Cyber security glossary
A Glossary of Common Cybersecurity Terminology
Cybersecurity is a major concern for individuals and businesses of all sizes as well.
Whether you are a technology professional, use computers at work, or just browse the Internet, this glossary would be very helpful for you.
We define most important terms of cybersecurity to explain about various threats that you may face in your daily life in some plain English descriptions.
An advanced persistent threat is a type of targeted attack. APTs are characterized by an attacker who has time and resources to plan an infiltration into a network.
These attackers actively manage their attack once they have a foothold in a network and are usually seeking information, proprietary or economic, rather than simple financial data.
Adware is software that displays advertisements on your computer.
Anonymizing proxies allow the user to hide their web browsing activity. They are often used to bypass web security filters—e.g., to access blocked sites from a work computer.
Autorun worms are malicious programs that take advantage of the Windows AutoRun feature. They execute automatically when the device on which they are stored is plugged into a computer.
B
A backdoor Trojan allows someone to take control of a user’s computer without their permission.
Boot sector malware spreads by modifying the program that enables your computer to start up.
A botnet is a collection of infected computers that are remotely controlled by a hacker.
Browser hijackers change the default homepage and search engine in your Internet browser without your permission.
A brute force attack is one in which hackers try a large number of possible keyword or password combinations to gain unauthorized access to a system or file.
A buffer overflow occurs when a program stores excess data by overwriting other parts of the computer’s memory, causing errors or crashes.
C
A command and control center (C&C or C2) is a computer that controls a botnet (a network of compromised computers). Some botnets use distributed command and control systems, making them more resilient.
Cookies are files placed on your computer that allow websites to remember details.
D
Data leakage is the unauthorized exposure of information. It can result in data theft or data loss.
Data leakage prevention is a top concern for organizations. Data leakage is the failure to protect confidential information including the identities of their workforce, their customers and the general public.
Data loss is the result of the accidental misplacement of data, rather than its deliberate theft.
Data loss frequently occurs through the loss of a device containing data, such as a laptop, tablet, CD/DVD, mobile phone or USB stick.
Data theft is the deliberate theft of information, rather than its accidental loss.
Data theft can take place both inside an organization (e.g., by a disgruntled employee), or by criminals outside the organization.
A denial-of-service (DoS) attack prevents users from accessing a computer or website.
In a DoS attack, a hacker attempts to overload or shut down a service so that legitimate users can no longer access it. Typical DoS attacks target web servers and aim to make websites unavailable. No data is stolen or compromised, but the interruption to the service can be costly for an organization.
The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names, like www.sophos.com, into IP address numbers so that they can communicate with each other.
Document malware takes advantage of vulnerabilities in applications that let you read or edit documents.
By embedding malicious content within documents, hackers can exploit vulnerabilities in the host applications used for opening the documents.
A drive-by download is the infection of a computer with malware when a user visits a malicious website.
Drive-by downloads occur without the knowledge of the user. Simply visiting an infected website may be sufficient for the malware to be downloaded and run on a computer. Malware exploits vulnerabilities in a user’s browser (and browser plugins) in order to infect their computer.
E
Email malware refers to malware that is distributed via email.
Historically, some of the most prolific virus families (e.g., Netsky or SoBig) distributed themselves as file attachments in email.
An exploit takes advantage of a vulnerability in order to access or infect a computer.
Usually an exploit takes advantage of a specific vulnerability in an application and becomes ineffective when that vulnerability is patched.
F
The inability of a system or component to perform its required functions within specified performance requirements.
Fake antivirus malware reports non-existent threats in order to scare the user into installing malicious software and/or paying for unnecessary product registration and cleanup.
A capability to limit network traffic between networks and/or information systems.
It is a hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
G
H
An unauthorized person who attempts to or gains access to an information system including website, application, database, etc..
Hacktivism is the term used to describe hacking activity that’s typically for political and social purposes, attacking corporations, governments, organizations and individuals.
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a ‘hash value’) that represents the data.
Hoaxes are reports of false and unsubstantiated claims, in an attempt to trick or defraud users.
A hoax could be an attempt to solicit money, an attempt to install malware, or an attempt to consume bandwidth (by having users forward a hoax email).
A honeypot is a form of trap security specialists use to detect hacking attacks or collect malware samples.
Honeypots are frequently used by security specialists or researchers to gather information about current threats and attacks.
