Cybersecurity Glossary of Terms



Access Control

The practice of regulating who or what can view or use resources in a computing environment. This is a critical component of security compliance programs that ensures security and privacy by restricting access to information only to authorized personnel.


Authority to Operate (ATO)

An Authority to Operate (ATO) signifies an official accreditation given by a senior authority, often within government or military contexts, confirming that an information system has met the required security standards and can commence or continue operations.



Unwanted programs that automatically display or download advertising materials when a user is online, potentially compromising user experience and system performance.


Advanced Encryption Standard (AES)

A symmetric key encryption algorithm that has become the standard for encrypting sensitive data, especially within federal organizations, due to its strength and efficiency in securing electronic data.


Advanced Persistent Threat (APT)

A prolonged, aimed attack on a network, where intruders establish a long-term presence to mine highly sensitive data. The goals of an APT are typically related to stealing information rather than causing damage to the network or organization.



A sequence of instructions designed to perform a specific task. In cybersecurity, algorithms are crucial in processes such as encryption, hashing, and generating signatures.


Anomaly-Based Detection

A form of intrusion detection that compares network behavior against an established baseline and flags any action that deviates from that norm, potentially indicating a security breach.


Antivirus Software

Protective software designed to detect and eliminate malware, including viruses, worms, and trojan horses, providing a defense layer for computers and networks against cyber threats.


API Security

Measures and protocols that protect APIs, which are essential tools for software communication, ensuring that transactions and data transfers are guarded against unauthorized access and attacks.



Any valuable component within an organization’s network that requires protection, including data, hardware, software, or intellectual property.


Attack Vector

A path or means by which a hacker can gain unauthorized access to a computer or network system typically for malicious purposes.



A security process that ensures and confirms a user’s identity when attempting to access a system, resource, or application, often requiring credentials such as passwords, tokens, or biometric verification.



The process of granting an authenticated user permission to access specific data, resources, or capabilities within a system, based on predefined rules and policies.


Automated Threat Intelligence

The use of software and technologies to automatically gather, analyze, and manage information about current and potential security threats, enabling more timely and effective responses.



In cybersecurity, the principle that ensures that data and services are accessible to authorized users when required, contributing to the reliability and usability of information



A hidden method for bypassing normal authentication or encryption in a computer system, a program, or a whole computer network. While sometimes designed into the system by the original developers, they can also be the result of a system compromise.



The process of making copies of data or data files to use in the event the original data or data files are lost or destroyed. Regular backups are a critical part of any comprehensive data preservation and recovery strategy.



A social engineering attack where a victim is enticed with the promise of a reward to provide confidential information or to perform an action, like downloading malicious software.


Banner Grabbing

A method used to gather information about computer systems on a network and the services running on its open ports. Attackers use this technique to find network hosts that are running versions of applications and operating systems with known vulnerabilities.


Baseline Security

The minimum level of security that a system, network, or organization must adhere to, often established by following a set of standards, guidelines, and best practices to ensure consistent security posture.


Behavioral Analytics

The use of data analytics tools to detect anomalies in user behavior that could signify potential security threats, such as a user accessing high-value data they do not normally use, possibly indicating compromised credentials.



The measurement and statistical analysis of people’s unique physical and behavioral characteristics, such as fingerprints, face recognition, and voice patterns, used for identification and access control.


Black Hat Hacker

An individual with extensive computer knowledge whose purpose is to breach or bypass internet security for malicious intent, personal gain, or other reasons.



A decentralized, distributed ledger technology known for its role in cryptocurrency systems, such as Bitcoin, for maintaining a secure and decentralized record of transactions. Blockchain’s security comes from its enhanced encryption and consensus mechanisms.


Blue Team

A group of individuals who identify security threats and risks in information systems. They simulate defensive measures and responses against attacks, such as those executed by Red Teams.



Short for robot; an automated program that runs over the internet. Bots can be used for legitimate purposes such as search engine indexing, but are often associated with malicious use, such as launching denial-of-service attacks or running automated scripts for credential stuffing.



A collection of internet-connected devices, including PCs, mobile devices, servers, and IoT devices, which are infected and controlled by a common type of malware. Botnets are often used to launch attacks, send spam, or commit other types of online crime and fraud.


Brute Force Attack

A method used by attackers to gain access to a system or service by automatically and systematically checking all possible passwords or passphrases until the correct one is found.


Buffer Overflow

A flaw in software coding that allows an attacker to send more data to an application than is expected. If not properly handled, this can cause the application to behave unexpectedly, leading to potential code execution or system crashes.



A general term used to refer to any unexpected or unintended behavior in a software program or hardware device.


Business Continuity Plan (BCP)

A strategic plan that outlines the processes necessary for an organization to maintain business functions or quickly resume them in the event of a major disruption, whether due to a natural disaster, cyberattack, or other crises.


Business Impact Analysis (BIA)

A process that predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies and minimize risk.


CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)

A type of challenge–response system designed to differentiate humans from automated bots during online interactions, commonly used to prevent spam or automated account creation.


