Cybersecurity Glossary
A to Z Cybersecurity Terms & Phrases
A (Alpha)
Access Control: A method to manage and restrict user access to data and resources within a system based on predefined rules, such as user roles or permissions (e.g., admins, guests). It ensures only authorised users can perform specific actions.
Active Directory Federation Service (ADFS): A Microsoft service that enables secure identity sharing across organisations. It allows users to authenticate once and access multiple systems or applications through Single Sign-On (SSO) while supporting identity federation for external users.
Administration Interface: A dedicated interface used by system administrators to manage, monitor, and configure software, hardware, or network systems. This interface often has elevated privileges and must be secured to prevent unauthorised access.
Advanced Encryption Standard (AES): A symmetric encryption algorithm used worldwide to secure sensitive data. AES encrypts data using the same key for both encryption and decryption and is known for its efficiency and strength, especially in protecting classified information.
Advanced Persistent Threat (APT): A sophisticated, long-term cyberattack in which attackers infiltrate a network and remain undetected for an extended period. Their goal is usually to steal sensitive data or disrupt services without alerting the target.
Adware: A type of software that automatically displays or downloads advertisements, often bundled with free software. While not always harmful, it can slow down devices and may sometimes lead to more serious malware infections.
Air Gap: A security measure where a device or network is physically isolated from other networks, such as the Internet. This is often used to protect highly sensitive systems (e.g., military or financial) from cyber threats by preventing external communication.
Alpha: The earliest phase of software development and testing. Alpha versions are usually incomplete and buggy, used internally to identify major flaws before beta testing begins.
Alpha Test: Initial testing of software during the alpha stage, conducted by developers or internal testers. It aims to identify and remediate critical bugs or defects before the software is released to external testers.
Anomaly Detection: A technique used in cybersecurity to identify unusual behaviour or patterns within a system that could indicate potential threats, such as malware or a network breach.
Antivirus: Software that scans, detects, and removes viruses and other malware from computers and networks. Antivirus programs often include real-time protection to block threats before they cause harm.
Application Programming Interface (API): A set of protocols and tools for building software and allowing communication between different applications. In cybersecurity, APIs are used to integrate security functions or to communicate with cloud services.
Artificial Intelligence (AI): The field of computer science focused on creating systems and machines capable of performing tasks that typically require human intelligence, such as learning, reasoning, problem-solving, and understanding natural language.
Asset-based Threat Model: A risk assessment approach that focuses on identifying critical assets within an organisation (e.g., data, systems) and evaluating how those assets might be targeted or affected by security threats.
Asymmetric Encryption: An encryption method that uses two keys: a public key for encrypting data and a private key for decrypting it. This allows secure communication where only the holder of the private key can decrypt the message.
Attack Surface: The total number of potential entry points a hacker could exploit to breach a system. It includes hardware, software, network components, and user accounts that can be targeted in an attack.
Audit Trail: A record of system activities and user actions tracking who accessed what data, when, and how. Audit trails help in forensic investigations and monitoring for suspicious or unauthorised activities.
Authentication: The process of verifying the identity of a user, device, or system before granting access to resources. Common methods include passwords, biometric verification, and multi-factor authentication (MFA).
Authenticator (i.e., Google Authenticator): A security tool that generates time-based one-time passwords (TOTP) for use in multi-factor authentication (MFA). It’s used to provide an additional layer of security beyond the standard username and password.
Authentication Bypass: A vulnerability or flaw that allows an attacker to access a system or application without passing through the proper authentication steps, often by exploiting bugs or weaknesses in the code.
Automated Tools: Software tools designed to perform cybersecurity tasks automatically, such as vulnerability scanning, patch management, or threat detection. They provide a cheaper alternative to manual testing but lack an understanding of context and can, therefore, miss potential vulnerabilities.
Automated Vulnerability Assessments: Security tools that automatically scan networks, systems, or applications to identify vulnerabilities, misconfigurations, or security gaps. These assessments help organisations quickly detect and remediate risks.
B (Bravo)
Backdoor: A hidden method for bypassing normal authentication or security controls, often inserted by malware or hackers to gain future unauthorised access to a system or network.
Banner Grabbing: A technique used to gather information about a system or network by examining the messages, or “banners,” returned by its services, such as web or email servers. This information helps identify vulnerabilities or software versions.
Beta: A later stage of software development where the product is feature-complete but still being tested for bugs. It is generally more stable than alpha but may still have issues that need fixing before the full release.
Beta Test: Testing conducted by a group of external users or testers during the beta stage. The goal is to identify remaining bugs, usability issues, and security flaws before the software is fully released.
Biometric Verification: The process of using biometric data, like fingerprints or facial recognition, and iris scans to verify the identity of a user. It is often used as a form of multi-factor authentication to increase security.
Black Box Testing: Also called closed or opaque box pentesting, it is a blind test in which a pentester attempts to hack a digital infrastructure without prior knowledge of its composition and security systems. These tests are designed to mimic various aspects of a real-life cyberattack. To learn more about Black Box Testing, check out our comprehensive guide to penetration testing.
Black Hat Hacker: A hacker who uses their skills maliciously to exploit vulnerabilities, steal data, or cause damage to systems and networks, often for personal gain or criminal purposes.
Blind Testing: A type of penetration test where the testers have limited or no knowledge of the system they are testing, similar to how an actual attacker might approach a target. It helps simulate real-world cyberattacks.
Blockchain: A decentralised, distributed ledger technology that records transactions in a way that is secure, transparent, and immutable. Each block in the chain contains a list of transactions, and once added, it cannot be changed.
Blockchain Security: A set of practices and protocols designed to secure blockchain networks from attacks, ensuring the integrity, confidentiality, and availability of the data within the blockchain system.
Blue Teaming: A defensive cybersecurity exercise where the blue team, acting as the defenders, works to protect an organisation’s systems and respond to simulated attacks by a red team. It focuses on monitoring, detection, and incident response.
Bot Management: Techniques and tools used to detect, block, and manage automated bots that interact with websites or services. It aims to prevent malicious bots from performing actions like scraping data or launching DDoS attacks.
Botnet: A network of compromised computers, called “bots” or “zombies,” that are controlled by a hacker. Botnets are often used to perform large-scale cyberattacks, like DDoS attacks or spam campaigns.
Bring Your Own Device (BYOD): A policy allowing employees to use their personal devices (e.g., smartphones, laptops) to access company resources. While convenient, it introduces security risks, requiring strict policies and management.
Browser: Software that allows users to access and navigate websites on the internet. Common browsers include Chrome, Firefox, and Safari. Browsers are often targets for cyberattacks, making browser security crucial.
Browser Hijacking: A form of malware or malicious activity that alters the settings of a web browser without the user’s permission. It often redirects users to unwanted websites or changes the browser’s homepage or search engine.
Brute Force Attack: A method of trying every possible password or key until the correct one is found. Brute force attacks are often used to crack weak passwords or encryption keys by rapidly trying combinations.
Buffer Overflow: A vulnerability where a program exceeds its allocated memory buffer and overwrites adjacent memory, potentially allowing an attacker to execute arbitrary code or crash the system.
Bug: A flaw or error in a software program that causes it to behave unexpectedly or incorrectly. Bugs can range from minor glitches to serious security vulnerabilities.
Bug Bounty: A program offered by organisations that rewards ethical hackers or security researchers for discovering and reporting vulnerabilities in their software or systems. It encourages proactive security testing.
Business Continuity Management (BCM): The process of planning and preparing for business operations to continue during and after a major disruption, such as a cyberattack or natural disaster. BCM ensures critical functions are maintained.
Business Continuity Planning (BCP): A proactive strategy for developing systems and procedures to ensure an organisation can continue operating in the face of disruptions. BCP includes disaster recovery, crisis management, and incident response plans.
Business Email Compromise (BEC): A type of phishing attack where cybercriminals impersonate employees to trick organisations into transferring money or revealing sensitive information. BEC typically targets finance departments.
C (Charlie)
Certification Body: An independent organisation that assesses and certifies that a company, product, or individual meets specific security standards or regulations, such as ISO 27001 for information security management.
Chatbots: Automated software programs that use artificial intelligence to simulate conversation with users, typically through text or voice interfaces, to provide information, assist with tasks, or answer questions.
CHECK Penetration Test: A type of penetration test performed by certified testers under the UK’s CHECK scheme, assessing the security of government and public sector systems to ensure they meet required standards.
Chief Information Security Officer (CISO): The executive responsible for overseeing an organisation’s information security strategy, policies, and incident response to protect data and systems from cyber threats.
Ciphertext: Encrypted data that has been transformed from its original readable format (plaintext) into an unreadable form. Only authorised users with the correct decryption key can convert it back into plaintext.
