A
APT (Advanced Persistent Threat)
A sophisticated, long-term targeted cyberattack where attackers maintain persistent access to a network to steal sensitive data, conduct espionage, or sabotage critical systems. APTs typically target high-value organizations and use advanced techniques to avoid detection.
Access Control
A security mechanism that regulates who can access specific resources, systems, or data. Access control includes both authentication (verifying identity) and authorization (determining permissions), and is fundamental to protecting sensitive information.
Authentication
The process of verifying that a user or system is who they claim to be. Common authentication methods include passwords, biometrics, smartcards, and one-time codes. Strong authentication is essential for preventing unauthorized access.
Authorization
The process of determining what actions an authenticated user or system is allowed to perform. Authorization ensures that users can only access the specific resources and perform the specific actions necessary for their role.
Attack Surface
The total number of possible points where an attacker could gain unauthorized access to a system or network. This includes hardware, software, network interfaces, and user access points. Minimizing the attack surface is a key security objective.
Anti-Malware
Security software designed to detect, prevent, and remove malicious programs such as viruses, trojans, and worms. Modern anti-malware solutions use signature-based detection, behavioral analysis, and machine learning to protect systems.
Audit Trail
A detailed record of system activities and user actions, including login attempts, data access, and configuration changes. Audit trails are essential for compliance, forensic investigation, and detecting unauthorized activities.
B
Botnet
A network of compromised computers (bots) controlled remotely by attackers. Botnets are commonly used to launch distributed denial-of-service (DDoS) attacks, send spam, or steal data from infected systems.
Brute Force Attack
A cyberattack technique where attackers systematically try all possible combinations of passwords or encryption keys to gain unauthorized access. Brute force attacks are inefficient but can succeed if weak passwords are used or rate limiting is absent.
Business Continuity
The capability to maintain critical business functions during and after a disruption, including cyberattacks, natural disasters, or system failures. Business continuity planning involves backup systems, redundancy, and disaster recovery procedures.
Backdoor
A hidden method for bypassing normal authentication and security controls to access a system. Attackers often install backdoors to maintain persistent access even after the initial vulnerability is patched. Backdoors can exist in software, operating systems, or network infrastructure.
Breach
An unauthorized access, disclosure, or loss of sensitive data. A data breach occurs when attackers successfully compromise security controls and exfiltrate confidential information such as customer records, financial data, or intellectual property.
Blue Team
The defensive security team responsible for protecting an organization's systems and data. Blue Teams implement security controls, monitor for threats, respond to incidents, and improve defenses. They often work in opposition to Red Teams in security exercises.
C
CSPM (Cloud Security Posture Management)
A security technology and practice that continuously monitors and assesses cloud infrastructure configurations for compliance and security issues. CSPM tools identify misconfigurations, insecure permissions, and policy violations across cloud environments.
CWPP (Cloud Workload Protection Platform)
A security solution that protects applications and workloads running in cloud environments from threats. CWPP typically includes workload monitoring, vulnerability management, and runtime protection for containers, VMs, and serverless functions.
CIA Triad
A foundational security model consisting of three core principles: Confidentiality (protecting data from unauthorized access), Integrity (ensuring data is accurate and unmodified), and Availability (ensuring systems and data are accessible when needed).
Cryptography
The science of encoding information to make it unreadable to unauthorized parties. Cryptography uses mathematical algorithms to transform plaintext into ciphertext, protecting data confidentiality and enabling digital signatures for authentication and integrity.
CVE (Common Vulnerabilities and Exposures)
A standardized identifier system for publicly known cybersecurity vulnerabilities. Each CVE has a unique ID (e.g., CVE-2024-1234) and includes descriptions of the vulnerability, affected products, and available patches. CVEs help organizations prioritize remediation efforts.
CVSS (Common Vulnerability Scoring System)
A standardized framework for rating the severity of security vulnerabilities on a scale of 0 to 10. CVSS scores consider factors like attack complexity, required privileges, and impact on confidentiality, integrity, and availability, helping organizations prioritize patching.