Certificate Authority (CA)

A trusted entity that issues and manages security credentials and public keys for message encryption and digital signatures. A CA is part of the public key infrastructure (PKI) that verifies the identity of entities and binds them to cryptographic keys.


Chain of Custody

A method of documentation that provides proof of the integrity and authenticity of data by recording the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence.



Encrypted data. It is the unreadable output of an encryption algorithm. The term applies to data that is transmitted or stored after encryption has been applied.



A deceptive technique where an attacker tricks a user into clicking something different from what the user perceives, effectively hijacking clicks meant for one page and routing them to another, usually malicious, site.


Cloud Security

Practices, technologies, and policies designed to protect data, applications, and the associated infrastructure of cloud computing, which includes both public and private clouds.


Command and Control (C&C) Server

A computer controlled by a cybercriminal or a cybercriminal group used to send commands to systems compromised by malware (such as a zombie computer in a botnet) and to receive stolen data from a target network.


Common Vulnerabilities and Exposures (CVE)

A directory of publicly disclosed information security vulnerabilities and exposures that aims to make it easier to share data across different vulnerability capabilities (tools, databases, and services).



Adhering to established guidelines or specifications, or to legislation. In cybersecurity, it often refers to following prescribed security standards mandated by law or industry bodies.


Computer Emergency Response Team (CERT)

A service organization that is notified when there are internet security problems and can assist in resolving and investigating attacks against systems. CERTs frequently publish security alerts and advisories.


Content Disarm and Reconstruction (CDR)

A security technology that strips potentially malicious code from files, then rebuilds them before allowing user access to mitigate cyber threats disguised within files.



A piece of data generated by a web server and stored in the user’s computer, either temporarily for that session or permanently on the hard disk (persistent cookie). Cookies provide a means for websites to recognize users and keep track of their preferences.


Credential Stuffing

A type of cyber attack where stolen account credentials, typically consisting of lists of usernames and/or email addresses and the corresponding passwords, are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.


Cross-Site Scripting (XSS)

A vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users. An XSS flaw could be exploited to steal information, deface a web page, or redirect the user to a malicious site.



The science of encrypting and decrypting information. It is a broad field with applications in securing communications, protecting data, and verifying identities, among other things.


Cyber Espionage

Unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files.


Cybersecurity Framework

A set of guidelines and best practices for managing cybersecurity risks. Developed by the National Institute of Standards and Technology (NIST), the framework helps organizations assess and improve their ability to prevent, detect, and respond to cyber attacks.


Cybersecurity Posture

The overall security status of an organization’s software, networks, services, and information technology (IT) infrastructure. It reflects the organization’s ability to protect its systems and information from cyber threats and describes the company’s preparedness to respond to and recover from various cyber incidents. It is assessed by considering both the technical solutions in place and the organizational processes that support them.


Data Breach

A security incident where sensitive, protected, or confidential information is copied, transmitted, viewed, stolen, or used by an unauthorized individual. It can involve personal health information (PHI), personally identifiable information (PII), trade secrets, or any other type of information that requires protection for reasons of privacy or confidentiality.


Data Encryption Standard (DES)

A previously ubiquitous symmetric-key algorithm for the encryption of electronic data that, due to its key size being too small, has become obsolete and replaced by the Advanced Encryption Standard (AES).


Data Exfiltration

The unauthorized transfer of data from a computer or server. This is typically accomplished by cybercriminals who first gain access to the network and then extract sensitive data for malicious purposes.


Data Loss Prevention (DLP)

A strategy for making sure that end users do not send sensitive or critical information outside the corporate network. It includes tools that monitor and control endpoint activities, filter data streams on the corporate network, and monitor data in the cloud to protect data at rest, in motion, and in use.



The process of converting encrypted data back into its original form, so it can be understood. It is the reverse process of encryption and requires the use of a cryptographic key.


Denial of Service (DoS) Attack

An attack that renders a computer or network incapable of providing normal services. It is typically the result of sending excessive messages asking the network or server to authenticate requests that have invalid return addresses.


Distributed Denial of Service (DDoS) Attack

Similar to a DoS attack but is launched from multiple, distributed sources, which makes it much more difficult to defend against.


Domain Name System (DNS) Security

Protective measures that prevent attackers from exploiting the DNS system. It involves measures such as DNSSEC (DNS Security Extensions) which provide origin authentication of DNS data, data integrity, and authenticated denial of existence.


Drive-by Download

Unintended download of computer software from the internet without the knowledge or consent of the user, which can occur when visiting a website, viewing an email message, or clicking a deceptive pop-up window. Often, this software is malware or unwanted software.



A type of malware designed to secretly install another, more harmful, malicious program onto a target’s system. It often takes the form of a legitimate program and is used to bypass security software.


Dual Factor Authentication

See Two-factor Authentication (2FA).


Dumpster Diving

A technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving involves searching through a company’s trash for sensitive information that has not been properly disposed of.