Classified Information: Sensitive information that is restricted by governments or organisations to prevent unauthorised access. It’s often categorised by levels (e.g., confidential, secret, top secret) depending on its importance.
Closed Box Testing: Also known as black box testing, this method involves testing a system or application without knowledge of its internal workings. It is designed to simulate various aspects of a real-life cyberattack.
Closed Port: A network port that is not accepting connections, often because a service is not running or the port has been intentionally closed, to reduce the attack surface and improve security.
Cloud Application: Software that is hosted in the cloud and accessed over the internet rather than installed on a local device. Cloud applications provide flexibility and scalability but require strong security measures to protect data.
Cloud Application Security: The set of practices and tools used to protect cloud-based applications from cyber threats, including encryption, access controls, and vulnerability scanning.
Cloud Computing: The delivery of computing services, such as servers, storage, and software, over the internet (“the cloud”). It allows businesses to scale resources quickly but requires proper security to protect sensitive data.
Cloud Database: A database that runs on cloud computing platforms, providing scalable storage and processing power. Cloud databases must be secured to prevent unauthorised access and data breaches.
Cloud Encryption: The process of converting data into a secure format before it is stored or transmitted in the cloud. It ensures that only authorised users can decrypt and access the data.
Cloud Infrastructure Entitlement Management: Tools and processes used to manage access and permissions across cloud infrastructure, ensuring users have the appropriate access to resources in cloud environments.
Cloud Penetration Testing: A security assessment of cloud-based systems or applications to identify vulnerabilities and weaknesses that attackers could exploit. It helps ensure cloud services are properly secured.
Cloud Security: The set of technologies, policies, and controls designed to protect cloud-based systems, data, and applications from cyber threats. It involves encryption, access control, and monitoring.
Code of Conduct (COC): A set of rules and ethical guidelines that outline acceptable behaviour and practices for employees or stakeholders within an organisation, often including security practices and data protection requirements.
Command and Control (C2): A method used by attackers to remotely control compromised devices or networks, typically as part of a botnet. C2 servers issue instructions to infected systems to carry out malicious actions like data exfiltration or DDoS attacks.
Compliance: The process of adhering to legal, regulatory, and industry-specific security standards and policies, such as GDPR, HIPAA, or PCI-DSS. Compliance ensures organisations follow best practices to protect sensitive information.
Compromise Assessments: A security evaluation that determines whether an organisation’s systems have already been compromised by attackers. It involves analysing network traffic, logs, and other indicators of compromise (IOCs).
Configuration Testing: A security testing method that examines system or application settings to ensure they are properly configured to minimise vulnerabilities. Misconfigurations are a common cause of security breaches.
Container: A lightweight, virtualised environment used to package and run applications consistently across different environments. Containers isolate applications from the host system, but container security is essential to prevent breaches.
Container Security: The process of securing containers and the applications running inside them, ensuring that vulnerabilities in the container environment or image do not expose the underlying system to attacks.
Continuous Threat Exposure Management (CTEM): A framework for continuously identifying, assessing, and managing an organisation’s exposure to cyber threats, allowing for real-time visibility and a proactive defence strategy.
CrackMapExec: A post-exploitation tool used by penetration testers to automate the enumeration and exploitation of Windows networks, often helping to identify weak passwords or configuration flaws.
CREST Penetration Test: A type of penetration testing performed by CREST-certified professionals. CREST is a global accreditation body that certifies testers and organisations for performing high-quality security assessments.
Critical Security Controls (CIS): A set of prioritised security best practices developed by the Center for Internet Security (CIS). These controls help organisations protect against common cyber threats and reduce risk.
Cross-Site Scripting (XSS): A web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. XSS can be used to steal sensitive information, such as cookies or session tokens.
Cryptographic Keys: Securely generated pieces of data used in encryption and decryption processes to protect the confidentiality and integrity of information.
Cryptography: The practice of securing data by converting it into an unreadable format using algorithms. Cryptography is used for data confidentiality, integrity, and authentication, ensuring that only authorised users can access sensitive information.
Cyberattack: A malicious attempt to damage, disrupt, or gain unauthorised access to computer systems, networks, or data. Cyberattacks can take many forms, such as malware, phishing, or denial-of-service (DoS) attacks.
Cyber Criminal: An individual or group that engages in illegal activities using computer systems and networks. Cybercriminals often target sensitive data, financial systems, or critical infrastructure for personal gain or disruption.
Cyber Espionage: The act of using cyberattacks to steal sensitive information from governments, businesses, or individuals, often for political or economic advantage. It often involves state-sponsored hackers.
Cyber Essentials: A UK government-backed certification scheme designed to help organisations protect themselves against common cyber threats. It focuses on implementing basic security measures like firewalls, access control, and patch management.
Cyber Essentials Plus: An advanced certification under the Cyber Essentials scheme that involves an independent technical assessment of an organisation’s security measures, verifying the effectiveness of its controls.
Cyber Hygiene: A set of best practices and regular activities, like patching, updating software, and using strong passwords, that help individuals and organisations maintain a healthy, secure cybersecurity posture.
Cyber Incident Response: The process of identifying, managing, and mitigating the impact of a cyber incident, such as a data breach or malware attack. It involves detection, containment, eradication, and recovery steps to restore normal operations.
Cyber Kill Chain: A framework that describes the stages of a cyberattack, from reconnaissance to exploitation and exfiltration. The kill chain helps defenders identify and disrupt each stage of an attack.
Cybersecurity: The practice of protecting systems, networks, and data from digital attacks, damage, or unauthorised access. Cybersecurity encompasses a wide range of technologies, policies, and practices to safeguard sensitive information.
Cyber Supply Chain Risk Management (C-SCRM): The process of identifying, assessing, and mitigating risks that arise from the supply chain of IT systems, software, and services. C-SCRM ensures that third-party vendors do not introduce vulnerabilities.
Cyber Threat Intelligence (CTI): The collection and analysis of information about current and emerging cyber threats. CTI helps organisations stay informed about the tactics, techniques, and procedures used by attackers, allowing for proactive defense strategies.
D (Delta)
Database: A structured collection of data stored and organised for easy access, management, and updating. Databases can be hosted locally or in the cloud, and securing them is critical to protect sensitive information.
Data Breach: An incident where sensitive, confidential, or protected data is accessed, disclosed, or stolen by unauthorised individuals. Breaches can result from hacking, insider threats, or insufficient security measures.
Data Encryption: The process of converting plaintext data into an unreadable format (ciphertext) to protect it from unauthorised access. Encryption ensures that only authorised users can decrypt and read the data.
Data Exfiltration: The unauthorised transfer or theft of data from a system or network. Often performed by cybercriminals after gaining access to a network, it is a common tactic in data breaches.
Data Integrity: The accuracy and consistency of data over its lifecycle. Data integrity ensures that data remains unaltered and reliable, safeguarding it from corruption, unauthorised modification, or deletion.
Data Leakage: The unauthorised exposure or transmission of sensitive information from within an organisation to external recipients. It can occur through accidental sharing, insecure systems, or insider threats, potentially leading to data breaches. It is very similar to data exfiltration, the difference being that a data leak can happen accidentally whilst data exfiltration is a purposeful act.
Data Loss Prevention (DLP): A set of tools and policies designed to prevent the unauthorised sharing, transmission, or loss of sensitive data, such as personally identifiable information (PII) or intellectual property.
Data Packets: Small units of data sent over a network. When transmitting data, it’s broken into packets, each containing part of the data and instructions for reassembly. Packets ensure efficient data transfer across networks and can be analysed for security.
Data Protection Act: UK legislation governing how personal data must be collected, processed, and stored to protect individuals’ privacy. It aligns with the EU’s General Data Protection Regulation (GDPR) to ensure data security and privacy rights.
Data Protection Impact Assessments (DPIA): A process used to assess the potential risks to privacy and data protection when introducing new processes or technologies. DPIAs help organisations identify and mitigate risks to personal data.
Data Protection Officer (DPO): A designated person responsible for ensuring that an organisation complies with data protection laws, such as GDPR. The DPO advises on data protection strategies and monitors regulatory compliance.
Data Scraping: The process of extracting large amounts of data from websites or databases, often using automated tools. While data scraping is sometimes legitimate, it can be used maliciously to steal sensitive information.
Data Security: The protection of data from unauthorised access, corruption, or theft throughout its lifecycle. Data security includes measures like encryption, access controls, and data backup to ensure confidentiality, integrity, and availability.
Data Subject Access Request (DSAR): A request made by individuals to access the personal data that an organisation holds about them. Under GDPR and other privacy laws, organisations must comply with DSARs within a specified time frame.
