Cybersecurity Glossary

Software that automatically displays or downloads unwanted advertising material when a user is online, potentially posing a security risk.

The practice of identifying unusual patterns or behaviors in network traffic or system activities that may indicate a security threat.

Software designed to detect, protect against, and remove malicious software such as viruses, worms, and trojans.

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period to steal data continuously.

Any data, device, or other component valuable to an organization that must be protected, including hardware, software, and information.

A deliberate attempt to compromise the security of a network, system, or data, often to gain unauthorized access or cause harm.

The total number of points or ways an unauthorized user can try to enter or extract data from an environment.

A record that shows who has accessed a computer system and what operations the user has performed during a given period.

The process of verifying the legitimacy of a user’s or system’s identity, typically through passwords, tokens, or biometric data.

The process that determines the access levels and permissions granted to a user or system, ensuring they can perform only permitted actions.

A copy of data stored separately from the original to protect against data loss, corruption, or disasters, allowing data recovery when needed.

The maximum rate of data transfer across a given path. Bandwidth describes the data transfer capacity of a network or internet connection.

The use of unique physical characteristics, such as fingerprints, retina patterns, or facial recognition, for identifying and authenticating individuals.

A list of entities (such as IP addresses, email addresses, or applications) that are denied access to a system or network based on security policies.

A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, often used to launch distributed denial-of-service (DDoS) attacks.

An incident in which data, networks, or systems are accessed or compromised without authorization, leading to the potential exposure of sensitive information.

A trial-and-error method used by attackers to guess passwords or encryption keys by trying all possible combinations until the correct one is found.

A program that rewards individuals for discovering and reporting software vulnerabilities or security issues to the software owner or developer.

A comprehensive strategy that outlines procedures and instructions to follow before, during, and after a disaster to ensure that critical business functions continue.

A policy allowing employees to bring personal devices, such as smartphones or laptops, to their workplace to access the company’s systems and data, raising specific security challenges.

An organization or entity responsible for issuing and managing digital certificates, which are used to verify the authenticity of entities and encrypt communications in public key infrastructure (PKI).

Data that has been encrypted and is unreadable to anyone without the proper decryption key. It is the opposite of plaintext, which is unencrypted information.

Measures and protocols designed to protect data, applications, and services hosted in cloud environments from threats and breaches.

Infrastructure and protocols used by attackers to communicate with compromised devices within a botnet or malware infestation, often to exfiltrate data or remotely control the infected systems.

Ensuring that information is accessible only to those authorized to have access, maintaining the privacy and security of sensitive data.

Vital systems and assets, both physical and virtual, that are essential for the functioning of a society and economy, such as power grids, water supply, and transportation systems, which require protection from cyber threats.

A type of security vulnerability found in web applications, where attackers inject malicious scripts into otherwise benign and trusted websites, thereby affecting users who visit those websites.

The practice and study of techniques for securing communication and data through the use of codes and ciphers to ensure privacy, integrity, and authenticity.

The practice of protecting systems, networks, and data from digital attacks, theft, damage, or unauthorized access through various technologies, processes, and practices.

Information collected and analyzed about potential or current attacks that threaten an organization’s security to help in preventing or mitigating these threats.

An incident where confidential, sensitive, or protected information is accessed, disclosed, or stolen by an unauthorized individual.

The process of converting plaintext data into ciphertext to prevent unauthorized parties from accessing the information.

A set of strategies and tools designed to prevent sensitive information from being lost, misused, or accessed by unauthorized users.

An attack that aims to make a computer or network resource unavailable to its intended users by overwhelming it with a flood of illegitimate requests.

An electronic document used to prove the ownership of a public key, issued by a Certificate Authority (CA) and used for secure communications.

A documented process or set of procedures designed to recover and protect a business IT infrastructure in the event of a disaster.

A type of cyber attack where multiple compromised systems, often infected with malware, collectively target a single system to cause a denial of service.

A hierarchical system that translates human-readable domain names (like www.example.com) into IP addresses understood by computers.

Unintentional download of malicious software to a user’s computer or device when they visit a compromised website.

The examination of programs by executing them in a controlled environment to observe their behavior and identify potential security vulnerabilities.