Cyber Kill Chain
A framework that describes the stages of a targeted cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Understanding the Kill Chain helps defenders detect and disrupt attacks at each stage.
Compliance
Adherence to laws, regulations, and industry standards that govern data protection and security. Common compliance frameworks include ISO 27001, PCI-DSS, HIPAA, GDPR, PIPEDA, and SOC 2. Compliance is essential for legal operations and protecting customer data.
D
DDoS (Distributed Denial of Service)
A cyberattack that floods a network or service with traffic from multiple sources to make it unavailable to legitimate users. DDoS attacks can be volumetric (overwhelming bandwidth), protocol-based (exploiting network protocols), or application-layer attacks.
Data Loss Prevention (DLP)
A security solution that monitors, detects, and prevents unauthorized transmission of sensitive data. DLP tools protect against accidental or intentional data exfiltration through email, file transfers, cloud services, and other channels.
Decryption
The process of converting encrypted ciphertext back into readable plaintext using the correct decryption key or algorithm. Decryption allows authorized users to access encrypted data while maintaining protection from unauthorized parties.
Defence in Depth
A security strategy that implements multiple layers of defensive controls across networks, systems, and applications. This approach ensures that if one control fails, others remain in place to detect and prevent attacks, reducing overall risk.
Digital Forensics
The practice of identifying, preserving, and analyzing digital evidence from computers, networks, and mobile devices. Digital forensics is essential for incident response, breach investigations, and understanding attack timelines and methods.
DNS Security
Security measures and protocols that protect the Domain Name System from attacks. DNS security includes DNSSEC for authentication, DNS filtering to block malicious domains, and DNS threat intelligence to prevent access to known malicious sites.
E
Encryption
The process of converting plaintext into ciphertext using mathematical algorithms and encryption keys. Encryption protects data confidentiality during storage (at-rest) and transmission (in-transit), making it unreadable to unauthorized parties.
EDR (Endpoint Detection and Response)
A security solution that monitors endpoint devices (computers, servers, mobile devices) for suspicious activity and enables rapid response to threats. EDR tools collect behavioral data, detect anomalies, and allow analysts to investigate and contain incidents.
Email Security
A comprehensive security approach to protect email systems and communications from threats. Email security includes spam filtering, malware detection, phishing prevention, encryption, and data loss prevention to defend against email-based attacks.
Exploit
A technique, code, or attack vector that takes advantage of a vulnerability to gain unauthorized access or control of a system. Exploits can target software vulnerabilities, misconfigurations, or human weaknesses through social engineering.
Exfiltration
The unauthorized removal or theft of sensitive data from an organization's systems or network. Attackers use various exfiltration methods including direct downloads, encrypted tunnels, cloud services, and covert channels to steal data undetected.
F
Firewall
A network security device or software that controls incoming and outgoing network traffic based on predetermined security rules. Firewalls act as a barrier between trusted internal networks and untrusted external networks, filtering traffic by source, destination, and protocol.
Forensics
The systematic investigation and analysis of digital evidence to determine what happened during a security incident. Forensics involves collecting, preserving, and analyzing data from computers, networks, and storage devices to support incident response and legal proceedings.
Fuzzing
A security testing technique where abnormal, malformed, or unexpected inputs are fed to software to discover vulnerabilities and crashes. Fuzzing is effective for identifying buffer overflows, injection flaws, and other software weaknesses.
False Positive
A security alert that incorrectly flags legitimate activity as malicious or suspicious. False positives create alert fatigue, waste analyst time, and can cause security teams to miss actual threats. Minimizing false positives is crucial for effective threat detection.
Fileless Malware
Malicious code that operates in memory without writing files to disk, making it difficult to detect using traditional file-based antivirus. Fileless malware often exploits legitimate system tools like PowerShell or WMI to evade security controls.