Duress Code

A security feature used in access control systems, typically involving a code that appears to grant the user normal access while silently signaling an alarm for help, indicating that the user is under duress to enter the code.


Dynamic Analysis

The process of evaluating a program or application by executing data in real-time to identify potential security vulnerabilities or performance issues.


Eavesdropping Attack

A cyber attack where an unauthorized individual intercepts a private communication between two parties. The attack involves capturing and potentially listening to or recording the communication, usually with the intent to gather information or spy on the communicants.

Email Spoofing

The creation of email messages with a forged sender address, often with the intent to mislead the recipient about the origin of the message. It is a common tactic used in phishing and spam campaigns.



The process of transforming readable data (plaintext) into an encoded version (ciphertext) that can only be read by someone who possesses the correct decryption key. It is a fundamental tool for ensuring data privacy and security.


Endpoint Detection and Response (EDR)

A security solution that combines real-time monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. It is designed to detect and investigate suspicious activities on hosts and endpoints.


Endpoint Protection Platform (EPP)

A comprehensive security solution that combines a variety of endpoint security techniques (such as antivirus, anti-malware, and firewall capabilities) to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.


Enterprise Mobility Management (EMM)

The set of processes, technologies, and policies that enterprises use to manage and secure employees’ mobile devices, applications, and related services within the enterprise.


Ethical Hacker

An individual who is employed with the organization and who can be trusted to undertake an attempt to penetrate networks or computer systems using the same methods and techniques as a malicious hacker (also known as a white hat hacker).



A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.


Exploit Kit

A software toolkit that automates the exploitation of vulnerabilities in software applications. It is often used to spread malware without the need for any user interaction beyond the initial visit to a compromised website.



The state of being exposed to the possibility of being attacked or harmed, either physically or emotionally. In cybersecurity, it refers to the vulnerability of an organization’s assets that can be exploited by cybercriminals.


Extrusion Prevention System (EPS)

A security system that detects and prevents data exfiltration from within a network. Unlike intrusion prevention systems that focus on incoming threats, an extrusion prevention system looks outward to prevent sensitive data from leaving the organization.


Extended Detection and Response (XDR)

An advanced security solution that automatically collects and correlates data across multiple security layers—email, endpoint, server, cloud workloads, and network—so threats can be detected and responded to quickly.



The process of switching to a redundant or standby computer server, system, hardware component, or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network.


False Negative

A situation in which a test result mistakenly indicates the absence of a condition (such as the presence of malware in a system) when it is actually present. In cybersecurity, it means that a threat is missed by the security controls.


Fileless Malware

A type of malicious activity that uses native, legitimate tools built into a system to execute nefarious activities, leaving no typical malware footprint like files on the disk, making detection particularly challenging.

Firewall Evasion: Techniques used by cyber attackers to defeat the purpose of firewalls. This can involve various tactics to disguise malicious traffic, such as splitting packets, utilizing encryption, or mimicking legitimate traffic patterns.



A typo-squatting strategy where attackers register domain names that are typographical variations of popular websites, hoping that users will accidentally visit their site instead, potentially leading to malware infection or phishing scams.


Forensic Imaging

The process of making an exact, bit-by-bit copy of a storage device (like a hard drive or mobile device) with the aim to preserve the integrity of the evidence for later examination and analysis in a legal investigation.


Fraud Detection

The set of activities and technologies designed to prevent money or property from being obtained through false pretenses. In the context of cybersecurity, it often uses algorithms and machine learning to identify suspicious activities that may indicate fraudulent transactions or identity theft.


Full Disk Encryption (FDE)

The encryption of all data on a hard drive — including the programs that can encrypt bootable OS partitions — with the aim to prevent unauthorized access to data storage.



In cybersecurity, a gatekeeper refers to processes or devices that manage access control, often acting as a checkpoint at the boundary of a secure network to manage authentication and authorization for users and devices seeking access.


GDPR (General Data Protection Regulation)

A regulation that governs the privacy and protection of personal data for individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside these areas.



A type of malware that evades detection by security software and operates without leaving a trace in the system it infects, thereby allowing it to steal data or cause damage without being noticed by the user or administrator.


Gray Hat Hacker

An individual who may violate ethical standards or principles, but without the malicious intent typically associated with black hat hackers. Gray hat hackers often hack for personal amusement or to prove their skills, sometimes they will also reveal vulnerabilities to the company or owner of the system without malicious intent.


Greenfield Project

In the context of IT and cybersecurity, a greenfield project refers to an initiative that is not constrained by legacy systems or existing infrastructure. It can be built from scratch according to the latest standards, security practices, and technologies.



In cybersecurity, grooming often refers to the practice by which a cybercriminal gains the trust of an individual through communication in an online environment and then exploits that relationship to the victim’s detriment, such as for financial gain or exploitation.


Group Policy

A feature in Windows that provides centralized management and configuration of operating systems, applications, and users’ settings in an Active Directory environment.


Guided Missiles Model

A method used in threat modeling to prioritize and focus on the most significant threats by actively guiding tests and assessments towards the highest risk areas, analogous to the precision guidance of a missile to its target.