The unauthorized interception of private communications, such as phone calls or data transmissions, to gather information.

The process of using algorithms to encode data into an unreadable format to protect it from unauthorized access.

Measures and tools used to protect network endpoints, such as computers, mobile devices, and servers, from cyber threats.

A method of data transmission where information is encrypted on the sender’s side and only decrypted by the recipient, preventing intermediaries from accessing the data.

The practice of legally penetrating systems and networks to identify vulnerabilities and weaknesses, in order to improve security defenses.

A record of events, errors, and other significant occurrences generated by software or hardware, used for troubleshooting and security monitoring.

The unauthorized transfer of data from a computer or network, often performed by cyber criminals to steal sensitive information.

A piece of software, data, or sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior in software, hardware, or something electronic.

A toolkit used by cyber criminals to exploit vulnerabilities within software applications, often used to spread malware.

The state of being subjected to a potential risk or harm due to vulnerabilities in a system’s security posture.

An error in which a security system incorrectly identifies a benign activity or entity as a potential threat or malicious activity.

A type of malicious software that operates without leaving behind traditional file traces, making it harder to detect using conventional antivirus tools.

A network security device or software designed to monitor and control incoming and outgoing network traffic based on predetermined security rules.

Configured parameters in a firewall that define which types of network traffic are allowed or blocked, based on criteria such as IP addresses, protocol types, and ports.

Specialized software programmed into the read-only memory of a hardware device, providing low-level control for the device’s operation.

A type of denial-of-service attack in which the attacker overwhelms the target system with excessive amounts of data or requests, causing it to become unresponsive.

The application of scientific methods and techniques to investigate and establish facts in relation to crimes, including data recovery and analyzing digital evidence in cybersecurity contexts.

A comprehensive set of guidelines, best practices, and standards used to manage cybersecurity risks, such as the NIST Cybersecurity Framework.

Security technology that encrypts all data on a disk drive, ensuring that the data is protected from unauthorized access.

A software testing technique that involves providing invalid, unexpected, or random data inputs to a computer program to identify vulnerabilities and bugs.

A network device that acts as a point of entry and exit for network traffic, often serving as a security checkpoint to filter and manage incoming and outgoing traffic.

European Union regulation that sets guidelines for the collection and processing of personal data of individuals within the EU, enforcing strict data protection measures.

The identification of the geographical location of an individual, device, or network address, often used in various security applications for identifying potential threats.

An encryption software that uses the OpenPGP standard to encrypt and decrypt texts, e-mails, and files, ensuring secure communications and data protection.

Software that is not classified as malicious but can still present risks or be a nuisance, such as adware or spyware.

An integrated approach to managing an organization’s overall governance, risk, and compliance with regulations to ensure effective security and operations.

The process by which malicious actors build a relationship with a target for the purpose of exploiting them, often seen in social engineering and online predatory tactics.

A feature in Windows operating systems that provides centralized management and configuration of operating systems, applications, and users’ settings.

A frequency range within a communication channel allocated to prevent interference between adjacent channels, commonly used in wireless communications and networking.

A deceptive means by which attackers present themselves as legitimate entities to trick users into divulging sensitive information.

An individual who uses technical skills to gain unauthorized access to systems or networks, often to steal data or cause disruptions.

An event where two different inputs produce the same hash value, potentially compromising the security of hash functions used in digital signatures and data integrity checks.

An algorithm that converts an input (or ‘message’) into a fixed-length string of characters, typically a hash code, which is used for ensuring data integrity.

A method of detecting malware based on behavior, rather than signatures, by analyzing patterns and characteristics that may indicate malicious activity.

A security mechanism set up to lure and trap attackers by emulating vulnerable systems, allowing analysts to study attack methods and gather intelligence.

Software installed on individual hosts or devices that monitors and analyzes system behavior for signs of potential intrusions or malicious activity.

An extension of HTTP that uses encryption protocols such as SSL/TLS to secure communications between a user’s browser and the web server.

The role that employees play in an organization’s cybersecurity defense, by being aware and proactive in recognizing and responding to security threats.

A computing environment that integrates private and public cloud services, allowing data and applications to be shared and moved between them securely.

