Cyber Dictionary

A glossary of common cybersecurity terms and acronyms.

Access Control

The selective restriction of access to a place or other resource. In cybersecurity, it involves policies and technologies that limit which users or systems can view or use resources in a computing environment.

Authentication

The process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources. Common methods include passwords, biometrics, and security tokens.

Authorization

The process of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular. Follows authentication.

Availability

Part of the CIA Triad. Ensures that information and systems are accessible and usable upon demand by authorized users.

CIA Triad

A foundational model in information security comprising three core principles: Confidentiality, Integrity, and Availability.

Confidentiality

Part of the CIA Triad. Ensures that sensitive information is accessed only by authorized individuals.

Cryptography

The practice and study of techniques for secure communication in the presence of third parties called adversaries. Involves encryption and decryption.

Encryption

The process of converting information or data (plaintext) into a code (ciphertext), especially to prevent unauthorized access.

Hashing

The process of transforming any given key or a string of characters into another value. This is usually represented by a shorter, fixed-length value or key that represents and makes it easier to find or employ the original string. Unlike encryption, hashing is typically one-way.

Integrity

Part of the CIA Triad. Assures the accuracy and trustworthiness of information and systems over their entire lifecycle. Data must not be altered in an unauthorized or undetected manner.

Principle of Least Privilege

An information security concept in which a user is given the minimum levels of access – or permissions – needed to perform their job functions.

Risk Management

The process of identifying, assessing, and controlling threats to an organization's capital and earnings. In cybersecurity, this involves identifying vulnerabilities and threats and implementing controls.

Threat Modeling

A process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be prioritized.

Adware

Software that automatically displays or downloads advertising material (often unwanted) when a user is online.

Advanced Persistent Threat (APT)

A stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.

Backdoor

A covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment.

Botnet

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam or launch DDoS attacks.

Brute-Force Attack

A trial-and-error method used to obtain information such as a user password or personal identification number (PIN). Attackers try all possible combinations.

Cross-Site Scripting (XSS)

A type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.

Denial-of-Service (DoS) Attack

An attempt to make a machine or network resource unavailable to its intended users, such as by temporarily or indefinitely interrupting or suspending services of a host connected to the Internet.

Distributed Denial-of-Service (DDoS) Attack

A DoS attack where the incoming traffic flooding the victim originates from many different sources (often a botnet), making it more difficult to stop.

Exploit

A piece of software, data, or sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software or hardware.

Keylogger

A type of spyware that records the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored.

Malware

Short for 'malicious software.' Any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access, or deprive access.

Man-in-the-Middle (MitM) Attack

An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Phishing

A type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information or deploying malicious software.

Ransomware

A type of malware that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid.

Rootkit

A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (e.g., root access) and often masks its existence or the existence of other software.

Social Engineering

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Spear Phishing

An email or electronic communications scam targeted towards a specific individual, organization, or business. Often intended to steal data for malicious purposes or install malware.

Spyware

Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

SQL Injection (SQLi)

A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g., to dump database contents).

Trojan Horse

Malware that misleads users of its true intent. Often disguised as or embedded within legitimate software.

Virus

A type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. Requires human action (like opening a file) to spread.

Vulnerability

A weakness in a system, application, or process that can be exploited by a threat actor.

Watering Hole Attack

A strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware.

Worm

A standalone malware computer program that replicates itself in order to spread to other computers. Often uses a computer network to spread itself, relying on security failures on the target computer to access it. Does not need human action to spread.

Zero-Day Exploit/Vulnerability

An attack or threat that exploits a previously unknown security vulnerability in computer software or hardware for which no patch or fix has yet been released.

Antivirus Software

Software used to prevent, detect, and remove malicious software.

DMZ (Demilitarized Zone)

A physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually the Internet. Adds an extra layer of security.

DNS (Domain Name System)

The hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol networks. Translates domain names to IP addresses.

Endpoint Security

The practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns.

Firewall

A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Honeypot

A computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. It acts as a decoy.

HTTPS (Hypertext Transfer Protocol Secure)

An extension of HTTP used for secure communication over a computer network, widely used on the Internet. Communication is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL).

IDS (Intrusion Detection System)

A device or software application that monitors a network or systems for malicious activity or policy violations. Reports detected issues.

IPS (Intrusion Prevention System)

A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Attempts to block detected issues.

IP Address (Internet Protocol Address)

A numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.

MAC Address (Media Access Control Address)

A unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.

Network Segmentation

The act of splitting a computer network into subnetworks, each being a network segment. Advantages include boosting performance and improving security.

Packet Sniffing

Intercepting and logging traffic that passes over a digital network or part of a network.

Proxy Server

A server application or appliance that acts as an intermediary for requests from clients seeking resources from other servers.

Sandbox

A security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading.

SIEM (Security Information and Event Management)

Software solutions that aggregate and analyze activity from many different resources across an IT infrastructure, providing real-time analysis of security alerts.

SSL/TLS (Secure Sockets Layer / Transport Layer Security)

Cryptographic protocols designed to provide communications security over a computer network. TLS is the successor to SSL.

TCP/IP Model

A conceptual model and set of communications protocols used on the Internet and similar computer networks. Commonly known as TCP/IP because its foundational protocols are TCP and IP.

VPN (Virtual Private Network)

Extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

VLAN (Virtual Local Area Network)

Any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). Allows network administrators to group hosts together even if the hosts are not directly connected to the same network switch.

WAF (Web Application Firewall)

A specific type of firewall that filters, monitors, and blocks HTTP traffic to and from a web application. Differs from a regular firewall by focusing on web application layer security.

Bug Bounty Program

A deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.

Compliance

Conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.

CTF (Capture The Flag)

A type of computer security competition. Teams or individuals compete to solve cybersecurity challenges, often involving reverse engineering, cryptography, web exploitation, forensics, and more.

Digital Forensics

A branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

GRC (Governance, Risk Management, and Compliance)

A structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements.

Incident Response (IR)

An organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Penetration Testing (Pen Test)

An authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.

Red Team

A group that plays the role of an attacker, attempting to penetrate an organization's defenses.

Blue Team

A group that plays the role of the defender, responsible for maintaining and defending the organization's systems against attacks.

Purple Team

A functional team that aims to maximize the effectiveness of Red and Blue team exercises by facilitating communication and collaboration between them.

Security Audit

A systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.

SOC (Security Operations Center)

A facility where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended.

Threat Hunting

The practice of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Vulnerability Assessment

The process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

Biometrics

Body measurements and calculations related to human characteristics used for identification and access control. Examples include fingerprint scanning, facial recognition, and iris scanning.

Identity and Access Management (IAM)

A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.

MFA (Multi-Factor Authentication)

An electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.

Password Manager

A software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password.

Single Sign-On (SSO)

An authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.

Two-Factor Authentication (2FA)

A type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors.

Support the Site (Buy Me a Coffee)