Cybersecurity Jargon Busters

Cyber Security touches every part of an organization, and misconceptions around cyber security can put your company at risk. To help, we've compiled a list of definitions including some of the most commonly used security terms in the industry. This list of cyber "jargon busters" is designed to help you better understand the many cyber security terms you hear and see every day, including ones you'll find on this site.

It's important to understand, and be able to explain, different aspects of cyber security and how they affect your organization. The more you understand common cyber security terms and buzzwords, the better you can address the challenges and opportunities your organization encounters each day. For more information on how we can help improve your overall security posture, visit our cyber security services page or contact us directly for a no-obligation consultation, to start the process.

Back to Top


Acceptable interruption window

The maximum period of time that a system can be unavailable before compromising the achievement of the enterprise's business objectives

Access control

A security technique that regulates who or what can view or use resources in a computing environment. Physical access control limits access to campuses, buildings, rooms and physical IT assets. Logical access control limits connections to computer networks, system files and data.

Access control list (ACL)

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals

Active content

Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS).

Advanced Encryption Standard (AES)

An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.

Alert Fatigue

Occurs when IT staff receive an overwhelming number of alerts from security tools — some of which are innocuous and irrelevant — causing them to ignore the alerts that really matter.

Algorithm (encryption)

A set of mathematical rules (logic) for the process of encryption and decryption. Through the use of an algorithm, information is made into meaningless cipher text and requires the use of a key to transform the data back into its original form.


A security program that can run on a computer or mobile device and protects you by identifying and stopping the spread of malware on your system. antivirus cannot detect all malware, so even if it is active, your system might still get infected. antivirus can also be used at the organizational level. For example, email servers may have antivirus integrated with it to scan incoming or outgoing email. Sometimes antivirus tools are called 'anti-malware', because these products are designed to defend against various types of malicious software.

APT (Advanced Persistent Threat)

A set of stealthy and continuous computer backing processes, often orchestrated by human(s) targeting a specific entity. APT usually targets nations or organizations for business or political motives.


An attempt to break into a system.

Attack Vector

A pathway or method used by a hacker to illegally access a network or computer in an attempt to exploit system vulnerabilities.


Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.

Audit Log

A document that records an event in an information technology system, including what resources were accessed, the destination and source addresses, a timestamp and user login information.

Audit trail

A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source


The process of verifying the identify of a user. Authentication factors include something a person has (such as a token), something a person knows (such as a password), or something a person is (such as a fingerprint). When authentication requires at least two of those three factors, it is considered strong.


Authorization is the approval, permission, or empowerment for someone or something to do something.


Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.



A design fault, planned or accidental, that allows an attacker access to the compromised system around any security mechanisms that are in place.


System heavily fortified against attacks


A method of identification that uses physical characteristics of the users to determine access.

Black hat

A person of malicious intent who researches, develops, and uses techniques to defeat security measures and invade computer networks.

Blue screen of death

When a Windows-based system encounters a serious error, the entire operating system halts and displays a screen with information regarding the error. The name comes from the blue color of the error screen.


Also known as a zombie, is an Internet-connected computer that has been infected and compromised by malicious code in order to use the computer for something other than what was intended.


A term derived from "robot network;" a large, automated, and distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as a denial-of-service attack on selected victims


An incident that results in the disclosure or potential exposure of data.

Brute force attack

A trial-and-error method using programs to decode login information and encryption keys. This is an old but still effective attack method for cracking common passwords.

Business continuity plan

A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.



An electronic document attached to someone's public key by a trusted third party, which attests that the public key belongs to a legitimate owner and has not been compromised. Certificates are intended to help you verify that a file or message actually comes from the entity it claims to come from.

Certificate-based authentication

Certificate-Based Authentication is the use of security protocols and certificates to authenticate and encrypt web traffic.

Cipher text

The result of encrypting either characters or bits using some algorithm. Cipher text is unreadable until it is decrypted.


Attention-grabbing headlines used for web content to lure readers into clicking on a link.

Click fraud

An online crime that involves automating the act of clicking on a web link to perpetrate a fraud. In a classic click fraud scenario, a legitimate web site decides to advertise on another site, which hosts the ad. The legitimate web site agrees to pay the ad hosting site a few cents each time a potential customer clicks on the ad, which links back to the legitimate site. Cheaters use automated tools to click the ad over and over, earning money from the legitimate site under false pretenses (since the clicks do not come from actual people interested in the advertised products).