Software that allows multiple virtual machines to run on a single physical host by abstracting the underlying hardware resources, facilitating virtualization.

A framework of policies and technologies for ensuring that the right individuals have appropriate access to technology resources.

A structured approach to handling and managing the aftermath of a security breach or cyberattack, with the objective of minimizing damage and recovering as quickly as possible.

The practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording, or destruction of information.

The process of ensuring that a program operates on clean, correct, and useful data by validating input received from users or other sources.

A security risk that originates from within the organization, often involving employees, former employees, contractors, or business associates who have inside information.

The assurance that data is accurate, consistent, and protected from unauthorized modifications, thus maintaining its trustworthiness and reliability.

A security system that monitors network or system activities for malicious actions or policy violations and reports them to the management system.

A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.

A technique used by attackers to send messages from a false IP address to deceive the recipient about the source of the message.

An information security management standard for creating, implementing, maintaining, and improving an organization’s information security management system (ISMS).

The process of removing software restrictions imposed by the manufacturer on Apple devices running the iOS operating system, allowing the installation of unauthorized software.

A type of Denial-of-Service (DoS) attack in which the attacker disrupts or jams wireless communications by sending out interference signals.

Malicious code written in JavaScript that can be embedded within web pages to exploit vulnerabilities and compromise systems when users visit the page.

The variability in packet arrival times in a network, which can be exploited to degrade the quality of real-time communications and services, such as VoIP.

A security policy that involves rotating employees through different roles to reduce risk of fraud, improve detection of malicious activities, and promote cross-training.

A compact and self-contained way to securely transmit information between parties as a JSON object, commonly used for authentication and information exchange in web applications.

A standard for testing and debugging integrated circuits and embedded systems, often used in security analysis to identify vulnerabilities.

A type of cyberattack in which a compromised USB charging station is used to infect devices with malware or steal data when they are plugged in for charging.

A secure server used as an intermediary for accessing and managing devices in a different security zone, designed to provide an additional layer of security.

A security approach that grants users temporary access to systems or data only when it is needed to perform a specific task, reducing potential attack vectors.

A network authentication protocol designed to provide secure authentication for user identity over non-secure network environments using secret-key cryptography.

The core component of an operating system, managing system resources and communication between hardware and software, often a target for attacks due to its critical role.

A component of the Kerberos authentication protocol that issues ticket-granting tickets (TGT) and service tickets to users and services, facilitating secure authentication within a network.

A type of surveillance software or hardware device that records every keystroke made on a computer’s keyboard, often used to steal sensitive information like passwords and credit card numbers.

The processes and techniques used for generating, distributing, and storing cryptographic keys, ensuring their secure use in encryption and decryption.

A biometric authentication method that recognizes and measures the unique patterns of typing behavior for verification of a user’s identity.

A model used to describe the stages of a cyberattack, from initial reconnaissance to the final objective, helping in the development of defensive strategies.

An open-source wireless network detector, sniffer, and intrusion detection system that is commonly used for network monitoring and security assessments.

A centralized repository of information and data that can include security policies, procedures, and threat intelligence used to support decision-making and problem-solving in cybersecurity.

Metrics used to evaluate the effectiveness and success of an organization’s security measures and processes in achieving its cybersecurity goals.

A network that connects computers and devices within a limited area, such as a home, school, or office building, allowing them to communicate and share resources.

A protocol used for accessing and managing directory information services over an IP network, commonly used for user authentication and storage of user details.

A security principle that restricts users to the minimum level of access—or privileges—needed to perform their job functions, reducing the risk of unauthorized access.

The stages through which a system or product progresses, from initial design and development to deployment, operation, maintenance, and eventual retirement, emphasizing the importance of security at each stage.

A device or software that distributes network or application traffic across multiple servers to ensure no single server becomes overwhelmed, improving performance and reliability.

The process of reviewing and interpreting log data to identify unusual actions and detect security incidents or operational issues within an IT environment.

Malicious code that is embedded into a legitimate program and triggers a harmful action when certain conditions are met, such as a specific date or event.

The process of collecting, storing, analyzing, and archiving log data generated by network devices, applications, and security solutions to monitor and respond to security incidents.

Vulnerabilities or weaknesses in a system that are easy for attackers to exploit due to lack of sufficient protective measures, often targeted first in cyberattacks.