Debugging: The process of identifying, isolating, and fixing defects or issues in software code to ensure it operates correctly and efficiently.
Decryption: The process of converting encrypted (ciphertext) data back into its original readable (plaintext) format. Decryption is typically performed by authorised parties using the appropriate decryption key; however, it can be used mallciously to steal sensitive information.
Deep Packet Inspection: A network monitoring technique that analyses the contents of data packets as they pass through a network. It can be used to detect malicious activity, enforce policies, and prevent data leakage.
Defence-in-Depth: A security strategy that uses multiple layers of defense to protect a system or network. By combining various security measures, such as firewalls, encryption, and intrusion detection, the approach makes it harder for attackers to breach.
Demilitarised Zone (DMZ): A perimeter network that acts as a buffer zone between an internal network and untrusted external networks, like the internet. It hosts public-facing services (e.g., web servers) while isolating them from the core network.
Denial-of-Service (DoS): An attack that floods a network or system with excessive requests or traffic, causing it to become overwhelmed and unavailable to legitimate users. DoS attacks aim to disrupt services.
Digital Certificate: An electronic document used to verify the identity of a person, organisation, or device, ensuring secure communications over a network. Digital certificates are often used in public key infrastructure (PKI) for encryption and authentication.
Digital Forensics: The process of investigating and analysing digital devices, systems, or networks to recover evidence related to cybercrimes or security incidents. Digital forensics is crucial in identifying the source of attacks and restoring compromised data.
Digital Infrastructure: The combination of hardware, software, networks, and systems that enable digital communication and services. Securing this infrastructure is critical to maintaining the availability and integrity of online services.
Digital Operational Resilience Act (DORA): A European Union regulation that aims to ensure the resilience of digital financial services. DORA sets requirements for managing cybersecurity risks in the financial sector, including incident reporting and risk management.
Distributed Denial-of-Service (DDoS): A variant of DoS attacks where multiple compromised devices (often part of a botnet) are used to flood a target with traffic, overwhelming its resources and causing it to become unavailable.
Domain Name System (DNS): A system that translates domain names (e.g., www.example.com) into IP addresses that computers use to identify each other on the internet. Securing DNS is critical to prevent attacks like DNS spoofing and hijacking.
Domain Name System Record (DNS Record): Information stored in DNS servers that maps domain names to IP addresses. Different types of DNS records (e.g., A, MX, CNAME) define various attributes of the domain and its services.
Double-Blind Testing: Also known as red teaming, it is a testing method where both the testers and the defenders are unaware of each other’s identities or the specific test scope. This ensures a realistic simulation of an attack and assesses how well the defenders can respond.
Drive-by Download: A type of cyberattack where malicious software is automatically downloaded and installed on a user’s device without their consent or knowledge, often by visiting a compromised or malicious website.
E (Echo)
Eavesdropping: The unauthorised interception of private communications over a network, often to steal sensitive information. This can happen in unencrypted transmissions like email or voice calls.
Email Spoofing: A tactic where attackers forge the sender’s email address to trick recipients into believing the message is from a trusted source. This is a type of phishing attack.
Encryption: The process of converting data into an unreadable format (ciphertext) to protect it from unauthorised access. Only users with the correct key can decrypt and read the data.
Endpoint Detection and Response (EDR): A security solution that monitors and responds to cyber threats at endpoints (e.g., computers, mobile devices) by detecting suspicious activities and providing real-time responses.
Endpoint Security: The protection of end-user devices like laptops, smartphones, and desktops from cyber threats. It involves antivirus, firewalls, and monitoring software to safeguard sensitive data.
End User: The individual who uses a system or software product. End users are often a target of social engineering attacks, making their security awareness crucial to overall protection.
Enterprise Security: A comprehensive strategy that includes policies, tools, and processes to protect an organisation’s entire IT infrastructure and sensitive data from cyber threats.
Enumeration: The process of gathering information about a target’s network, devices, or applications to identify potential attack points. It’s often a key step in penetration testing. Unlike reconnaissance, which leverages passive approaches to data gathering, enumeration leverages more active methods.
Escalation of Privileges: When an attacker gains higher levels of access within a system or network than they are supposed to have, enabling them to perform unauthorised actions or access sensitive data.
Ethical Hacker: Also known as a penetration tester, or pentester, an ethical hacker is a security professional who uses hacking skills to find and fix vulnerabilities in systems, with permission, to improve security. To be considered ethical, these hackers must follow legal and ethical guidelines.
Ethical Hacking: The practice of intentionally probing systems for vulnerabilities with permission, aiming to strengthen security. Ethical hacking identifies weak points before malicious hackers exploit them.
Exfiltration: The unauthorised transfer of data from a system or network to a remote location, often performed by attackers after a successful breach.
Exploit: A specific technique or code used to take advantage of a vulnerability in software, hardware, or networks to carry out malicious actions like stealing data or installing malware.
External Network Infrastructure: The hardware and software components (e.g., routers, firewalls, servers) of an organisation’s network that are exposed to external users or the internet.
External Infrastructure Penetration Testing: A security assessment where testers simulate attacks on an organisation’s externally accessible systems to identify vulnerabilities that could be exploited by hackers.
F (Foxtrot)
Facial Recognition: A biometric technology that identifies or verifies a person by analysing and comparing facial features from a photo or video.
False Positive: A security alert that incorrectly identifies benign activity as malicious, leading to unnecessary investigation or action.
Federated Identity Management: A system that allows users to access multiple services with a single set of credentials, simplifying identity management across organisations.
File Integrity Monitoring (FIM): A security tool that tracks and alerts on unauthorised changes to critical system files, helping detect tampering or breaches.
Fileless Malware: Malicious software that operates without being installed on a device, running directly in memory to avoid detection by traditional antivirus software.
Filtered Port: A network port that is protected by a firewall or security filter, blocking or limiting access to reduce the risk of exploitation.
File Transfer Protocol (FTP): A standard network protocol used to transfer files between a client and a server over the internet or a local network. FTP allows users to upload, download, or manage files on a remote server but lacks built-in encryption, making it less secure compared to newer protocols like SFTP.
Fingerprinting: A method of gathering specific information about a system, network, or device to identify its unique characteristics, often used in reconnaissance or vulnerability scanning.
Firewall: A network security device or software that monitors and controls incoming and outgoing traffic based on predetermined security rules, creating a barrier between trusted and untrusted networks.
Firmware: Software embedded in hardware devices, controlling their basic functions. Securing firmware is important to prevent device-level attacks.
FISMA Compliance: Adherence to the Federal Information Security Management Act (FISMA), a U.S. law that sets standards for securing federal government systems and data.
Footprinting: The process of gathering information about a target system or network, typically as part of the reconnaissance phase in a cyberattack or penetration test.
Forensics: The investigation and analysis of digital devices and systems to recover evidence of cybercrimes or security incidents, helping to understand the scope and impact of an attack.
Full Disk Encryption (FDE): A security measure that encrypts the entire contents of a disk drive, ensuring that data is protected even if the device is lost or stolen.
Fuzzing: A testing technique where random or invalid data is input into a system to find vulnerabilities or crashes, helping identify weaknesses that could be exploited.
G (Golf)
General Data Protection Regulation (GDPR): A European Union law designed to protect individuals’ privacy by regulating how organisations collect, store, and process personal data. It imposes strict penalties for non-compliance.
Geofencing: A technology that creates a virtual boundary around a geographic area, triggering actions (e.g., alerts or access restrictions) when devices enter or exit the defined zone.
Glass Box Testing: Also known as open or white box testing, it is a testing method where the tester has full access to the system’s internal code and architecture, allowing for thorough security and functionality assessments.
Ghosting: A tactic where someone suddenly cuts off all communication, often in social engineering or recruitment scams, to manipulate or evade the target.
GNU Privacy Guard (GPG): A free encryption software that provides cryptographic privacy and authentication for data communication, often used for securing emails and files through encryption.
Gramm-Leach-Bliley Act (GLBA): A U.S. law requiring financial institutions to protect customers’ private information through security policies, and giving customers the right to opt-out of certain data sharing.
Grayware: Software that is not outright malicious but can still pose security risks, such as adware or unwanted applications that may cause privacy issues or slow down systems.
Grey Box Testing: A testing approach where the tester has partial knowledge of the internal workings of the system, combining both black box (no knowledge) and white box (full knowledge) techniques. To learn more about Grey Box Testing, check out our comprehensive guide to penetration testing.
Grid Security: The protection of critical infrastructures like power grids from cyberattacks. It ensures the integrity, availability, and resilience of energy supply networks.
Grooming: The process of building trust with a target, often for malicious purposes such as exploitation, manipulation, or preparing them for a cyberattack or fraud.