A system entity that requests and uses a service provided by another system entity, called a "server." In some cases, the server may itself be a client of some other server.


A threat action that undesirably alters system operation by adversely modifying system functions or data.


A text file passed from a web site’s server to a web site user's browser. They are used to identify a user and could record personal information such as ID and password, mailing address, credit card number, and more. A cookie is what enables your favorite web site to "recognize" you each time you revisit it.

Credential Stuffing

A type of automated or semi-automated attack where hackers take stolen credentials, typically username and password pairs, and try them against login sites.

Criticality analysis

An evaluation of resources or business functions to identify their importance and impact if not available.

Cross-site scripting

An attack performed through Web browsers, taking advantage of poorly-written Web applications. Cross-site scripting attacks can take many forms. One common form is for an attacker to trick a user into clicking on a specially-crafted, malicious hyperlink. The link appears to lead to an innocent site, but the site is actually the attacker's, and includes embedded scripts. What the script does is up to the attacker; commonly, it collects data the victim might enter, such as a credit card number or password.

Cyber Hygiene

A set of practices performed regularly to maintain the health and security of users, devices, networks and data.


Generally recognized as the use of cyberattacks against a nation-state, causing it significant harm, up to and including physical warfare, disruption of vital computer systems and loss of life.


The art and science of encoding and decoding messages using mathematical algorithms that utilize a secret key. The concept has broadened to include managing messages that have some combination of: privacy (by being unreadable to anyone but the sender and receiver); integrity (not modified while en route), and non-repudiation (digitally signed in such a way that the originator cannot plausibly claim he or she did not originate it).


Dark web

A hidden neighborhood of the Internet, only accessible using non-standard protocols. The darknet is a marketplace for illegal substances and arms, stolen data, and software used for hacking. It is also a meeting place for, among others, criminals and terrorists. Sites on the dark web are not indexed and do not appear on search engines. Hidden web real estate can (and is) used for good as well, such as protecting dissidents in repressive regimes.

Data classification

The assignment of a level of sensitivity to data that specifies the required controls. Predefined categories are usually assigned as data are created, amended, enhanced, stored or transmitted.

Data disclosure

A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.

Data Encryption Standard (DES)

A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.

Denial of Service (DoS)

Refers to any outwardly-induced condition that prevents access to a computer resource (rendering it unusable), thus "denying service" to an authorized or legitimate.

Denial of Service attack

A type of attack aimed at making the targeted system or network unusable, often by monopolizing system resources. For example, in February 2000 a hacker directed thousands of requests to eBay's Web site. The network traffic flooded the available Internet connection so that no users could access eBay for a few hours.

Distributed Denial-of-Service (DDoS) attack

Is a type of DOS attack where multiple infected/compromised systems, are used to send traffic to target a single system causing a Denial of Service (DoS) attack. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.

Dictionary attack

An attempt to guess a password by systematically trying every word in a dictionary as the password. This attack is usually automated, using a dictionary of the hacker's choosing, which may include both ordinary words and jargon, names, and slang.

Digital signature

An electronic identification of a person or thing, intended to verify to a recipient the integrity of data sent to them, and the identity of the sender. Creating a digital signature involves elaborate mathematical techniques that the sender and recipient can both perform on the transmitted data.

DLP (Data Loss Prevention)

A strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

DMZ (Demilitarized Zone)

A partially-protected zone on a network, not fully exposed to the Internet, but at the same time, also not fully behind the firewall. This technique is typically used on parts of the network which must remain open to the public (such as a Web server) but must also access trusted resources (such as a database).

DNS (Domain Name System or Service or Server)

An Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is based primarily on numerical IP addresses. Therefore, every time you use a domain name (e.g.,, a DNS service has to translate the name into the corresponding numerical IP address (e.g.,

Drive-by download

These attacks exploit vulnerabilities in your web browser or its plugins when you simply surf to an attacker-controlled website. Some computer attackers set up their own malicious websites that are designed to automatically attack and exploit anyone that visits it. Other attackers compromise trusted websites such as ecommerce sites and deploy their exploit software there. Often these attacks occur without the victims realizing that they are under attack.

Data mining

Data Mining is a technique used to analyze electronic information, usually with the intention of pursuing new avenues to pursue business.

