CyberSecurity Mag‘s glossary provides the cyber security community with knowledge of and insight on the industry’s significant terms and definitions. This list contains key terminology and is one of the most extensive cyber security glossary/vocabulary resources online.
Regardless of your role in an organization, this glossary of cyber security terms was compiled for everyone from the security professional to the general end-user.
Here, you’ll find definitions of terms commonly used in the security industry. Uncover knowledge areas in which you excel and where you want to expand.
Click the corresponding letter to read all the terms that start with that letter and we explain them:
A is for Advanced Persistent Threats
acceptable use policy – a set of wording to define an agreement between any user and the enterprise that owns the service, application or device being accessed. The agreement would usually define both the primary permitted and prohibited activities.
access controls – the ability to manage and restrict entry or exit to a physical, virtual or digital area through the use of permissions. Permissions are usually assigned individually to a person, device or application service to ensure accountability and traceability of usage. The permissions can be secured using (i) physical tokens (something you have) for example a key card, (ii) secret information (something you know) such as a password or (iii) or biometric information – using part of the human body such as a fingerprint or eye scan to gain access (something you are). See also multi-factor authentication.
access rights – the set of permissions granted to a user account to define if they can enter and use specific functions within a network, application, system or hardware device. Usually, these permissions are granted on the basis of least privilege.
accountability – the basic security practice of ensuring that all critical assets and actions have clear ownership and traceability. See also single-point accountability.
adaptive content inspection (ACI) – an advanced form of data loss prevention technology that allows the full set of any information being processed to be reviewed against a set of updatable rules, so that blocking, reporting, notification or other actions can be automatically applied. For example, a rule can be put in place so that if any set of 16 digit numbers (credit cards) are being sent in batches exceeding 50 from any user device, the action can be blocked and reported. Standard data loss prevention only reviews the main headers and tags, whereas this form of prevention performs a review of all the information content.
adaptive defense – the use of agile techniques to rapidly learn and adjust cyber protection methods to help decrease the possibilities of a successful attack or to reduce the window of time between detection and incident counter-response. See also indicators of compromise (IOC).
Advanced Encryption Standard (AES) – this is a symmetrical method of ciphering information from plain characters to and from a secret, encoded information. This standard was originally introduced as a successor to the Data Encryption Standard (DES) and Triple DES. See also encryption and symmetrical encryption.
advanced persistent threats (APTs) – a term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices and then leave malicious software in place for as long as possible. The cyberattack lifecycle usually involves the attacker performing research & reconnaissance, preparing the most effective attack tools, getting an initial foothold into the network or target digital landscape, spreading the infection and adjusting the range of attack tools in place and then exploiting the position to maximum advantage. The purpose can be to steal, corrupt, extort and/or disrupt an organization for financial gain, brand damage or other political purposes. This form of sophisticated attack becomes harder and more costly to resolve, the further into the lifecycle the attackers are and the longer it has managed to already remain in place. A goal with this threat type, is for the intruder to remain (persist) undetected for as long as possible in order to maximize on the opportunities of the intrusion – for example, to steal data over a long period of time. See also kill-chain.
advanced threat defense (ATD) – very large organizations use a wider range of protective techniques to detect, deny, disrupt, degrade, deceive and contain any unauthorized attempts at entry into a digital landscape. For example, extending protection beyond anti-malware, encryption, and firewalls to include the use of network traffic analysis, payload analysis, network forensics, endpoint behavior analysis and endpoint forensics.
adware – any computer program (software) designed to render adverts to an end-user. This type of software can be considered a form of malware if (i) the advertising was not consented to by the user, (ii) is made difficult to uninstall or remove, or (iii) provides other covert malware functions.
all source intelligence – a term defined by the US National Institute for Cybersecurity Education (NICE) for gathering together threat intelligence and information across all appropriate internal and external sources for the purposes of gaining insights and implications into new and active potential threats.
air gap –to use some form of physical separation to ensure that activities in one area cannot impact or infect activities in another. Used in the context of cybersecurity to describe physically and digitally isolating sensitive or infected systems so they have no possibility of interacting with any other systems and networks.
alert status – an escalation flag that can be assigned to a security incident to indicate that it is unable to be managed inside allowable time limits or other acceptable tolerances that are defined.