A powerful, efficient, lightweight, and embeddable scripting language often used for configuration, scripting, and automation in cybersecurity tools and applications.

A type of virus written in a macro programming language, often embedded within documents or spreadsheets, and activated when the document is opened.

The use of online advertising to distribute malware, where malicious code is hidden within ads to infect users when viewed or clicked.

A cyberattack where the attacker secretly intercepts and potentially alters the communication between two parties who believe they are directly communicating with each other.

Software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, worms, trojans, and ransomware.

Quantitative measures used to assess and track the effectiveness, performance, and progress of security controls and practices within an organization.

Efforts and strategies implemented to reduce or eliminate the risk of cyber threats, minimizing their impact on systems and data.

Software solutions that allow organizations to manage and secure their employees’ mobile devices, ensuring compliance with security policies.

The continuous observation and analysis of network traffic and system activities to detect and respond to security threats in real-time.

A security mechanism that requires multiple forms of evidence or factors (such as passwords, tokens, or biometrics) to verify a user’s identity.

A security process where both parties in a communication session verify each other’s identity to establish trust before exchanging information.

A security principle where access to sensitive information is restricted to individuals who must know it to perform their job duties.

Security measures and protocols that control access to network resources by enforcing policies, ensuring that only authorized devices and users can connect.

A system that monitors network traffic for suspicious activity and potential threats, generating alerts for further investigation.

The practice of dividing a network into smaller, isolated segments to improve security and reduce the impact of a potential breach.

Measures and practices designed to protect the integrity, confidentiality, and availability of computer networks and data from cyber threats.

The process of intercepting, collecting, and examining network traffic to identify patterns, anomalies, and security threats.

An advanced firewall that provides integrated network security features, such as intrusion prevention, deep packet inspection, and application awareness.

A U.S. federal agency that develops and promotes cybersecurity standards, guidelines, and best practices for improving information security.

A random or pseudo-random value that is used only once in cryptographic communication to prevent replay attacks.

Ensuring that a party in a digital communication cannot deny the authenticity of their signature on a document or the sending of a message, providing proof of origin.

An open standard for authorization that allows third-party services to exchange user information, granting limited access to resources without sharing credentials.

Techniques used to make code, messages, or data difficult to understand or reverse-engineer, often employed to protect sensitive information in software.

The process of integrating and configuring new devices, users, or applications into an organization’s network, ensuring compliance with security policies.

A password that is valid for only one login session or transaction, providing an additional layer of security over static passwords.

A protocol used to verify the validity of a digital certificate in real-time, allowing systems to check for revoked certificates.

The practice of collecting and analyzing publicly available information from various sources to support cybersecurity efforts and threat intelligence.

A process that identifies critical information and implements controls to protect against the collection and exploitation of this information by adversaries.

A conceptual framework used to understand and implement network protocols in seven layers, each layer serving specific functions for data communication.

An additional authentication method that uses a separate communication channel to verify a user’s identity, enhancing security by reducing reliance on a single channel.

The use of software or hardware to capture and analyze data packets traveling over a network, often used for monitoring and troubleshooting but also for malicious activities.

A set of rules and guidelines established by an organization to create and manage secure passwords, ensuring they are strong and regularly updated to reduce the likelihood of unauthorized access.

The process of identifying, acquiring, testing, and deploying software updates or patches to address security vulnerabilities and improve system performance.

A simulated cyberattack conducted by security professionals to identify and exploit vulnerabilities in systems, applications, or networks.

A social engineering technique where attackers deceive individuals into providing sensitive information, such as passwords or credit card numbers, by pretending to be a trustworthy entity.

Malicious software that changes its code or appearance with each infection to avoid detection by signature-based antivirus software.

An analysis conducted to assess the impact of a new or existing project, system, or process on the privacy of individuals, identifying potential risks and mitigation strategies.

A framework of policies, procedures, and technologies that manage digital certificates and public-key encryption to secure communications.

A type of phishing attack that uses QR codes to redirect victims to malicious websites, where they are tricked into providing sensitive information.

An advanced form of encryption that leverages the principles of quantum mechanics to create theoretically unbreakable codes, providing a high level of data security.