G
Governance
The framework of policies, procedures, and oversight mechanisms that guide security decision-making and accountability. Governance ensures that security aligns with business objectives, regulatory requirements, and organizational values.
GRC (Governance, Risk, and Compliance)
An integrated approach to managing governance, identifying and mitigating risks, and ensuring compliance with regulations. GRC programs align security strategy with business goals, reduce risk, and demonstrate accountability to stakeholders.
Gap Analysis
A systematic assessment that compares an organization's current security posture against desired standards, regulations, or best practices. Gap analysis identifies deficiencies and creates a roadmap for improving security and achieving compliance.
H
Honeypot
A security mechanism that mimics a real computer system or network to attract attackers and detect their activities. Honeypots collect information about attack techniques, malware, and attacker behavior without putting production systems at risk.
Hash
A cryptographic function that converts input data into a fixed-length alphanumeric string. Hashes verify data integrity and are used in password storage, digital signatures, and forensic analysis. Even a small change in input produces a completely different hash.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. federal law that regulates the protection of health information privacy. Healthcare organizations, insurers, and business associates must comply with HIPAA to safeguard patient data and avoid substantial penalties for violations.
Hardening
The process of securing a system by removing unnecessary services, applying security patches, configuring security settings, and implementing security controls. System hardening reduces the attack surface and minimizes vulnerabilities that attackers can exploit.
I
IAM (Identity and Access Management)
A comprehensive security framework that manages user identities and controls access to resources. IAM includes authentication, authorization, user provisioning, and deprovisioning to ensure that users have appropriate access based on their roles and responsibilities.
IDS/IPS (Intrusion Detection/Prevention System)
Network security tools that monitor traffic for malicious activity. IDS detects and alerts on suspicious patterns, while IPS actively blocks detected threats. These systems protect against network-based attacks and unauthorized access attempts.
Incident Response
A structured process for detecting, responding to, and recovering from security incidents. Incident response includes containment, eradication, recovery, and post-incident analysis to minimize damage and prevent future occurrences.
IoT Security
Security practices and technologies that protect Internet of Things devices from compromise. IoT security addresses unique challenges such as resource constraints, diverse devices, and insecure default configurations in connected devices.
ISO 27001
An international standard that specifies requirements for establishing, implementing, and maintaining an information security management system (ISMS). ISO 27001 certification demonstrates that an organization has controls in place to protect sensitive information.
Insider Threat
A security risk posed by individuals with legitimate access to systems and data who abuse their privileges to cause harm. Insider threats can be malicious (employees stealing data) or negligent (accidental data exposure), and require both technical and behavioral controls.
J
JWT (JSON Web Token)
A compact, self-contained token format used for securely transmitting information between parties. JWTs are digitally signed and can include claims about user identity and permissions. They are commonly used in modern web applications and APIs for stateless authentication.
K
Key Management
The practice of generating, storing, protecting, and rotating encryption keys. Proper key management is critical for maintaining the security of encrypted data. Key management includes key generation, distribution, rotation, revocation, and secure storage.
Kerberos
A network authentication protocol that provides secure authentication in network environments. Kerberos uses cryptographic tickets instead of password transmission, preventing credentials from being exposed on the network.
Keylogger
Malicious software or hardware that records keyboard keystrokes to capture passwords, sensitive communications, and other information. Keyloggers can be installed by attackers to steal credentials and sensitive data from compromised systems.
L
Lateral Movement
Techniques used by attackers to move across a network after gaining initial access to one system. Lateral movement allows attackers to access additional systems, escalate privileges, and reach high-value targets. Detecting lateral movement is critical for containing attacks.
Log Management
The collection, aggregation, analysis, and retention of logs from systems, applications, and devices. Effective log management enables threat detection, compliance reporting, and forensic investigation. Logs should be protected from tampering and deletion.
