The Dummies Guide to Cyber Security Terminology

The A-Z guide on crucial cyber security terms brought to you by MetaCompliance.

Cyber Security Terminology | Essential Cyber Security Terms | MetaCompliance

Adware – Adware refers to any piece of software or application that displays advertisements on your computer.

Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorised user gains access to a system or network without being detected.

Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove malware.

Artificial IntelligenceArtificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.

Attachment – An attachment is a computer file sent with an email message.

Authentication – Authentication is a process that ensures and confirms a user’s identity.

Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system.

Backup – To make a copy of data stored on a computer or server to reduce the potential impact of failure or loss.

Baiting – Online baiting involves enticing a victim with an incentive.

Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances.

Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or malice.

Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by a common type of malware.

Broadband – High-speed data transmission system where the communications circuit is shared between multiple users.

Browser – A browser is software that is used to access the internet. The most popular web browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge.

Brute Force Attack – Brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website.

Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly quit or behave in an unintended manner.

BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their organisational networks.

Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page.

Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Cookie – Cookies are small files which are stored on a user’s computer.  Cookies provide a way for the website to recognize you and keep track of your preferences.

Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in computer software.

Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another.

Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a system without the knowledge or authorization of the system’s owner.

Data Server – Data server is the phrase used to describe computer software and hardware that delivers database services.

DDoS Attack – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.

Domain name – The part of a network address which identifies it as belonging to a particular domain.

Domain Name Server – A server that converts recognisable domain names into their unique IP address

Download – To copy (data) from one computer system to another, typically over the Internet.

Exploit – A malicious application or script that can be used to take advantage of a computer’s vulnerability.

Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

Hacking – Hacking refers to an unauthorised intrusion into a computer or a network.

Honeypot – A decoy system or network that serves to attract potential attackers.

HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages and web applications.

Identity theft – Identity theft is a crime in which someone uses personally identifiable information in order to impersonate someone else.

Incident Response Plan – An incident response policy is a plan outlying organisation’s response to an information security incident.

Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data.

IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP address allows a device to communicate with other devices over an IP-based network like the internet.

IOS – An operating system used for mobile devices manufactured by Apple.

Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored.

Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network.

Malvertising – The use of online advertising to deliver malware.

Memory stick – A memory stick is a small device that connects to a computer and allows you to store and copy information.

MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage and transmission.

Multi-Factor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s identity by requiring them to provide more than one piece of identifying information.

Packet Sniffer – Software designed to monitor and record network traffic.

Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications between browser and web server are encrypted.

Patch – A patch is a piece of software code that can be applied after the software program has been installed to correct an issue with that program.

Penetration testing – Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

Phishing Phishing is a method of trying to gather personal information using deceptive e-mails and websites.

Policy Management – Policy Management is the process of creating, communicating, and maintaining policies and procedures within an organisation.

Proxy Server – A proxy server is another computer system which serves as a hub through which internet requests are processed.

Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into disclosing sensitive information.

Ransomware – A type of malicious software designed to block access to a computer system until a sum of money is paid.

Rootkit – Rootkits are a type of malware designed to remain hidden on your computer.

Router – A router is a piece of network hardware that allows communication between your local home network and the Internet.

Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person.

Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading potentially dangerous software.

Security Awareness Training – Security awareness training is a training program aimed at heightening security awareness within an organisation.

Security Operations Centre (SOC) – A SOC monitors an organisation’s security operations to prevent, detect and respond to any potential threats.

Server – A server is a computer program that provides a service to another computer programs (and its user).

Smishing – Smishing is any kind of phishing that involves a text message.

Spam – Spam is slang commonly used to describe junk e-mail on the Internet.

Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential information.

Software – Software is the name given to the programs you will use to perform tasks with your computer.

Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Spyware – Spyware is a type of software that installs itself on a device and secretly monitors a victim’s online activity.

Tailgating – Tailgating involves someone who lacks the proper authentication following an employee into a restricted area.

Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface.

Traffic –  Web traffic is the amount of data sent and received by visitors to a website.

Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems.

Two-Factor Authentication –  Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.

USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices such as digital cameras, printers, scanners, and external hard drives.

Username – A username is a name that uniquely identifies someone on a computer system.

Virus – A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.

VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable.

Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack.

Vishing – Vishing is the telephone equivalent of phishing. It is an attempt to scam someone over the phone into surrendering private information that will be used for identity theft.

Whaling Whaling is a specific form of phishing that’s targeted at high-profile business executives and managers.

Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies.

Worm – A computer worm is a malware computer program that replicates itself in order to spread to other computers.

Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.

Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems.