Your definitive guide for understanding common Cybersecurity terms, acronyms, and terminology employed in this rapidly evolving field. Navigating through this glossary will enable you to grasp the essential concepts of cybersecurity, demystifying the language of experts, and empowering you to protect your digital assets more effectively.
A security technique used to restrict unauthorized access to resources in a computer system, network, or application. It ensures that only authorized users, systems, or devices are granted access to sensitive information or resources based on predefined security policies and rules. Access control can be implemented through a variety of methods, including passwords, biometric authentication, tokens, or smart cards. The goal of access control is to protect confidential information and maintain the integrity, availability, and accountability of resources.
Advanced Persistent Threat (APT)
A type of targeted cyber-attack in which an attacker gains unauthorized access to a network or system and remains undetected for an extended period of time with the goal of stealing sensitive information or data. APTs are typically carried out by state-sponsored hackers, criminal organizations, or other highly motivated and well-funded groups. APTs often involve a combination of social engineering, malware, and other hacking techniques to gain access to the target system, maintain persistence, and evade detection. The goal of an APT is not to cause immediate damage or disruption, but to quietly gather information over time. As a result, APTs can be particularly dangerous and difficult to detect and defend against.
Software designed to prevent, detect, and remove malicious software (malware) from a computer system. Anti-virus software scans a computer’s files, memory, and other storage locations for known patterns of malware and alerts the user when it finds a threat. Anti-virus software typically includes regular updates to its malware definition database to provide protection against new and emerging threats. It can also incorporate other security features, such as firewall protection and email filtering, to provide comprehensive security for a computer system. Anti-virus software is an important component of overall cybersecurity strategy and is widely used by individuals, organizations, and governments to protect against malware infections.
Application Program Interface (API)
A set of protocols, routines, and tools for building software and applications. An API defines the way that different software components should interact, allowing for communication between systems and providing a way for one software application to access the features or data of another. APIs can be used to allow different software programs to communicate with each other and share data, or to allow third-party developers to access and utilize certain functionality in a software application. APIs can be open, meaning that anyone can access and use them, or they can be restricted to specific users or groups. They play a key role in enabling integration and automation, and are commonly used in web development, mobile apps, and cloud computing.
Any resource or component of a system or network that has value to an organization. Assets can include hardware, software, data, and even people. Assets can also be classified into different types, such as confidential information, critical infrastructure, and sensitive systems. The identification and protection of assets is a crucial part of an organization’s cybersecurity strategy, as they are often targeted by attackers seeking to steal or compromise valuable information or disrupt operations. By properly classifying and securing assets, organizations can help reduce their risk of successful cyber attacks and protect their valuable resources.
Attack Surface Management (ASM)
A cybersecurity practice that involves reducing the exposure of a system or network to potential security threats. This is achieved by reducing the number of entry points, or attack vectors, that an attacker could use to gain unauthorized access to a system or network. The goal of Attack Surface Management is to minimize the attack surface, making it more difficult for attackers to find and exploit vulnerabilities in a system or network. ASM can include activities such as reducing the number of open ports, disabling unused services and features, applying security patches, and implementing security controls like firewalls and intrusion detection systems. By reducing the attack surface, organizations can reduce their risk of successful cyber attacks and better protect their valuable assets and data. ASM is an important part of a comprehensive cybersecurity strategy and is typically integrated with other security practices, such as threat intelligence, vulnerability management, and incident response.
The process of verifying the identity of a user, system, or device to grant access to a network, system, application, or resource. Authentication is often based on the use of one or more authentication factors, such as something the user knows (such as a password), something the user has (such as a security token), or something the user is (such as a fingerprint). The specific authentication factors required for access to a particular resource are typically determined by security policies and may vary depending on the sensitivity of the information being protected. The goal of authentication is to prevent unauthorized access to resources and to ensure that only authorized individuals or entities are able to access sensitive information. Authentication is a crucial component of overall cybersecurity and is used to implement access control, ensuring that only authorized users are granted access to the resources they need to perform their jobs.
The process of granting or denying access to a network, system, application, or resource based on a user’s identity and permissions. After a user has been successfully authenticated, authorization is used to determine what actions the user is permitted to perform, such as viewing data, modifying data, or executing specific functions. Authorization is typically based on predefined security policies, which determine what access a user has to resources based on their role, job function, or other characteristics. This can include granting access to specific files or folders, applications, or network services, and can be implemented through the use of access control lists, role-based access controls, or other security mechanisms. The goal of authorization is to ensure that users have the minimum necessary access to perform their jobs, reducing the risk of unauthorized access and misuse of sensitive information.
In cybersecurity, a “Backdoor” refers to a hidden or covert method of bypassing normal authentication and security mechanisms in a computer system, network, or software application. It is a secret entry point deliberately inserted by developers or attackers to gain unauthorized access or control over the system without being detected. Backdoors can be introduced for legitimate purposes, such as providing a means for system administrators to access a system in case of emergencies or to facilitate debugging and troubleshooting processes. However, the concern arises when unauthorized individuals or malicious actors exploit backdoors to gain access to systems for nefarious purposes, such as data theft, espionage, or conducting cyber attacks.
The process of observing, tracking, and analyzing individual or group behaviors and actions to identify patterns, detect deviations from normal behavior, and assess their impact. This can be used in various contexts, such as security and safety, workplace management, mental health, or education, with the goal of improving outcomes and addressing issues.
A list of entities (e.g. IP addresses, domains, file hashes) that are known to be associated with malicious activity and are therefore blocked from accessing a system or network. The purpose of a blacklist is to prevent malware, phishing attempts, and other types of cyber-attacks from being successful by denying access to known security threats.
A collection of compromised computers or devices (referred to as “bots”) that are controlled by a single entity (referred to as the “botmaster”) and used to carry out malicious activities such as launching DDoS attacks, sending spam, stealing personal data, and more.
A programming error or a defect in software or hardware that can cause unintended behavior or security vulnerabilities. These bugs can be exploited by attackers to gain unauthorized access to systems, steal sensitive data, or launch malicious attacks. Bugs can also cause software crashes or other malfunctions, affecting the normal functioning.