anti-malware – is a computer program designed to look for specific files and behaviors (signatures) that indicate the presence or the attempted installation of malicious software. If or when detected, the program seeks to isolate the attack (quarantine the malware), remove it, if it can, and also alert appropriate people to the attempt or to their presence.
anti-spyware – a subset of anti-malware software that has the specific purpose of detecting, blocking or preventing malicious software used to illicitly monitor and steal information. See also spyware.
anti-virus – the archaic predecessor of anti-malware that was used before the nature and types of malicious software had diversified.
application – a collection of functions and instructions in electronic format (a software program) that resides across one or more digital devices, usually designed to create, modify, process, store, inspect and/or transmit specific types of data. For subversive applications, see malware.
assessments – the evaluation of a target (for example an application, service, supplier) against specific goals, objectives or other criteria through the collection of information about it. Usually, this is achieved through an established and repeatable process involving discussion or responding to questions. The purpose is to understand how closely the target meets the intended criteria and to identify any gaps or deficiencies. An assessment is different from an audit because it does not necessarily check for evidence and does not need to be carried out by an objective third party.
asset – any item (physical or digital) that has inherent value. For cybersecurity, information items that can be monetized (for example – intellectual property and sets of personal data) are regarded as high-value assets due to their potential resale or blackmail value.
asymmetric cryptography – a method of ciphering information using two different keys (a key pair). One is a public key, the other is a private key. One key is used to cipher the information from plain text into a secret format. The other key can then be used to decipher the secret format back to plain text. The keys can be used in any order as long as both keys are used. As one key is public, the use of the private key first is usually only for the purposes of attaching a digital signature. A single key cannot be used to cipher and decipher the same message. Also known as public-key encryption and public-key cryptography.
attack – the occurrence of an unauthorized intrusion.
attack and penetration test – see penetration testing.
attacker – an umbrella term to cover all types of people and organizations that may attempt to gain unauthorized access to a digital device, application, system or network. See also black hat, hacker, hacktivist, cyber warrior, script kiddies,…
attack lifecycle – see cyber attack lifecycle.
attack mechanism – a term to describe the method used to achieve an unauthorized intrusion.
attack method – the technique, tools or exploit used by an adversary to attempt to gain unauthorized access to any part of a digital landscape.
attack signature – a distinctive pattern of characteristics that can be identified to help understand and correct an attempt at unauthorized access or intrusion. See also indicators of compromise (IOC).
attack surface – the sum of the potential exposure area that could be used to gain unauthorized entry to, or extraction of information. This will usually include perimeter network hardware (such as firewalls) and web servers (hardware that hosts internet-enabled applications). See also cyber defense points.
attack vector – a path or means that could be used by an unauthorized party to gain access to a digital device, network or system.
audits – the use of one or more independent examiners (auditors) to check if a target product, service and/or location is meeting the specific control standards required. This form of inspection requires that individual controls are tested to confirm their suitability and consistent usage. The outcomes from this type of event, including any gaps discovered and corrective actions required are always provided in a final report.
authentication – The process of confirming if the identity and other properties of any entity (person or application) are valid.
authorization – the use of authentication information together with access control lists to verify if the entity (person or application) has permission to perform the function they are requesting.
availability – the assignment of a value to a set of information to indicate how much disruption or outage is considered acceptable to the owner. Often this is expressed or translated into a scale of time. Data with the highest possible availability rating would be required to be ready at all times (no downtime permitted), often through the use of a fully redundant failsafe. The value assigned to availability is used by the owner of an application or service to set the recovery time objective. See also integrity – a different but related term.
B is for Botnet
backdoor –an unofficial method to access software or a device that bypasses the normal authentication requirements.
backup –(i) the process of archiving a copy of something so that it can be restored following a disruption. (ii) having a redundant (secondary) capability to continue a process, service or application if the primary capability is disrupted.
bashdoor – alternative name for the family of security bugs also known as shellshock. See entry for shellshock.
behavior monitoring – a method of surveillance to check for actions or activities that may indicate rogue or undesirable intent.