I
The effect of an event, incident, or occurrence.
In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization’s operations, its assets, on individuals, other organizations, or on national interests.
An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
An occurrence or sign that an incident may have occurred or may be in progress.
An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
A person or group of persons within an organization who pose a potential risk through violating security policies.
One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.
Worms are a form of malware that replicates across the Internet or local networks.
Worms differ from computer viruses because they can propagate themselves, rather than using a carrier program or file. They simply create copies of themselves and use communication between computers to spread.
An unauthorized act of bypassing the security mechanisms of a network or information system.
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
J
K
The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
A public key and its corresponding private key.
Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.
Keylogging is the process of secretly recording keystrokes by an unauthorized third party.
Keylogging is often used by malware to steal usernames, passwords, credit card details and other sensitive data.
L
An individual record within a log file or storage. Usually, it record an activity or action at some point of time.
The process for generating, transmitting, storing, analyzing, and disposing of log data.
M
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Malware is a general term for malicious software. Malware includes viruses, worms, Trojans and spyware. Many people use the terms malware and virus interchangeably.
Antivirus software usually detects a wider range of threats than just viruses, and can be an effective defense against worms, Trojans and spyware.
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
Mobile phone malware is malware intended to run on mobile devices, such as smartphones or PDAs.
Thousands of mobile malware variants have been discovered since late 2010, when the first malware samples for Android and iOS devices were identified.
N
A person installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
O
A passive information system-related entity containing or receiving information.
The hardware and software systems used to operate industrial control devices.
A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
P
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
Patches are software add-ons designed to fix software bugs, including security vulnerabilities, in operating systems or applications.
Patching for new security vulnerabilities is critical to protect against malware. Many high-profile threats take advantage of security vulnerabilities. If your patches are not applied in a timely manner or not up to date, you risk leaving your computer open to hackers.
Phishing refers to the process of deceiving recipients into sharing sensitive information with an unknown third party (cyber-criminal).
Typically in a phishing email scam, you receive an email that appears to come from a reputable organization, such as:
Unencrypted information.
Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment, and may create security concerns.
Q
R
Ransomware is software that denies you access to your files or computer until you pay a ransom.
Malicious software can hold your data hostage. For example, the Archiveus Trojan copies the contents of the My Documents folder into a password-protected file and then deletes the original files. It leaves a message telling you that you require a 30-character password to access the folder, and that you will be sent the password if you make purchases from an online pharmacy.
The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
In cybersecurity, response encompasses both automated and manual activities.
The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
S
A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.
A rule or set of rules applied to an information system to provide security services.
A recognizable, distinguishing pattern.
Types of signatures: attack signature, digital signature, electronic signature.
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
Social engineering refers to the methods attackers use to deceive victims into performing an action. Typically, these actions are opening a malicious webpage or running an unwanted file attachment.
Social networking websites allow you to communicate and share information. But they can also be used to spread malware and to steal personal information.
The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spearphishing is targeted phishing using spoof emails to persuade people within an organization to reveal sensitive information or credentials.
Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
SQL injection is an exploit that takes advantage of database query software that doesn’t thoroughly test for correct queries.
Cyber criminals use SQL injection along with cross-site scripting (XSS) and malware to break into websites and extract data or embed malicious code.
When an endpoint security solution scans files, it labels them as clean or malicious. If a file has a number of questionable characteristics or behavior, it is labeled as suspicious.
Suspicious behavior refers to files doing questionable things when they run on a computer, such as copying themselves to a system folder.
T
It is a individual, online property, business or any other thing that an adversary interested in.
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Trojans are malicious programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.
U
Any access that violates the stated security policy.
V
Viruses are malicious computer programs that can spread to other files.
Viruses can have harmful effects such as displaying irritating messages, stealing data, or giving hackers control over your computer.
Vulnerabilities are bugs in software programs that hackers exploit to compromise computers.
Security vulnerabilities are commonplace in software products, leaving users open to attacks. Responsible software vendors, when aware of the problem, create and issue patches to address the vulnerability.
W
A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
X
Y
Z
A zombie is an infected computer that is remotely controlled by a hacker. It is part of a large group of compromised computers called a botnet.
A zero-day (also known as 0-day) is a computer-software vulnerability either unknown to those who should be interested in its mitigation (including the vendor of the target software) or known and a patch has not been developed.