For many, Cyber Security is a new arena for business owners and families. Many times, IT and cyber security professionals will have conversations with you that might leave you feeling a bit in the dark. This is why we have done the heavy lifting and have built a cyber security glossary to help you stay up to speed and have an ongoing reference. If there happens to be terms we are missing, leave them in the comments and we will be sure to add them. Think of this as a living resource and be sure to bookmark it and use it often. We hope it helps.
O Day – is the day on which the interested party (presumably the vendor of the targeted system) learns of the vulnerability. Up until that day, the vulnerability is known as a zero-day vulnerability.
Access – A gateway that is used to retrieve information.
Access Control – The ability to regulate who can utilize specific resources within a specific network.
Account Takeover – a form of identity theft where a fraudulent user illegally obtains access to a victim’s bank or online account using bots.
Active Threat Deception – The ability to detect, study and mitigate threats to a system in real time.
Antivirus Software – A tool that is used to remove and quarantine malicious files from further infecting a system.
API – (Application Programming Interface) A set of tools that defines how software is built.
Asset – Confidential information, hardware and/or software.
Attack- An attempt to destroy, steal or gain access that is not authorized.
AWS – (Amazon Web Services) A cloud computing program platform offered by Amazon.
Business Email Compromise – a type of mis-direction targeting companies who utilize wire transfers and have suppliers worldwide. Corporate or publicly available email accounts of executives related to finance or involved with wire transfer payments, are spoofed through keyloggers or phishing attacks to do fraudulent transfers, resulting in hundreds of thousands of dollars in losses every year.
Black Hat – (Black Hat Hacker) A computer criminal that steals and harvests data stolen from individuals for personal and monetary gain.
Bot – (Robot) A program that performs automated tasks as directed by the user.
Cloud Computing – The delivery of hosted systems over the internet.
Compliance – The following of specific and established guidelines.
Cybersecurity Risk – The risk that individuals and business face specifically as a result of being connected to technology and computer systems.
Cyber Security – The method by which computers, networks, programs and data are protected from unauthorized access.
Cyber Space – The environment where computer networks communicate.
Data Breach – A security incident where confidential information is compromised.
Data Recovery – The ability to regain access to data from a secondary source after the data has been damaged, lost or corrupted.
Data Theft – Any unauthorized use or stealing of information.
Decode – Converting information that has been encoded into a readable form based on a set of rules.
Decryption – The opposite process of encryption, the break down of data back to its original format.
Device Management – (MDM) Software used to manage, monitor and secure employee devices.
Digital Signature – A more secure way to validate a person based on an authentication process.
Encode – Information that is converted into code based on a set of rules.
Encryption – How information and data is converted into code so that only authorized individuals can view it. A decryption code is necessary to decipher information that has been encrypted.
Endpoint – Any device that is connected to the internet. For example: a computer, laptop, cell phone, printer etc.
Firewall – A firewall is a layer of security that designates what traffic is and isn’t allowed to enter your computer or network.
GDPR – (General Data Protection Regulation) The legal framework that outlines processes by which personal information can be collected and processed.
Hacker – A person who looks to force access a system without proper credentials or authorization.
Hardware – A physical device that is part of a network.
Hash – A number generated from a string of text. A hash can be used in cryptography, compression, checksum generation and data indexing.
Incident Management – Returning a system to baseline for normal service operation after a security issue has occurred.
Incident Response – The approach taken after a security issue transpires that remediates the situation as quickly and least damaging as possible.
Information Security – The ability to have control over how your personal information is obtained.
Information Sharing – The process by which information is exchanged through people, organizations and technology.
Insider Threat – A compromise to a business from within, either by a current employee, former employee or other associates of a business.
IOT – (The internet of Things) Anything that can be assigned an IP address and transfer data throughout a network.
Lateral Movement – a technique used by cyber criminals to intricately scour a network in search of data or assets to remove.
Malware – A malicious software program created to cause harm to a network. Some examples of malware include spyware, trojan, worms and viruses.
Monitoring Services – The constant vigilant overwatch of a computer or network system.
MSSP – (Managed Security Service Provider) A company that can provide oversight and administration of a company’s security processes. This can be done remotely or in-house. Some tasks of an MSSP include security management, incidence response and building of infrastructure.
Multilayer Authentication – The verification of information by more than one process making unauthorized access more difficult. This includes two factor authentication and multifactor authentication.
Network Intrusion – Malicious and unauthorized entering of any device within a network.
Password Manager – A tool that stores, encrypts, and manages your passwords for you. An example of a password manager is LastPass.
Pen Testing – (Penetration Testing) A tool used to identify vulnerabilities within a computer system or network.
Personally Identifiable Information – (PII) Data that, if compromised, could identify an individual. Examples of PII include social security number, date of birth, etc.
Pharming – The fraudulent process of leading a user to a website that looks almost identical to the actual website in order to steal passwords or other account information.
Phishing – A way to maliciously gain access to personal and sensitive information by sending emails, texts or phone calls to create a trustworthy relationship where information is obtained.
Privacy – The right to be free from interference or the right to be alone.
Privacy as a Service – (PaaS) A way to control how data and personal information is being used and collected.
Ransomware – A type of malware that denied you access to your computer system and files until you pay a ransom.
Regulatory Compliance – The following of guidelines, laws and processes specific to the industry in which the business operates.
Return of Investment – (ROI) The actual value of an investment.
Security Incident – Any event that threatens security.
Sensitive Information – Information that should be protected due to its value and importance.
Social Engineered Attacks – A type of attack where the threat actor attempts to solicit login credentials through means other than brute force. Phishing is an example of a social engineering attack.
Software – Instructions to the computer on how it should function.
Spam – Bulk messages sent over email, text, or other communication tools that are unsolicited.
Spyware – A type of malware designed to allow the sender to observe activity occurring on a network with the intent to steal or defraud.
Targeted Attack – A threat against someone or something specific believed to have something of value to the threat actor. The target of the attack is not random, but rather chosen based on value.
Threat Actor – A person trying to cause malicious harm to someone or something. Other terms used synonymously include malicious actor, bad actor, bad guy and criminal.
Two-Factor Authentication – (2FA) An additional layer of security making access to accounts more difficult and therefore more secure.
Virtual Private Network – (VPN) An encrypted internet connection from a device to a network.
Virus – Malicious software intended to cause harm.
Vulnerability – Points of weakness that could result in a possible attack.
White Hat – (White Hat Hacker) A hacker who is hired by a company to conduct penetration testing on their network or system to identify vulnerabilities and generate a report for the company. This report identifies what areas within their network that are secure and what areas need additional security updates. White Hat Hackers are also known as ‘ethical hackers’.
Enter the text or HTML code here