The process of isolating files or software suspected to be malicious to prevent them from causing harm to the system or spreading infections.

Malicious software that encrypts the victim’s data and demands payment for the decryption key, effectively holding the data hostage until the ransom is paid.

The maximum acceptable amount of time that an organization can tolerate for the recovery of systems and data after a disruption or disaster.

A group of security professionals who simulate cyberattacks to test the effectiveness of an organization’s security measures and identify potential vulnerabilities.

A type of malware that allows an attacker to gain unauthorized remote control over an infected computer, often used for espionage or data theft.

A type of cyberattack where previously intercepted data transmissions are maliciously repeated or delayed, often to gain unauthorized access.

The act of denying participation in or responsibility for a digital communication or transaction, often countered by methods that ensure non-repudiation.

The amount of risk that remains after security measures and controls have been implemented to mitigate potential threats.

The process of identifying, analyzing, and evaluating risks to an organization’s information assets, helping to develop strategies for mitigating those risks.

A method of regulating access to a system or network based on the roles of individual users, ensuring that only authorized personnel can access specific resources.

A collection of malicious software tools that enable an attacker to gain and maintain privileged access to a computer while hiding their activities from detection.

A security mechanism that isolates programs or code execution in a controlled environment to prevent them from affecting the system or network.

A cryptographic protocol that provides secure communications over a computer network, often used for securing web transactions and data transfers.

A comprehensive solution that combines real-time monitoring, correlation of events, and logging of security data to detect, analyze, and respond to security incidents.

A physical or digital device used to authenticate a user’s identity and grant access to a system or network, enhancing security by providing a second layer of verification.

A formal contract between a service provider and a client that defines the performance and quality metrics the provider must meet, including security commitments.

A cyberattack where an attacker takes control of a user’s session by stealing or recreating the session ID, gaining unauthorized access to the user’s information.

The manipulation of individuals into divulging confidential information or performing actions that compromise security, often through deception or psychological tactics.

A code injection technique where attackers insert malicious SQL statements into an input field to manipulate a database and gain unauthorized access to data.

Malicious software that secretly monitors and collects information about a user’s activities without their knowledge, often used for identity theft or corporate espionage.

An encryption method where the same key is used for both encrypting and decrypting the data, requiring secure key management for both sender and receiver.

The process of intercepting and examining messages to deduce information from patterns in communication, often used for both network management and cyber espionage.

A cryptographic protocol designed to provide secure communication over a computer network, succeeding SSL with enhanced security features.

An individual, group, or entity that conducts malicious activities targeting an organization’s assets, ranging from cybercriminals to nation-state attackers.

Information about potential or current threats gathered from various sources, used to help organizations protect against, detect, and respond to cyberattacks.

A structured representation of potential threats to a system, used to understand an organization’s security posture and identify areas for improvement.

The process of substituting sensitive data with a non-sensitive equivalent (a token) that has no exploitable meaning or value outside of its mapping system, commonly used to protect payment card data and personally identifiable information.

Malicious software that disguises itself as legitimate software, tricking users into installing it and thereby giving attackers access to the system.

A specialized chip on a device that provides hardware-based security functions, such as secure key storage and authentication.

An authentication method that requires two different types of evidence, such as a password and a physical token, to verify a user’s identity.

A type of cyberattack where attackers create malicious websites with URLs similar to legitimate ones, exploiting typographical errors made by users.

The act of gaining access to a network, system, or data without permission, often through cyberattacks or exploiting vulnerabilities.

A comprehensive approach to security management that combines multiple security functions, such as firewall, VPN, antivirus, and intrusion detection, into a single device.

A device that provides emergency power to electronic systems in the event of a power outage, helping to prevent data loss and system damage.

The process of managing the deployment of software updates or patches to ensure systems are up-to-date and protected against known vulnerabilities.

A security measure that blocks or allows access to specific websites based on URL analysis, helping to prevent access to malicious or inappropriate content.

The ease with which users can effectively and efficiently interact with security systems and software, balancing security with user convenience.

Measures and protocols implemented to protect against threats associated with USB devices, such as malware transmission and unauthorized data transfer.

