Cybersecurity Glossary and Terms

Cybersecurity Glossary and Terms
Image Credit: sqback / Getty Images

Cybersecurity Glossary and Terms: Cybersecurity is crucial to everyone. We’re continually sharing information through smartphones, tablets, or computers. Fun or work, whatever the reason, it doesn’t pose any less risk.

As a business, you need to know the possible threats and what needs to be done to protect and secure your business data from all threats. However, sometimes it feels like all the information is complex, hidden under cryptic acronyms, and tech-speak intentionally.

Cybersecurity Terms explained

It can be challenging to keep track of all these recent cybersecurity terms. Presented below are cybersecurity acronyms and terms to help you gain a better understanding.

We appreciate the terms listed below may not be exhaustive, and we endeavor to update this list regularly. If something seems important enough to be included, please let us know.

# | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z




A warning in case there’s some unusual activity detected or any cybersecurity threat to your system carrying all the necessary information


Antivirus software detects and saves the system or computer from malicious code, malware, or other cybersecurity threats.

Antivirus also alerts you about the threat and acts as necessary, such as removing or neutralizing malware.

RELATED: 10 of the best antivirus software packages for business


Short for application – a software program for a smartphone or tablet is known as an app.

APT Advanced Persistent Threat

APT is a cyberattack that aims for governments and companies to use complicated techniques to carry out cyber espionage, cyberspying, invasion, eavesdropping, or any other evil activity. It’s usually done by a skilled, expert enemy/opponent with substantial resources. These are mostly connected to nation-state performers.

These attacks can reach your system from various angles and multiple entrances. Intruders might use numerous vectors, such as cyber, physical, deception, etc. If they’ve been successful in their malicious attempt, recovering the system or stopping the attack will be extremely complicated.

Attack Signature

A specific characteristic or unique pattern which detects potential actors and solutions connecting one attack to another.


An attacker is an individual or group of individuals with malicious intent. Attackers aim to change, destroy, steal, or ruin the information in the computer system and misuse it for their good.


The verification process of the user identity, process, or device.


Behavior Monitoring

Behavior monitoring observes user activities, information systems, and processes. It’s a good way to measure the mentioned activities against organizational policies and rules, baselines of normal activity, thresholds, and trends.


A list of users or devices who are no longer allowed to access the system, blocked, or denied privileges.

Blue Team

A mock cybersecurity attack’s defense group is known as the “Blue” team. Its job is to protect and save the information system, and the Red team is assigned to attack. These mock attacks are more like a part of the operational exercise.

Now, there’s another neutral team named as “White” team. This team establishes and monitors the mock attacks.


A bot is a software application that is designed to automate certain tasks on the internet or other digital platforms.

Bots can be useful for automating repetitive tasks, improving efficiency, and enhancing user experience. However, they can also be used for malicious purposes, such as spamming, phishing, or spreading fake news.


Botnet is an infected device system connected to the internet and commits a coordinated cyber attack behind its owner’s back.


Accessing data, computers, or networks illegally or without authorization

Brute Force Attack

A brute force attack is used to find passwords and illicit access to something. This system uses computational power and can put number combinations in enormous quantities.


An error, flaw, or fault in an information system, computer, or other devices.

BYOD – Bring Your Own device

A policy of an organization where the employees are allowed to bring and use their personal devices for work.

RELATED: Bring Your Own Device Best Practices: Creating a Security-Centric BYOD policy



A digital certificate is used to verify digital identities. This makes the information exchange more secure for a computer, device, user, or organization.


Encrypting or decrypting data using an algorithm is called cipher. It’s also known as ‘code.’

CIRTComputer Incident Response Team

A team of people investigating network security breaches. Their job is to examine what caused the incident and all affected/lost the information/data. They study and utilize the perception and respond accordingly.

CISACertified Information Systems Auditor

An authentication for professionals in charge of monitoring, auditing, controlling, and accessing information systems.