BGP – see Border Gateway Protocol,
biometrics – the use of physical qualities and attributes as a form of identity authentication. Fingerprint scans, retina scans and facial recognition are all examples of biometric. As fast as new biometric options are created, the means to defeat them often follow. For this reason, biometrics is usually used only as a part of multi-factor authentication.
bitcoin – a decentralized, virtual digital currency and payment system, based on a distributed, public ledger. The currency provides a high degree of transactional anonymity as balances and ledger entries are associated with private cryptographic keys and not with the individual or company that uses it (lose your key, lose your money). This has made it, along with other digital currencies a payment method of choice for illegal transactions, including making and receiving cyber blackmail payments.
black-box penetration testing – is the term used to describe a situation where no advance information about the technical details of a computer program have been made available to those who are checking it for vulnerabilities. They are operating without any inside knowledge, so the term is used to indicate a lack of visibility inside the ‘box’ (program) they are checking.
black hat – a person who engages in attempts to gain unauthorized access to one or more digital devices with nefarious (criminal or unethical) objectives. A hacker with unethical goals, or no perceived ethical goals.
black-listing – (in the context of cybersecurity) adding a specific file type, URL or data packet to a security defense program to prevent it from being directly accessed or used. For example, a website domain can be blocked using firewall rules to ensure that no user can visit that website through usual means.
bleeding edge – Using inventions so new, they have the likelihood to cause damage to their population before they become stable and safe.
blue team – the group of people that assemble during a mock attack by a red team to help defend the digital landscape being targeted.
border gateway protocol (BGP) – is a standard format that different systems on a network can use to share and make decisions on the path (routing) for information.
Bot – is a computer program designed to perform tasks. They are usually simple, small and designed to perform fast, repetitive tasks. Where the purpose of the program is in conflict with the organization, they can be considered to be a form of malware. See also botnet.
bot herder – is a hacker who uses automated techniques to seek vulnerable networks and systems. Their initial goal is to install or find bot programs they can use. Once they have one or more bots in place, they can control these to perform a larger objective of stealing, corrupting and/or disrupting information, assets and services. See also botnet.
bot master – alternative naming convention for a bot herder.
botnet – shortened version of the robotic network. A connected set of programs designed to operate together over a network (including the internet) to achieve specific purposes. The purpose can be good or bad. Some programs of this type are used to help support internet connections, malicious uses include taking over control of some or all of the functions of a computer to support large scale service attacks (see denial of service). Botnets are sometimes referred to as a zombie army.
breach notification procedure – some types of information, when suspected or known to be lost or stolen, are required to be reported to one or more authorities within a defined time period. Usually this is when personal information is involved. The notification time period varies but is often within 24 hours. In addition to reporting the known or suspected loss to the authorities, the lead organization responsible for the information (referred to as the data controller) is also required to swiftly notify any people who are affected and later to submit, to appropriate regulators, a full root cause analysis and information about how they have responded and fixed any issues identified. To meet these legal obligations, larger companies usually have a predefined breach notification procedure to ensure that the timelines are met. The fines for data breaches are usually increased or decreased based on the adequacy of the organizations breach and incident response management.
brute force (attack) – the use of a systematic approach to try to gain unauthorized access. For example, if there is a single password that is only 8 characters long, there are only a finite number of possibilities that can be attempted through an automated attempt of all possible combinations. Computing speeds make brute force attempts to try millions of possibilities easy if other defenses are not present.
bug – a flaw or fault in an application or system. The term originated from very early computers that had huge capacitors that could become defective if physical insects (bugs) were present and shorted the connection.
Business Continuity Plan – (abbreviation BCP) an operational document that describes how an organization can restore their critical products or services to their customers should a substantial event that causes disruption to normal operations occur.
BYOC – acronym for Bring Your Own Cloud. A term used to describe the cybersecurity status where employees or contractors are making direct decisions to make use of externally hosted services to manage, at least some of, their organizations work. If this is taking place without the inclusion of a process to risk assess and control the security features, it can lead to significant risks both to the direct information involved and by potentially opening up other security gaps in the digital landscape.
BYOD – acronym for Bring Your Own Device, indicating that employees and other authorized people can bring some of their own digital devices into the work place to use for some work purposes. Some security people also use this term for ‘Bring Your Own Disaster’ due to the uncontrollable number of security variables that this introduces to any information allowed to flow on to or through personal devices.