Day zero

Also known as "Zero Day," this is a term used to mark the day a new vulnerability is made known for which no patch may yet be available (day one = the day at which the patch is made available).


Decryption is the process of transforming an encrypted message into its original readable text.


Defacement is the method of modifying the content of a website in such a way that it becomes "vandalized" or embarrassing to the website owner.

Defense in-depth

Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component.

Dictionary attack

An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. Unlike a “brute force attack” that tries all possible combinations, a dictionary attack uses a predefined list of words.

Digital certificate

An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

Digital signature

A digital signature is a hash of a message that uniquely identifies the sender.

Disaster Recovery Plan (DRP)

A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.


On the Internet, a domain consists of a set of network addresses. In a Windows NT environment, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.

Domain hijacking

Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place.

Domain name

A domain name locates an organization or other entity on the Internet. For example, the domain name "" locates an Internet address for "" at Internet point and a particular host server named "www".

Dumpster diving

Dumpster diving is obtaining passwords and corporate directories by searching through discarded media.


Edge Computing

An emerging paradigm referring to a range of networks and devices at or near the user.

Elevation of privilege

Almost every computer program has some form of "privilege" built in, meaning, permission to do some set of actions on the system. Permissions are granted to individuals based on their ability to present proper credentials (for example, a username and password). Privilege has levels -- for example, a guest account typically has fewer privileges than an administrator account. Many network attacks begin with an attacker obtaining limited privileges on a system, then attempting to leverage those privileges into greater privileges that might ultimately lead to controlling the system. Any attempt to gain greater permissions illicitly, is considered an “elevation of privilege."

Email Spoofing

A form of cyber attack where a hacker sends an email made to appear as if its been sent by a "trusted" person or entitity that the recipient knows.


The process of transforming data (called "plaintext") into a form (called "cipher text") that hides its content. As used in a network security context, encryption is usually accomplished by putting the data through any of several established mathematical algorithms developed specifically for this purpose.

Endpoint Detection and Response (EDR):

A system to gather and analyze security threat-related information from computer workstations and other endpoints, with the goal of finding security breaches as they happen and facilitating a quick response to discovered or potential threats.

Endpoint security

In network security, this refers to a methodology of protecting the corporate network when accessed via end users including remote devices such as laptops or other wireless and mobile devices. Each device with a connection to the network creates a potential entry point for security threats.


Any observable occurrence in a system or network that prompts some kind of log entry or other notification.


Code that is designed to take advantage of a vulnerability. An exploit is designed to give an attacker the ability to execute additional malicious programs on the compromised system or to provide unauthorized access to affected data or application.


A threat action whereby sensitive data is directly released to an unauthorized entity.

Extended Detection and Response (XDR)

A system that collects and correlates data across email, endpoints, servers, cloud workloads, and networks, enabling visibility and context into advanced threats. Threats are then analyzed, prioritized, hunted, and remediated to prevent data loss and security breaches.

External network

Any network that can employees would typically be trusted on your network, a primary vendor's network connect to yours, with which you have neither a trusted or semi-trusted relationship. For example, a company's might be semi-trusted, but the public Internet would be untrusted — hence, External.


Fileless Malware

A type of malicious software that uses legitimate programs to infect a computer. It doesn't rely on files and leaves no "digital footprint", making it challenging to detect and remove.


Software or hardware that monitors and control the incoming and outgoing traffic on a network based on predetermined security rules. It establishes a barrier between a trusted, secure internal network and untrusted networks (e.g., Internet) to prevent unauthorized access to data or resources.

FTP (File Transfer Protocol)

The most common protocol for specifying the transfer of text or binary files across a network or over the Internet.

Five Nines

Also known as 99.999, refers to a desired percentage of availability of a given computer system. Maintaining high-availability systems requires investment and upkeep, including following best practices to reduce downtime.



A network point that acts as an entrance to another network. A firewall will often serve as the gateway between the Internet and your network



The process of identifying and fixing vulnerabilities on a system.

HTTP (Hyper Text Transfer Protocol)

A communications standard designed and used to transfer information and documents between servers or from a server to a client. This standard is what enables your web browser to fetch pages from the Internet.


A variation of HTTP enabling the secure transmission of data. Generally used in conjunction with an enhanced by a security mechanism, (usually SSL) which encrypts the HTTP.


