All Cybersecurity Terminologies
Controlling who has access to a computer or online service and the information it stores.
Something of value to a person, business or organization.
The process to verify that someone is who they claim to be when they try to access a computer or online service.
To make a copy of data stored on a computer or server to lessen the potential impact of failure or loss.
A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software. The blacklist is a list of specific files known to be malicious or otherwise are unwanted. Any program on the list is prohibited from executing while any other program, whether benign or malicious, is allowed to execute by default.
A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block. The action of dividing a data set into blocks enables the algorithm to encrypt data of any size.
Bring your own device (BYOD)
The authorized use of personally owned mobile devices such as smartphones or tablets in the workplace.
High-speed data transmission system where the communications circuit is shared between multiple users.
An error or mistake in software coding or hardware design or construction. A bug represents a flaw or vulnerability in a system discoverable by attackers and used as point of compromise.
Business continuity management
Preparing for and maintaining continued business operations following disruption or crisis.
Declaration that specified requirements have been met.
An independent organization that provides certification services.
A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier’s account is then debited with the disputed amount.
The unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plain text) by performing the decryption process using the same symmetric encryption algorithm and the key used during the encryption process. (Also known as cryptogram.)
A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.
Delivery of storage or computing services from remote servers online (ie via the internet).
The proper term to refer to an unauthorized attacker of computers, networks and technology instead of the misused term “hacker.” However, this term is not as widely used in the media; thus, the term hacker has become more prominent in-spite of the terms misuse.
A structure and series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised.
Common Vulnerabilities and Exposures (CVE)
An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public. It includes any and all attacks and abuses known for any type of computer system or software product. Often new attacks and exploits are documented in a CVE long before a vendor admits to the issue or releases an update or patch to resolve the concern.
The activity of analyzing and/or searching through data in order to find items of relevance, significance or value. The results of data mining are known as meta-data. Data mining can be a discovery of individual important data items, a summary or overview of numerous data items or a consolidation or clarification of a collection of data items.
A computer or program that provides other computers with access to shared files over a network.
The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event. Data loss occurs when a storage device is lost or stolen. Data leakage occurs when copies of data is possessed by unauthorized entities.
Data Loss Prevention (DLP)
A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data is possessed by unauthorized entities. In both cases, data is accessible to those who should not have access. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking the use of email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data.
Declaration of conformity
Confirmation issued by the supplier of a product that specified requirements have been met.
Distributed Denial Of Service (DDos)
An acronym that stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
Segment of a network where servers accessed by less trusted users are isolated. The name is derived from the term “remilitarized zone”.
The act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears).
The transformation of data to hide its information content.
Communications architecture for wired local area networks based uponIEEE 802.3 standards.
Hardware or software designed to prevent unauthorized access to a computer or network from another computer or network.
The comparison of actual performance against expected or required performance.
Someone who violates computer security for malicious reasons, kudos or personal gain.
The permanent storage medium within a computer used to store programs and data.
A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. It is a false system that is configured to look and function as a production system and is positioned where it would be encountered by an unauthorized entity who is seeking out a connection or attack point. A honeypot may contain false data in order to trick attackers into spending considerable time and effort attacking and exploiting the false system. A honeypot may also be able to discover new attacks or the identity of the attackers.
The process of recognizing a particular user of a computer or online service.
Provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (ie via the internet).
A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloning is often performed in order to hide the birth country or a criminal record of the attacker in order to obtain a job, credit or other secured financial instrument.
A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else.
A declaration issued by an interested party that specified requirements have been met.
Chat conversations between two or more people via typing on computers or portable devices.
Internet service provider (ISP)
Company that provides access to the internet and related services.
Intrusion detection system (IDS)
Program or device used to detect that an attacker is or has attempted unauthorised access to computer resources.
Intrusion prevention system (IPS)
Intrusion detection system that also blocks unauthorized access when detected.
‘Just in time’ manufacturing
Manufacturing to meet an immediate requirement, not in surplus or in advance of need.
A virus or physical device that logs keystrokes to secretly capture private information such as passwords or credit card details.
Communications link between two locations used exclusively by one organization. In modern communications, dedicated bandwidth on a shared link reserved for that user.
A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.
Local area network (LAN)
Communications network linking multiple computers within a defined location such as an office building.
Malware (ie malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data.
Software intended to infiltrate and damage or disable computers. Shortened form of malicious software.
A set of processes used by an organization to meet policies and objectives for that organization.
Device that controls traffic to and from a network.
Open Web Application Center (OWASP)
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.
Obtaining services by using someone else’s resources.
Making false representation that goods or services are those of another business.
A secret series of characters used to authenticate a person’s identity.