Chief Information Security Officer (CISO)
A senior-level executive responsible for the overall security posture of an organization. The CISO is responsible for developing and implementing security strategies and policies, protecting the organization’s information assets and infrastructure, and ensuring compliance with regulatory requirements. The CISO also oversees incident response efforts and works closely with other executives and departments to ensure the security of the organization’s technology systems and data.
A type of malicious technique used to trick a user into clicking on a seemingly innocuous element on a web page, such as a button or a link, that actually performs an unintended action, such as downloading malware, visiting a phishing site, or disclosing sensitive information. This is achieved by overlaying the target element with another element, such as an invisible frame, that captures the user’s clicks. Clickjacking attacks can be used to bypass security measures and exploit vulnerabilities in web applications and browsers.
Cloud Network Defense (CND)
The security measures and strategies used to protect cloud-based systems and data from malicious actors and cyber threats. It involves implementing a range of security technologies and best practices to secure the cloud infrastructure, monitor network traffic, detect and respond to security incidents, and ensure data privacy and regulatory compliance. Cloud network defense also involves regular risk assessments, vulnerability scans, and penetration testing to identify and address potential security weaknesses. The goal of cloud network defense is to provide a secure and reliable computing environment for organizations that rely on cloud-based resources for their business operations.
Command & Control (C2)
In cybersecurity, “Command and Control” (C2) refers to a centralized infrastructure and communication system used by cyber attackers to manage and control compromised computers or devices within a botnet or a network of compromised systems. The term is commonly used in the context of advanced cyber attacks and malware operations. When a cyber attacker successfully infects a computer or device with malicious software, such as a botnet or remote access Trojan (RAT), they establish a connection between the compromised system and the C2 server. This connection allows the attacker to send commands and receive data from the infected devices, effectively controlling them remotely.
Common Vulnerabilities & Exposure (CVE)
A standardized list of entries, each containing an identification number, a description, and other relevant information about publicly known cybersecurity vulnerabilities. The CVE list is maintained by the MITRE Corporation, a non-profit organization that provides systems engineering and technical guidance to the U.S. government, and is used by organizations and individuals worldwide to track and manage security vulnerabilities in their systems. The information in the CVE list is intended to be used by cybersecurity professionals to assess the risk posed by known vulnerabilities, prioritize remediation efforts, and monitor the effectiveness of security measures.
A person who engages in malicious activities, such as unauthorized access to systems, stealing sensitive data, or disrupting services, with the intention of causing harm to individuals or organizations. The term is often used interchangeably with the term “hacker,” but it is generally considered to be a more negative connotation, as it implies malicious intent. Crackers often use various techniques, such as exploiting vulnerabilities, using social engineering tactics, or writing malware, to gain unauthorized access to systems and carry out their attacks. The term is also sometimes used to refer to individuals who engage in software cracking, or the illegal removal of software protection mechanisms.
The systems and assets, whether physical or virtual, that are essential to the functioning of a society and its economy, and that are at risk of being disrupted or damaged by cyber-attacks. These systems and assets include, but are not limited to, power plants and distribution systems, telecommunications networks, financial systems, transportation networks, and healthcare systems. Protecting critical infrastructure from cyber threats is important because the disruption of these systems and assets can have a significant impact on national security, public health and safety, or the economic well-being of a country. Cybersecurity for critical infrastructure involves implementing a range of security measures, such as risk assessments, vulnerability scans, penetration testing, incident response planning, and cyber security awareness training, to ensure the resilience of these systems and assets in the face of cyber threats.
The practice of using mathematical algorithms and protocols to secure information and protect it from unauthorized access or manipulation. Cryptography is used to secure communication and transactions, to protect data in storage, and to ensure the authenticity and integrity of digital information. Cryptography includes a variety of techniques, such as encryption, which is used to convert plaintext into an unreadable ciphertext, and digital signatures, which are used to verify the authenticity and integrity of digital information. Cryptography also involves the use of cryptographic keys, which are used to encrypt and decrypt information, and public key infrastructure (PKI), which is used to manage digital certificates and the distribution of public keys. The goal of cryptography is to provide confidentiality, authenticity, integrity, and nonrepudiation to electronic communications and transactions, and to ensure the security of sensitive information in a digital world.
A highly interconnected virtual environment populated with digital entities. A cyber ecosystem is comprised of technologies and tools, programs, processes, data sources and storage, services of different types, compatible devices and users which interact with each other in order to maximize efficiency, collaboration and productivity. This unified framework allows for secure interconnection of networks regardless of the operational differences between them and fosters an atmosphere in which all components can work together as part of a larger whole. Cyber Ecosystems create virtual feedback loops that allow organizations to learn from their analytics in order to develop better strategies for their future business activities. Cyber Ecosystems empower businesses to connect with customers globally so they can exchange goods and services at scale quickly and securely.
A form of malicious digital attack; it targets computers, networks, and other internet-connected systems. These attacks can come in many forms such as malware, ransomware, distributed denial of service (DDoS) attacks, phishing emails, and more. Cyberattacks usually achieve their goals through the exploitation of vulnerabilities within a system or network. They are becoming increasingly prevalent in our everyday lives as criminals focus their attention on stealing sensitive data and exploiting information security flaws. If a cyberattack is successful, hackers could gain access to the victim’s personal files, bank accounts and private information. It is important to protect yourself against cybercriminal activities by installing reputable security software on your devices and staying informed about the latest threats.
A security incident in which sensitive, confidential or protected data is accessed and/or disclosed without proper authorization. Data breaches can be extremely harmful, as the data that has been accessed could include private information such as credit card numbers, banking details, health records, and even confidential business information. The amount of damage that a data breach can cause to an individual or organization depends on the type of data that was leaked and how it was handled after being exposed. Preventing data breaches should be an ongoing priority for any business storing sensitive information as the effects can be devastating.