A trap set to detect, deflect or in some manner, counteract attempts at unauthorized use of information systems. Consists of computer data or a network site that appears to be part of a network but is actually isolated and monitored. A honey pot can be used to log access attempts to those ports including a would-be attacker's keystrokes.


Any computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more web sites.

Human firewall

A person who acts as a network layer of defense through cybersecurity education and awareness.


Identity Management

the process for ensuring individuals have the appropriate access to technology resources by associating user rights and restrictions with established identities.

Impact Analysis

A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events.

IDS (Intrusion Detection System)

A security management system that gathers, analyzes and reports on traffic information from various areas within a network. It identifies possible security breaches in progress including both intrusions (attacks from outside the organization) and misuse (attacks from within the organization).

IPS (Intrusion Prevention System)

A network security appliance that identifies malicious system activity, logs information about this activity, attempts to block/stop it, and reports it.


An adverse security-related network event that compromises the integrity, confidentiality or availability of an information asset.

Incident Response Plan (IRP)

A set of written instructions designed to effectively detect and respond to a security incident.

Incident management (Incident response)

A term describing the activities of an organization to identify, analyze, and correct a security incident to prevent a future re-occurrence.

IP address

A computer's inter-network address that is assigned for use by the Internet Protocol and other protocols.

IP spoofing

The act of inserting a false (but ordinary-seeming) sender IP address into the "From" field of an Internet transmission's header in order to hide the actual origin of the transmission. There are few, if any, legitimate reasons to perform IP spoofing; the technique is usually one aspect of an attack.

IPSec (Internet Protocol Security)

A methodology of exchanging data over the public Internet while protecting the data from prying eyes as it travels from the originator to the recipient. IPSec provides encryption and authentication options to maximize the confidentiality of data transmissions, employing cryptographic protocols.


Java Security Exploit

A term that refers to any number of security flaws in Oracle's Java software, which has a long history of having security vulnerabilities. Java is a high-level programming language that is a commonly used foundation for developing and delivering interactive content on the Web.


Kernel Mode

Used for execution of privileged instructions for the internal operation of the hardware system. In kernel mode, all parts of the system and memory are accessible.


Recording the keys struck on a keyboard, typically without the knowledge or consent of the user, that monitors the user's activities or compromises the user's information.


Least Privilege

The principle of allowing users or applications the least amount of permissions necessary to perform their intended function.



Short for “malicious software.” It is a generic description for any type of code or program cyber attackers use to perform malicious actions (capturing information, sabotaging the system, holding it for ransom). Traditionally there have been different types of malware based on their capabilities and means of propagation. However modern malware typically combines the characteristics from several or all of these in a single program.

  • Virus: A type of malware that spreads by infecting other files, rather than existing in a standalone manner. Viruses often, though not always, usually spread through human interaction (such as opening an infected file or application).
  • Worm: A type of malware that can propagate automatically, typically without requiring any human interaction for it to spread. Worms often spread across networks (infecting millions of computer systems), though can also infect systems through other means, such as USB keys.
  • Trojan: A shortened form of "Trojan Horse." This type of malware appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also be malicious, it will infect your computer once you install it.
  • Spyware: A type of malware that is designed to spy on the victim's activities, capturing sensitive data such as the person's passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim's keyboard activity and transmitting the captured information to the remote attacker.

Managed IT

Outsourcing IT management responsibilities, including monitoring and day-to-day administrative duties, with the purpose of improving operations and cutting expenses. More: ANS Managed IT.

Man-in-the-middle (MitM) attack

A type of cyber-attack in which the actor intercepts, alters, or eavesdrops on data as it travels between the sender and recipient. An example of this is intercepting messages through an unencrypted Wi-Fi connection.

MSSP (Managed Security Service Provider)

An outsourced provider of network security services. Businesses turn to managed security services provider to alleviate the pressures they face daily related to information security. Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to security incidents.

Mirrored Site

A website or set of server files that are copied elsewhere so that they are available from more than one place. A mirror site has its own URL but is otherwise identical to the principal site.

Multi-Factor Authentication (MFA or 2FA)

An authentication method that requires users to submit information from two or more categories (something they know, have , or are) to verify their identity before access is granted to an application, online account, or VPN. More: MFA Requirements for Cyber Insurance.


Network Segmentation

The process of dividing a network into multiple zones and applying security protocols to each zone to manage security.