Software running on a PC that controls network traffic to and from that computer.
Personal data relating to an identifiable living individual.
Method used by criminals to try to obtain financial or other confidential information (including user names and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization (often a bank). The email usually contains a link to a fake website that looks authentic.
The provision of remote infrastructure allowing the development and deployment of new software applications over the internet.
A small, easily transportable computing device such as a smartphone, laptop or tablet computer.
Server that acts as an intermediary between users and others servers, validating user requests.
Public Key Infrastructure (PKI)
A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication.
A form of malware that holds a victim's data hostage on their computer typically through robust encryption. This is followed by a demand for payment in the form of Bitcoin (an untraceable digital currency) in order to release control of the captured data back to the user.
The recovery of data following computer failure or loss.
Something that could cause an organization not to meet one of its objectives.
The process of identifying, analyzing and evaluating risk.
The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks. Countermeasures, safeguards or security controls are to be selected that may eliminate or reduce risk, assign or transfer risk to others (i.e. outsourcing or buying insurance) or avoid and deter risk. The goal is to reduce risk down to an acceptable or tolerable level.
Device that directs messages within or between networks.
A means of isolating applications, code or entire operating systems in order to perform testing or evaluation. The sandbox limits the actions and resources available to the constrained item. This allows for the isolated item to be used for evaluation while preventing any harm or damage to be caused to the host system or related data or storage devices.
A virus or physical device that logs information sent to a visual display to capture private or personal information.
Something that modifies or reduces one or more security risks.
Security information and event management (SIEM)
Process in which network information is aggregated, sorted and correlated to detect suspicious activities.
Security Operations Center (SOC)
A security operations center is a centralized unit that deals with security issues on an organizational and technical level.
A well-defined boundary within which security controls are enforced.
Computer that provides data or services to other computers over a network.
A mobile phone built on a mobile computing platform that offers more advanced computing ability and connectivity than a standard mobile phone.
The delivery of software applications remotely by a provider over the internet; perhaps through a web interface.
A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include malicious code, malicious hyperlinks or malicious attachments.
A form of social engineering attack that is targeted to victims who have an existing digital relationship with an online entity such as a bank or retail website. A spear phishing message is often an e-mail although there are also text message and VoIP spear phishing attacks as well, which looks exactly like a legitimate communication from a trusted entity. The attack tricks the victim into clicking on a hyperlink to visit a company website only to be re-directed to a false version of the website operated by attackers. The false website will often look and operate similarly to the legitimate site and focus on having the victim provide their logon credentials and potentially other personal identity information such as answers to their security questions, an account number, their social security number, mailing address, email address and/or phone number. The goal of a spear phishing attack is to steal identity information for the purpose of account takeover or identity theft.
Malware that passes information about a computer user’s activities to an external party.
A set of organizations with linked resources and processes involved in the production of a product.
Supervisory Control and Data Acquisition (SCADA)
A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration. SCADA can provide automated control over very large complex systems whether concentrated in a single physical location or spread across long distances.
An ultra-portable, touch screen computer that shares much of the functionality and operating system of smartphones, but generally has greater computing power.
Something that could cause harm to a system or organization.
A person who performs a cyber attack or causes an accident.
A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.
Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.
Two Step Authentication
A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication. This form of authentication requires the visitor provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an e-mail and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN. Two-step is not as secure as two-factor because the system provides one of the factors to the user at the time of logon rather than requiring that the user provide both.
Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system
The short name, usually meaningful in some way, associated with a particular computer user.
The record of a user kept by a computer to control their access to files and programs.
Virtual private network (VPN)
Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.
Malware that is loaded onto a computer and then run without the user’s knowledge or knowledge of its full effects.
A form of phishing attack which takes place over VoIP. In this attack, the attacker uses VoIP systems to be able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity. The victims do not need to be using VoIP themselves in order to be attacked over their phone system by a vishing attack. (See phishing.)
A flaw or weakness that can be used to attack a system or organization.
A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the approved software. Any code that is not on the list, whether benign or malicious, will not be able to execute on the protected system.
Wide area network (WAN)
Communications network linking computers or local area networks across different locations.
Wireless local area network based upon IEEE 802.11standards.
Malware that replicates itself so it can spread to infiltrate other computers.
A term related to the malicious concept of a botnet. The term zombie can be used to refer to the system that is host to the malware agent of the botnet or to the malware agent itself. If the former, the zombie is the system that is blinding performing tasks based on instructions from an external and remote hacker. If the latter, the zombie is the tool that is performing malicious actions such as DoS flooding, SPAM transmission, eavesdropping on VoIP calls or falsifying DNS resolutions as one member of a botnet.