Group Policy: A feature in Windows that allows administrators to manage user and computer settings across an organisation, including security configurations and software deployment.
Guard Time: A specified period or delay used in communications systems to ensure accurate timing between transmissions and prevent data collisions or interference.
H (Hotel)
Hacker: An individual skilled in computer systems who exploits vulnerabilities to gain unauthorised access. Hackers can be malicious (black hat) or ethical (white hat).
Hacktivism: The use of hacking techniques to promote political, social, or ideological causes, often through defacing websites or leaking sensitive data.
Hash Function: A cryptographic algorithm that converts data into a fixed-size string of characters, unique to the original data, used for verifying integrity.
Hashing: The process of converting data into a fixed-length value using a hash function, often used in password storage and data verification.
Hardware: Physical components of a computer system, such as processors, memory, and storage devices, that enable software to run. Also includes physical devices such as phones, laptops, and desktops, etc.
Hardware Security Module (HSM): A physical device that securely generates, stores, and manages cryptographic keys to protect sensitive data and operations.
Health Insurance Portability and Accountability Act (HIPAA): U.S. legislation that mandates the protection of sensitive health information and establishes data privacy and security standards.
Heuristics: A method of detecting malware or security threats by identifying suspicious behaviour or patterns, rather than relying on known signatures.
Hijacking: The unauthorised takeover of a system, session, or network, often used to intercept communications or redirect traffic for malicious purposes.
Honeypot: A decoy system or network set up to attract attackers, allowing defenders to observe and analyse their techniques without risking real assets.
Host-based Intrusion Detection System (HIDS): A security tool installed on a host, like a computer or server, to monitor and detect suspicious activities or changes in system files.
Hypertext Transfer Protocol (HTTP): The foundational protocol used for transmitting data on the web, defining how messages are formatted and transmitted between browsers and servers.
Hypertext Transfer Protocol Secure (HTTPS): An extension of HTTP that uses encryption (via SSL/TLS) to secure communications between a browser and a server, protecting data from eavesdropping or tampering.
I (India)
Identity and Access Management (IAM): A framework of policies and technologies to ensure the right individuals access the right resources at the right times, managing user identities and permissions.
Incident Handling: The process of managing and responding to a security incident, including detection, containment, investigation, and recovery.
Incident Response: A structured approach to handling security incidents to minimise damage, recover from attacks, and prevent future incidents. It includes preparation, detection, and response phases.
Indicators of Compromise (IOCs): Clues or signs that suggest a system or network has been breached, such as unusual IP addresses, malware signatures, or anomalous file changes.
Infection Vector: The method or pathway through which malware or a cyber threat enters a system, such as phishing emails or vulnerabilities in software.
Information Commissioner’s Office (ICO): The UK’s independent authority responsible for upholding information rights and enforcing data protection laws, like GDPR.
Information Security (InfoSec): The practice of protecting sensitive data and systems from unauthorised access, alteration, or destruction, encompassing confidentiality, integrity, and availability.
Information Security Management System (ISMS): A systematic approach to managing sensitive company information, ensuring its security through processes, technology, and policies.
Information Technology (IT): The use of computers, networks, and other electronic systems to store, process, and exchange information, often focusing on business and infrastructure support.
Initial Access: The first step in a cyberattack where the attacker gains unauthorised entry into a system, often through phishing, exploiting vulnerabilities, or weak passwords.
Insecure Digital Object Reference (IDOR): A security flaw where attackers can access unauthorised data by manipulating references to objects, such as database records or files, due to insufficient access control.
Insider Threat: A security risk posed by individuals within an organisation, such as employees or contractors, who may intentionally or accidentally misuse their access to compromise systems or data.
Internal Network Infrastructure: The hardware, software, and resources that make up an organisation’s internal network, including routers, switches, servers, and internal communication systems.
Internal Infrastructure Penetration Testing: A security assessment where testers simulate attacks on an organisation’s internal network to identify vulnerabilities before they can be exploited by attackers.
Internet-of-Things (IoT): A network of physical devices connected to the internet, such as smart appliances or sensors, that can collect and exchange data.
Internet-of-Things (IoT) Penetration Testing: A type of penetration test that assess vulnerabilities in IoT devices and networks, ensuring that connected devices are not susceptible to attacks.
Internet of Things (IoT) Security: Measures designed to protect IoT devices and their networks from cyber threats, ensuring the privacy, integrity, and availability of connected systems.
Intrusion Detection System (IDS): A system that monitors network traffic or system activity for suspicious behaviour, issuing alerts when potential security incidents are detected.
Internet Protocol (IP): A set of rules governing how data is sent and received across the internet, enabling devices to communicate with each other.
Internet Protocol (IP) Address: A unique numerical identifier assigned to each device on a network, used to route data between devices over the internet or a local network.
Internet Protocol Security (IPSec): A suite of protocols used to secure internet communications by encrypting and authenticating data sent over IP networks.
Iris Scans: A biometric technology that identifies individuals based on the unique patterns of their irises, often used in high-security environments for authentication.
ISO 27001: An international standard for managing information security, outlining best practices for establishing, implementing, maintaining, and improving an organisation’s information security management system (ISMS).
J (Juliet)
Jailbreaking: The process of removing software restrictions imposed by the operating system on devices like iPhones, allowing users to install unauthorised apps and gain deeper system access.
Jamming Attack: A type of denial-of-service attack where a network’s communication channels are overwhelmed with interference, disrupting wireless connections and preventing legitimate communication.
JavaScript: A programming language used to create interactive features on websites, enabling dynamic content, form validation, and more on web pages.
JavaScript Injection: A type of web vulnerability where attackers inject malicious JavaScript code into web pages, often leading to cross-site scripting (XSS) attacks or data theft.
Jitter: The variation in the delay of packet delivery over a network, which can cause issues in real-time communications like voice or video calls.
Joint Task Force (JTF): A temporary group of military or government units, sometimes including cybersecurity teams, formed to achieve a specific objective, often for emergency response or operations.
Joint Test Action Group (JTAG): A standard for debugging and testing hardware components, often used for troubleshooting issues at the chip level in embedded systems.
JSON Web Token (JWT): A compact, URL-safe token used for securely transmitting information between parties, often used for authentication and authorisation in web applications.
Juice Jacking: A cyberattack where hackers install malware or steal data from devices plugged into compromised USB charging stations.
Jump Server: A secure server used as an intermediary to access and manage other devices or systems in a network, minimising direct access to critical systems.
Just-in-Time (JIT) Access: A security model that grants users temporary, on-demand access to systems or resources only when needed, reducing the risk of unauthorised access.
K (Kilo)
Keylogger: A malicious software or hardware tool that records a user’s keystrokes, often used to steal sensitive information like passwords or credit card numbers.
Kerberos: A network authentication protocol that uses secret-key cryptography and a trusted third party to authenticate users and services within a secure environment.
Kernel Exploit: An attack that targets vulnerabilities in the operating system’s kernel (the core part), allowing attackers to gain privileged access and control over the system.
Key Distribution Center (KDC): A central authority in the Kerberos protocol responsible for issuing and managing cryptographic keys, enabling secure communication between users and services.
Key Exchange: The process by which cryptographic keys are securely exchanged between parties to establish a secure communication channel.
Key Management: The process of creating, storing, distributing, and managing cryptographic keys to ensure the security of encrypted data and communications.
Key Rotation: The practice of periodically changing cryptographic keys to reduce the risk of them being compromised, enhancing overall security.
Keystroke Dynamics: A behavioural biometric method that identifies individuals based on their unique typing patterns, used for authentication or detecting anomalies.
Kill Chain: A step-by-step model, developed by Lockheed Martin, used to describe the stages of a cyberattack, from reconnaissance to exploitation, defense evasion, and data exfiltration, helping to understand and stop threats.
Kubernetes Security: The practice of securing Kubernetes, an open-source platform for managing containerised applications, by safeguarding its components, such as containers, clusters, and network policies.
L (Lima)
Large Language Model (LLM): A type of artificial intelligence model trained on vast amounts of text data to understand and generate human-like language, used in applications like chatbots and language translation.
Large Language Model (LLM) Penetration Testing: The process of evaluating the security of an LLM system by simulating attacks to identify vulnerabilities, ensure robustness, and protect against misuse or data leaks.
Latency: The delay or time lag between sending and receiving data over a network or system, which can impact performance and user experience.
Layered Security: A defence strategy that uses multiple security measures (e.g., firewalls, intrusion detection systems) to protect against threats, ensuring that if one layer fails, others still provide protection. Also known as defence-in-depth.
Least Privilege: A security principle where users and systems are granted only the minimum level of access necessary to perform their functions, reducing the risk of accidental or intentional misuse.