NIST (National Institute for Standards and Technology)

A division of the U.S. Department of Commerce that publishes open interoperability standards. It is also responsible for distributing complete and accurate information about computer security issues to government and the general public.

A division of the U.S. Department of Commerce that publishes open interoperability standards. It is also responsible for distributing complete and accurate information about computer security issues to government and the general public.

NGFW (Next-generation firewall)

An integrated network platform that combines a traditional firewall with other network security functionalities such as deep packet inspection, intrusion prevention, website filtering, bandwidth management, antivirus inspection and third-party integration (i.e. Active Directory). Gartner defines an NGFW as “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”


Open source software

A term applied when the source code of a computer program is made available free of charge to the general public. The concept relies on peer review to find and eliminate bugs in the program code. One of the most famous examples of open source software is Linux.


Passive Attack

a network attack where a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose of a passive attack is to gain information about the system being targeted.


An easy-to-remember phrase which offers better security than a single-word password, because it is longer and thus harder to guess or calculate.


A secret sequence of characters or a word that a user submits to a system for purposes of authentication, validation, or verification. WatchGuard recommends the use of passphrases in place of passwords.

Password caching

The temporary storage of a user's username and password by an application.


A patch is a small update released by a software manufacturer to fix bugs or vulnerabilities in an existing program. Your computer and mobile devices should be updated to install the latest vendor's patches in a timely fashion. Some vendors release patches on a monthly or quarterly basis. Therefore, having a computer that is unpatched for even a few weeks could leave it vulnerable.


The process of updating software to a more current version.

Personally Identifiable Information (PII)

Any data that can be used to identify a specific individual. Along with commonly recognized info, technology has expanded the scope of PII to include an IP address, login IDs, social media posts, or digital images. Geolocation, biometric, and behavioral data can also be classified as PII.


A social engineering technique where the attacker tries to trick the victim into giving up sensitive information by masquerading as a trusted entity. In a common phishing attack, a spoofed email message is sent by the attacker. The attacker tries to steal authentication credentials by providing a link to a fake login form on a malicious website designed to look legitimate (e.g., your bank). Once the victim logs in to a site they think is their bank, their login and password would then be stolen by the attacker. The term has evolved and often means not just attacks designed to steal your password, but emails designed to send you to websites that hack into your browser, or emails with infected attachments.


A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply; hence, it was named after the sound echo sonar makes when trying to locate an object.

Principle of Least Privilege (POLP)

When users' access rights are limited to only what are strictly required to do their jobs.

Privilege Creep

The gradual accumulation of access rights beyond what an individual needs to do his or her job.


A set of formal rules describing how to transmit data across a network. They exist at several levels in a telecommunications connection.

Proxy server

A server that sits between a client application (such as a web browser) and a "real" server. The proxy server intercepts client requests and forwards them to the other server. Its purpose is two-fold: for outgoing traffic, it allows private, non-routable machines to reach a machine which can reach the Internet for them. Secondly, as it receives responses to the client machine requests (for example, web pages) it can cache them locally so that further client requests can be answered locally and immediately.

Password cracking

Password cracking is the process of attempting to guess passwords, given the password file information.

Password sniffing

Passive wiretapping, usually on a local area network, to gain knowledge of passwords.


Gaining unauthorized logical access to sensitive data by circumventing a system's protections.

Penetration testing

Penetration testing is used to test the external perimeter security of a network or facility.

Personal firewalls

Personal firewalls are those firewalls that are installed and run on individual PCs.


This is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website. By changing the pointers on a web server (e.g., [url=][/url]), the URL can be redirected to send traffic to the IP of the pseudo/fake website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real [url=][/url] site and conduct transactions using the credentials of a valid user on that website.


Polymorphism is the process by which malicious software changes its underlying code to avoid detection.


On a computer, a port is an interface to which you can connect a device (printer, keyboard, etc.). Within an internet-based environment, a port is a communication endpoint/connection within a network. The port number identifies what type of port it is. For example, port 80 is used for web traffic.

Port scan

A series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.

Program policy

A program policy is a high-level policy that sets the overall tone of an organization's security approach.


QoS – Quality of Service (QoS)

The overall performance of a telephone or computer network, particularly the performance (speed and quality of connection) seen by the users of the network.

QR Code Phishing

A phishing attack that uses a QR code to direct a victim to a malicious website.

