Cybersecurity glossary of terms

In today's interconnected world, where technology seamlessly integrates into our daily lives, the importance of safeguarding our digital presence cannot be overstated. Whether it's shopping online, accessing social media, or even just sending an email, we constantly share sensitive information over the internet. However, with this convenience comes the risk of cyber threats that can compromise our privacy, finances, and even our identities. This is where cybersecurity steps in – the practice of protecting our digital systems, networks, and data from such threats.

Let’s review the definitive guide to cybersecurity terms.

The definitive guide to cybersecurity terms

Access control: The process of restricting access to resources only to authorized users, devices, or applications.

Advanced Persistent Threat (APT): A sophisticated, long-term cyber attack perpetrated by skilled adversaries with specific objectives.

Antivirus software: Software designed to detect, prevent, and remove malicious software (malware) from computer systems.

Authentication: The process of verifying the identity of a user, device, or application attempting to access a system or network.

Biometric authentication: Authentication based on unique biological characteristics such as fingerprints, iris patterns, or facial features.

Blue Team: Cybersecurity teams within organizations that are responsible for defending against cyber threats and attacks. They focus on implementing and maintaining security measures, monitoring systems for suspicious activity, conducting security assessments, and responding to incidents. Blue Teams often work in tandem with Red Teams (offensive security teams) to simulate attacks and improve defence strategies through exercises known as red team-blue team exercises.

Blockchain: A decentralized, distributed ledger technology used to record transactions securely across multiple computers.

Botnet: A network of compromised computers, or "bots," controlled by a single attacker for malicious purposes such as launching DDoS attacks or sending spam.

Source: https://www.geeksforgeeks.org/introduction-of-botnet-in-computer-networks/

Cryptography: The study and practice of techniques for secure communication and data protection in the presence of adversaries.

Cyber attack: An intentional exploitation of computer systems, networks, or devices to compromise data, disrupt services, or cause harm.

Data breach: Unauthorized access, disclosure, or theft of sensitive or confidential information.

Data Encryption Standard (DES): A widely used encryption algorithm for securing sensitive data.

Denial-of-Service (DoS): An attack that disrupts the normal functioning of a system or network by overwhelming it with a flood of traffic.

Digital certificate: A digital document issued by a trusted third party that verifies the authenticity of a website, organization, or individual.

Digital forensics: The process of collecting, preserving, analyzing, and presenting digital evidence in legal proceedings or incident investigations.

Encryption: Encryption is the process of encoding information in such a way that only authorized parties can access it. It ensures that even if data is intercepted, it remains unreadable to unauthorized users. Encryption is widely used to secure sensitive communications, financial transactions, and stored data.

Endpoint security: Protection of devices such as computers, smartphones, and tablets from cyber threats.

Exploit: A piece of software, code, or technique used to take advantage of vulnerabilities in computer systems or software.

Firewall: A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between your internal network and external threats, helping to prevent unauthorized access and malicious activities.

Governance, Risk, and Compliance (GRC): A framework that organizations use to manage and align their activities related to governance (establishing policies and procedures), risk management (identifying, assessing, and mitigating risks), and compliance (ensuring adherence to laws, regulations, and industry standards). GRC aims to streamline processes, improve decision-making, and ensure that organizations operate ethically and within legal boundaries.

Hacker: An individual or group who uses technical knowledge and skills to gain unauthorized access to computer systems or networks.

Incident Response Plan: A predefined set of procedures and protocols to follow in the event of a cybersecurity incident or breach.

Incident response: The process of identifying, managing, and mitigating the impact of security incidents.

Intrusion Detection System (IDS): A security tool that monitors network or system activities for malicious behaviour or policy violations.

Keylogger: Malware that records keystrokes on a computer or mobile device, often used to capture passwords and sensitive information.

Malware: Short for "malicious software," malware refers to any software designed to cause harm to a computer, server, or network. Examples include viruses, worms, ransomware, and spyware. These programs can infect your device through malicious email attachments, infected websites, or downloads from untrustworthy sources.

Man-in-the-Middle (MitM) attack: An attack where an attacker intercepts and possibly alters communication between two parties without their knowledge.

Source: https://www.preveil.com/blog/man-in-the-middle-mitm-attacks/

Network security: The practice of securing a computer network infrastructure from unauthorized access, misuse, or modification.

Patch: A software update designed to fix vulnerabilities or improve the security of a program or system.

Penetration testing: Simulated cyber attacks conducted to evaluate the security of a system or network.

Phishing: Phishing is a type of cyber attack where attackers impersonate legitimate entities to trick individuals into providing sensitive information such as passwords, credit card numbers, or personal data. This is often done through deceptive emails, messages, or websites.

Purple Team: Collaborative groups within organizations that combine the capabilities of both Red Teams and Blue Teams. They work together to simulate cyber attacks, assess security defences, and enhance overall cybersecurity posture. Purple Teams facilitate communication and knowledge sharing between offensive (Red) and defensive (Blue) security teams, allowing for more effective testing, analysis, and improvement of security measures. This collaborative approach helps organizations identify and address vulnerabilities more efficiently and comprehensively.

Ransomware: A type of malware that encrypts files on a victim's computer and demands payment for their release. Pro tip: don’t pay the ransom!

Red Team: Cybersecurity teams within organizations or third-party entities that simulate cyber attacks and security breaches to test the effectiveness of an organization's security defences. They employ techniques and methodologies similar to those used by real attackers to identify vulnerabilities, weaknesses, and gaps in security measures. Red Teams provide valuable insights into an organization's security posture and help improve defences by identifying areas for enhancement and remediation.

Rogue access point: An unauthorized wireless access point installed on a network by an attacker to capture sensitive information or launch attacks.

