A-Z Cybersecurity Glossary with Definitions

Question 1

Access Control

Answer 1

The means and mechanisms of managing access to and use of resources by users.

Question 2

Anti-virus (anti-malware)

Answer 2

A security program designed to monitor a system for malicious software.

Question 3

Antivirus software

Answer 3

A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items.

Question 4

APT (Advanced Persistent Threat)

Answer 4

A security breach that enables an attacker to gain access or control
over a system for an extended period of time usually without the owner of the system being aware

Question 5

Asset

Answer 5

Anything that is used in and is necessary to the completion of a business task.

Question 6

Authentication

Answer 6

The process of proving an individual is a claimed identity.

Question 7

Authorization

Answer 7

The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system.

Question 8

Backing up

Answer 8

Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution.

Question 9

BCP (Business Continuity Plan)

Answer 9

A business management plan used to resolve issues that threaten
core business tasks.

Question 10

Behavior Monitoring

Answer 10

Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations.

Question 11

Blacklist

Answer 11

A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software.

Question 12

Block Cipher

Answer 12

A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block.

Question 13

Botnet

Answer 13

A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system’s resources in order to perform illicit or criminal actions.

Question 14

Bug

Answer 14

An error or mistake in software coding or hardware design or construction. A bug represents a
flaw or vulnerability in a system discoverable by attackers and used as point of compromise.

Question 15

BYOD (Bring Your Own Device)

Answer 15

A company’s security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources.

Question 16

Ciphertext

Answer 16

The unintelligible and seeming random form of data that is produced by the cryptographic
function of encryption.

Question 17

Clickjacking

Answer 17

A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user.

Question 18

Cloud Computing

Answer 18

A means to offer computing services to the public or for internal use through remote services.

Question 19

CND (Computer Network Defense)

Answer 19

The establishment of a security perimeter and of internal security
requirements with the goal of defending a network against cyberattacks, intrusions and other violations.

Question 20

Cracker

Answer 20

The proper term to refer to an unauthorized attacker of computers, networks and technology
instead of the misused term “hacker.”

Question 21

CVE (Common Vulnerabilities and Exposures)

Answer 21

An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public.

Question 22

Cryptography

Answer 22

The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation.

Question 23

Cyberattack

Answer 23

Any attempt to violate the security perimeter of a logical environment.

Question 24

Cyber ecosystem

Answer 24

The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet.

Question 25

Cyberespionage

Answer 25

The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information.

Question 26

Cybersecurity

Answer 26

The efforts to design, implement, and maintain security for an organization’s network, which is connected to the Internet.

Question 27

Cyber Teams

Answer 27

Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization.

Question 28

Data Breach

Answer 28

The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment.

Question 29

Data Integrity

Answer 29

A security benefit that verifies data is unmodified and therefore original, complete and intact.

Question 30

Data Mining

Answer 30

The activity of analyzing and/or searching through data in order to find items of relevance, significance or value.

Question 31

Data Theft

Answer 31

The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event.

Question 32

DDoS (Distributed Denial of Service) Attack

Answer 32

An attack which attempts to block access to and use of a resource. It is a violation of availability.

Question 33

Decrypt

Answer 33

The act which transforms ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form.

Question 34

Digital Certificate

Answer 34

A means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority.

Question 35

Digital Forensics

Answer 35

The means of gathering digital information to be used as evidence in a legal procedure.

Question 36

DLP (Data Loss Prevention)

Answer 36

A collection of security mechanisms which aim at preventing the
occurrence of data loss and/or data leakage.

Question 37

DMZ (Demilitarized Zone)

Answer 37

A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet.

Question 38

DOS (Denial of Service)

Answer 38

An attack that attempts to block access to and use of a resource. It is a violation of availability.

Question 39

Drive-by Download

Answer 39

A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site.

Question 40

Eavesdropping

Answer 40

The act of listening in on a transaction, communication, data transfer or conversation.

Question 41

Encode

Answer 41

The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption).

Question 42

Encryption Key

Answer 42

The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process.

Question 43

Firewall

Answer 43

A security tool, which may be a hardware or software solution that is used to filter network traffic.

Question 44

Hacker

Answer 44

A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities.

Question 45

Hacktivism

Answer 45

Attackers who hack for a cause or belief rather than some form of personal gain.

Question 46

Honeypot

Answer 46

A trap or decoy for attackers.

Question 47

IaaS (Infrastructure-as-a-Service)

Answer 47

A type of cloud computing service where the provider offers the
customer the ability to craft virtual networks within their computing environment.

Question 48

Identity Cloning

Answer 48

A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity.

Question 49

Identity Fraud

Answer 49

A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual.

Question 50

Information Security Policy

Answer 50

A written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and
guidelines.

Question 51

IPS (Intrusion Prevention System)

Answer 51

A security tool that attempts to detect the attempt to compromise
the security of a target and then prevent that attack from becoming successful.