Technology that uses machine learning and algorithms to detect unusual behavior by users or entities within a network, identifying potential security threats.

The process of verifying the identity of a user by requiring credentials such as passwords, tokens, or biometrics before granting access.

Permissions granted to users that determine what actions they can perform within a system or network, often managed through access control policies.

The process of determining the value or worth of an asset, often used in the context of information assets to assess their importance and the impact of potential threats.

The process of identifying, assessing, and mitigating risks associated with third-party vendors that have access to an organization’s information systems or data.

A security feature that ensures a device boots using only software that is trusted by the device manufacturer, protecting against malicious code execution during startup.

A technology that creates a secure and encrypted connection over a less secure network, such as the internet, ensuring privacy and protection of data transmissions.

A software-based firewall that protects virtual environments by controlling traffic between virtual machines and the external network.

A technology that allows multiple operating systems and applications to run on a single physical machine by creating virtual versions of resources.

A type of malicious software that can replicate itself and spread to other computers, often causing harm by corrupting or destroying data.

A type of phishing attack conducted through voice communication, where attackers impersonate legitimate entities to steal sensitive information from victims.

A weakness or flaw in a system, application, or network that can be exploited by attackers to gain unauthorized access or cause damage.

A systematic evaluation process to identify, quantify, and prioritize vulnerabilities in a system, application, or network.

A targeted cyberattack where attackers infect websites frequently visited by their intended victims, with the goal of compromising users who access those sites.

A linear and sequential software development methodology emphasizing clear phases and milestones, often used in contexts requiring strict documentation and control.

Electronic devices worn on the body that can collect, store, and transmit data, posing new security challenges and risks, especially in integrating with other systems.

A security solution that monitors, filters, and blocks HTTP/HTTPS requests to and from a web application to protect against attacks like SQL injection and cross-site scripting.

A type of phishing attack that targets high-profile executives or important individuals within an organization to steal sensitive information or gain access to privileged systems.

A list of approved entities, such as IP addresses or applications, that are granted access to a system, network, or service, blocking everything not on the list.

Technology that allows devices to connect to a network wirelessly using radio waves, often secured with encryption protocols to protect data.

A security protocol designed to secure wireless networks by providing strong encryption and authentication, improving upon the older WEP standard.

A system that monitors wireless network traffic for suspicious activity and unauthorized devices, helping to detect and respond to wireless network threats.

A type of malware that self-replicates and spreads without the need for a host file, often exploiting network vulnerabilities to infect multiple systems.

A standard format for public key certificates used in various internet protocols, providing a framework for digital signatures and public key infrastructure (PKI).

An open-source hypervisor that allows multiple operating systems to run on a single physical machine simultaneously, supporting server virtualization and cloud computing.

The process of encrypting XML data to protect its confidentiality, ensuring that only authorized parties can access the information.

A simple encryption technique that uses the XOR (exclusive OR) logical operation to mix plaintext with a key, often used for basic obfuscation.

A security vulnerability found in web applications where attackers inject malicious scripts into web pages viewed by others, leading to potential data theft or user impersonation.

A set of rules used to identify and classify malware samples by their patterns and characteristics, aiding in threat detection and malware analysis.

A computer bug related to the formatting and storage of calendar data, which caused widespread concern that systems would fail at the turn of the millennium.

Security professionals who focus on developing and deploying security tools and automation to assist both offensive (Red Team) and defensive (Blue Team) operations.

In the context of cybersecurity, it often refers to the effectiveness or success rate of a particular security control or measure in mitigating threats.

A hardware authentication device used for two-factor and multi-factor authentication, providing an extra layer of security through physical possession.

A cyberattack that targets a newly discovered vulnerability before the software vendor has released a patch to fix it, often highly effective due to the lack of defenses.

The process of securely erasing data from storage devices or memory to prevent unauthorized recovery, often used in cryptographic contexts to clear sensitive keys.

A security model based on the principle of always verifying and never trusting, assuming that threats can come from both outside and inside the network, and enforcing strict access controls.

A computer that has been compromised by malware and is being controlled remotely by an attacker, often part of a botnet used for malicious activities such as DDoS attacks.

A type of firewall configuration that segments the network into different zones, each with its own set of security policies, to control traffic and enhance security.