Legacy Equipment: Older hardware or software that is still in use but may lack modern security features and support, potentially posing risks if not properly maintained or updated.
Legitimate Interests Assessments (LIA): Evaluations required under data protection laws to ensure that data processing activities are necessary and balanced against individuals’ rights and interests.
Lightweight Directory Access Protocol (LDAP): A protocol used for accessing and managing directory services, such as user information and network resources, within a network.
Live Patching: The process of updating or fixing software vulnerabilities without requiring a system reboot, minimising downtime and maintaining system availability.
Load Balancing: A technique used to distribute network or application traffic across multiple servers or resources to optimise performance, prevent overload, and ensure high availability.
Local Area Network (LAN): A network that connects devices within a limited geographic area, such as a building or office, allowing them to share resources and communicate.
Local Area Network Security (LAN): Measures and practices designed to protect the integrity, confidentiality, and availability of data and resources within a local area network.
Local Device: A computing device or terminal that is physically connected to a network or system within a specific location, as opposed to remote or cloud-based devices.
Log Analysis: The process of examining and interpreting system or network logs to identify, diagnose, and respond to security incidents or operational issues.
Logic Bomb: Malicious code embedded within software that is triggered by a specific event or condition, causing harm or disruption when activated.
Login Credentials: Information used to authenticate a user’s identity, typically including a username and password, to access systems or services securely.
Log Management: The practice of collecting, storing, analysing, and monitoring log data from various systems to ensure security, compliance, and effective troubleshooting.
M (Mike)
MAC Address: A unique identifier assigned to a network interface card (NIC) by its manufacturer, used to identify devices on a local network.
Macrovirus: A type of malware that infects documents containing macros (scripts), often spread through word processing files, and executes malicious code when the document is opened.
Malware: Malicious software designed to harm, exploit, or otherwise compromise systems or data, including viruses, worms, trojans, and ransomware.
Malware Sandbox: An isolated environment used to safely analyse and observe the behaviour of malware without affecting the actual system, helping researchers understand its impact and mitigate threats.
Malvertising: The practice of using online advertisements to distribute malware or direct users to malicious websites, often without their knowledge.
Managed Detection and Response (MDR): A cybersecurity service that provides continuous monitoring, threat detection, and incident response managed by external experts to protect an organisation from advanced threats.
Man-in-the-Middle (MitM Attack): An attack where an attacker intercepts and potentially alters communications between two parties without their knowledge, often to steal data or manipulate information.
Manual Penetration Testing: Security professionals use manual tools and techniques to identify and exploit vulnerabilities that automated tools might miss. They can also delve deeper into vulnerabilities highlighted by these automated tools.
Memory Dump: A snapshot of the contents of a computer’s memory (RAM) at a specific point in time, often used for debugging or forensic analysis to investigate system state or data.
Meta: Refers to metadata or information about data, often used in contexts like metadata security to protect and manage information associated with digital content.
Metadata Security: Measures and practices to protect metadata, which includes information about data such as its origin, structure, and usage, from unauthorised access or manipulation.
Metasploit: A popular penetration testing framework that provides tools and resources for finding and exploiting vulnerabilities in systems and applications.
Metaverse: A collective virtual shared space, created by the convergence of virtually enhanced physical reality and physically persistent virtual worlds, where users interact through digital avatars.
Misconfiguration: Incorrect setup of systems, applications, or security controls that can lead to vulnerabilities or operational issues, often exploited by attackers to gain unauthorised access.
Microsegmentation: A network security technique that divides a network into smaller, isolated segments to limit the spread of threats and protect sensitive data by controlling traffic between segments.
Mobile Application: Software designed to run on mobile devices such as smartphones and tablets, often requiring specific security measures to protect user data and privacy.
Mobile Application Penetration Testing: A type of pentest focused on identifying vulnerabilities and weaknesses in mobile applications to ensure they are secure against potential attacks.
Mobile Device Management (MDM): A solution for managing and securing mobile devices within an organisation, including policies for data protection, application management, and device configuration.
Monitoring Software: Tools or applications used to continuously observe and analyse the performance, behaviour, and security of systems, networks, or applications to detect issues and ensure proper operation.
Multi-Factor Authentication (MFA): A security mechanism that requires users to provide two or more distinct forms of verification (e.g., password, smartphone code, fingerprint) to gain access, enhancing protection against unauthorised access.
N (November)
National Institute of Standards and Technology (NIST): A U.S. government agency that develops standards and guidelines to improve technology, innovation, and security in various industries, including cybersecurity.
National Institute of Standards and Technology (NIST) Cybersecurity Framework: A comprehensive set of guidelines and best practices designed to help organisations manage and reduce cybersecurity risks, focused on identifying, protecting, detecting, responding, and recovering from cyber threats.
Nessus: A vulnerability scanning tool that identifies security flaws, misconfigurations, and potential threats in systems and networks, providing reports to help address those issues.
Network Access Control (NAC): A type of access control that restricts access to a network based on predefined policies, ensuring only authorised devices that meet security standards can connect.
Network Address Translation (NAT): A method that modifies IP addresses in data packets to allow multiple devices on a private network to share a single public IP address for internet access.
Network Authentication Protocol: Protocols designed to authenticate users and devices on a network, ensuring that only authorised entities can access network resources.
Network Breach: An unauthorised intrusion into a network, often leading to data theft, system compromise, or other malicious activities.
Network Infrastructure: The physical and virtual components that make up a network, including routers, switches, servers, and communication protocols, supporting connectivity and data transfer. Often broken down into external and internal infrastructure.
Network Interface Card (NIC): A hardware component that allows a computer or device to connect to a network.
Network Intrusion Detection (NIDS): A system that monitors network traffic for signs of unauthorised access, attacks, or policy violations, alerting administrators to potential threats.
Network Penetration Testing: A type of penetration test that simulates attacks on a network’s internal and external infrastructure to identify and exploit vulnerabilities, helping to strengthen defenses against real-world threats.
Network Port: A logical point of connection on a device or server that allows communication over a network, identified by a port number (e.g., port 80 for HTTP traffic).
Network Scanning: The process of identifying active devices, open ports, and services running on a network by probing for weaknesses and vulnerabilities. It is often used in cybersecurity assessments to map network infrastructure and detect potential entry points for attacks.
Network Security: The set of practices, policies, and technologies used to protect network infrastructure from unauthorised access, data breaches, and other cyber threats.
Network Segmentation: The practice of dividing a network into smaller, isolated segments to limit the spread of threats and improve overall security management.
Network Segregation: The separation of critical systems from less secure areas of the network to reduce risk and protect sensitive data, often through physical or virtual means.
Network Traffic Analysis: The process of monitoring and analysing network data flows to detect unusual patterns, identify potential threats, and ensure efficient performance.
Next-Generation (Next-Gen): Refers to advanced or modern versions of existing technologies that incorporate enhanced capabilities, such as improved performance or stronger security.
Next-Generation Firewall (NGFW): An advanced firewall that offers additional features like application awareness, deep packet inspection, and intrusion prevention.
NHS DSP Toolkit: Data Security and Protection Toolkit – A self-assessment tool used by organisations in the UK’s National Health Service (NHS) to measure compliance with data security and protection standards.
NMap: A network scanning tool used to discover devices, open ports, and services on a network, and assess the security of those systems by identifying potential vulnerabilities.
Nonce: A unique number used once in cryptographic communications to prevent replay attacks and ensure the authenticity and freshness of transactions or messages.
Non-Perfect Security: The understanding that no security system is flawless, and all systems have some level of vulnerability or risk that could potentially be exploited.
Non-Repudiation: A security concept that ensures an action or communication cannot be denied by the involved party, typically achieved using digital signatures or secure logging mechanisms.
Null Session: A type of unauthenticated session used to gather information about a system, often exploited in network attacks to gain insight into available services and resources.
O (Oscar)
Obfuscation: The process of deliberately making code or data harder to understand or analyse, often used to protect software from reverse engineering or to hide malicious intent.
One-Time Password (OTP): A temporary, unique code generated for single-use authentication, typically as an added security layer in multi-factor authentication (MFA) systems.
Opaque Box Testing: Also called closed or black box testing, it is a blind test in which a pentester attempts to hack a digital infrastructure without prior knowledge of its composition and security systems. These tests are designed to mimic various aspects of a real-life cyberattack.
Operating System (OS): The software that manages hardware resources and provides a platform for running applications on a device, such as Windows, macOS, or Linux.
Operating System Hardening: The process of securing an OS by reducing its attack surface, often through disabling unnecessary services, applying patches, and configuring security settings.
