Cybersecurity Glossary
We compiled this comprehensive glossary of security awareness terms as a free and constantly updated resource in order to make security accessible to everyone. We know security language can be intimidating, so if you’re looking for clear cybersecurity definitions and terminology, look no further. Below you’ll find the terms in alphabetical order, “decrypted” from the IT-savvy’s language.
- #
- A
- Access Control
- Account Harvesting
- Active Content
- Activity Monitors
- Advanced Encryption Standard (AES)
- Adware
- Algorithm
- Anomaly-based detection
- Anti-malware
- Anti-spam
- Anti-spoofing
- Antispyware software
- Antivirus software
- API
- Applet
- Asymmetric Cryptography
- Attack (online)
- Attack signature
- Auditing
- Authentication
- Authenticity
- Authorization
- Autonomous System
- Autorun worm
- Availability
- B
- Backdoor
- Backdoor Trojan
- Backup
- Bandwidth
- Banner
- Baseline security
- Basic Authentication
- Biometrics
- BIOS
- Bit
- Blackhat hacker
- Blacklisting
- Bloatware
- Block Cipher
- Bluetooth
- Boot Record Infector
- Boot sector malware
- Bot
- Botnet
- Bridge
- British Standard 7799
- Broadcast
- Broadcast Address
- Browser
- Browser hijacking
- Brute Force
- Buffer Overflow
- Bug
- Bulk Encryption
- Business Continuity Plan (BCP)
- Business Impact Analysis (BIA)
- Byte
- C
- Cache
- Cache Cramming
- Cache Poisoning
- Catfishing
- Certificate-Based Authentication
- Chargeware
- Checksum
- Chief Information Officer (CIO)
- Cipher
- Ciphertext
- CISO
- Client
- Code injection
- Computer Emergency Response Team (CERT)
- Computer Incident Response Team (CIRT)
- Computer Network
- Confidentiality
- Cookie
- CoreBOT
- Cost Benefit Analysis
- CPU
- Crimeware
- Cron
- Cross Site Scripting (XSS)
- Cryptanalysis
- Cryptographic Algorithm or Hash
- CryptoLocker
- CryptoWall
- CSO
- CTB Locker
- Cyber Attack
- Cyber incident
- Cyber security
- Cyber weapon
- D
- Daemon
- Dark Web
- Data
- Data Aggregation
- Data Asset
- Data Custodian
- Data Encryption Standard (DES)
- Data Integrity
- Data leakage
- Data loss
- Data Mining
- Data Owner
- Data theft
- Data Warehousing
- Database
- Day Zero
- Decryption
- Deep Web
- Defacement
- Demilitarized Zone (DMZ)
- Denial of Service
- Dialer
- Dictionary Attack
- Digest Authentication
- Digital Certificate
- Digital Envelope
- Digital Signature
- Digital Signature Algorithm (DSA)
- Digital Signature Standard (DSS)
- Disaster Recovery Plan (DRP)
- Discretionary Access Control (DAC)
- Distributed Scans
- DNS Cache Poisoning
- DNS hijacking
- Document malware
- Domain
- Domain generation algorithm (DGA)
- Domain Hijacking
- Domain Name
- Domain Name System (DNS)
- Domain shadowing
- Dormant code
- Drive-by attack
- Due diligence
- Dumpster diving
- Dyreza / Dyre
- E
- Eavesdropping
- Email malware distribution
- Encrypted Network
- Encryption
- End-to-End Encryption
- End-to-End Security
- Enterprise Risk Management
- Ethernet
- Event
- Exploit
- Exploit kit
- Exploit kits-as-a-service
- Exponential Backoff Algorithm
- Exposure
- External Security Testing
- F
- False positive
- False Rejects
- File Transfer Protocol (FTP)
- Filter
- Firewall
- Flooding
- Forensic Specialist
- Form-grabbing malware
- Forward Proxy
- G
- H
- Hacker
- Hacktivism
- Hash Function
- Header
- Hijack Attack
- Host
- HTTP Proxy
- HTTPS
- HTTPS scanning
- Hub
- Hybrid Attack
- Hybrid Encryption
- Hyperlink
- Hypertext Markup Language (HTML)
- Hypertext Transfer Protocol (HTTP)
- I
- Identity