An important security measure in the world of computing and digital networks. It ensures that data remains accurate, trustworthy and reliable by ensuring that its completeness and authenticity are kept intact as it travels through various disks, networks, and applications. Data Integrity comes in many forms; authorization, data governance, secure backups, identity management and encryption standards — all offering additional layers of protection to keep malicious forces from altering or tampering with sensitive information or software systems. It is a critically important tool for both businesses and individuals alike, as it helps ensure the accuracy of information spread throughout their systems, preventing issues of fraud or identity theft. Therefore, Data Integrity plays a key role in maintaining safe digital operations across a variety of platforms.
Data Loss Prevention (DLP)
An important concept in information technology and network security. It involves monitoring, detection, and preventing sensitive data from leaving the organization’s networks either intentionally or unintentionally. It is important to understand the role of DLP as it enables organizations to protect confidential customer, financial, employee, or any other type of information vital to their success. DLP safeguards businesses against a wide range of threats such as malicious insiders, targeted attacks, lost laptops and mobile devices, nonmalicious user mistakes, inadvertent data leaks on social networks, and more. Utilizing a combination of policies and technologies along with user training can help organizations achieve effective DLP success.
A powerful tool that uses computer technology to identify patterns in large sets of data. It makes sense of the vast amounts of evolving data and helps organizations discover useful insights that can be used to their advantage. By collecting, storing and analyzing data, Data Mining helps companies gain a better understanding of their customers, detect any fraudulent activity and improve decision making. With this technology, businesses can develop marketing strategies, refine operations and track customer behavior to provide better service. As it creates new possibilities for innovation, Data Mining will continue to redefine the way organizations operate in the modern world.
The unauthorized extraction of sensitive data. It can include accessing confidential client and company files, stealing proprietary information such as trade secrets, or stealing personal identities for financial gain. Data theft is a major privacy concern for individuals and businesses, especially since cybercriminals often use sophisticated methods to access large amounts of data at once and then store it in cloud storage or on remote computers. While data breach notification laws have been implemented to inform those affected when sensitive data has been stolen, prevention is still the best approach to truly protect yourself and your business from falling victim to data theft.
The process of transforming encrypted, or coded, data into its original form. It involves decoding the ciphertext—the character string that was hidden from the original message by encryption algorithms—with a key and algorithm. Decryption is commonly used to secure confidential information, such as banking account details or login credentials for websites. Many encryption methods are complex and may require a combination of keys, passwords, special phrases or even physical tokens such as card readers to access an encrypted file. Fortunately, decrypting can also be done with widely available computer programs. Regardless of complexity, decrypting enables users to keep important data safe while still being able to access it when necessary.
Denial of Service (DoS)
A malicious act employed by cybercriminals to overwhelm a system, network, or website with fraudulent data traffic and make it inaccessible to legitimate users. It does so by flooding the target address with fake requests from numerous compromised devices to overload its capacity to handle that traffic. Potentially, this can cause a devastating effect on businesses who rely on their systems or websites as sources of information, communication and income. Such attacks can also be used to crash programs or corrupt files, costing victims both time and money for repairs and other recovery efforts.
An electronic document that binds the identity of an individual or website to a public key and serves as a form of authentication. It is issued by a trusted third party such as a certificate authority and contains information about the holder, such as name, address, email address, serial number, and other relevant data. Digital Certificates are used for secure communications over networks including the internet. A digital certificate ensures that the connection is secure between two entities by establishing verification between both parties and protecting data from unauthorized access. They are becoming increasingly popular nowadays due to their added layer of protection when dealing with sensitive information or carried out commercial transactions online.
A branch of forensic science that deals with information stored digitally. It’s used for retrieving, collecting, and analyzing evidence from digital devices such as computers and mobile phones. Digital forensics aids in criminal investigations to uncover communications, locations visited, activity histories, as well as recovering data that has been intentionally or unintentionally deleted. The findings from the analysis can be presented as facts to help convict criminals or in civil cases, provide justification for the opposing party. Thus, digital forensics is an essential component when it comes to conquering cybercrimes both big and small.
Distributed Denial of Service (DDoS) Attack
A malicious attempt to disrupt the normal operations of a server or network by overwhelming it with a large amount of incoming traffic. In most cases, this traffic originates from multiple sources, making it difficult to identify and protect against. The goal of these attacks is usually to prevent an online service or application from responding to legitimate requests, thus disrupting the availability or performance of websites or web-based services. Typically, DDoS attackers target resources such as web servers, cloud instances, and databases, as well as networking infrastructure such as routers and DNS servers. These attacks are often used for malicious purposes such as financial fraud and data theft; however, others send DDoS traffic simply to cause disruption for personal gain.
An automated means of downloading malware, usually without the user’s knowledge or consent. The malicious code is typically delivered via a malicious or compromised website, or through spam emails or phishing messages. The program can install itself onto a computer system by taking advantage of unpatched software and/or security vulnerabilities. Once infected, a computer may experience various forms of disruption, including being locked out, having programs deleted, and illegal data gathered. It is important for individuals to protect their computers by keeping their operating systems and software up to date with the latest security patches.
The process of translating information from one form to another. It can be used for virtually any type of data, from text messages and videos to music files. By encoding content, it makes it easier for computers to understand and for humans to interpret. In addition, this versatility allows a wide range of applications across many different fields including artificial intelligence, communications networks, biology, security systems, and cryptography. In essence, encoding helps capture the essence of data in a more efficient way than if it were presented in its raw format.
The process of encoding data with the intention of making it unreadable to unauthorized viewers. The data is first converted into a ciphertext, which is a scrambled version of its original form, before being securely stored or transmitted over a public or private network. Encryption is crucial in keeping sensitive information protected as it ensures that only those with the correct encryption keys can access the data and make sense of it. Without encryption, important information is vulnerable to interception and exploitation by malicious parties.
A complex piece of data that helps to secure and protect shared information. When two entities need to communicate securely, the encryption key helps them to both establish a secure connection with each other and then encode the data being passed between them. An encryption key is typically composed of a series of numbers, letters, and symbols that are used as codes in order to ensure the two involved parties maintain privacy during their communications with one another. Generally, strong encryptions keys are longer and much more difficult for hackers or third parties to decipher without the knowledge of both parties involved in the conversation. Without an encryption key, most digital communications would remain highly vulnerable to theft or manipulation.