Least Privilege
A security principle that limits user access to the minimum permissions necessary to perform their job functions. Implementing least privilege reduces the impact of compromised accounts and prevents unauthorized access to sensitive resources.
M
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Malware includes viruses, trojans, ransomware, spyware, and adware. Anti-malware solutions detect and remove malicious code.
MFA (Multi-Factor Authentication)
A security method that requires users to provide two or more forms of verification before accessing systems or accounts. MFA factors include passwords, biometrics, hardware tokens, and one-time codes, significantly improving security against credential theft.
MITRE ATT&CK
A comprehensive knowledge base and framework documenting adversary tactics and techniques based on real-world observations. MITRE ATT&CK helps defenders understand attack methodologies and develop more effective defenses against known attack patterns.
MDR (Managed Detection and Response)
A managed security service that provides 24/7 threat monitoring, detection, and response. MDR services use advanced analytics, threat intelligence, and human expertise to identify and contain threats rapidly.
Managed Security
A comprehensive service that manages security infrastructure and services on behalf of an organization. Managed security includes firewall management, endpoint protection, vulnerability management, email security, and security monitoring.
Microsegmentation
A network security strategy that divides networks into smaller segments to limit lateral movement and contain breaches. Microsegmentation applies security policies at the application or workload level rather than at the network perimeter.
N
NIST (National Institute of Standards and Technology)
A U.S. government agency that develops and publishes cybersecurity standards and frameworks. The NIST Cybersecurity Framework provides guidance for managing cybersecurity risk and is widely adopted by organizations globally.
Network Security
The practice and technologies used to protect networks from unauthorized access and attacks. Network security includes firewalls, intrusion detection systems, VPNs, network segmentation, and security monitoring to defend against network-based threats.
NIS2 (Network and Information Security Directive 2)
A European Union regulation that establishes cybersecurity and resilience requirements for critical infrastructure operators and digital service providers. NIS2 compliance is mandatory for organizations operating critical systems in the EU.
NOC (Network Operations Center)
A centralized facility that monitors and manages network infrastructure and operations. A NOC tracks network performance, detects outages, and responds to network issues to maintain availability and performance.
O
OSINT (Open-Source Intelligence)
The collection and analysis of publicly available information about targets for security research, threat intelligence, or reconnaissance. OSINT includes information from websites, social media, public records, and news sources.
OAuth
An open standard for authentication and authorization that allows users to grant applications access to their accounts without sharing passwords. OAuth is widely used for single sign-on (SSO) and third-party integrations.
OT Security (Operational Technology Security)
Security measures protecting operational technology systems such as industrial control systems, SCADA, and manufacturing equipment. OT security addresses unique requirements such as availability, safety, and the challenges of legacy systems in critical infrastructure.
P
Penetration Testing
A controlled security assessment where authorized professionals attempt to exploit vulnerabilities in systems and networks to identify weaknesses before attackers find them. Penetration testing provides a realistic view of an organization's security posture.
Phishing
A social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing sensitive information or downloading malware. Phishing is one of the most common initial attack vectors and can be targeted (spear phishing) or mass-based.
PIPEDA (Personal Information Protection and Electronic Documents Act)
A Canadian federal law that regulates how organizations collect, use, and protect personal information. PIPEDA compliance is mandatory for most organizations operating in Canada and involves privacy policies and data protection measures.
PCI-DSS (Payment Card Industry Data Security Standard)
A global standard that defines security requirements for organizations that handle payment card data. PCI-DSS compliance includes requirements for network security, encryption, access control, and regular security testing.
Privilege Escalation
An attack technique where an attacker exploits vulnerabilities or misconfigurations to gain higher-level access and permissions than originally granted. Privilege escalation allows attackers to move from regular user access to administrative access.
Purple Team
A security team that combines the functions of both Red Teams (attackers) and Blue Teams (defenders) to improve overall security. Purple Team exercises integrate offensive and defensive testing to identify gaps in detection and response.