- Implants
- Incident
- Incident Handling
- Incremental Backups
- Inference Attack
- Information
- Information Assurance (IA)
- Information Flow Control
- Information Security
- Information Security Policy
- Information Security Risk
- Information System Resilience
- Information Systems Security (INFOSEC)
- Information Warfare
- Input Validation Attacks
- Inside Threat
- Integrity
- Intellectual Property
- Internal Security Testing
- Internet
- Internet Control Message Protocol (ICMP)
- Internet Engineering Task Force (IETF)
- Internet Message Access Protocol (IMAP)
- Internet Protocol (IP)
- Internet Protocol Security (IPsec)
- Internet Standard
- Internet worm
- Intranet
- Intrusion
- Intrusion Detection
- Intrusion Detection Systems (IDS)
- IoT
- IP Address
- IP Flood
- IP Forwarding
- IP Spoofing
- ISO
- J
- K
- L
- M
- MAC Address
- Macro Virus
- Malicious Applet
- Malicious Code
- Malvertisement
- Malvertising
- Malware
- Man-in-the-middle Attack (MitM)
- Mandatory Access Control (MAC)
- Masquerade Attack
- Maximum Tolerable Downtime
- md5
- Mobile code
- Mobile phone malware
- Monoculture
- Morris Worm
- Multifactor Authentication
- N
- O
- P
- Packet
- Packet Sniffer
- Packet Switched Network
- Partitions
- Passive attack
- Password Authentication Protocol (PAP)
- Password Cracking
- Password Sniffing
- Patch
- Patching
- Payload
- Penetration
- Penetration Testing
- Personal Firewalls
- Pharming
- Phishing
- Ping of Death
- Plaintext
- Polymorphic malware
- Pop-up ad
- Port Scan
- Power virus
- Promiscuous Mode
- Proprietary Information
- Protocol
- Proxy Server
- Public Key
- Q
- R
- Race Condition
- Ransomware
- Registry
- Remote access
- Remote access Trojan / RAT
- Remote diagnostics / maintenance
- Replay attack
- Residue
- Response
- Reverse Address Resolution Protocol (RARP)
- Reverse Engineering
- Reverse Lookup
- Reverse Proxy
- Risk
- Risk Assessment
- Risk Averse
- Risk mitigation
- Role Based Access Control
- Root
- Root cause analysis
- Rootkit
- Router
- S
- Safeguards
- Safety
- Scareware
- Scavenging
- Secure Electronic Transactions (SET)
- Secure Shell (SSH)
- Secure Sockets Layer (SSL)
- Security controls
- Security impact analysis
- Security Policy
- Security requirements
- Sensitive Information
- Separation of Duties
- Server
- Session
- Session Description Protocol (SDP)
- Session Hijacking
- Session Key
- SHA1
- Share
- Shell
- Signature
- Skimming
- Sniffer
- Sniffing
- Social Engineering
- Socket
- Software
- Spam
- Spam filtering software
- Spear phishing
- Spoof
- Spy-phishing
- SQL
- SQL Injection
- Stealthing
- Steganography
- Sub Network
- Supply chain attack
- Suspicious files and behavior
- Switch
- Symmetric Cryptography
- SYN Flood
- Synchronization
- System administrator / Sysadmin
- System integrity
- T
- Tampering
- TCP/IP
- Threat
- Threat analysis
- Threat Assessment
- Threat event
- Threat Model
- Threat monitoring
- Threat scenario
- Threat shifting
- Threat source
- Threat Vector
- Time to Live
- Time-dependent password
- Tracking cookie
- Traffic analysis
- Traffic Encryption Key (TEK)
- Transmission Control Protocol (TCP)
- Transport Layer Security (TLS)
- Trojan Horse
- Tunnel
- U
- UDP Scan
- Unauthorized access
- Unauthorized disclosure
- Uniform Resource Identifier (URI)
- Uniform Resource Locator (URL)
- Unix
- URL injection
- User
- User Contingency Plan
- V
- W
- Web bug
- Web Server
- Webattacker
- Whaling
- Whitehat hacker
- Whitelist
- WHOIS
- World Wide Web (“the Web”, WWW, W3)
- Worm
- Z