Hash Function

A cryptographic function that converts an input (or ‘message’) into a fixed-size string of bytes, typically a digest, that appears random. Hash functions are used in various security applications, including data integrity checks and password storage.



A decoy system or network set up to attract cyber attackers. Honeypots are designed to mimic likely targets of cyber attacks and can be used to detect or study threats.


HTTP Header Injection

A type of attack where HTTP headers are manipulated to perform cross-site scripting, web cache poisoning, or session fixation attacks. It exploits the web application’s trust in HTTP header information.


HTTP Security Headers

These are HTTP response headers that, when set, can enhance the security of a web application by enabling browser-based defenses against certain types of attacks, like cross-site scripting and clickjacking.


Hybrid Warfare

A form of warfare that blends traditional combat with cyber warfare tactics. It may involve the simultaneous use of military forces, cyber attacks, propaganda, and other means to destabilize an adversary.


Hyper Text Transfer Protocol (HTTP)

The foundational protocol used by the World Wide Web. It defines how messages are formatted and transmitted, and determines how web servers and browsers should respond to various commands.


Hyper Text Transfer Protocol Secure (HTTPS)

An extension of HTTP that is used for secure communication over a computer network. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS).



A piece of computer software, firmware, or hardware that creates and runs virtual machines (VM). A hypervisor allows multiple virtual operating systems (known as guests) to run on a single physical host machine


Identity and Access Management (IAM)

A framework for business processes that facilitates the management of electronic identities. IAM ensures that the right individuals access the appropriate resources at the right times for the right reasons.


Identity Theft

A crime in which an impostor obtains key pieces of personal identifying information, such as Social Security or driver’s license numbers, to impersonate someone else for various malicious reasons, including financial gain.


Incident Response

Organized approach to addressing and managing the aftermath of a security breach or cyberattack, with the goal of limiting the damage and reducing recovery time and costs.


Indicator of Compromise (IoC)

Artifacts observed on a network or in an operating system that, with high confidence, suggest a computer intrusion. IoCs can be log entries, files, or alterations in behavior.


Information Assurance (IA)

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.


Information Security (InfoSec)

The practice of protecting information by mitigating information risks. It is part of information risk management and typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, or modification of data.


Infrastructure as a Service (IaaS)

A form of cloud computing that provides virtualized computing resources over the internet. IaaS allows companies to consume compute resources as a utility — just like electricity or water — without needing to manage the underlying cloud infrastructure.


Ingress Filtering

The practice of filtering incoming traffic to a network to block potentially harmful traffic from entering the system. It’s often a feature of network security devices that can stop attacks or unauthorized access.


Injection Attack

A broad class of attack vectors that introduce malicious input or code into a program or system to exploit security vulnerabilities, typically to gain control or access to data.


Insider Threat

Any person with authorized access to an organization’s resources who uses that access, either maliciously or unintentionally, to cause harm to the organization. Harm can include leaking sensitive information or damaging organizational systems.


Integrated Security

A comprehensive approach to security where multiple defensive strategies are layered and integrated with the aim of protecting a business against multiple types of threats, from cyber attacks to physical breaches.


Intrusion Detection System (IDS)

An automated system that monitors and analyzes network traffic for signs of suspicious activity or known threats, sending alerts when it detects such activities.


Intrusion Prevention System (IPS)

A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.


IEC 62443

A series of standards developed and maintained by the International Electrotechnical Commission (IEC) aimed at securing industrial automation and control systems (IACS). These standards provide a framework to develop, evaluate, and audit IACS security controls.


ISO/IEC 27001

Part of the ISO/IEC 27000 family of standards, it’s an information security management system (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies a management system intended to bring information security under management control and gives specific requirements for establishing, implementing, maintaining, and continually improving an ISMS.


ISO/IEC 27002

A popular information security standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It sets forth guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.



The process of removing restrictions imposed by the operating system of devices like iPhones and iPads to allow the installation of unauthorized software. While granting more control to the user, jailbreaking can increase vulnerability to malware and void warranties.



A high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. Given its widespread use, Java has been a common target for cyberattacks, leading to the need for continual security updates.



A dynamic, high-level programming language commonly used to create interactive effects within web browsers. Despite its utility, it can also be exploited to conduct attacks such as Cross-Site Scripting (XSS).


Job Rotation

A strategy employed in various employment sectors, including cybersecurity, where employees rotate through multiple positions and responsibilities. In cybersecurity, job rotation can help minimize the risks of fraud and internal threat by making it more difficult for an individual to conceal unlawful activities over extended periods.


JSON Web Token (JWT)

A compact URL-safe means of representing claims to be transferred between two parties. These tokens are often used for authentication and information exchange, but they must be correctly implemented and secured to prevent vulnerabilities.


Juice Jacking

A type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This attack can compromise phones and other devices, as it could lead to either data theft or the device being loaded with malware.


Jump Server

Also known as a jump host or a jump box, this is a secure computer that all administrators connect to before launching any administrative task or to connect to other servers, networks, or untrusted environments.