CISMCertified Information Systems Security Manager

ISACA’s advanced certification for professionals who have adequate knowledge, experience, and capability to develop and manage an enterprise information security program.

CISSPCertified Information Systems Security Professional

CISO and other information/data security leaders’ certification for management.

CNDComputer Network Defense

The CND is a set of defense cybersecurity measures – usually for securing the military and government information systems and networks from intrusions and unusual activities. 

COBITControl Objectives for Information and Related Technologies

COBIT is a business framework that ISACA is developing and constantly updating. It comprises practices, tools, and models. It’s used to manage and control information technology—also, risk management and compliance.


Information like a password, passphrase, token, and certificate to verify a user’s identity.

Cross-Site Scripting (XSS)

A web application’s vulnerability usually gives online criminals a chance to insert client-side scripts into pages that other users view.

The attackers use it to overwrite access controls. It can be a serious threat if the network administrator or the website owner takes no proper measures.


The art of encoding and solving codes. It also ensures data safety and authenticates data and user/device identities.


The intentional and malicious attempts through cyber systems to harm, disrupt, damage, or intrude on computer systems, networks, or devices.

Cyber Security

A set of cyber protection of electronic and computer networks, programs, and data against all malicious attacks and illegal access is known as cybersecurity.

RELATED: A guide to cyber security for small and medium businesses

Cyber Essentials

 A  UK Government-backed self-assessment certification. Cyber essentials help you take proper measurements, save yourself from cyber attacks, and demonstrate to others your taken measures simultaneously.

RELATED: Understanding the Cyber Essentials certification scheme

Cyber Incident

Violating the security policies of a system or service is a cyber incident. Commonly seen violations are;

  • Trying to gain illegal access to a system or data
  • Unauthorized use of systems to process or store data
  • Trying to change a system’s firmware, software, or hardware without the system owner’s consent
  • Malevolent disturbance or service denial


Data at Rest

Physically stored inactive data – the remaining data of the device despite any power source connection – for example, hard disks, removable media, or backups.

Data Breach

The unauthorized transferring or revelation of information to any outside party.

Data Integrity

The data that features – intact, correct, complete, unaltered – are not changed or modified intentionally or accidentally.

Data Loss

Not having access to the data either because the data is stolen, erased, or misplaced.

Data Security

Necessary steps are taken to protect confidential information and prevent deliberate or accidental revelations or damages.

DDoSDistributed Denial of Service

It’s a malicious attempt to attack a system’s normal traffic by overwhelming the service.


The procedures for taking the coded text and converting it back to plain, understandable text.

Dictionary Attack

One sort of brute force attack where the attacker uses very common dictionary words to crack your password or passphrase to break into your information system.

DLPData Loss Prevention

A strong prevention security strategy and relevant programs stop significant data from getting lost and crossing the safe border.

DoSDenial of Service

The invader overloads the service with requests. This cyber-attack makes the network resources and information unavailable to the authorized and intended users.

Download Attack

Installing malicious software in a device without the user’s knowledge or consent is known as a download attack. It’s also called a drive-by download.


Electronic Warfare (EW)

Using energy like radio waves or lasers to damage the rival’s electronics, such as – frequency jamming to turn off communication equipment.


Protection of internet-capable client computers networks like modern smartphones, laptops, and tablets are endpoints.


Converting plain text to cipher text using codes.


Ciphering the information to protect it from the invaders. Encryption makes the information unreadable to people who don’t have the decoding key.

Ethical Hacking

Using hacking tricks and techniques for valid reasons like testing the cybersecurity loops and weak points. These attackers are categorized as ‘white hat hackers.’


Transferring data from a system or server without one’s permission or authorization.


The attacker takes advantage of a particular loophole or vulnerability of an information system. It’s also known as another network security breathing technique.

Exploit Kit

These computer programs are designed to figure out any weak points that can be attacked in software apps. They use the vulnerabilities to enter the system or network and fill it with malicious codes.



A virtual border that surrounds a network or device which protects it from unauthorized entry. It can either be hardware or software.