Quantum Computing

A rapidly-emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers (supercomputers).


Real-time Analytics

The use of data and related resources for analysis as soon as it enters the system; often associated with streaming data architectures and real-time operational decisions that can be made automatically through robotic process automation and policy enforcement.

Redundant Site

A recovery strategy involving the duplication of critical IT components, data and business processes.

Red Team

A group of external or internal engineers tasked with rigorously challenging the plans, policies, systems and assumptions of an organization's cybersecurity posture by adopting an adversarial approach.

Remote access tool

A piece of software used to remotely access or control a computer. This tool can be used legitimately by system administrators for accessing the client computers. They can also be used by a malicious actor to control the system without the knowledge of the victim.

Reverse engineering

Acquiring sensitive data by disassembling and analyzing the design of a system component.


Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.

Risk Mitigation

A strategy to prepare for and lessen the effects of threats faced by an organization.

Risk assessment

A Risk Assessment is the process by which risks are identified and the impact of those risks determined.

Role based access control

Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.


A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.



In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third parties, suppliers, untrusted users and untrusted websites.

Security Awareness Training

A formal process for educating employees and third-parties, like contractors and business partners, on how to protect an organization's computer systems, along with its data, people and other assets, from internet-based threats or criminals.

Security Information and Event Management (SIEM)

Technology that supports threat detection, compliance and security incident management through the collection and analysis of log events along with other data sources.

Security policy

A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.


A virtual connection between two hosts by which network traffic is passed.

Session hijacking

The take over of a session that someone else has established.

Session hijacking

An intrusion technique whereby a hacker sends a command to an already existing connection between two machines, in order to wrest control of the connection away from the machine that initiated it. The hacker's goal is to gain access to a server while bypassing normal authentication measures.


A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.

Single sign-on

A computer log-in routine in which one logon provides access to all resources on the network.

SOC (Security Operations Center)

A centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.

Software as a Service (SaaS)

A software distribution model in which a cloud provider hosts applications and makes them available to end users over the internet. SaaS application users are not tasked with the setup and maintenance of the software — users pay a subscription fee to gain access to the software.

Social engineering

An attack on the people of an organization designed to scam intended targets into giving out sensitive information.


An electronic version of junk mail. Unwanted or unsolicited emails, typically sent to numerous recipients with the hope of enticing people to read the embedded advertisements, click on a link or open an attachment. Spam is often used to convince recipients to purchase illegal or questionable products and services, such as pharmaceuticals from fake companies. Spam is also often used to distribute malware to potential victims.

Spear phishing

Spear phishing describes a type of phishing attack that targets specific victims. The attacker uses details gathered about the targeted individuals to increase the credibility of the attack message. Specially crafted emails are sent to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling their victims.


A form of cyber attack where a hacker sends an email that has been manipulated to seem as if it originated from a trusted source.


A type of malware that is designed to spy on the victim's activities, capturing sensitive data such as the person's passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim's keyboard activity and transmitting the captured information to the remote attacker.


An attack that works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.


A tool that monitors network traffic as it received in a network interface.


A synonym for "passive wiretapping."

SQL injection

SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.

SSL (Secure Sockets Layer)

A computer networking protocol for transmitting private communication over the Internet between servers and clients. It manages security and encrypted communications.

Stateful inspection

A firewall architecture that works at the network layer which examines not just the header information, but also the contents of the packet up through the application layer in order to determine more about the packet (malicious vs. non-malicious behavior).


A term that refers to approaches used by malicious code to conceal its presence on the infected system.

Supply Chain Risk

The risk that an organization's operations, profitability and/or reputation will be harmed by an untrustworthy supply chain component.

System Hardening

A process to eliminate as many security risks as possible by removing all nonessential software programs, protocols, services and utilities from the system.


Tabletop Exercise (TTX)

A discussion-based disaster preparedness activity that takes participants through the process of dealing with a simulated disaster scenario.

Tactical Threat Intelligence

Information about how threat actors are conducting attacks.


Also called a security token or an authentication token. Something a person has that evidences validity, or identity. It is usually a hardware device that resembles a hand-held calculator, since it often has some sort of display and perhaps a keypad for entering numbers. Tokens achieve the goal of "two-factor authentication," considered a strong standard of security when validating who a user is, because accessing a network that uses tokens requires two factors: something the person knows (a password) and something the person has (the token)


Is free software for enabling anonymous communication. The name is an acronym derived from the original software project name The Onion Router. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user and is a popular communication protocol utilized on the “darkweb.”