A network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. It is a secure method for authenticating a request for a service in a computer network.

Key Escrow

A process in which the keys needed to decrypt encrypted data are held in escrow so that under certain circumstances, an authorized third party may gain access to those keys. This can be controversial, as it may involve a compromise between individual privacy and law enforcement needs.



A type of surveillance software that, once installed on a computer, has the ability to record every keystroke made on that computer. Keyloggers are often used for malicious purposes to capture sensitive information like usernames, passwords, and personal data.


Keystroke Dynamics

A biometric modality that uses the rhythm and timing of typing on a keyboard to recognize an individual uniquely. It can provide a continuous form of authentication and be used as part of a multi-factor authentication system.

Key Exchange: The process by which cryptographic keys are securely exchanged between two parties. This allows for secure communication without requiring the parties to share a secret key beforehand.


Key Management

The administration of tasks involved with managing cryptographic keys in a cryptosystem. This includes generating, exchanging, storing, using, and replacing keys as needed at the user level, as well as overseeing the entire key lifecycle.


Kill Chain

A term originally used by the military, which has been adapted into the information security industry to describe the stages of a cyber attack. It helps to identify and prevent intrusions at different stages, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.


Knowledge-Based Authentication (KBA)

A method of authentication that requires the user to answer at least one “secret” question. KBA is often used as part of multi-factor authentication and can be categorized into two types: static KBA, which uses predetermined questions, and dynamic KBA, which generates questions based on public or privately available information.



An open-source platform designed to automate deploying, scaling, and operating application containers. Given its increasingly important role in deploying applications, securing Kubernetes configurations and environments is crucial for container security.


Lateral Movement

In cybersecurity, this refers to the techniques that a cyber attacker uses to move through a network in search of key data and assets after gaining initial access. Lateral movement can occur over the internal network, within cloud environments, or across other infrastructure.


Layered Security

Also known as “defense in depth,” it’s an approach to cybersecurity which uses multiple layers of defense with different protections at various points to protect information and prevent the breach of a system.


Least Privilege

A principle in computer security where users are given the minimum levels of access – or permissions – needed to perform their job functions. This principle reduces the risk of an attacker gaining access to critical systems or sensitive data by compromising a user account, application, or system that has excessive privileges.


Legacy Systems

Outdated compute processing systems, software, or technologies that are still in use, despite newer versions being available. Legacy systems may not be compatible with current cybersecurity measures and can provide vulnerabilities for attackers to exploit.


Logic Bomb

Malicious code that has been inserted into a software system that is set to trigger a malicious function when specified conditions are met, such as the date within the system reaching the attacker’s pre-defined requirement.



The process by which an individual gains access to a computer system by identifying and authenticating themselves.


Long-tail Risk

A concept from finance that has been applied to cybersecurity, referring to the infrequent but highly severe threats that are often easy to overlook in risk assessments but can have devastating impacts.


Macro Virus

A type of computer virus that is written in the same macro language that is used for software applications, such as word processing programs. These viruses are often spread through infected documents.



Short for malicious software, it is any software intentionally designed to cause damage to a computer, server, client, or computer network, such as viruses, worms, Trojan horses, ransomware, spyware, adware, and others.


Managed Security Service Provider (MSSP)

A company that provides outsourced monitoring and management of security devices and systems, including managed firewall, intrusion detection, virtual private network, vulnerability scanning, and antiviral services.


Man-in-the-Middle Attack (MitM)

A cyberattack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.


MD5 (Message Digest Algorithm 5)

A widely used cryptographic hash function that produces a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. Due to its vulnerabilities, it is no longer recommended for use in cryptographic security.


Mobile Device Management (MDM)

Security software used by an IT department to monitor, manage, and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.


Multi-factor Authentication (MFA)

A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. This typically involves a combination of something the user knows (password), something the user has (security token), and something the user is (biometric verification).


Mutual Authentication

A security process that requires both the client and the server to authenticate each other before any communication can take place. Mutual authentication helps guard against phishing and man-in-the-middle attacks.


Network Access Control (NAC)

A security solution that enforces policy-based controls over devices seeking to access network resources. NAC can prevent noncompliant devices from accessing the network, reducing potential exposure to malware and other threats.


Network Behavior Analysis (NBA)

A technology that watches for deviations from the normal operation of a network that may signify a variety of threatening events such as a network security breach, an operational issue, or even an unauthorized application working in the network.


Network Encryption

The process of encrypting or encoding data and messages transmitted or communicated over a computer network. Network encryption is intended to secure the transmission from unauthorized interception and access.


Network Firewall

A security system created to prevent unauthorized access to or from a private network. Firewalls can be implemented as hardware, software, or a combination of both.


Network Segmentation

The practice of splitting a computer network into subnetworks, each being a network segment. This reduces network congestion and improves security.

Nonce: A number or a string that is used only once, within a cryptographic communication or protocol, to ensure that old communications cannot be reused in replay attacks.