Government Communications Headquarters. An organization using foreign intelligence to fight against terrorism, cybercrime, and child pornography.


General Data Protection Regulations. European legislation gives one better and greater control over personal information and prevents misuse.

GRCGovernance, Risk Management and Compliance

The three practices – governance, risk management, and compliance – ensure that the organization and its people are ethically strong, run the business efficiently, take necessary measures to reduce risks, and maintain compliance with internal and external rules and regulations.



An individual with the intent to gain unauthorized access to computers, systems, and networks


Camouflaging information with the help of a mathematical algorithm.

Honeypot (honeynet)

It’s a baiting trap for hackers. It’s a system that detects and deflects the attacks and protects the actual system. A very useful tool for knowing about different attack styles. A honeynet is a home for many honeypots.


ICSIndustrial Control System

The manufacturing industries, product handling, production, and distribution use a particular information system to manage and control industrial procedures and infrastructure assets.

IDS/IDPIntrusion Detection System/Intrusion Detection and Prevention

It finds out malicious or unusual activity on corporate networks and prevents them. The system can either be hardware or software.


Violating security measures of a system or service. The intruder uses this to gain illegal access, uses the systems for data processing and storage illegally, attempts to cause malicious disruption or denial of service, and tries to change a system without the owner’s permission.

Incident Response Plan

A certain fixed plan of action to carry out in case there’s an event of a cyber incident.


An indicator is a warning or a signal which means there might be some cyber incident on its way.

Information Security Policy

The guidelines, rules, and practices needed to build an organization’s management, protection, and information distribution strategy.

IoTInternet of Things

A system where everyday objects can be connected to the internet. For example, kettles, fridges, and televisions.

IP Spoofing

It’s the attacker’s way of tricking the users or the cybersecurity solution into believing a fake IP address and the actor are legit.

ISOInternational Organization for Standardization

It’s an independent body that helps grow the voluntary industry standards with two main information security management standards: ISO 27001 and ISO 27002.

ISO 27001

It demonstrates the maximum accreditation and is considered the gold standard in the information security management system.



Dismissing any device’s security restriction to modify the system and install unauthorized applications. It’s mostly done on a mobile phone.



The numerical value needed for encryption or decryption of the ciphered text.


Used to track and monitor the user’s keystrokes and keyboard events. It could be either hardware or software.


Logic Bomb

A set of private instructions carrying code. Once added to a system, a specific action triggers it. It usually plays malicious and evil acts like deleting files.


Macro Virus

Taking advantage of a document’s application’s macro programming capacity, one type of malicious code conducts crimes, makes duplicates of itself, and spreads out through the entire system.

Malicious Code

Program codes that have been designed to carry out the evil intention. These codes were planned to interfere with or damage the information’s confidentiality, integrity, or availability.


Acronym of malicious software. It could be anything that has a negative effect on organizations or individuals, like viruses, Trojans, worms, code, or content.


Misusing the online advertisement to deliver malware to others’ computers or devices.

MDMMobile Device Management

This software is specifically introduced to monitor, manage, and secure our mobile, tablet, laptop, and other devices. The device’s remote administration and management are also included.


The measures are taken to figure out and reduce cybersecurity risks.

MitMMan-in-the-middle Attack

The criminals use this attack to interfere between the victim and the victim’s aimed website. The reason behind this crime is to stop transferring information or to change it. Its acronyms are MITM, MIM, MiM, or MITMA.


NCSC – National Cyber Security Centre

It’s a  UK government organization. NCSC gives protection to critical services against cyberattacks. It’s also a part of GCHQ.

NIST – National Institute of Standards and Technology

This organization is a US federal agency in charge of the ‘Framework for Improving Critical Infrastructure Cybersecurity.’ NIST uses voluntary guidelines to control security risks.

NIST Cyber Security Standard

U.S. framework to make businesses take appropriate measures to defend themselves against cyber crimes.



OWASP stands for the Open Web Application Security Project. It is a non-profit organization that aims to improve the security of software and applications.

