities before malicious hackers can exploit them. 
• Wi-Fi Protected Access (WPA): A security protocol designed to create secure wireless (Wi-Fi) networks. 
• Wormhole Attack: An attack on a wireless network where the attacker captures packets at one location and tunnels them to another location to be replayed. 
• Worm: A type of malware that spreads copies of itself from computer to computer without human interaction. 

X 

• X.509: A standard defining the format of public key certificates used in various network protocols, including SSL/TLS. 
• XACML (eXtensible Access Control Markup Language): A standard language for expressing access control policies in XML, used to manage access to resources. 
• XDR (Extended Detection and Response): A security technology that provides comprehensive threat detection and response capabilities across multiple security layers, including endpoints, networks, and cloud environments. 
• XML Encryption: The process of encrypting the contents of an XML document to protect sensitive information. 
• XML Signature: A standard for digital signatures in XML, providing integrity, message authentication, and signer authentication. 
• XOR Encryption: A simple encryption method that uses the XOR (exclusive or) logical operation to encrypt and decrypt data, often used in lightweight cryptographic applications. 
• XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites, potentially stealing information or performing unauthorized actions. 

Y 

• YARA (Yet Another Recursive Acronym): A tool aimed at helping malware researchers identify and classify malware samples by creating rules that describe patterns in the malware. 
• Yellow Team: A term used in cybersecurity to refer to a group that focuses on cybersecurity training and awareness within an organization. 
• Yubikey: A hardware authentication device that provides secure two-factor authentication (2FA) by generating one-time passwords (OTPs) or cryptographic keys. 
• Yara Rules: Specific patterns or characteristics used in YARA to identify and classify malware or suspicious files based on textual or binary patterns. 
• Yield Ratio: In the context of cybersecurity, it can refer to the effectiveness of a specific security measure or test, often used in penetration testing to measure the success rate of different attack methods. 

Z 

• Zero-Day Attack: An attack that exploits a previously unknown vulnerability in software or hardware, often occurring before the developer has had a chance to issue a fix. 
• Zero-Day Exploit: A cyber attack that occurs on the same day a weakness is discovered in software, before the developer has had a chance to fix it.  
• Zero-Day Vulnerability: A software security flaw that is known to the software vendor but does not have a patch in place to fix the flaw. 
• Zero Trust Architecture: A security model that assumes that threats can be both external and internal to the network, and therefore, no user or system should be trusted by default. 
• Zero Trust Security Model: A security concept and threat model that assumes that threats could be both inside and outside the network, and therefore no user or system should be trusted by default. 
• Zombie: A computer connected to the internet that has been compromised by a hacker and can be used to perform malicious tasks under remote direction.