Rootkit: Malware that provides unauthorized access to a computer system or network while concealing its presence and activities from users and security software.

Secure Socket Layer (SSL): A cryptographic protocol that ensures secure communication over a computer network, commonly used for securing web traffic.

Security Information and Event Management (SIEM): A software solution that aggregates and analyzes security data from various sources to detect and respond to threats.

Security Operations Centre (SOC): A centralized facility or team responsible for continuously monitoring and analyzing an organization's security posture, detecting and responding to cybersecurity incidents, and implementing proactive measures to protect against potential threats.

Security policy: A set of rules and guidelines defining the security measures and practices within an organization.

Social engineering: The manipulation of individuals to divulge confidential information or perform actions that compromise security.

Spearphishing: A targeted form of phishing where cyber attackers customize fraudulent emails to specific individuals or organizations, often using personal information to increase believability and lure recipients into divulging sensitive information or performing harmful actions.

Source: https://us.norton.com/blog/online-scams/spear-phishing

Spyware: Malware that secretly gathers information about a person or organization and transmits it to an external entity without the user's consent.

Tokenization: The process of substituting sensitive data with unique identifiers (tokens) to protect it from unauthorized access.

Trojan Horse: A type of malware disguised as legitimate software to trick users into installing it, often with malicious intent.

Two-Factor Authentication (2FA): Two-factor or multi-factor authentication adds an extra layer of security to the traditional username and password login process. It requires users to provide a minimum of two different authentication factors, typically something they know (like a password) and something they have (like a one-time code sent to their phone), making it more difficult for unauthorized users to gain access.

Virtual Private Network (VPN): A secure network connection that allows users to access a private network over the internet, ensuring confidentiality and privacy.

Virus: A type of malware that spreads by inserting copies of itself into other programs or documents.

Worm: A type of malware that self-replicates and spreads across networks, often causing damage by consuming bandwidth or degrading system performance.

Zero-Day exploit: An attack targeting a previously unknown vulnerability, for which no patch or fix is available.

Frequently asked questions:

What are the 5 C's of cybersecurity?

The 5 C's of cybersecurity are culture, compliance, controls, continuity, and coordination. Together, they operate as a framework that emphasizes key elements to consider when addressing cybersecurity threats.

Cybersecurity culture: Cybersecurity starts with people. That means it’s important to establish a culture within an organization that prioritizes cybersecurity awareness and adherence to security policies and procedures at all levels.

Cybersecurity compliance: Compliance involves ensuring that an organization's cybersecurity practices align with relevant laws, regulations, and industry standards. This includes regularly assessing and maintaining compliance with legal and regulatory requirements.

Cybersecurity controls: Controls are the security measures and mechanisms implemented to protect information systems and data from unauthorized access, alteration, or destruction. This includes technologies such as firewalls, encryption, access controls, and intrusion detection systems.

Cybersecurity continuity: Continuity involves developing and implementing plans and strategies to ensure the continued operation of critical systems and processes in the event of a cybersecurity incident or disruption. This includes business continuity planning, disaster recovery, and incident response.

Cybersecurity coordination: Coordination emphasizes the importance of collaboration and communication among various stakeholders, both within an organization and across different organizations, to effectively address cybersecurity threats. This includes sharing threat intelligence, coordinating incident response efforts, and collaborating with external partners and authorities.

These five elements collectively form a comprehensive approach to managing cybersecurity risks and protecting against cyber threats.

What are the 5 D's of cybersecurity?

The 5 D's of cybersecurity are deter, detect, deflect, defend, delay, and document. Together they operate as another framework that highlights key principles for managing and mitigating cyber threats.

Deter: Deterrence involves implementing measures to discourage potential cyber attackers from targeting your systems or data. This may include visible security measures, such as strong access controls, security awareness training for employees, and clear policies outlining consequences for cyber misconduct.

Detect: Detection focuses on identifying and promptly responding to cyber threats or incidents as they occur. This includes deploying intrusion detection systems, monitoring network traffic for suspicious activity, and implementing robust logging and auditing mechanisms to track system activity.

Deflect: Deflecting cyber threats involves redirecting or mitigating potential attacks before they reach their target. This can be achieved through various means, such as implementing web application firewalls (WAFs), email filtering systems, and DNS filtering to block malicious traffic and prevent access to known threats. This can also include employing threat intelligence feeds and collaborating with industry partners to proactively identify and block emerging threats can help deflect attacks before they cause harm.

Defend: Defending involves implementing proactive security measures to protect against cyber threats. This includes deploying firewalls, antivirus software, encryption, and other security technologies to safeguard systems and data from unauthorized access, malware, and other cyber threats.

Delay: Delay involves slowing down or impeding attackers' progress once they breach your defences. This can be achieved through measures such as implementing multi-factor authentication, network segmentation, and deception technologies.

Document: Documentation refers to the process of thoroughly documenting security incidents, response actions, and recovery efforts. This includes maintaining detailed records of incident timelines, actions taken, and lessons learned. Documentation is essential for post-incident analysis, compliance reporting, and refining incident response processes to enhance future readiness.

By following these principles, organizations can strengthen their cybersecurity posture and better protect themselves against cyber threats.

Understanding these essential cybersecurity terms is crucial for navigating today's digital landscape safely. If you're passionate about cybersecurity and want to deepen your knowledge and skills, consider enrolling in the Cyber Security Bootcamp at Lighthouse Labs. With hands-on training, expert instruction, and real-world projects, you'll gain the expertise needed to thrive in this exciting field. Take the next step to safeguarding our digital world and explore the opportunities offered by Lighthouse Labs' Cyber Security Bootcamp today.