Endpoint Detection & Response (EDR)
A relatively new technology that provides organizations with an extra layer of protection against cyber threats. It enables companies to detect any suspicious or unauthorized activities on their networks in real-time and respond quickly to mitigate the threat. The endpoint agents use advanced analytics and behavioral monitoring to detect malicious behavior on endpoints, such as servers, internet-of-things (IoT) devices, and employee workstations. This allows organizations to identify potential infections before they can cause widespread damage. EDR not only helps contain current threats, but also provides insight into where certain attacks originated so that preventative measures can be put in place to protect against similar ones in the future.
Extended Detection & Response (XDR)
A security solution that integrates multiple security technologies and services to provide a comprehensive view of an organization’s security posture. XDR combines threat detection, response, and remediation capabilities from multiple security tools and services. The goal of XDR is to provide a unified approach to security that enables organizations to detect, investigate, and respond to security threats across their entire environment. XDR solutions use advanced algorithms, machine learning, and artificial intelligence to analyze security data from multiple sources, identify potential threats, and prioritize response actions. This allows organizations to respond to security incidents more quickly and effectively, reducing the risk of data breaches and other security incidents. XDR solutions are designed to provide organizations with a unified and proactive approach to security, enabling them to better protect their systems and data from cyber threats.
External Attack Surface Management (EASM)
The process of taking inventory of an organization’s attack surface from an external perspective. It includes managing and monitoring web applications, web services, APIs, cloud resources, and any other technology that is connected to the internet or used in remote communication. External Attack Surface Management requires a comprehensive understanding of the organization’s digital assets in order to identify potential security vulnerabilities that could be exploited by malicious actors. Subsequently, it allows organizations to reduce risks associated with using unapproved or out-of-date tools and applications while also minimizing their exposure to cyber threats. Thus, through External Attack Surface Management, organizations can ensure they are properly safeguarding their critical data and systems.
A form of security system designed to protect private networks, such as those used in an office or home. By using software and hardware devices, firewalls monitor traffic going in and out of the network to identify malicious content and block it before it can cause damage. They also act as a barrier between private networks and the public internet, allowing only authorized access through authentication. Firewalls have become an essential tool for protecting sensitive data from cyber-attacks as well as any other unauthorized access.
An individual who utilizes computer programming to gain access to networks, computers, and other digital devices. Their purpose is often associated with nefarious motives such as stealing data, changing or destroying content on these systems, or using their access for personal gain. Although hackers are usually depicted as criminals in popular culture, there are also ethical hackers, who use their skills for good by legally accessing these systems and eliminating security issues. In essence, a hacker can be described as someone who uses technology to gain an advantage over the expected norms of computer security.
A security tool used to protect computer networks from malicious attackers. It works by attracting potential attackers, providing them with data that looks legitimate and enticing, while at the same time monitoring their activities. This data can then be used to prevent an attack on the main networks or systems and allows businesses to learn more about how hackers are attempting to breach their networks. Honeypots can also be used to detect attacks on other networks by noticing changes in traffic flow. They provide an invaluable source of incident response data which not only helps companies protect their critical infrastructure but also allows them to gain insight into emerging attack trends on their networks.
A type of identity theft that reproduces an existing person’s personal information and data to create a false, replicated identity. It often involves the use of stolen information such as dates of birth, Social Security Numbers, phone numbers, credit cards and other important forms of identification with the goal of mimicking an individual for their own gain. Leaking private or confidential data creates opportunities for malicious cybercriminals to use identity cloning to exploit individuals and financial systems. As a result, it is imperative that citizens are aware of the dangers posed by identity cloning and take steps to protect themselves. Responsible online behavior combined with the proper security measures can ensure malicious activities are avoided.
An umbrella term that refers to the fraudulent use of a person’s identity. This can range from instances in which someone steals your credit card information and makes purchases with it, to instances in which someone uses your SSN to file taxes and obtain a tax refund. Many people are familiar with the first kind, but few are aware that the second kind of identity fraud is actually much more common than the first kind.
Information Security Policy
A document that establishes the rules and guidelines within an organization or company that protects its assets and infrastructure. It provides the framework needed to reduce or eliminate information security risks, while identifying related controls and procedures. An information security policy can range from a simple checklist of best practices to a detailed legal document. Information security policies are usually created by the senior management of an organization, such as the board of directors or executive team. Once implemented, all employees should be required to comply with the policy.
Infrastructure as a Service (IaaS)
The delivery of computing infrastructure—often a complete virtualized computing environment, including operating system and middleware—as a service to customers over the internet. It is often delivered from shared hardware systems in data centers, and is usually priced on a utility computing basis, with usage-based pricing determined by a performance and resource allocation model.
A term used to describe a malicious threat from an insider. For example, an employee of a company who is having monetary difficulties might purposefully infect the systems of that company with malware in order to demand payment from the company in exchange for “fixing” the problem. More generally, an Insider Threat could be any employee or contractor of a company or organization who uses their privileged access to cause harm to that company. This could include espionage by another country, leaking of proprietary information, or cyber-attacks by non-state actors such as terrorist groups.
Internet Service Provider (ISP)
A company that provides individuals or businesses with access to the Internet. An ISP provides a variety of services, such as connecting computer users, building the underlying infrastructure that allows communication over the Internet and offering services such as email and web hosting.
Intrusion Detection Prevention Systems (IDPS)
Software solutions that help companies protect their networks from malicious intrusions. IDPS is a network-based solution that monitors the network and performs analyses of the data traffic, in order to identify and prevent security threats. It provides protection against network-based attacks such as malware, viruses, and Trojans, which are increasingly common in the current cyber landscape.
A type of spyware that records users’ keystrokes and either alerts the attacker when a certain string of characters is typed or uploads that information to a remote system. Keyloggers have been around for a long time. Log keys was one of the first commercially available keyloggers and was used by intelligence agencies for surveillance. Keyloggers are now often used in cybercrime or computer espionage.