Question 52

ISP (Internet Service Provider)

Answer 52

The organization that provides connectivity to the Internet for
individuals or companies.

Question 53

JBOH (JavaScript-Binding-Over-HTTP)

Answer 53

A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device.

Question 54

Keylogger

Answer 54

Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard.

Question 55

LAN (Local Area Network)

Answer 55

An interconnection of devices (i.e. a network) that is contained within a
limited geographic area (typically a single building).

Question 56

Link jacking

Answer 56

A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards.

Question 57

Malware (malicious software)

Answer 57

Any code written for the specific purpose of causing harm, disclosing
information or otherwise violating the security or stability of a system.

Question 58

Outsider Threat

Answer 58

The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization.

Question 59

Outsourcing

Answer 59

The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organization to take advantages of external entities that can provide services for a fee.

Question 60

OWASP (Open Web Application Security Project)

Answer 60

An Internet community focused on understanding web technologies and exploitations.

Question 61

PaaS (Platform-as-a-Service)

Answer 61

A type of cloud computing service where the provider offers the
customer the ability to operate custom code or applications.

Question 62

Packet Sniffing

Answer 62

The act of collecting frames or packets off of a data network communication.

Question 63

Patch

Answer 63

An update or change to an operating system or application

Question 64

Patch Management

Answer 64

The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications.

Question 65

Payment Card Skimmers

Answer 65

A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POS (Point of Sale) payment system.

Question 66

Pen Testing

Answer 66

A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts.

Question 67

Phishing

Answer 67

A social engineering attack that attempts to collect information from victims.

Question 68

PKI (Public Key Infrastructure)

Answer 68

A security framework (i.e. a recipe) for using cryptographic concepts in
support of secure communications, storage and job tasks.

Question 69

POS (Point of Sale) Intrusions

Answer 69

An attack that gains access to the POS (Point of Sale) devices at a retail
outlet enabling an attacker to learn payment card information as well as other customer details.

Question 70

Ransomware

Answer 70

A form of malware that holds a victim’s data hostage on their computer typically through
robust encryption.

Question 71

Restore

Answer 71

The process of returning a system back to a state of normalcy.

Question 72

Risk Assessment

Answer 72

The process of evaluating the state of risk of an organization.

Question 73

Risk Management

Answer 73

The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks.

Question 74

SaaS (Software-as-a-Service)

Answer 74

A type of cloud computing service where the provider offers the
customer the ability to use a provided application.

Question 75

Sandboxing

Answer 75

A means of isolating applications, code or entire operating systems in order to perform testing or evaluation.

Question 76

SCADA (Supervisory Control and Data Acquisition)

Answer 76

A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration.

Question 77

Security Control

Answer 77

Anything used as part of a security response strategy which addresses a threat in order to reduce risk.

Question 78

SIEM (Security Information and Event Management)

Answer 78

A formal process by which the security of an organization is monitored and evaluated on a constant basis.

Question 79

Sniffing

Answer 79

See packet sniffing and eavesdropping.

Question 80

Social Engineering

Answer 80

An attack focusing on people rather than technology.

Question 81

SPAM

Answer 81

A form of unwanted or unsolicited messages or communications typically received via e-mail
but also occurring through text messaging, social networks or VoIP.

Question 82

Spear Phishing

Answer 82

A form of social engineering attack that is targeted to victims who have an existing digital relationship with an online entity such as a bank or retail website.

Question 83

Spoof (spoofing)

Answer 83

The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address.

Question 84

Spyware

Answer 84

A form of malware that monitors user activities and reports them to an external their party.

Question 85

Supply Chain

Answer 85

The path of linked organizations involved in the process of transforming original or raw
materials into a finished product that is delivered to a customer.

Question 86

Threat Assessment

Answer 86

The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization.

Question 87

Trojan Horse (Trojan)

Answer 87

A form of malware where a malicious payload is imbedded inside of a benign host file.

Question 88

Two-Factor Authentication

Answer 88

The means of proving identity using two authentication factors usually
considered stronger than any single factor authentication.

Question 89

Two-Step Authentication

Answer 89

A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication.

Question 90

Unauthorized Access

Answer 90

Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system.

Question 91

VPN (Virtual Private Network)

Answer 91

A communication link between systems or networks that is typically
encrypted in order to provide a secured, private, isolate pathway of communications.

Question 92

Virus

Answer 92

A form of malware that often attaches itself to a host file or the MBR (Master Boot Record) as a
parasite.

Question 93

Vishing

Answer 93

A form of phishing attack which takes place over VolP.

Question 94

Vulnerability

Answer 94

Any weakness in an asset or security protection which would allow for a threat to cause harm.

Question 95

Whitelist

Answer 95

A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software.

Question 96

Wi-Fi

Answer 96

A means to support network communication using radio waves rather than cables.

Question 97

Worm

Answer 97

A form of malware that focuses on replication and distribution.

Question 98

Zombie

Answer 98

A term related to the malicious concept of a botnet.