Transmission Control Protocol (TCP)

Is a core protocol of the Internet. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP.


A methodology that determines which permissions and what actions other systems or users can perform on remote machines.

Trusted network

The private network which you intend your firewall to primarily protect. The Trusted network is usually where your most sensitive corporate resources reside or where home office employees do their work.


The basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet).


A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Threat assessment

A threat assessment is the identification of types of threats that an organization might be exposed to.

Threat model

A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.

Threat vector

The method a threat uses to get to the target.


A shortened form of the term "Trojan Horse." Is a type of malware that appears to have a legitimate or at least benign use, but masks a hidden sinister function to evade security mechanisms. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also contain malicious code that infects your computer once you install it.


UTM (Unified Threat Management)

A network security solution that is the evolution of the traditional firewall into an all-inclusive security product. UTMs are able to perform multiple security functions within one single system: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss prevention and on-appliance reporting.



A virus is a self-replicating computer program, designed to be slipped into a computer in order to copy, delete, change, damage, or lock data. A virus frequently uses the infected computer to spread itself to other targets. Similarly, a worm does not alter files, but rather, it stays in active memory and replicates itself. A Trojan or Trojan horse is a virus that appears to have a useful function and uses that shell of legitimacy to avoid security measures.


The act of examining information provided by a person (or a system) to ascertain what rights, privileges, or permissions they may (or may not) have to perform some action. For example, when you attempt to charge a purchase at a retail store to a credit card, the cashier validates your identity by examining your identification and comparing your signature on the receipt with the signature on the credit card.


In cryptography, the act of testing the authenticity of a digital signature. Verification proves that the information was actually sent by the signer and that the message has not been subsequently altered by anyone else.

VPN (Virtual Private Network)

A means of having the security benefits of a private, dedicated, leased-line network, without the cost of actually owning one. VPN uses cryptography to scramble data so it's unreadable while traveling over the Internet, thus providing privacy over public lines. Companies with branch offices commonly use VPNs to connect multiple locations.

Vulnerability assessment

A process that defines, identifies, and prioritizes the severity of security holes (vulnerabilities) in a computer, network, or communications infrastructure which hackers can exploit.


A hidden, self-replicating section of computer software, usually malicious code, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.


War Driving

War driving is the process of traveling around looking for wireless access point signals that can be used to get network access.

Watering Hole

A computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected. Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.

WEP (Wired Equivalent Privacy)

The security aspects of 802.11b, a standard that enables wireless devices and laptops to access a network via radio frequencies instead of physical wiring. WEP has three tasks: 1) to authenticate clients to access points; 2) to encrypt the data exchanged between the clients and access points; and 3) to include an integrity check with every packet exchanged. The initial implementation of WEP provides weak security. While it is not completely useless, it is best used as another layer of security in conjunction with stronger measures.


A type of spear-phishing attack specifically targeted at high-ranking executives in an organization.

White hat

A person who investigates flaws in network security measures in order to strengthen them and to prevent computer networks from being invaded. When such a researcher discovers new security flaws, he or she reports them to the appropriate vendor to be fixed, rather than using the knowledge illicitly.


A cybersecurity strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others.


Monitoring and recording data that is flowing between two points in a communication system.

WPA (Wi-Fi Protected Access)

A data encryption specification for 802.11 wireless networks. Wireless networks rely on radio waves, which broadcast in all directions. Any device within range of a wireless access point could eavesdrop upon its transmissions. WPA encrypts wireless data so that an eavesdropper intercepts gibberish, while authorized endpoints receive clear, decrypted data. WPA replaces WEP, a weaker wireless encryption standard that attackers can readily break.


A self-replicating program that seeks access into other computers by exploiting security flaws. After a worm penetrates another computer, it continues seeking access to other areas. Worms often steal or vandalize computer data. Many viruses are more accurately termed worms, and use e-mail or database systems to propagate themselves to their victims.


Monitoring and recording data that is flowing between two points in a communication system.


Zero day

Also known as "Day Zero," this is a term used to mark the day a new vulnerability is made known for which no patch may yet be available (day one = the day at which the patch is made available).

Zero-day attack

A computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.


A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.