A principle that ensures that an entity or individual cannot deny the authenticity of their signature on a document or the sending of a message that they originated.


NIST (National Institute of Standards and Technology)

A physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce whose mission is to promote innovation and industrial competitiveness. NIST develops and issues standards, guidelines, and other publications to enhance information security.



The deliberate act of creating source or machine code that is difficult for humans to understand. In cybersecurity, it is often used to conceal code’s true purpose and prevent tampering or reverse engineering.



An open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites without giving them the passwords.


One-Time Password (OTP)

A password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords and are commonly used in two-factor authentication systems.


Open Authorization (OAuth)

See OAuth.


Open Source Intelligence (OSINT)

The process of collecting, analyzing, and making decisions based on publicly available data sources such as the internet, traditional mass media, specialized journals, conference proceedings, and other public data.


Operating System (OS)

The software that supports a computer’s basic functions, such as scheduling tasks, executing applications, and controlling peripherals.


Operational Security (OPSEC)

A process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.


Out-of-Band Authentication

A form of verification using two separate networks or channels to maximize security. It’s often used in verifying identity for transaction confirmations and account recovery.


Outsider Threat

The threat posed by individuals not part of an organization who attempt to gain unauthorized access to an organization’s information systems. Although the motivations of outsider threats are diverse, they are usually conducted with the intent of gaining something of value or causing harm.


Packet Filtering

A network security mechanism that controls network access by monitoring outgoing and incoming packets and either passing or blocking them based on source and destination IP addresses, protocols, and ports.


Packet Sniffer

A tool that captures and analyzes packets of data as they are transmitted across a network. The sniffer provides the capability to view the type of data and related information being sent and received on a network in real time.


Patch Management

The process of distributing and applying updates to software. These patches are often necessary to correct errors (known as “vulnerabilities” or “bugs”) in the software.


Penetration Testing (Pen Test)

Authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is used to identify both weaknesses (also referred to as vulnerabilities) and strengths in the system defenses.


Perimeter Security

Measures taken to secure the boundary of a network from unauthorized access. This includes guarding the entry and exit points of a network and protecting from intrusions such as unauthorized entry, fire, and environmental conditions.


Personally Identifiable Information (PII)

Any data that could potentially identify a specific individual, including direct identifiers (e.g., name, social security number) and indirect identifiers (e.g., date of birth, occupation).



A cyberattack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.



The attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication such as email.


PKI (Public Key Infrastructure)

A framework of encryption and cybersecurity that protects communications between the server (your website) and the client (the users). It enables secure email, web-based services, and confidential messaging.



Information which is in a readable format or unencrypted form. It is the opposite of ciphertext, which is the result of plaintext after it has been encrypted.


Platform as a Service (PaaS)

A category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.


Port Scanning

The act of systematically scanning a computer’s ports to find any open or vulnerable ports. This is often used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.


Privilege Escalation

A situation where an attacker with limited access gains elevated access to resources that are normally protected, often to execute commands with higher privileges.


Proactive Cybersecurity

A strategy that prioritizes anticipation and immediate response to potential threats before they have a chance to affect critical systems and data.


Proxy Server

A computer system or an application that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service such as a file, connection, web page, or other resources available from a different server


Quality of Service (QoS)

A networking term that specifies a guaranteed throughput level. In cybersecurity, it ensures that network performance can’t be hindered by distributed denial-of-service (DDoS) attacks and other malicious activities that impact service quality.



In cybersecurity, this is the action of isolating a file, attachment, or email that is suspected to be a threat. Quarantined items can be stored safely without deleting them until they can be checked and either released or deleted.


Query String

The part of a URL that contains data to be passed to web applications such as CGI programs. A web application should sanitize query strings to prevent them from being used to attack it.


Quick Response Code (QR Code)

A type of two-dimensional barcode that can be read by smartphones and dedicated QR reading devices, that link directly to text, emails, websites, phone numbers and more. Malicious QR codes combined with a permissive reader can put a computer’s contents and user’s privacy at risk.



A type of malicious software designed to block access to a computer system or data until a sum of money is paid, often demanded in cryptocurrency. Despite paying the ransom, there is no guarantee that users will recover their data.



In cybersecurity, a type of activity performed by an attacker to gather information about vulnerabilities in a system, network, or organization. This information is typically used to exploit the vulnerabilities in order to carry out further attacks.


Red Team

A group of ethical hackers that exploit the security of a system or network with the intention of uncovering security flaws that can be fixed before a real attack occurs.


Remote Access Trojan (RAT)

A type of malware that controls a system through a remote network connection. A RAT can be used by an attacker to steal information, install new malware, or turn the computer into a zombie (part of a botnet).


Replay Attack

A network attack where a valid data transmission is maliciously or fraudulently repeated or delayed. In cybersecurity, this might involve an attacker who intercepts a file and then retransmits it to produce an unauthorized effect.


Risk Analysis

The process in cybersecurity of identifying threats and vulnerabilities, coupled with their potential impact, to determine the risk for systems or applications. Risk analysis is used to inform strategies for mitigating or managing risk.