OWASP provides a community-driven platform for developers, security professionals, and organizations to collaborate and share knowledge about web application security threats and best practices.


Packet Sniffer

This software can monitor and record network traffic. It can either be used to run diagnostics and troubleshoot problems or to spy on personal information such as browsing history and downloads.

Passive Attack

The attackers are shady since they try to sneak in and get private details through extracting. As they’re not trying to change or alter any data, the attack is more difficult to spot them. That’s why this goes by the name ‘passive.’

Password Sniffing

The attacker uses this technique to gather password data. They have to monitor or snoop in on the network traffic.

Patch Management

Developers supply the patches or updates to repair any defect in the software. Patch management is getting the patch, testing it, and installing it in a system.


To strengthen the security or improve the performance, you need to apply patches/updates. The process of applying these updates is called patching.


The main culprit of malware that causes malicious damages. Take cyber security, for example. It’s equivalent to the explosive charge of a missile. It’s also referred to as the damaging wreck.

PCI-DSSPayment Card Industry Data Security Standard

Every dealer, retailer, or service provider accepting card payments must comply with PCI-DSS. It’s sort of a security practice.

RELATED: Achieving compliance with PCI DSS: An introduction for business

Pen test/pentest

A penetration test or penetration testing’s slang and short term.

Penetration Testing

Penetration testing is used to investigate and reveal information system vulnerabilities to be fixed.

RELATED: Understanding the Penetration Testing Lifecycle: Penetration Testing Phases & Tools

PIIPersonally Identifiable Information

Personally identifiable information (PII) is data that can be used, either alone or with other information, to identify an individual.


A technique to attack a network’s framework to redirect a valid user to an illegal website although they were on the right address.


a strategy to bring out personal information or push the user to visit a fake website by sending mass emails asking for the user’s sensitive information. The features of the emails are usually untargeted.

Proxy Server

It’s a gateway between a computer and the internet. It prevents the attackers from getting access to a computer or private network directly and strengthens the cyber security



Ransomware is malicious software that prevents the data owner from accessing his data. This allows the attacker to encrypt available data on a PC or mobile device.

Once successfully infected, the victim is sent a message asking for a specific amount of money to be paid in exchange for a decryption key. The currency is usually Bitcoins. The victims are also given a time frame to pay.

Red Team

The red team is an authorized and organized group of security professionals who are experts in attacking systems or invading defenses of an enterprise’s cybersecurity measures.


It means creating multiple substitute resources of systems, sub-systems, assets, or processes that serve the same purpose and function in the event of the loss or failure of the main resources.

Remote Access Trojan (RAT)

Taking advantage of a user’s access permissions, Remote Access Trojans infect their computers and leave them exposed to cyber-attacks, giving them full access to every PC’s data.

This is just the right way for them to get confidential information out. With the backdoor in the RATs, the victim’s computer can get enlisted into a botnet which enables it to spread to other devices.

The modern RATs are strong enough to evade any powerful authentication and can break into a device, reaching the most delicate applications to use later for evil purposes.


It’s a set of highly access-privileged software tools. It’s usually installed in an information system. Also, the presence of the tool is hidden, the administrator-level access is maintained, and the tool’s activities are disguised for better safety.


SaaSSoftware as a Service

This business model software is centrally hosted, and users can access its applications through the internet.

Secret Key

An encryption and decryption key. It’s also known as a cryptographic key that enables the symmetric key cryptography scheme operations.

Security Automation

Using information technology and machine-based execution instead of manual processes. This is used for detecting any threats and responding to the incident accordingly.

Security Monitoring

Collecting data from a whole set of security systems and detecting cyber threats and data breaches by analyzing the details with threat intelligence.

Security Perimeter

A precisely defined security-control-enforced border between networks.

Security Policy

One kind of rule or group of rules that control the reasonable use of an organization’s data and services to a safe extent. The policies also consider the methods of organizational protection of the information assets.