Open Authentication (OAuth): A widely used open standard for token-based authorisation that allows third-party services to securely access user resources without exposing passwords.
Open Box Testing: Also known as glass or white box testing, it is a testing method where the tester has full access to the system’s internal code and architecture, allowing for thorough security and functionality assessments.
Open ID: An open standard for decentralised authentication, allowing users to use a single login across different websites and services.
Open Port: A network port that is actively accepting connections, which could be a potential entry point for attacks if not properly secured. The opposite of a closed port.
Open Source Intelligence (OSINT): The practice of gathering publicly available information from various sources, such as websites or social media, for cybersecurity, investigative, or intelligence purposes.
Open Web Application Security Project (OWASP): A nonprofit organisation focused on improving the security of web applications, known for providing resources, tools, and guidelines to developers and security professionals. To learn more about OWASP, check out our guide to the OWASP Top Ten.
Open Web Application Security Project (OWASP) Top Ten: A list of the ten most critical web application security risks, published by OWASP to raise awareness and guide secure development practices. To learn more about the OWASP top ten, check out our guide to the OWASP Top Ten.
Operational Security (OpSec): A process used to identify and mitigate risks in protecting sensitive information and assets, often involving behaviour monitoring and threat analysis.
Out-if-Band Authentication: An additional security measure where authentication is performed through a separate communication channel (e.g., sending a code via SMS) to verify user identity.
Overprivileged Account: A user account with more access rights or permissions than necessary, posing a security risk if the account is compromised.
Over-the-Air (OTA) Update: A method of delivering software updates, patches, or configurations wirelessly, often used in mobile devices and IoT systems to maintain security and functionality.
P (Papa)
Packet: A unit of data transmitted over a network, containing both the payload (data) and control information, such as source and destination addresses.
Packet Sniffing: The practice of capturing and analysing network traffic to monitor data packets, often used for diagnosing network issues or detecting security vulnerabilities.
Password: A secret string of characters, numbers and special characters used to authenticate a user’s identity when accessing systems, networks, or accounts.
Password Manager: A software tool that securely stores and manages passwords, allowing users to generate strong, unique passwords and autofill login credentials.
Patch: A software update designed to fix security vulnerabilities, bugs, or performance issues in an application or system.
Patching: The process of applying patches to software or systems to fix vulnerabilities or improve functionality.
Patch Management: The practice of managing and deploying patches or updates to software and systems, ensuring they are up-to-date and secure.
PCI DSS Compliance: Adherence to the Payment Card Industry Data Security Standard, which sets security requirements for organisations handling credit card transactions to protect cardholder data.
Penetration Tester: An ethical, white hat hacker who simulates attacks on digital systems and networks, as well as physical locations to identify vulnerabilities and weaknesses.
Penetration Testing: A security assessment where simulated attacks are performed on a system to identify vulnerabilities and security flaws, often referred to as ethical hacking.
Penetration Testing as a Service (PTaaS): A cloud-based service that offers on-demand penetration testing, providing continuous security assessments and reports to organisations.
Penetration Testing Tools: Software and tools used by penetration testers to identify vulnerabilities, perform network scans, and simulate attacks (e.g., Metasploit, NMap).
Personal Data: Any information related to an identifiable individual, such as names, addresses, or email addresses.
Personally Identifiable Information (PII): Sensitive data that can be used to identify an individual, including Social Security numbers, phone numbers, and financial records.
Phishing: A social engineering attack where attackers pose as trusted entities in emails or messages to trick users into revealing sensitive information, such as passwords.
Physical Penetration Test: A test that evaluates the security of physical locations, such as buildings, by simulating unauthorised access attempts to identify vulnerabilities in physical security measures.
Physical Security: The protection of physical assets, including buildings, servers, and equipment, from unauthorised access, theft, or damage.
Privacy Impact Assessment (PIA): A process that identifies and assesses the privacy risks of a project, system, or technology, ensuring it complies with privacy laws and regulations.
Privacy and Electronics Communications Regulations (PECR): UK regulations that govern the use of electronic communications, particularly focusing on data privacy, including rules for cookies, email marketing, and consent.
Privileged Access: Special access rights or permissions granted to users or systems that allow them to perform high-level operations or manage critical resources, often requiring stricter controls and monitoring to prevent abuse or unauthorised use.
Privilege Escalation: A cyberattack where attackers gain higher access privileges than originally granted, allowing them to perform unauthorised actions on a system.
Protocol: A set of rules governing how data is transmitted and received over a network, ensuring different devices can communicate effectively (e.g., HTTP, FTP, and SFTP).
Public Cloud: Cloud computing services offered by third-party providers over the internet, where infrastructure is shared among multiple users or organisations.
Public Key Infrastructure (PKI): A system that uses encryption and digital certificates to enable secure communication, authentication, and data exchange over networks.
Purple Teaming: Unlike red teaming, where the blue team is purposefully unaware of the oncoming attack, in purple teaming, the two teams collaborate, using their combined knowledge and ability to identify vulnerabilities and mitigate risks.
Q (Quebec)
Qualys: A cloud-based security platform that provides continuous monitoring, vulnerability management, and compliance assessments for networks, devices, and applications.
Quality of Service (QoS): A networking feature that manages and prioritises data traffic to ensure reliable performance and availability for critical applications and services.
Quantum Cryptography: An advanced encryption technique that uses the principles of quantum mechanics to secure communications, providing theoretically unbreakable encryption.
Quantum Key Distribution (QKD): A secure communication method that uses quantum mechanics to generate and share cryptographic keys between parties, ensuring the key cannot be intercepted or tampered with.
Quarantine: The isolation of potentially harmful files, systems, or devices to prevent the spread of malware or infections in a network.
Quarantine Network: A restricted network where compromised or untrusted devices are isolated, limiting their access to critical resources until they are deemed secure.
Quasi-Static Attack: An attack technique that exploits a system’s slow response to changes in input or environment, often used in physical or hardware-based attacks.
Query Flood: A denial-of-service (DoS) attack where an attacker sends excessive database queries to overwhelm and degrade the performance of a system or network.
Quick Response Code (QR Code): A two-dimensional barcode that can be scanned to quickly access information, websites, or apps, commonly used in marketing and authentication.
Quick Response Code (QR Code) Security: The practice of securing QR codes from being exploited for malicious purposes, such as embedding harmful links or phishing attempts.
Quishing (QR Code Phishing): A phishing attack that uses malicious QR codes to redirect users to fraudulent websites or applications designed to steal sensitive information.
Quorum-based Security: A security model where decisions or actions are approved only if a certain number of trusted parties (quorum) agree, enhancing trust and integrity in distributed systems.
R (Romeo)
Random-Access Memory (RAM): A type of volatile memory used by computers to temporarily store and quickly access data that is actively being used or processed.
Ransomware: Malicious software that encrypts a victim’s data and demands a ransom payment for the decryption key to restore access to the data.
Reconnaissance: The preliminary phase of a cyberattack, penetration test or vulnerability assessment where cybercriminals or ethical hackers gather information about a target to identify vulnerabilities and plan their attack strategy.
Record of Processing Activities (RoPA): A documentation requirement under data protection regulations, detailing how personal data is processed, including its purposes, categories, and retention periods.
Recruitment Scams: Fraudulent schemes where attackers pose as legitimate recruiters to deceive individuals into providing personal information or making payments.
Red Teaming: Usually carried out by external penetration testing specialists. To best simulate a real cyberattack, the organisation’s internal cybersecurity teams, commonly called the blue team, are not informed about the oncoming attack. This helps the organisation to develop a comprehensive measure of their cybersecurity.
RegreSSHion: A type of attack where attackers use SSH (Secure Shell) access to exploit vulnerabilities or gain unauthorised access to systems.
Remediation: The process of addressing and fixing identified security vulnerabilities or issues to improve overall security and compliance.
Remote Access: The ability to access and control a computer or network from a distant location, typically using remote access software or services.
Remote Access Trojan (RAT): Malicious software that allows attackers to remotely control an infected device, often used for spying, data theft, or further attacks.
Remote Desktop: A technology that enables users to connect to and control a computer or server remotely as if they were physically present at the device.
Remote Desktop Protocol (RDP): A Microsoft protocol that allows users to remotely connect to and interact with another computer over a network using the Remote Desktop feature.
Risk Assessment: The process of identifying, evaluating, and prioritising risks to an organisation’s assets, operations, and data to inform decision-making and risk management strategies.
Risk Management: The practice of identifying, assessing, and mitigating risks to minimise their impact on an organisation’s objectives and operations.
Risk Management Framework (RMF): A structured approach to managing risk, including guidelines and processes for identifying, assessing, and mitigating risks, often aligned with standards such as NIST.
