Cyber Security Glossary
For managers and executives who may not deal with cyber security on a daily basis, it can often seem like another world: one that is filled with complicated jargon and people who seem to talk in acronyms. But with our cyber lives becoming ever more connected with the offline world, it's useful to familiarise yourself with some commonly used terminology that you might find yourself coming into contact with as you begin to focus on improving your organisation's cyber security.
Here you can find ECSC's cyber security glossary, an up-to-date guide on the all the latest buzzwords and technical terms you might be wondering the meaning of.
If there's something we haven't included here that you think would benefit you or others, please get in touch at firstname.lastname@example.org and we'll be happy to help.
Authentication is the process of confirming a user's claimed identity is correct.
Access Control refers to a set of processes and/or procedures which ensure that resources are only granted to authorised and required users.
A blacklist is a list of entities that are considered to be unacceptable/untrustworthy and are denied access or privileges.
A botnet is a collection of internet-connected computers that are infected with malicious software that allows an attacker to control them without their owner's knowledge, often with the purpose of infecting other computers via the internet.
Business Continuity Management
Business Continuity Management is the area of planning for how business operations will be maintained following significant disruption.
Ciphertext refers to data that has been encrypted; hence, plaintext that has been encrypted becomes ciphertext.
Clickjacking is an attack where a malicious link is concealed behind legitimate content, thus tricking a user into performing an action they are unaware of.
Cross-Site Request Forgery (CSRF)
A CSRF attack is malicious exploit of a website where unauthorised commands are transmitted from a user that has authenticated to the website.
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a type of vulnerability, usually found in web applications, that enables attackers to inject client-side script into web pages viewed by other users.
Cloud computing uses a network of remote servers hosted on the Internet to provide on-demand access to computing capabilities or resources, rather than using a local server or computer.
Cryptanalysis is the use of techniques to find weaknesses that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm.
Cryptography is the discipline and techniques used to encode and decode messages, in order to protect their security.
The area referring to the strategy, policy and standards regarding the security of information and communication systems and the information contained therein.
Denial of Service (DoS)
A DoS attack aims to interrupt or suspend (either temporarily or indefinitely) access to a machine or network from authorised users.
Disaster Recovery (DR)
Disaster recovery is the area of security involving the policies and procedures in place to protect an organisation in the event of a natural or man-made disaster, including the recovery or continuation of vital technology infrastructure and systems.
Distributed Denial of Service (DDoS)
A DDos attack is a type of DoS attack that uses multiple, already-infected systems to target another system simultaneously, in order to cause a DoS attack.
Derived from the term 'demilitarised zone', a DMZ is a segment of a network where servers accessed by less trusted users are isolated.
Encryption is the process of turning plaintext into ciphertext; that is, encoding information in such a way that only authorised people can read it.
A hacker is an unauthorised user who seeks to exploit weaknesses in a computer system or network, often in order to gain access to sensitive information.
Information Security is the broad area of the practice of defending information from unauthorised access or use.
Information Security Management System (ISMS)
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organisation's sensitive data. The goal of an ISMS is to minimise risk and ensure business continuity by limiting the impact of a security breach.
An occurrence that constitutes a violation or imminent threat of violation of security policies, resulting in adverse consequences to a system or the information that the system processes, stores, or transmits.
An Internet Service Provider (ISP) is a company that provides access to the internet and related services.
A keylogger is a piece of software, or, less commonly, hardware, that secretly records every keystroke made by a user, usually in order to gain access to passwords or other confidential information.
A Local Area Network, or LAN, is a network that links multiple computers within a defined location such as an office building.
A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for a variety of technologies, including Ethernet and WiFi.
A MitM attack occurs when an attacker secretly relays (and potentially alters) the communication between two parties who believe they are directly communicating with each other.
Managed Security Service Provider (MSSP)
A Managed Security Service Provider is an organisation that provides network security services for other organisations who wish to outsource this aspect of their business. Early Internet Service Providers would sell a piece of hardware, such as a firewall, and then, for an additional fee, offer to manage it for the customer.
Malware is a general term referring to all types of malicious software, including computer viruses, worms and Trojans, that seek to gain authorised access to a system.
Software that is open source is free from licensing constraints, meaning the original source code is freely available, and may be used, changed, and shared, (in modified or unmodified form) by anyone.
OWASP Top 10
The OWASP Top Ten is an influential guide to the the most critical security flaws in web applications that is updated annually.
PIN Entry Device (PED)
A PED is an electronic device used in debit or credit card transactions, to verify and encrypt the cardholders Personal Identification Number (PIN).
An assessment on a computer system that looks for security vulnerabilities, with the assessor aiming to gain access to protected systems and/or data.
Personally Identifiable Information (PII)
PII is information that could be used to identify an individual, either directly or indirectly.
Phishing is a technique used by cyber criminals to lure individuals into divulging sensitive information, such as passwords and credit card details, by masquerading as a trustworthy entity. An example of this could be a malicious email disguised as a message from your bank, which asks you to enter your account information.
A unencrypted format for transmitting information.
A rootkit is a malicious piece of software that enables administrator access to an unauthorised user of a computer without being detected.
Security information and event management (SIEM) is a category of products and services that aggregate and analyse network information, in order to detect suspicious activity and provide real-time security alerts.
The delivery of software applications remotely by a provider over the internet; perhaps through a web interface.
SQL Injection is an exploit in which the attacker adds code to a web form entry field to gain access to resources or make changes to data.
Unsolicited email messages, often sent in bulk to a large number of users, usually for the purpose of advertising, spreading malware, or carrying out phishing.
A ticket is data that authenticates the identity of a client or a service and, together with a temporary encryption key, forms a credential.
A Trojan Horse, or Trojan, is a type of malware that disguises itself as legitimate software in order to trick users into downloading it, thereby providing an attack with unauthorised access to a system.
Transport Layer Security (TLS)
Transport Layer Security (TLS), the successor to SSL, is a cryptographic protocol that ensures privacy between communicating applications and their users on the Internet, preventing third parties from eavesdropping or tampering with messages.
Two-factor Authentication is a means of obtaining evidence of identity by two separate, independent means.
Virtual Private Network (VPN)
A VPN is a network connecting computers or local area networks across different locations via the internet, in order to connect to a private network, such as an organisation's internal network.
A virus is a malicious piece of software designed to infect a computer without knowledge or permission of the user, and interfere with its operation, and spread from one computer to another. Viruses can be spread through email attachments, file sharing, and visiting affected websites.
WAN stands for Wide Area Network: this is a network that links multiple computers, or local area networks, across different locations.
Wireless Local Area Network
A Worm is a self-replicating, standalone piece of software, that can spread via computer networks without human intervention.
A list of entities that are considered to be acceptable/trustworthy and are granted access or privileges.