Risk Management

The process of identifying, analyzing, evaluating, and addressing an organization’s cyber risk. It’s a continuous cycle of preventing, detecting, and minimizing the impact of vulnerabilities through policies, procedures, and technical solutions.


Root Certificate

A public certificate issued by a trusted certificate authority (CA). A root certificate is the top-most certificate of the tree, the private key of which is used to “sign” other certificates.



A set of software tools used by an attacker to hide the actions or presence of other types of malicious software, like viruses or trojans, effectively enabling the attacker to maintain persistent, undetected presence on a system.



The practice of running code, programs, or applications in a specific, isolated environment—known as a sandbox—that restricts the permissions of the code. This technique is frequently used for testing unverified programs that may contain a virus or other malicious code without allowing the software to harm the host device.


Security Assertion Markup Language (SAML)

An open standard that allows security credentials to be shared by multiple computers across a network. It’s commonly used for Single Sign-On (SSO) services to help a user access multiple applications with one set of login credentials.


Security by Design

A principle that advocates for the integration of security measures into the system design from the outset, rather than as an afterthought. This approach aims to make systems inherently secure and reduce the risk and impact of security vulnerabilities.


Security Information and Event Management (SIEM)

A solution that provides a holistic view of an organization’s information security by combining two technologies—security information management (SIM) and security event management (SEM)—to provide real-time analysis of security alerts generated by network hardware and applications.


Security Operations Center (SOC)

A centralized unit that deals with security issues on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology to monitor and analyze an organization’s security posture on an ongoing basis.


Secure Development

The practice of writing and building software with a focus on ensuring that the software is as free from vulnerabilities and secures as possible. This process encompasses the consideration of security at every phase of software development to mitigate risks from software vulnerabilities.


Secure by Design

An approach to creating software and hardware that are inherently secure from the outset rather than desperately and disjointedly applied through subsequent security patches and fixes.


Secure Socket Layer (SSL) / Transport Layer Security (TLS)

Cryptographic protocols designed to provide secure communication over a computer network. TLS is the successor to SSL, and the two are often used interchangeably, though TSL is the up-to-date, secure protocol.


Security Perimeter

The boundary that defines the clear line of separation between the secure and unsecured sides of a computer network. Keeping potential attackers outside the security perimeter is critical to protecting information within the network.


Session Hijacking

The exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.


Spear Phishing

A personalized phishing attack that targets a specific organization or individual by customizing the message based on characteristics, job positions, and contacts belonging to their victims to make the attack more believable.


SQL Injection

A code injection technique that might destroy your database. It is one of the most common web hacking techniques. It is the placement of malicious code in SQL statements, via web page input.


Social Engineering

The psychological manipulation of people into performing actions or divulging confidential information. It represents a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking standard security procedures.



When a person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage. Examples include email spoofing (forging sender email addresses) and IP address spoofing (using IP addresses other than the attacker’s own).



Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.



A smaller network within a large network. Subnetting makes network routing more efficient.


Supply Chain Attack

A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network. A supply chain attack can occur in any industry, from the financial sector, oil industry, or government sector.



Software designed with the intent to monitor the actions of others, equivalent to electronic surveillance. Legitimate uses include parents who monitor their children’s online behavior and employers who ensure employees use company technologies for business purposes. However, unauthorized surveillanceware can be installed to spy on individuals without their consent.


Symmetric Encryption

An encryption methodology that uses a single secret key for both encryption and decryption of messages. Both the sender and the receiver must have the same key, which must remain secret, to communicate securely.


Systems Development Life Cycle (SDLC)

A process for planning, creating, testing, and deploying an information system. The systems development lifecycle methodology includes phases of system analysis, design, implementation, testing, deployment, support, and maintenance.


Threat Intelligence

Information about potential or current attacks that can be used to inform decisions regarding the response to the attacks. Threat intelligence enables organizations to understand the threats that have, will, or are currently targeting the enterprise.


Threat Modeling

The process of identifying, understanding, and communicating potential threats, and determining the most likely and impactful to occur. It is used to prioritize and focus on the threats that are most likely to affect a system and to help inform decisions about what actions the organization should take in response.


Unauthorized Access

The ability gained by a person, program, or system to access files, networks, or data they are not permitted to access. This is often due to weak passwords, software vulnerabilities, or insider threats.


Unified Threat Management (UTM)

A comprehensive security solution that includes a range of security features and services. A UTM appliance typically combines functions like a network firewall, gateway antivirus, intrusion detection system, and more.


Uniform Resource Locator (URL) Filtering

The process of setting up rules to allow or deny users from accessing specific URLs. It helps in preventing access to websites that host malware or are inappropriate for the workplace.



A measure of system reliability, expressed as the percentage of time a machine, typically a computer, has been working and available. Uptime is a good measure of how well a system is being managed for both performance and security.


USB Blocking

A security measure that prevents unauthorized access to a computer through physical means by disabling the USB ports. This can be a way to stop people from plugging untrusted USB devices into their computers and potentially introducing malware.