Rogue Access Point: An unauthorised wireless access point installed within a network, which can be used by attackers to intercept data or gain unauthorised access.
Role-based Access Control (RBAC): A form of access control that grants access permissions based on a user’s role within an organisation, ensuring users only have access to the resources necessary for their job functions.
Rollback Attack: An attack that exploits vulnerabilities by reverting a system to a previous state or version, often to bypass security controls or access outdated data.
Rootkit: A type of malicious software designed to hide its presence and maintain privileged access to a system, often making it difficult to detect and remove.
Router: A network device that forwards data packets between different networks, managing traffic and connecting devices within a network or to the internet.
S (Sierra)
Sandboxing: A security technique that isolates programs or processes in a restricted environment to test and analyse their behavior without affecting the rest of the system.
Secure File Transfer Protocol (SFTP): A secure version of the File Transfer Protocol (FTP) that uses SSH (Secure Shell) to encrypt file transfers between a client and server, ensuring data is protected from eavesdropping, tampering, and unauthorised access during transmission.
Secure Shell (SSH): A cryptographic network protocol used to securely access and manage remote systems over an unsecured network. SSH encrypts the communication between the client and server, ensuring confidentiality, integrity, and authentication during tasks like remote login, file transfers, and command execution.
Secure Sockets Layer (SSL): An encryption protocol that secures data transmitted between a web server and a client (such as a browser), ensuring private and secure communication over the internet.
Security and Compliance Certificate: A formal certification that verifies an organisation’s adherence to specific security standards and compliance requirements, often related to data protection and regulatory frameworks.
Security Awareness Training: Programs designed to educate employees about security best practices, potential threats, and how to recognise and respond to security risks.
Security Industry Authority (SIA): A regulatory body in the UK responsible for licensing and regulating private security personnel and ensuring industry standards and practices are met.
Security Information and Event Management (SIEM): A system that collects, analyses, and correlates security event data from across an organisation’s IT infrastructure to provide real-time threat detection and response.
Security Operation Centre (SOC): A centralised team or facility responsible for monitoring, detecting, responding to, and managing security incidents and threats in an organisation.
Security Protocol: A set of rules and procedures used to ensure secure communication and data protection in various network and computing environments.
Server: A computer or system that provides services, resources, or data to other computers (clients) over a network, such as hosting websites, applications, or databases.
Service Organisation Control 2 (SOC II) Compliance: A certification that ensures service providers meet specific security and privacy criteria, focusing on controls related to data protection and handling.
Single Sign-On (SSO): An authentication process that allows users to access multiple applications or systems with a single set of login credentials, simplifying user management and improving security.
Social Engineering: The manipulation of individuals into divulging confidential information or performing actions that compromise security, often through deception or impersonation.
Spam Campaigns: Unsolicited and often bulk emails sent to large numbers of recipients, typically used for advertising, phishing, or spreading malware.
Spoofing: A type of attack where an attacker impersonates a legitimate entity, such as a website or email address, to deceive users or systems and gain unauthorised access.
Spyware: Malicious software designed to secretly monitor and collect information from a user’s device without their consent, often used for data theft or tracking.
SQL Injection: A type of attack that exploits vulnerabilities in a database query by injecting malicious SQL code, potentially allowing attackers to access, modify, or delete data.
Supplier Due Diligence: The process of evaluating and assessing the security and compliance practices of suppliers or third-party vendors to ensure they meet required standards and do not pose risks.
Supply Chain Attack: An attack that targets weaknesses in a supply chain or third-party vendors to compromise an organisation’s systems, often by introducing malicious components or software.
Switch: A network device that connects multiple devices within a local area network (LAN) and directs data packets to their destination based on MAC addresses.
Symmetric Encryption Algorithm: An encryption method where the same key is used for both encryption and decryption of data, requiring secure key management to ensure data confidentiality.
T (Tango)
Tailgating: A physical security breach where an unauthorised person follows an authorised individual into a secure area, often by exploiting social courtesy or lack of access control.
Targeted Testing: Security testing focused on specific systems, applications, or vulnerabilities based on known risks or threats to evaluate their security posture and resilience.
Third Country: A nation that is not part of a specific agreement or region but may be involved in data transfers or business operations impacting organisations within those regions.
Third-Party: An external organisation or individual that provides services or products to another organisation, which may affect or interact with the organisation’s systems or data.
Third-Party Risk Management (TPRM): The process of identifying, assessing, and mitigating risks associated with third-party vendors or partners to protect an organisation’s data and systems.
Threat Detection: The process of identifying and recognising potential security threats or malicious activities within a network or system, using various tools and techniques.
Threat Hunting: Proactively searching for hidden threats and malicious activities within a network or system, often through analysis of patterns and behaviours beyond automated detection.
Threat Intelligence: Information about current and emerging threats, including tactics, techniques, and procedures used by attackers, used to enhance security posture and incident response.
Time-based One-Time Password (TOPT): A form of two-factor authentication where a temporary, time-sensitive code is generated and used as a second factor for verifying user identity.
Tokenisation: The process of replacing sensitive data with unique tokens that can be used in place of the original data, enhancing security and reducing the risk of data breaches.
Traffic Analysis: The examination and monitoring of network traffic patterns to identify anomalies, potential threats, or performance issues, often used in network security and management.
Translucent Box Testing: Also known as grey box testing, it is a blend of white and black box pentesting where the pentester partially understands the digital infrastructure.
Transport Layer Security (TLS): A cryptographic protocol designed to secure communications over a network by encrypting data and ensuring privacy and integrity between endpoints.
Trojan Horse: A type of malicious software disguised as a legitimate program or file, designed to gain unauthorised access or perform harmful actions on a user’s device.
Troubleshooting: The process of diagnosing and resolving issues or malfunctions in hardware, software, or network systems to restore proper functionality and performance.
Tunneling Protocol: A protocol used to encapsulate and transmit data packets over a network, enabling secure communication and data exchange between remote systems or networks.
Two-Factor Authentication (2FA): A security process requiring two forms of identification (something you know and something you have) to verify a user’s identity, enhancing account protection.
U (Uniform)
Unauthorised Access: Gaining entry to a system, network, or resource without proper permission or credentials, often associated with security breaches or malicious activities.
Unencrypted: Data or communications that are not protected by encryption, making them vulnerable to interception, unauthorised access, or eavesdropping.
Unified Threat Management (UTM): An integrated security solution that combines multiple security features, such as firewalls, antivirus, and intrusion detection, into a single platform for comprehensive protection.
Uninterruptible Power Supply (UPS): A device that provides backup power to electronic equipment during power outages or disturbances, ensuring continuous operation and preventing data loss or damage.
Update: The process of applying patches, fixes, or new versions to software or systems to improve functionality, security, and performance.
Uniform Resource Locator (URL): The address used to access resources on the internet, such as websites or files, typically beginning with http:// or https://.
Uniform Resource Locator (URL) Filtering: A security feature that restricts or controls access to certain websites or web content based on predefined criteria, often used to block malicious or inappropriate sites.
Universal Serial Bus (USB): A standard interface used for connecting peripheral devices to computers, such as keyboards, mice, and storage drives.
Universal Serial Bus (USB) Security: Measures and practices to protect USB ports and devices from unauthorised access, malware, and data breaches, often including encryption and device control policies.
User: An individual who interacts with a computer system, network, or application, often requiring authentication and authorisation to access resources.
User Access Control: The management of user permissions and rights to access specific systems, applications, or data, ensuring users have appropriate access levels based on their roles.
User Behaviour Analytics (UBA): The analysis of user activity patterns to detect anomalies, potential security threats, or insider threats by monitoring and interpreting behaviour data.
User Education: Training and awareness programs designed to educate users about security best practices, potential threats, and how to protect themselves and the organisation from security risks.
User Provisioning: The process of creating, managing, and maintaining user accounts and access rights within an organisation’s systems and applications, ensuring appropriate access and security.
V (Victor)
Vector: The method or pathway used by attackers to exploit vulnerabilities and gain unauthorised access to a system, such as phishing, malware, or network attacks.
Version Control: A system that manages changes to software code or documents, allowing multiple versions to be tracked, compared, and reverted as needed, supporting collaboration and code integrity.
Virtual Chief Information Security Officer (vCISO): An outsourced or part-time CISO who provides strategic security leadership and expertise to organisations on a flexible basis, without being a full-time employee.
Virtualisation Security: Measures and practices designed to protect virtual environments, including virtual machines and virtualised infrastructure, from threats and vulnerabilities specific to virtualised systems.
Virtual Machine (VM): A software-based simulation of a physical computer that runs an operating system and applications in an isolated environment on a host system. See aso, remote desktop.