The act of maliciously manipulating a user’s web browser to force their session token to point to another website. This allows an attacker to steal the victim’s session token and login as them to a third-party website, such as Facebook or Amazon, without the victim’s knowledge or consent.
Local Area Network (LAN)
A computer network that interconnects devices in a limited geographical area, such as a home, office, or building. It provides data transmission between devices within the network, allowing them to share resources such as printers, files, and internet connection. LANs are typically faster and more secure than wider area networks (WANs) and can be implemented using wired or wireless technology.
A term used to describe any malicious software or code that is intentionally designed to cause harm to a computer system, network, or user. It includes a wide range of harmful software such as viruses, worms, trojans, ransomware, spyware, adware, and others. Malware can infect a computer through various means such as email attachments, software downloads, and infected websites, and can cause damage such as data theft, system crashes, unauthorized access, and financial loss. The goal of malware is to disrupt normal computer operations and compromise the security and privacy of a user.
Man-in-the-Middle (MitM) Attack
A type of cyber-attack where an attacker intercepts and manipulates the communication between two parties to gain unauthorized access to sensitive information or to alter the content of the communication. The attacker acts as a mediator between the two parties, intercepting and potentially modifying the data being transmitted between them. This type of attack can occur in various forms, such as network-level attacks, where the attacker intercepts the traffic on a network segment, or application-level attacks, where the attacker manipulates the communication between an application and its server. MitM attacks can be carried out in various ways, such as using malware, exploiting vulnerabilities in the communication protocol, or using fake wireless access points to intercept traffic. The goal of a MitM attack is often to steal sensitive information, such as login credentials or financial information, or to compromise the security of the communication.
Managed Detection & Response (MDR)
A security service that provides continuous monitoring and threat detection for an organization’s network and devices. It involves a team of security experts who use advanced tools and techniques to identify and respond to security threats in real-time. MDR services typically include round-the-clock monitoring, incident response, and remediation support to help organizations detect and respond to security incidents quickly and effectively. The goal of MDR is to provide a more proactive approach to security, allowing organizations to detect and respond to threats before they cause significant harm. MDR services often complement existing security measures, such as firewalls and antivirus software, to provide a comprehensive security solution. By outsourcing security operations to a team of experts, organizations can free up internal resources and focus on their core business.
Managed Security Service Provider (MSSP)
A company that provides outsourcing services for an organization’s information security needs. MSSPs offer a range of security services, including network security, threat detection and response, and compliance management, to help organizations protect their systems and data from cyber threats. MSSPs typically provide a combination of technology and expertise to help organizations address their security needs. They use a variety of tools and services, such as firewalls, intrusion detection systems, and security information and event management (SIEM) solutions, to monitor and secure an organization’s network and devices. MSSPs also offer expertise in areas such as threat intelligence, incident response, and compliance management, helping organizations stay ahead of emerging threats and meet regulatory requirements. By outsourcing security operations to an MSSP, organizations can free up internal resources and focus on their core business, while benefiting from the expertise and technology of a specialized security provider. MSSPs also offer the advantage of scalability, allowing organizations to add or remove security services as needed, and to adjust to changing security requirements. The goal of MSSPs is to provide organizations with comprehensive, cost-effective, and flexible security solutions that help protect their systems and data from cyber threats.
Mean Time to Detect (MTTD)
A metric used to measure the time it takes for a security system or process to detect a potential security threat or breach. MTTD is typically expressed in terms of the average time it takes for a security system to detect an incident from the moment it occurs. MTTD is an important metric for evaluating the effectiveness of a security system, as it provides insight into the speed at which potential threats are detected and can help organizations prioritize their security efforts. A low MTTD means that security threats are detected and addressed quickly, reducing the risk of damage to systems and data. On the other hand, a high MTTD can indicate that a security system is not providing adequate protection, or that there are gaps in the security process that need to be addressed. MTTD is often used in conjunction with other security metrics, such as Mean Time to Respond (MTTR) and Mean Time to Repair (MTTR), to provide a comprehensive view of an organization’s security posture.
Mean Time to Respond (MTTR)
A metric used to measure the time it takes for an organization to respond to a security incident or breach. MTTR is typically expressed in terms of the average time it takes for an organization to take action to contain and remediate a security incident, from the moment it is detected. MTTR is an important metric for evaluating the effectiveness of an organization’s security processes, as it provides insight into the speed at which incidents are addressed and resolved. A low MTTR means that incidents are addressed and resolved quickly, reducing the risk of damage to systems and data. On the other hand, a high MTTR can indicate that an organization is not prepared or equipped to respond to security incidents, or that there are inefficiencies in the incident response process that need to be addressed. MTTR is often used in conjunction with other security metrics, such as Mean Time to Detect (MTTD) and Mean Time to Repair (MTTR), to provide a comprehensive view of an organization’s security posture.
Multi-Factor Authentication (MFA)
A security process that requires users to provide multiple forms of authentication to gain access to a system or service. MFA typically requires a user to provide two or more of the following authentication factors:
- Something they know, such as a password or PIN.
- Something they have, such as a security token or smartphone.
- Something they are, such as a fingerprint or facial recognition.
MFA provides an extra layer of security compared to traditional username and password authentication, as it requires multiple forms of authentication to access a system or service. This makes it more difficult for attackers to gain unauthorized access, even if they have obtained a user’s password. MFA is commonly used for online banking, email services, cloud-based applications, and other sensitive systems and services. By requiring multiple forms of authentication, MFA helps reduce the risk of data breaches and other security incidents, and provides a more secure environment for users.
Next-Gen Firewall (NGFW)
A “Next-Generation Firewall” (NGFW) is an advanced network security solution designed to provide enhanced protection and control over network traffic by combining traditional firewall capabilities with additional security features and functionalities. Unlike traditional firewalls, which primarily focus on packet filtering based on source and destination addresses, NGFWs employ a more sophisticated approach to identify and mitigate modern cybersecurity threats. Key features and capabilities of a Next-Gen Firewall typically include:
- Application Awareness: NGFWs are aware of the applications and services running on the network. They can identify and control traffic based on application-specific policies, enabling granular control over application usage.