User and Entity Behavior Analytics (UEBA)

A type of cybersecurity process that takes note of the normal conduct of users and entities and, through data analysis, detects any anomalous behavior or instances where there are deviations from the established patterns.


User Behavior Analytics (UBA)

Similar to UEBA, UBA specifically focuses on user behavior patterns, using analytics to detect when users deviate from their typical usage patterns, which might indicate a potential or in-progress threat, such as a compromised account.



The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers. It’s essentially “voice phishing.”


Virtual Machine (VM)

A software-emulated computer system that provides the functionality of a physical computer. VMs are widely used to run multiple operating systems on a single physical machine and isolate different computing environments for security purposes.


Virtual Private Network (VPN)

A service that allows you to connect to the internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. VPNs are commonly used to secure a connection to a public Wi-Fi hotspot, hide IP addresses, and make your browsing private.



A type of malicious software or code that is designed to spread from one computer to another. A virus can replicate itself and spread by attaching to other programs. It can have harmful effects, from displaying messages to destroying files, and it typically requires user interaction to propagate.



A weakness in a system that can be exploited by a threat actor to perform unauthorized actions within a computer system. Vulnerabilities may be the result of un-patched software, security flaws, or misconfigured systems.


Vulnerability Assessment

The systematic review of security weaknesses in an information system. It assesses if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.


Vulnerability Management

The cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities within IT systems. It’s an ongoing process that involves proactive asset review to manage risks associated with vulnerabilities in the environment.


Web Application Firewall (WAF)

A specialized firewall for web applications that filters and monitors HTTP traffic between a web application and the internet. It operates at the application layer to help protect web applications from attacks like cross-site forgery, cross-site scripting, file inclusion, and SQL injection.



A form of phishing targeted at high-profile end users like C-suite executives. Whaling aims to deceive the victim into authorizing high-value wire transfers to fraudulent accounts or divulging sensitive organizational data.


White Hat Hacker

An ethical computer hacker, or a computer security expert, who specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems.


Wi-Fi Protected Access (WPA/WPA2/WPA3)

A family of security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. WPA3 is the most recent version, providing improved security over its predecessors.



A standalone malware computer program that replicates itself in order to spread to other computers. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth.


Wildcard Certificate

A public key certificate which can be used with multiple subdomains of a domain. It’s a convenient but risky alternative to single-name SSL Certificates, as it could potentially expose multiple subdomains to risk if misconfigured or compromised.


Work Factor

In cryptography, this term refers to the amount of effort (usually time or number of operations) required to break a cryptographic algorithm or system. It’s a measure of the strength of the encryption and the effort needed to overcome it.


X.509 Certificate

A standard defining the format of public key certificates, used in numerous Internet protocols and for digital signature services. X.509 certificates include the public key and certain information about the identity to which the certificate is issued.


XSS (Cross-Site Scripting)

A vulnerability in web applications that allows attackers to inject client-side scripts into web pages viewed by other users. Exploiting this vulnerability can lead to actions such as stealing session cookies, defacing websites, or redirecting the user to malicious sites.


XML Injection

An attack technique that injects malicious XML code into an application, especially web services, allowing an attacker to manipulate the logic of an XML parser or application. This can lead to a range of issues, including unauthorized access or denial of service.


XML Signature

A digital signature standard for XML documents that allows data to be signed digitally. It is used to provide integrity, message authentication, and signer authentication for data of any type, whether located within the XML that includes the signature or elsewhere.


XOR Cipher

A basic form of encryption where the plaintext is combined with a short key or password using the binary operation exclusive or (XOR). It is simple and has the property that it is its own inverse (decrypting is the same as encrypting).



A hardware authentication device manufactured by Yubico that supports one-time passwords, public key encryption and authentication, and the Universal 2nd Factor and FIDO2 protocols developed by the FIDO Alliance. It’s designed to offer an extra layer of security for online accounts.


Zero-Day (0-Day) Exploit

A cyber attack that occurs on the same day a weakness is discovered in software, before the software developers have an opportunity to create a patch to fix the vulnerability—hence “zero-day.” These exploits can be highly effective due to the lack of defense against them.


Zero-Day Vulnerability

A security flaw in software, hardware, or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term “zero-day” refers to the unknown nature of the exploit and the fact that the developers have zero days to fix the issue.


Zero Trust Architecture (ZTA)

A security concept that dictates that no one inside or outside the network is trusted by default and verification is required from everyone trying to gain access to resources within the network. This approach minimizes the attack surface by verifying each request as if it originates from an open network.


Zero Trust Network Access (ZTNA)

An IT security solution that follows the principles of zero trust architecture, ensuring secure application access that is not based on network location but rather on specific identity and context.



A computer connected to the internet that has been compromised by a hacker, computer virus, or trojan. It can be used to perform malicious tasks under remote direction without the owner’s knowledge.



In cybersecurity, a “zoo” refers to a collection of malware samples that researchers and IT professionals use to test systems, develop new defenses, and train security tools to recognize threats.