A-Z Cybersecurity Glossary with Definitions Flashcards
Access Control
The means and mechanisms of managing access to and use of resources by users.
Anti-virus (anti-malware)
A security program designed to monitor a system for malicious software.
Antivirus software
A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items.
APT (Advanced Persistent Threat)
A security breach that enables an attacker to gain access or control
over a system for an extended period of time usually without the owner of the system being aware
Asset
Anything that is used in and is necessary to the completion of a business task.
Authentication
The process of proving an individual is a claimed identity.
Authorization
The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system.
Backing up
Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution.
BCP (Business Continuity Plan)
A business management plan used to resolve issues that threaten
core business tasks.
Behavior Monitoring
Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations.
Blacklist
A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software.
Block Cipher
A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block.
Botnet
A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system’s resources in order to perform illicit or criminal actions.
Bug
An error or mistake in software coding or hardware design or construction. A bug represents a
flaw or vulnerability in a system discoverable by attackers and used as point of compromise.
BYOD (Bring Your Own Device)
A company’s security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources.
Ciphertext
The unintelligible and seeming random form of data that is produced by the cryptographic
function of encryption.
Clickjacking
A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user.
Cloud Computing
A means to offer computing services to the public or for internal use through remote services.
CND (Computer Network Defense)
The establishment of a security perimeter and of internal security
requirements with the goal of defending a network against cyberattacks, intrusions and other violations.
Cracker
The proper term to refer to an unauthorized attacker of computers, networks and technology
instead of the misused term “hacker.”
CVE (Common Vulnerabilities and Exposures)
An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public.
Cryptography
The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation.
Cyberattack
Any attempt to violate the security perimeter of a logical environment.
Cyber ecosystem
The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet.
Cyberespionage
The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information.
Cybersecurity
The efforts to design, implement, and maintain security for an organization’s network, which is connected to the Internet.
Cyber Teams
Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization.
Data Breach
The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment.
Data Integrity
A security benefit that verifies data is unmodified and therefore original, complete and intact.
Data Mining
The activity of analyzing and/or searching through data in order to find items of relevance, significance or value.
Data Theft
The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event.
DDoS (Distributed Denial of Service) Attack
An attack which attempts to block access to and use of a resource. It is a violation of availability.
Decrypt
The act which transforms ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form.
Digital Certificate
A means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority.
Digital Forensics
The means of gathering digital information to be used as evidence in a legal procedure.
DLP (Data Loss Prevention)
A collection of security mechanisms which aim at preventing the
occurrence of data loss and/or data leakage.
DMZ (Demilitarized Zone)
A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet.
DOS (Denial of Service)
An attack that attempts to block access to and use of a resource. It is a violation of availability.
Drive-by Download
A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site.