Cybersecurity Glossary
A comprehensive glossary that helps you understand key terms and concepts related to cybersecurity
Cybersecurity Terms-to-Know in 2023
Antispyware – Software designed to detect and remove spyware from a computer or device.
Antivirus – Software designed to detect, prevent, and remove malware from a computer or device.
Biometric authentication – Using unique physical or behavioral characteristics (e.g., fingerprints) for authentication.
Biometric data – Unique physical or behavioral characteristics used for authentication.
Botnet – A network of compromised computers controlled by cybercriminals to carry out attacks.
Brute force attack – A trial-and-error method used by attackers to guess passwords or encryption keys.
Cyber attack – An intentional attempt to compromise computer systems, networks, or data, often with malicious intent.
Cyber hygiene – Best practices individuals and organizations follow to maintain a secure digital environment.
Cyber insurance – Insurance coverage for losses resulting from cyber attacks or data breaches.
Cyber threat intelligence – Information about potential cyber threats and their characteristics.
Cybersecurity awareness training – Training individuals on cybersecurity best practices and threats.
Cybersecurity incident response – The process an organization follows to identify and resolve cybersecurity breaches and attacks.
Cybersecurity policy – A set of rules and guidelines defining an organization’s security practices.
Cybersecurity – The practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage.
Data breach – An incident where sensitive or confidential information is accessed, disclosed, or stolen by unauthorized individuals.
Data encryption – Converting data into a coded form to prevent unauthorized access.
Data loss prevention (DLP) – Strategies to prevent accidental or intentional data loss.
Data privacy – Protecting individuals’ personal information and ensuring it is handled appropriately.
DDoS (Distributed Denial of Service) – An attack that floods a system with traffic to overwhelm and disrupt its services.
Encryption algorithm – A mathematical formula used to encrypt and decrypt data.
Encryption key – A code or password used in the encryption and decryption process.
Encryption – The process of converting data into a coded form to prevent unauthorized access.
Endpoint protection – Security measures applied to individual devices to protect against threats.
Endpoint security – Security measures applied to individual devices connected to a network.
Exploit – A piece of software or code that takes advantage of a system’s vulnerability.
Firewall – A security barrier that monitors and controls network traffic, helping to block unauthorized access and potential threats.
Hacking – Unauthorized access or manipulation of computer systems or networks.
Identity theft – Unauthorized use of someone’s personal information for fraudulent purposes.
IoT (Internet of Things) – The network of physical devices embedded with sensors, software, and connectivity, enabling them to exchange data over the internet.
Malware – Malicious software designed to harm or exploit computer systems, including viruses, ransomware, and spyware.
Man-in-the-middle attack (MITM) – Intercepting and potentially altering communication between two parties.
Multi-factor authentication (MFA) – Similar to 2FA, an extra layer of security requiring multiple forms of identification.
Network security – Measures to protect the integrity and confidentiality of a network.
Password – A secret combination of characters used to verify a user’s identity and grant access to an account or system.
Patch management – The process of managing and applying software updates and patches.
Patch – A software update released by vendors to fix security vulnerabilities and bugs in their products.
Penetration testing (pen testing) – Testing a system or network for vulnerabilities to identify potential weaknesses.
Phishing – A cyber attack where attackers use deceptive emails or messages to trick individuals into revealing sensitive information.
Ransomware – Malware that encrypts files and demands a ransom to unlock them.
Sandbox – A safe and isolated environment to test potentially harmful software.
SIEM (Security Information and Event Management) – Software that collects and analyzes security data from various sources.
Social engineering – A tactic used by cybercriminals to manipulate and deceive individuals into divulging sensitive information.
Social media engineering – Manipulating individuals on social media platforms to extract sensitive information.
SSL/TLS – Secure Socket Layer/Transport Layer Security – Protocols for secure data transmission on the internet.
Two-factor authentication (2FA) – An extra layer of security requiring users to provide two forms of identification before accessing an account.
Virus – A type of malware that attaches itself to legitimate programs and spreads from one computer to another.
VPN (Virtual Private Network) – A tool that establishes a secure and encrypted connection between a user’s device and the internet.
VPN tunneling – The process of encapsulating data in a secure “tunnel” for protected transmission.
Vulnerability – A weakness in a system that can be exploited by attackers.
Zero-day vulnerability – A security flaw in software or hardware that is unknown to the vendor.