- Intrusion Prevention System (IPS): NGFWs incorporate intrusion prevention capabilities to detect and block known vulnerabilities and exploits, providing an additional layer of defense against network-based attacks.
- Deep Packet Inspection (DPI): NGFWs use DPI to inspect the content of network packets, allowing them to identify and block malicious or unauthorized traffic based on signatures and behavioral patterns.
- User Identity Awareness: NGFWs can integrate with authentication systems to identify individual users on the network. This feature enables administrators to enforce specific policies based on user roles and privileges.
- Web Filtering: Next-Gen Firewalls can perform URL filtering and web content inspection, preventing access to malicious or inappropriate websites and content.
- Threat Intelligence Integration: NGFWs can integrate with external threat intelligence sources to stay updated on the latest cybersecurity threats and enhance their ability to detect and block malicious traffic.
- Virtual Private Network (VPN) Support: NGFWs often provide secure VPN connectivity for remote users and branch offices, ensuring encrypted communication over untrusted networks.
- Sandboxing: Some NGFWs incorporate sandboxing capabilities to analyze suspicious files or URLs in a safe, isolated environment, detecting potential zero-day threats that traditional security measures may miss.
A security risk that originates from individuals or entities that are not part of an organization, such as hackers, cybercriminals, or foreign governments. Outsider threats can target an organization’s systems, networks, and data through a variety of means, such as phishing scams, malware attacks, or unauthorized access to systems. Outsider threats pose a significant risk to organizations, as they often target sensitive information and can cause damage to systems and data. To mitigate the risk of outsider threats, organizations need to implement robust security measures, such as firewalls, intrusion detection systems, and multi-factor authentication. They also need to educate their employees about security best practices, such as avoiding phishing scams and being cautious when sharing sensitive information.
The practice of hiring a third-party company or service provider to manage some or all of an organization’s cybersecurity needs. This may include managing firewalls, intrusion detection systems, security incident response, and other security-related tasks. Outsourcing cybersecurity has become increasingly popular among organizations that lack the in-house expertise or resources to fully manage their own security needs. By outsourcing their cybersecurity needs, organizations can access the expertise and resources of specialized security providers, who can help them stay ahead of evolving security threats and minimize their risk of data breaches and other security incidents. However, outsourcing also comes with some risks, such as loss of control over security processes, potential conflicts of interest, and the need to carefully manage relationships with service providers.
The process by which network data packets transmitted over a network are captured and analyzed. While packet sniffing can be employed for valid administrative and troubleshooting purposes, it can also be utilized maliciously to intercept sensitive information. Within a cybersecurity framework, packet sniffing tools aid administrators in monitoring network traffic for anomalies, potentially revealing threats such as unauthorized access or malware communication.
A software update specifically aimed at rectifying security vulnerabilities or addressing other software bugs. Patches are released by software developers and manufacturers to rectify known issues in their products. Regularly installing patches is critical to maintaining the security and functionality of software applications and operating systems.
The systematic process of identifying, acquiring, installing, and verifying patches for products and systems. Given the ever-evolving threat landscape, maintaining an effective patch management process is crucial for the mitigation of security vulnerabilities and for ensuring software functionality.
Payment Card Skimmers
Illicit devices covertly installed on payment terminals, ATMs, or gas pumps designed to clandestinely record the information of swiped payment cards. The stolen data, which includes card numbers, names, and expiration dates, can then be used for fraudulent transactions or sold on the dark web.
Often abbreviated as “pen testing,” it involves a simulated cyber attack against a system, application, or network. The goal is to identify vulnerabilities that real-world attackers might exploit. By mimicking genuine attack methodologies, penetration testing provides insights into an organization’s security posture and potential weaknesses, enabling them to prioritize and address vulnerabilities.
Personal Health Information (PHI)
Information concerning an individual’s health status, treatments, or medical history. PHI is collected, stored, and shared among healthcare providers, insurance entities, and other stakeholders in the healthcare process. Due to its sensitivity, PHI is subject to stringent regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S., to ensure its confidentiality and integrity.
Personally Identifiable Information (PII)
Data that can either directly identify an individual or can be used in conjunction with other data to do so. Examples include names, addresses, social security numbers, and more. Given the sensitivity of PII, and the potential misuse if accessed by malicious actors, there are rigorous data protection standards and regulations in place. Unauthorized access, sharing, or loss of PII can lead to severe penalties for organizations and significant harm to individuals, such as identity theft or fraud.
A deceptive cyber-attack tactic where attackers pose as legitimate and trusted entities to trick victims into disclosing sensitive information. Phishing attacks can be conducted through emails, text messages, or fraudulent websites, prompting the victims to enter personal data, like usernames, passwords, or credit card numbers. The substantial risk associated with phishing necessitates individuals and organizations to familiarize themselves with phishing recognition and evasion techniques.
Point of Sale (POS) Intrusions
Security breaches that occur at the point where customers make transactions, namely, Point of Sale (POS) terminals. These breaches typically involve unauthorized individuals gaining access to payment systems or databases, leading to the theft of sensitive customer data, including credit card details or personal information. POS intrusions can cause significant financial harm to businesses and customers, damage the business’s reputation, and lead to a loss of customer trust.
Potentially Unwanted Program (PUP)
A type of software that gets installed on a device without explicit user consent, often exhibiting undesirable behaviors. PUPs often come bundled with legitimate software or disguise themselves as helpful tools but can include hidden functionalities that negatively impact user experience or privacy. PUPs encompass various software types, such as adware, browser hijackers, toolbars, spyware, and bundleware.
- Adware: These PUPs display intrusive advertisements on a user’s device, often disrupting the user’s browsing experience.
- Browser Hijackers: PUPs that alter web browser settings, redirecting users to unwanted websites or changing their default search engine or homepage.