SIEMSecurity Information and Event Management

Monitoring, logging, alerting, and analyzing security events is this software’s job; it also helps figure out threats and respond to them.

RELATED: Cloud SIEM: How Cloud-Based Security Information and Event Management can benefit your Business


A common way to trick users into sharing their personal information or visiting a fake website. Smishing is short for phishing with SMS, which means that the user will get multiple text messages asking them to disclose their sensitive data, such as bank details and one-time passwords (OTP).

SOCSecurity Operations Center

An organization’s centralized function monitors, assesses and defends security-related problems.

RELATED: What is a Security Operations Center (SOC)?

Social Engineering

Social engineering is manipulating people to act in a specific way and disclose confidential information which an attacker can take full advantage of. Lies, psychological tricks, bribes, extortion, impersonation, and threats are the manipulation techniques used by the attackers. It’s mostly used to get illegal access to an individual person’s or organization’s information system.

RELATED: 5 Social engineering techniques that exploit business employees


Using the electronic messaging system to send unwanted bulk messages randomly to people.

Spear Phishing

One kind of cyberattack is pulling personal information out from a victim, tricking them with a specific and personalized message, which seems to be one from a trusted person.

This message usually targets individuals or companies, and it tends to work extremely well since it’s well-thought and planned carefully.

Before shooting a spear-phishing email, attackers take their time and use all the resources to gather as much information (like interests, activities, background history, etc.) as possible to craft a perfect phishing message.

The message involves urgency and familiarity (makes it look like appearing from someone close), so it creates tension in them, which takes off the thought of double-checking the information or sender.


Giving out fake transmission addresses to get illegal access to a security system.


Malicious software sneaks into the victim’s system and steals all personal data. However, trojans, adware, and system monitor are not the same. Spyware observes and records the user’s internet activity, like browser history, keystrokes, etc.

Moreover, it can collect passwords, usernames, and other financial information. It can send this sensitive information and confidential details to the cybercrime server to be used in cyber attacks.

SQL Injection

A code injection is used to attack data-driven applications. It’s called SQL injection. It can harm a system in multiple ways, like moving all the sensitive information in a database to where the attacker has free access.

The hacker can easily spoof identities, damage data, reveal personal information, ruin or erase the data, or corrupt it. They can take over the database too.

SSOSingle Sign-On

An authentication process that allows the users to access or log in on the devices or computers with no more than one set of credentials like an ID or username and password.

SSL / Secure Sockets Layer

This encryption method ensures safe data transmission between the user and a particular website. This approach prevents any sort of snooping that can be risky for confidential information such as card details while making online purchases.

Valid websites use SSL meaning it starts with HTTPS. Users should avoid entering sensitive information on unsafe websites that don’t have SSL.

RELATED: Understanding the benefits of an SSL Certificate for your Business Website


Encrypting or covering specific data in the texts or images to release malware in the user’s system.


Symmetric Key

This key is multipurpose. It can carry out cryptographic operations and the opposite, both like encrypting plain text, decrypting ciphertext, or creating a text verification code.



Threat Analysis

An essential step to help evaluate the details of individual threats.

Threat Assessment

A process or practice determining the entities, actions, or seriousness of a potential threat to human life, information, operations, or properties.

Threat Hunting

The process of actively and repeatedly looking for threats – through networks and endpoints – that escaped security controls somehow.

Threat Management

No miracle solution can prevent 100% cyber threats. It requires multiple layers of procedures like prevention, detection, response, and recovery for threat management to be successful.

Threat Monitoring

The process requires gathering information about security audits and similar categories to be analyzed and reviewed to ensure it’s risk-free for the system. It’s an uninterrupted process.


It’s data that works as verification proof of a client or a service. These data, along with a temporary encryption key, create a credential.


A physical, electronic device is used to confirm the identification of a user. It has a two-factor or multi-factor authentication mechanism.

Tokens are capable of replacing passwords too. Things can be considered tokens: key fob, USB, ID card, or smart card.