Q
Quarantine
A security mechanism that isolates suspicious files, emails, or systems to prevent them from causing harm while awaiting analysis. Quarantined items are prevented from accessing the network or other resources until they are determined to be safe.
R
Ransomware
A type of malware that encrypts an organization's files or systems and demands payment for the decryption key. Ransomware attacks can cause significant operational disruption and financial loss. Prevention includes backups, access controls, and threat detection.
Red Team
A security team authorized to simulate real-world attackers to test an organization's defenses. Red Team exercises identify vulnerabilities, test incident response capabilities, and help organizations understand their security gaps.
Risk Assessment
A systematic process for identifying assets, threats, and vulnerabilities, and evaluating the potential impact and likelihood of security incidents. Risk assessments provide a foundation for developing mitigation strategies and allocating security resources.
Rootkit
Malicious software that provides attackers with privileged access to a system while concealing its presence. Rootkits operate at the kernel level of operating systems, making them difficult to detect and remove.
RBAC (Role-Based Access Control)
A security model that grants access rights based on user roles and responsibilities. RBAC simplifies access management, reduces the risk of over-privileged accounts, and makes it easier to enforce the principle of least privilege.
S
SIEM (Security Information and Event Management)
A technology platform that collects, normalizes, analyzes, and correlates security logs and events from across an organization's IT infrastructure. SIEM solutions detect threats, support incident response, and aid compliance reporting.
SOAR (Security Orchestration, Automation, and Response)
A security platform that automates threat detection and response workflows. SOAR integrates with multiple security tools, orchestrates responses to incidents, and reduces the time required for human analysts to respond to threats.
SOC (Security Operations Center)
A centralized facility that monitors an organization's security infrastructure 24/7 to detect and respond to security incidents. SOCs employ security analysts who investigate alerts, contain threats, and support incident response.
SASE (Secure Access Service Edge)
A cloud-based security architecture that converges network and security services. SASE provides secure access to applications and data regardless of user location, enabling secure remote work and reducing complexity compared to traditional VPNs.
Social Engineering
An attack technique that exploits human psychology to manipulate individuals into revealing secrets or bypassing security controls. Social engineering attacks include phishing, pretexting, baiting, and tailgating.
Spear Phishing
A targeted phishing attack directed at specific individuals or organizations with personalized content. Spear phishing is more sophisticated than mass phishing and has higher success rates because it uses information tailored to the target.
Supply Chain Attack
An attack that targets an organization by compromising a supplier, vendor, or partner with access to the target's systems or networks. Supply chain attacks can affect multiple organizations through a single compromised vendor.
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
Cryptographic protocols that provide secure communication over networks. SSL/TLS encrypts data in transit, authenticates servers, and ensures data integrity. HTTPS uses TLS to secure web communications.
T
Threat Intelligence
Information about current and emerging threats, tactics, and techniques used by attackers. Threat intelligence helps organizations understand threats relevant to their environment and develop more effective defenses.
Threat Hunting
A proactive security practice where analysts search for signs of compromise and attacker activity within networks and systems. Threat hunting goes beyond automated detection to find sophisticated threats that may have evaded standard security controls.
Tokenization
A data protection technique that replaces sensitive information (such as credit card numbers) with random tokens. Tokenization preserves the format of data while removing the actual sensitive content, reducing compliance requirements.
Two-Factor Authentication (2FA)
A type of multi-factor authentication that requires two independent verification factors. Common combinations include password + SMS code, password + authenticator app, or password + hardware token.
TLP (Traffic Light Protocol)
A standard for classifying and sharing threat intelligence information with different confidentiality levels: Red (not for distribution), Amber (limited distribution), Green (community distribution), and White (unrestricted distribution).
U
Unified Threat Management (UTM)
A security solution that combines multiple security functions in a single platform, such as firewall, intrusion detection, antivirus, and antispam. UTM simplifies network security by providing integrated protection from a single vendor.