- Toolbars: These are browser extensions or add-ons that may appear useful but often slow browser performance or collect user data.
- Spyware: PUPs that secretly monitor user activity, gathering data like keystrokes, website visits, or personal information, and sending it to third parties without the user’s consent.
- Bundleware: Legitimate software packages that include additional PUPs during the installation process, often without explicitly informing the user.
While PUPs may not directly harm the user’s system like malware, they can still lead to a negative user experience, performance degradation, and privacy concerns. To protect against PUPs, users should be careful when downloading and installing software, especially from unfamiliar sources. Reading terms of service and privacy policies, maintaining software updates and patches, and utilizing trustworthy antivirus or anti-malware software are essential preventive measures against PUPs.
Public Key Infrastructure (PKI)
An amalgamation of policies, processes, software, servers, and workflows essential for creating, managing, distributing, utilizing, storing, and revoking digital certificates and managing public-key encryption. A PKI system typically consists of a certificate authority (CA) that manages and issues digital certificates, a public key database storing the public keys, and cryptographic software necessary for securing and handling digital certificates. PKI is extensively used in secure communications, including secure web transactions, email encryption, and secure VPN connections.
A form of malicious software that encrypts a victim’s files, with the attacker demanding a ransom (usually in cryptocurrency) to restore access to these files. Ransomware attacks can inflict substantial operational and financial harm on individuals and organizations.
The process of returning a device, system, or data to a prior known safe state. This is typically done by undoing the changes leading to a failure or breach, or by replacing the affected components with clean copies or backups. The process is crucial in mitigating the impacts of security incidents and ensuring that the system returns to a secure and functional state.
A process involving the identification, analysis, and prioritization of potential security threats to an organization’s information assets. The assessment includes evaluating the vulnerabilities of the organization’s systems, data, and networks, and estimating the potential consequences of a security breach. The goal of risk assessment is to understand the overall risk level and prioritize security control implementation to mitigate those risks.
An organized approach to identify, assess, and mitigate potential risks to an organization’s information assets. It involves identifying security threats, evaluating their potential impact and likelihood, and strategizing to minimize the risks. The risk management process includes selecting and implementing appropriate security controls and consistently reviewing and updating these controls based on the evolving threat landscape.
A security technique that isolates potentially dangerous or untrusted applications, processes, or code in a virtual environment. This isolation prevents any malicious activity or security incidents within the sandbox from affecting the host system or other network parts. Sandboxing is commonly used for testing new software, analyzing suspicious files, or safely executing untrusted code from the internet.
A measure implemented to reduce the risk of a security breach or attack on a system, network, or organization. Security controls can be physical devices, procedures, software, or policies designed to prevent unauthorized access, protect data, or detect and respond to security incidents. Security controls’ purpose is to prevent security incidents from happening or minimize the damage when incidents occur.
Security Information and Event Management (SIEM)
A type of security software that collects and analyzes security-related data from various sources. The SIEM system’s aim is to provide real-time visibility into an organization’s security posture and assist in detecting, preventing, and responding to security incidents. By centralizing and analyzing security data, SIEM allows organizations to detect and respond to security incidents more effectively and comply with regulatory requirements for security and data privacy.
Security Orchestration, Automation & Response (SOAR)
A security strategy that integrates technology, processes, and people to automate and streamline incident response. The goal of SOAR is to enhance the speed, efficiency, and consistency of security incident responses, reducing manual effort and improving the quality of responses. By automating repetitive and time-consuming tasks, SOAR enables security teams to respond to incidents faster, more accurately, and more consistently, improving overall security posture.
A boundary or barrier that demarcates an organization’s internal network and systems from external ones, like the internet. The purpose of a security perimeter is to protect an organization’s information assets by controlling data flow and preventing unauthorized access to the internal network. Security perimeters are generally established using a combination of hardware and software technologies, such as firewalls, virtual private networks (VPNs), and access controls.
Service Level Agreement (SLA)
A contract between a service provider and a customer that outlines the minimum acceptable level of service the provider will deliver. In cybersecurity, an SLA defines the security service terms, including the service’s availability, performance, and support, and establishes both the provider’s and customer’s expectations and responsibilities regarding security.
A tactic employed by malicious actors to deceive individuals into revealing confidential information or executing actions that compromise security. Social engineering attacks use psychological and social manipulation to trick individuals into giving up sensitive information or performing actions that favor the attacker.
Software as a Service (SaaS)
A software application delivery model where the software vendor hosts the application and provides it to customers over the internet. Customers access the SaaS applications via a web browser, instead of installing them locally on their computers.
Unwanted or unsolicited electronic messages, typically sent in bulk, to a multitude of recipients. While the term is most commonly used to refer to email spam, it can also apply to other types of electronic messages, like instant messages, text messages, and social media messages.
A phishing form that is specifically designed to deceive a particular individual or organization into revealing sensitive information. Unlike conventional phishing attacks, which are typically dispatched to a large number of individuals to trick them into clicking a malicious link or downloading a malicious file, spearphishing attacks are highly personalized and target a specific individual or organization.
A type of cyberattack where the attacker disguises their identity or origin to convince victims they’re communicating with a trusted source. Spoofing can take various forms, such as IP spoofing, where the attacker alters the source address of a network packet to make it appear as if it’s coming from a different source, or email spoofing, where the attacker modifies the “From” field in an email to make it look like it’s from a different sender.
Malicious software designed to gather sensitive information from a computer system without the user’s knowledge or consent. Spyware can monitor a user’s activity, steal sensitive information, display unwanted advertisements, redirect web browsers to unwanted websites, or slow down the affected computer’s performance. Some spyware forms can even allow attackers to remotely control the affected computer and use it to launch attacks on other systems.
The interconnected network of suppliers, manufacturers, distributors, and other parties involved in the production, delivery, and maintenance of technology products and services. Supply chain security is a critical concern in cybersecurity, as attacks on the supply chain can lead to the widespread dissemination of malicious software, hardware, or firmware, and compromise sensitive information’s security and confidentiality.