Typhoid Adware

With the help of a Man-in-the-middle attack, this security threat injects advertising into a website that a user may browse while accessing a public network, such as using a public, non-encrypted Wi-Fi hotspot.

The point is an antivirus installed in the public network accessing computers can’t help prevent the threat since the computer doesn’t require having adware in it to be affected.

The ads may not be malicious. However, it can expose the users to other threats big time, like promoting a fake antivirus in disguise as malware or a phishing attack.

2FA – Two-Factor Authentication

A process of verifying a user’s claimed identity with the help of two different parts. It’s termed multi-factor authentication as well.

Trojan Horse

Although this program has some useful functions, it is extremely expensive. It can even take over your computer entirely and destroy or abuse its data.

This malware can sometimes take the wrong advantage of the legal permission of an invoking system and escape valid security mechanisms.

Traffic Light Protocol

A group of designations using four colors – RED, AMBER, GREEN, and WHITE – to separate the categories. This method ensures that no sensitive information gets transmitted to the wrong audience.


Unauthorized Access

Violation of the declared security policy.

URL Injection

An injection attack is where an attacker creates new pages containing spam words or links on someone else’s website. This act is called URL injection. These malicious code-containing pages are capable of redirecting your users somewhere else. It can even make your website’s web server make a DDoS attack.

Vulnerabilities in server directories are the main reason for URL injection taking place. It can also happen because of the website’s software, like outdated WordPress or plugins.


VPNVirtual Private Network

A secure platform for remote users. The network is completely encrypted, and only safe connections are allowed. A good example would be an organization with multiple offices in different places.


One kind of malicious software can replicate itself and infect valid software programs or systems.


A system, software, or a process’s defect or weakness is a vulnerability. This is a good opportunity for any hacker to abuse the vulnerability and get illegal access to a system.



Zero-day is newly found vulnerabilities or bugs in a system which is still unknown and unaddressed to the vendors or antivirus companies.


A computer connected to the internet appears normal and working just fine. However, a hacker is on the other side controlling the computer. This type of disguised computer is known as a zombie computer.

These are used to perform several malicious attacks like spreading spam or infected data to other computers or launching DoS attacks, all of which happen without the owner’s knowledge.



There are four main classes of malware, and wabbit is one of them. The rest of the three are viruses, worms, and trojans. It’s a computer program that is capable of replicating itself again and again on the local system. However, it can also be programmed – to contain malicious side effects – with a negative intention.

A fork bomb for a wabbit example. A fork bomb is a DoS attack against any computer using a fork function. It can quickly create a huge amount of processes, leading the system to crash. But wabbits don’t infect other computers through networks.


This is a common cyber-attack where the attacker uses a phishing attack in disguise of a valid email, and it’s mostly used to go after senior executives and high-profile targets.

Water-Holing (watering hole attack)

To perform this attack and infect the visiting users, the attacker uses a fake or compromised real website.

Watering Hole

This computer attack strategy was first discovered back in 2009 and 2010.

Instead of targeting random people, watering hole attacks specific groups like a company, organization, agency, industry, etc. The attacker takes time to figure out critical information to bait the target easily. Information like which websites the group members visit often. Once figured, the attacker takes advantage of a website’s vulnerability and infects one of the group’s most visited websites with malware.

Ultimately, a group member will become the victim of the attack and get their computers infected, providing the attacker with unfettered access to the group’s overall network.

These attacks are successful working because there are always exposed weaknesses in website technologies for the attacker to abuse. This is the same with the best-known systems like WordPress. These vulnerabilities make it easier to wreck websites without the owner’s knowledge.


This is a common cyber-attack where the attacker uses a phishing attack in disguise of a valid email, and it’s mostly used to go after senior executives and high-profile targets.


A list or record of reliable entities who can access the system or get privileges.

White Team

A group of referees judges the fight between a Red Team of mock attackers and a Blue Team – actual defenders of the information system. This neutral group is known as White Team.


One kind of self-replicating, self-propagating, self-contained malware spreads itself throughout the network.

You might also like