V
Vulnerability Management
A comprehensive process for identifying, analyzing, prioritizing, and remediating vulnerabilities in systems and applications. Effective vulnerability management includes scanning, assessment, patch management, and validation.
VPN (Virtual Private Network)
A technology that creates an encrypted connection between a user's device and a remote network. VPNs protect data in transit, hide the user's IP address, and enable secure remote access to organizational resources.
Vulnerability Assessment
A systematic evaluation of systems and applications to identify security weaknesses and vulnerabilities. Vulnerability assessments use automated scanning tools and manual testing to find exploitable flaws.
Vishing
Voice phishing, a social engineering attack that uses phone calls to trick individuals into revealing sensitive information. Attackers typically impersonate trusted entities such as IT support or financial institutions.
W
WAF (Web Application Firewall)
A security device that protects web applications from application-layer attacks such as SQL injection, cross-site scripting (XSS), and DDoS attacks. WAFs inspect HTTP/HTTPS traffic and block malicious requests.
Worm
A type of malware that self-replicates and spreads to other systems over networks without requiring user interaction. Worms can consume network bandwidth, delete files, and install additional malware.
Whaling
A targeted phishing attack directed at senior executives and high-value targets. Whaling attacks use sophisticated social engineering and research to impersonate trusted contacts and trick targets into revealing sensitive information or authorizing fraudulent transactions.
Wiper Malware
A type of malware that permanently deletes or corrupts data, making systems unusable. Wiper malware is often used in destructive attacks against critical infrastructure or as a distraction during data theft operations.
X
XDR (Extended Detection and Response)
An advanced threat detection and response platform that integrates data from endpoints, networks, and cloud environments. XDR solutions provide comprehensive visibility across all layers of the IT infrastructure.
XSS (Cross-Site Scripting)
A web application vulnerability that allows attackers to inject malicious scripts into web pages. XSS attacks can steal user credentials, deface websites, or redirect users to malicious sites. Proper input validation prevents XSS attacks.
Y
YARA Rules
A pattern-matching framework used to identify malware and suspicious files based on defined rules. YARA rules describe characteristics of malware such as file size, strings, and behavioral patterns, enabling automated malware detection.
Z
Zero Trust
A security framework and strategy that assumes no user or device is trustworthy by default. Zero Trust requires continuous verification of identity and device posture for all access attempts, regardless of whether users are inside or outside the organization's perimeter.
Zero-Day Vulnerability
A software vulnerability that is unknown to the vendor and has no available patch. Attackers can exploit zero-day vulnerabilities before vendors become aware of them, making them particularly dangerous. Advanced threat detection is essential for finding zero-day attacks.
Zone-Based Firewall
A firewall architecture that divides networks into security zones and applies policies to control traffic between zones. Zone-based firewalls provide more granular control than traditional network perimeter firewalls.
Frequently Asked Questions About Cybersecurity
What should I do if my organization experiences a data breach?
Contact your IT security team immediately, isolate affected systems, preserve evidence for forensic investigation, and notify relevant parties. Having an incident response plan in place helps you respond quickly and effectively.
How often should we conduct penetration testing?
Industry best practices recommend annual penetration testing at minimum, with additional testing after significant system changes. CyberSafe's offensive security services can help determine the appropriate frequency for your organization.
What is the cost of poor cybersecurity?
The cost of security incidents includes financial losses from data theft, downtime, recovery efforts, regulatory fines, and reputation damage. Investing in preventive security measures is significantly more cost-effective than responding to breaches.
How can we improve our security culture?
Establish a security awareness program with regular training, make security everyone's responsibility, reward good security practices, and lead by example from management. Our consulting services can help develop a comprehensive security culture strategy.
Need Expert Help Understanding These Concepts?
Our security professionals can help you understand how these cybersecurity terms apply to your organization and develop effective security strategies.
Request a Consultation