Virtual Machine Escape: A security vulnerability that allows an attacker to break out of a virtual machine and access the host system or other virtual machines, compromising the virtualised environment.
Virtual Private Network (VPN): A technology that creates a secure and encrypted connection over a public network, allowing users to access resources remotely and protect their online privacy.
Virus: A type of malicious software that attaches itself to legitimate programs or files, replicates, and spreads to other systems, often causing damage or disruption.
Voice Phishing (Vishing): A social engineering (phishing) attack where fraudsters use phone calls to impersonate legitimate entities and deceive individuals into revealing sensitive information or making fraudulent transactions.
Volume Encryption: The encryption of entire storage volumes or disks, protecting all data within the volume from unauthorised access, even if the physical storage device is compromised.
Vulnerability: A weakness or flaw in a system, application, or network that can be exploited by attackers to gain unauthorised access or cause harm.
Vulnerability Assessment: An assessment to identify weaknesses in a digital system so they can be reported and remediated. These vulnerability assessments can be carried out manually by highly-trained pentesters (white hat hackers/ethical hackers) or automated vulnerability scanners. Want to learn more? Check out our comprehensive guide to vulnerability assessments.
Vulnerability Management: The ongoing process of identifying, assessing, prioritising, and mitigating vulnerabilities in a system or network to reduce risk and improve security posture.
Vulnerability Scanning: Automated scanning of systems and networks to identify known vulnerabilities, often used as a preliminary step in the vulnerability management process.
W (Whisky)
Watering Hole Attack: A type of cyberattack where attackers compromise a website frequently visited by the target group, infecting it with malware to exploit visitors.
Weak Password: A password that is easily guessable or susceptible to brute-force attacks due to its simplicity, length, or lack of complexity.
Web Application: A software application accessed and used through a web browser over a network, such as online banking, email services, or content management systems.
Web Application Firewall (WAF): A security system designed to monitor and filter HTTP/HTTPS traffic between a web application and the internet, protecting against web-based attacks like SQL injection and cross-site scripting.
Web Application Penetration Testing: A penetration test that simulates attacks on a web application to identify and exploit vulnerabilities, evaluating its defenses and identifying areas for improvement.
Web Application Security: The practice of protecting web applications from threats and vulnerabilities through secure coding practices, vulnerability assessments, and security controls.
Web Proxy: A server that acts as an intermediary between a client and the internet, providing anonymity, content filtering, and caching services.
White Box Testing: Also known as glass or open box testing, it is a testing method where the tester has full access to the system’s internal code and architecture, allowing for thorough security and functionality assessments.
White Hat Hacker: An ethical, penetration tester who simulates attacks on digital systems and networks, as well as physical locations to identify vulnerabilities and weaknesses.
Whitelist: A list of trusted entities, such as IP addresses, email addresses, or applications, that are allowed access or permitted to execute, while all others are blocked or restricted.
Whitelisting: The practice of allowing only approved entities or applications to access or execute, thereby blocking everything else as a means of reducing risk and improving security.
Wi-Fi Protected Access (WPA): A security protocol designed to protect wireless networks by providing stronger data encryption and authentication methods compared to the older WEP protocol.
Wireless Intrusion Prevention System (WIPS): A security system that monitors wireless networks for unauthorised access and potential threats, providing real-time protection and prevention measures.
Wireless Penetration Testing: A security assessment focused on identifying vulnerabilities and weaknesses in wireless networks, including Wi-Fi security, to ensure robust protection against attacks.
Wireless Security: Measures and practices designed to protect wireless networks and devices from unauthorised access, data breaches, and other security threats.
Wired Equivalent Privacy (WEP): An outdated security protocol designed to provide wireless networks with a level of security comparable to wired networks by encrypting data transmitted over Wi-Fi.
Worm: A type of self-replicating malware that spreads across networks or systems without user intervention, often causing harm or consuming resources as it propagates.
X (X-Ray)
XACML (eXtensible Access Control Markup Language): An XML-based standard used to define access control policies and rules, enabling consistent and flexible management of permissions and authorisation.
XDR (Extended Detection and Response): An advanced security solution that integrates and correlates data across multiple security layers (network, endpoint, server) to provide a unified approach to detecting and responding to threats.
XML (eXtensible Markup Language): A flexible, structured language used for storing and transporting data in a human-readable format.
XML (eXtensible Markup Language) Injection: A security vulnerability where attackers manipulate XML data to gain unauthorised access or disrupt an application by injecting malicious XML content.
XML External Entity (XXE) Attack: A type of attack where malicious XML input is used to exploit vulnerabilities in XML parsers, potentially leading to data breaches, denial of service, or system compromise.
XOR (eXclusive OR): A binary operation that outputs true or 1 only when the inputs differ. In encryption, XOR is used to combine plaintext with a key to produce ciphertext.
XOR Cipher: A simple encryption technique that uses the XOR (exclusive OR) logical operation to encrypt and decrypt data, combining plaintext with a key to produce ciphertext.
XOR Encryption: An encryption method that applies the XOR operation between plaintext and a key to obfuscate data, commonly used in basic or low-level encryption scenarios.
XSRF (Cross-Site Request Forgery): An attack where an attacker tricks a user into performing actions on a web application where they are authenticated, potentially leading to unauthorised actions or data manipulation.
X.25 Security: Security measures related to the X.25 protocol, a standard for packet-switched network communication, focusing on protecting data as it travels over legacy network infrastructures.
X.509 Certificate: A widely used standard for digital certificates that provide public key infrastructure (PKI) and are used to verify identities and establish secure communications via encryption.
Y (Yankee)
YARA: A tool used for identifying and classifying malware by creating and applying rules based on patterns in file content, strings, or binary data.
YARA Rule Syntax: The specific format and language used to write YARA rules for detecting patterns in files or processes, including definitions for strings, conditions, and metadata.
Yarn Lockfile Security: The practice of securing Yarn’s lockfile (yarn.lock), which records the exact versions of dependencies installed, to prevent tampering and ensure consistent builds.
Year 2000 Problem (Y2K): A programming issue where dates were represented with two digits for the year, potentially causing systems to misinterpret the year 2000 as 1900, leading to errors or failures.
Yellow Team: In cybersecurity, refers to a group that focuses on building security awareness and educating users about best practices, often working alongside red and blue teams.
Yield Management: In security context, it refers to optimising resource allocation and cost-efficiency, often related to balancing load and performance in IT infrastructure.
Yottabyte Security: The concept of managing and securing data at the scale of one yottabyte (10^24 bytes), a theoretical capacity level used to discuss future-proofing data management and storage systems.
Your Eyes Only: A classification or marking indicating that information is highly sensitive and should only be accessed by authorised individuals, emphasising strict confidentiality.
YubiHSM (Hardware Security Module): A hardware security module designed by Yubico to provide secure key storage and cryptographic operations for protecting sensitive data and enhancing security.
YubiKey: A physical security device produced by Yubico that supports multi-factor authentication (MFA) and provides secure access to systems and accounts via USB, NFC, or Bluetooth.
Z (Zulu)
Zero-Day: A vulnerability that is unknown to the software vendor or security community at the time of its discovery by an attacker, making it particularly dangerous until a patch is developed and deployed.
Zeroisation: The process of securely erasing data from a storage device by overwriting it with zeroes or random data, ensuring that sensitive information cannot be recovered.
Zero-Knowledge Proof: A cryptographic method that allows one party to prove to another that they know a secret or have certain information without revealing the actual content of the secret.
Zerologon: A security vulnerability in the Netlogon protocol affecting Microsoft Windows servers, allowing attackers to gain domain administrator access by exploiting weak cryptographic algorithms.
Zero Trust Architecture: A security model that assumes no implicit trust for any user, device, or network, enforcing strict identity verification and access controls for all interactions, regardless of their origin.
Zero Trust Security Model: A security framework based on the principle of “never trust, always verify,” requiring continuous authentication and authorisation for users and devices both inside and outside the network.
Zigbee Security: Security measures and protocols designed to protect Zigbee networks, a standard for low-power wireless communication in IoT devices, focusing on encryption, authentication, and network integrity.
Zip Bomb: A maliciously crafted archive file designed to overwhelm and crash decompression tools or systems by expanding into a massive amount of data when extracted.
Zombie Computer: A compromised computer controlled by an attacker (often part of a botnet) used to perform malicious activities, such as distributing spam or launching distributed denial-of-service (DDoS) attacks.
Zone Transfer: The process of copying a DNS zone file from a primary DNS server to a secondary server, which can be exploited by attackers to gather detailed information about the domain and its infrastructure.
Z-Wave Security: Security protocols and practices designed to protect Z-Wave networks, a wireless communication standard used in home automation, including encryption and secure key management.