The process of identifying, evaluating, and prioritizing potential security threats to an organization or system. The goal of a threat assessment is to identify the most significant threats and to determine the risk they pose. This information is then used to develop and implement appropriate countermeasures to mitigate the risk of these threats.
Threat Detection and Response (TDR)
The process of identifying, analyzing, and mitigating potential security threats to an organization’s information systems and assets. TDR involves the use of various technologies and security practices to monitor network activity, detect potential threats, and respond to those threats through containment, remediation, and recovery. Its ultimate goal is to prevent security breaches and minimize damage to the organization’s data and operations.
Threat Intelligence Platform (TIP)
A software solution designed to gather, analyze, and provide actionable intelligence about cyber threats. TIPs use various sources, including open source, proprietary, and real-time data feeds, to provide organizations with information about the latest threats and attack techniques. This information can be used to improve security operations, support incident response efforts, and inform security decision-making.
A type of malicious software (malware) that disguises itself as a harmless program or file, but it has hidden functions that allow attackers to gain unauthorized access to a victim’s system. Trojans can steal sensitive information, install additional malware, or gain control over the compromised device. They can also be used to create a network of compromised devices, known as a botnet, which can be used for coordinated cyberattacks.
Two-Factor Authentication (2FA)
A security process that requires users to provide two separate forms of identification to access an account or system. In addition to a traditional username and password, 2FA adds a second layer of authentication that can be a time-based one-time password (TOTP), a security token, a biometric factor, or a one-time code sent to a user’s mobile device. The goal of 2FA is to make it more difficult for an attacker to gain unauthorized access to an account, even if the attacker has obtained the user’s password.
The act of accessing a computer system, network, or data without proper permission. This type of access can be intentional or accidental, and can result in security breaches, data theft, or other malicious activity. Unauthorized access can occur when an attacker exploits vulnerabilities in a system or network, when an insider uses their privileged access for malicious purposes, or when a user accidentally accesses restricted areas due to a lack of proper security controls.
Unified Threat Management (UTM)
A type of network security solution that integrates multiple security functions into a single platform. UTM aims to simplify security management and improve the overall effectiveness of an organization’s security infrastructure. UTMs typically include features such as firewall, intrusion detection and prevention, antivirus, anti-spam, and content filtering. They are often used by small and medium-sized businesses (SMBs) that do not have the resources or expertise to manage a complex security infrastructure.
User & Entity Behavior Analytics (UEBA)
A type of security analytics that focuses on detecting anomalous behavior by users and entities within an organization’s network. UEBA uses machine learning and other advanced analytics techniques to analyze data from various sources, including network logs, security event information, and end-point data. By identifying behavior that deviates from normal patterns, UEBA can help organizations quickly detect and respond to security incidents, reducing the risk of data breaches and other security threats.
Virtual Private Network (VPN)
A secure network that enables users to access a private network over the internet. VPNs use encryption and other security measures to protect data transmitted over the internet and ensure that only authorized users can access the private network. This allows users to securely access their organization’s network resources from remote locations.
A type of malicious software (malware) designed to replicate itself and spread from one computer to another. Viruses can cause data loss, system crashes, performance degradation, and in some cases, are designed to steal sensitive information or hold a computer or network hostage for ransom. To protect against viruses, safe browsing and email habits, keeping software up-to-date, and using security software such as antivirus and anti-malware programs are recommended.
A type of social engineering attack that uses voice-based technology, such as phone calls or voicemails, to trick victims into providing sensitive information or taking some other action. Attackers pose as a trusted entity, such as a bank or a government agency, to trick victims into revealing sensitive information or performing an action beneficial to the attacker. To protect against vishing attacks, it is important to be suspicious of unsolicited phone calls and to verify the identity of the caller by contacting the organization directly using a known phone number or website.
A weakness or flaw in a computer system, network, or software that can be exploited by an attacker to gain unauthorized access, steal sensitive data, or cause harm to the system or network. Vulnerabilities can be mitigated through regular system scans, patching, implementing best practices for secure coding and software development, and regular training for employees on the latest threats and protective measures.
Vulnerability Management (VM)
The process of identifying, evaluating, and prioritizing vulnerabilities in computer systems, networks, and software, and taking steps to mitigate or remediate them. The goal of Vulnerability Management is to reduce the risk of security incidents by finding and fixing security weaknesses before they can be exploited by attackers. This is typically accomplished through vulnerability scanning, penetration testing, and patch management.
A list of approved or trusted entities in the context of cybersecurity. In a whitelist-based security approach, only entities on the whitelist are allowed access to a system or network. This can help to prevent unauthorized access and reduce the risk of security incidents. Regular review and updates of the whitelist are crucial to maintain its effectiveness.
A wireless networking technology that uses radio waves to provide high-speed Internet and network connections. Wi-Fi networks can be set up in homes, offices, public places, and other locations to provide wireless access to the Internet and other network resources. Wi-Fi networks can be secured using encryption and other security measures to prevent unauthorized access and protect sensitive information.
In cybersecurity, “Whaling” refers to a specific type of phishing attack that targets high-profile individuals, typically senior executives or key decision-makers. These attacks are sophisticated and personalized, aiming to trick these high-value targets into divulging sensitive information. To defend against whaling attacks, organizations often implement strong security measures, conduct regular employee training on recognizing phishing attempts, and use multi-factor authentication (MFA) for extra protection.
A type of malicious software (malware) that is designed to replicate itself and spread to other computers on a network, without the need for human interaction. Worms can be used for various malicious purposes, such as stealing sensitive information, spreading spam, or launching attacks on other systems. Protection against worms includes keeping software and operating systems updated, avoiding downloads or website visits from untrusted sources, and using antivirus software and firewalls.
A term in cybersecurity for a computer that has been compromised by malware and is being controlled by a remote attacker without the knowledge of the computer’s owner. Zombies are often part of a “botnet,” a network of infected computers used for malicious activities. To protect against zombies, it is important to keep software and operating systems updated, avoid downloads or website visits from untrusted sources, and use antivirus software and firewalls.