Under Attack? Contact Us

Cybersecurity Glossary

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z
Term Definition

An attempt to gain unauthorized access to system services, resources, information or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.

Attack Surface

The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.


An Audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations.

Air Gap

The physical separation or isolation of a system from other systems or networks


A person, structure, facility, information, records, information technology systems and resources, material, process, relationships, or reputation that has value.

Blue Team

Related to Pen Tests – Blue Team defends the organization from the “attacks” attempting to find vulnerabilities.


A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.


A collection of computers compromised by malicious code and controlled across a network.

California Consumer Privacy Act (CCPA)


Chief Information Security Officer (CISO)

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

California Privacy Rights Act (CPRA)


Cyber Security

Cyber security is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now— communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else’s system? – CIS A website


Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.


Data are a set of values of qualitative or quantitative variables about one or more persons or objects.

Data Breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Data Loss Prevention (DLP)

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Denial of Service (DoS)

An attack that prevents or impairs the authorized use of information system resources or services.

Distributed Denial of Service (DDoS)

DDoS attacks are a subclass of denial of service attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic


Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key.

Endpoint Detection and Response (EDR)

EDR, also known as endpoint threat detection and response, is a cyber technology that continually monitors and responds to mitigate cyber threats.

Education and Training

The training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.

Forensic Analysis

Forensic analysis can be described as a detailed process of detecting, investigating, and documenting the reason, course, and consequences of a security incident.


A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

Gap Assessment

Gap Assessment is an in-depth review that helps organizations determine the difference between the current state of their information security to specific industry requirements.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU)

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.


An unauthorized user who attempts to or gains access to an information system.

Incident Response (IR)

Incident response (IR) is the effort to quickly identify an attack, minimize its effects, contain damage, and remediate the cause to reduce the risk of future incidents.


Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management.

International Organization for Standardization (ISO 27001)

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013

Identity & Access Management

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Information Security Policy

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

Inside(r) Threat

One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.

Key Pair

Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.

Key Logger

Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously/secretly, to monitor actions by the user of an information system.

Managed Detection and Response (MDR)

Next generation antivirus/antimalware systems that no only block signature based threats but also can learn and block behavior based threats. These usually also have a system “Digital Video Recorder” in which you can replay recent activities on the system to see where an infection originated and how it spread/what it did. Logs are also usually much richer as well than a traditional Audio/Visual system.


Software that compromises the operation of a system by performing an unauthorized function or process.


Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.


MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK® framework is a curated knowledge base and model for cyberadversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

Managed Services Provider (MSP)

Managed Services Provider. This is your traditional managed IT services company.

Managed Security Services Provider (MSSP)

Managed Security Services Provider. This is your information security managed services company. Services typically cover managed firewalls, managed SIEM, managed outsourced security operations center, managed email gateways, etc.


The Infrastructure including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.

Network Resilience

The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

Operations Technology

The hardware and software systems used to operate industrial control devices.

Payment Card Industry (PCI)

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the (PCI) Security Standards Council

Penetration Test (Pen Test)

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms as well as end-user adherence to security policies. – Core Security website

  • Grey Box Testing is a software testing technique to test a software product or application with partial knowledge of internal structure of the application. The purpose of grey box testing is to search and identify the defects due to improper code structure or improper use of applications.
  • Black Box testing involves testing a system with no prior knowledge of its internal workings. A tester provides an input, and observes the output generated by the system under test. Black box testing exercises a system end-to-end.
  • White Box testing, sometimes referred to as crystal or oblique box pen testing, involves sharing full network and system information with the tester, including network maps and credentials.
Personally Identifiable Information (PII)

PII or Personal Identifiable Information is any data that can be used to clearly identify an individual. Some examples that have traditionally been considered personally identifiable information include, mailing address, email address and phone numbers.

Protected Health Information (PHI)

Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual


A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.


A digital form of social engineering to deceive individuals into providing sensitive information.

Quarterly Business Review (QBR)

Quarterly Business Review is a quarterly meeting to review deliverable items and discuss any concerns and next steps.


Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.


The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk Assessment

The appraisal of the risks facing an entity, asset, system, or network, organizational operations and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

Red Team

Related to Pen Tests – The red team “attacks,” trying to find vulnerabilities and determining security risks for the organization.

Reverse Engineering

Reverse engineering is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accomplishes a task with very little insight into exactly how it does so


A secret refers to a private piece of information that acts as a key to unlock protected or sensitive resources. Examples of secrets include passwords, certificates, SSH keys, and encryption keys.

Security Debt

Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront.

Security Event vs. Security Incident

A security event is any observable occurrence that is relevant to information security. This can include attempted attacks or lapses that expose security vulnerabilities. A security incident is a security event that results in damage or risk to information security assets and operations.

Security Operations Center (SOC)

Security Operations Center – not to be confused with SOC 2 below. A SOC is where all of your security tool logs, alerts, and data comes in and is processed and responded to.

Security Operations Center (SOC 2)

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

Secure Software Development Lifecycle (SSDLC)

Secure Software Development Lifecycle is a collection of best practices which focuses on incorporating security into every step of the SDLC.

Secure Shell Protocol (SSH)

Secure Shell Protocol, or SSH, is a cryptographic network protocol for operating network services securely over an unsecured network.


The deliberate inducement of a user or resource to take incorrect action. (e.g., impersonating, masquerading, piggybacking, and mimicking).


Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Security Policy

A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

Security Information and Event Management (SIEM)

Security Information and Event Management. This is collecting all of your important log sources for correlation, alerting, and response. Log retention is also important but a separate factor in your overall incident response and log management strategies.

Tabletop Exercise

Tabletop Exercise is a Cybersecurity mock drill in the simplest definition. It is a cyberattack simulation exercise. An attack scenario that is extremely relevant to the business is simulated during the workshop.


A threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Threat Actor (TA)

A threat actor is an individual who locates and attack technological vulnerabilities—via information systems, networks, domains, devices, and other potentially breachable windows— and then leverages stolen data to accomplish a variety of goals, most commonly for financial gain.

Threat Hunting

Threat hunting is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Threat Assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or manmade, that have or indicate the potential to harm life, information, operations, and/or property.

Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Unauthorized Access

Any access that violates the stated security policy.

Virtual Chief Information Security Officer (vCISO)

A Virtual Chief Information Security Officer (vCISO) helps organizations to protect their infrastructure, data, people and customers. A vCISO is a top security expert that builds the client organization’s cybersecurity program. The Virtual CISO works with the existing management and technical teams.

Vulnerability or Vuln

The state of an Information system or assets being exposed to the possibility of being attacked.


A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.


A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

White Team

Related to Pen Tests – The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is a (SaaS)-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a
cohesive security operations system that unifies all licensed components.

Yara Rules

YARA rules are used to classify and identify malware samples by creating descriptions of malware families based on textual or binary patterns.

Stay updated on the latest cybersecurity content and relevant news.

Copyright © 2022 Cyber Defense Group. All Rights Reserved