Cybersecurity Glossary Terms
Varutra’s provides the cybersecurity community with knowledge of and insight on the industry’s significant terms and definitions by our cybersecurity glossary terms. This list contains key terminology/cybersecurity glossary/vocabulary resources online. Start your search on the critical terms you need to know as a security professional.
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Access control
The process of granting or denying specific requests for or attempts to:
1) obtain and use information and related information processing services; and
2) enter specific physical facilities.
Advanced Persistent Threat / APT
Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent. It is deployed by cyber-criminals who have a high level of expertise and important resources to infiltrate a network. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company’s program or agenda.
Adware
Adware is a type of software that delivers ads on your system. Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.
Anonymizing proxy
An anonymizing proxy is a way to hide your online activity and/or make it really difficult to be disclosed by third parties, like countries that apply Internet censorship. These proxy servers act like an intermediary connection between your computer and the final target. From an outsider’s point of view, they access those web locations and hide your computer’s IP from further identification. Usually, they are used to access freely Internet content under strict censorship.
Anti-malware
The general usage of this term – Anti-malware – refers to a number of software programs and applications that are capable to detect and remove malware from individual systems or from larger networks. Though the term is usually used in connection with classic antivirus products, the anti-malware abilities can include anti-spyware, anti-phishing or anti-spam solutions. Lately, the term has spread to name specialized software that fights data stealing malware delivered by online criminals.
Anti-spam
Anti-spam term or better said the anti-spam techniques are employed by special software programs that fight spam, which is unsolicited e-mail. The spam problem needs to be solved not only at the individual level of each user, but at an even greater level, that of system administrators that need to secure thousands of computers from spam. Spamming attempts become a greater problem for everybody because this is one of the main ways to deliver the most dangerous malware in the wild and additional phishing threats.
Anti-spoofing
Anti-spoofing techniques are used in order to stop the DDoS (Distributed Denial-of-Service) attacks that affect so many websites. To deliver these attacks, hackers are “spoofing” IP addresses, from where they send a great number of requests. When the website server attempts to reply to the requests, it gets stalled by waiting to access servers that actually do not exist. In this case again, it is difficult to detect the source of the attacks, therefore the only available solution is to use a software that can detect these fake IP addresses and refuse the connection.
Antispyware software
A program that specializes in detecting and blocking or removing forms of spyware.
Antivirus software
anti-virus (anti-malware) — A security program designed to monitor a system for malicious software. Once malware is detected, the AV program will attempt to remove the offending item from the system or may simply quarantine the file for further analysis by an administrator. It is important to keep AV software detection databases current in order to have the best chance of detecting known forms of malware.
Attack
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Attacker
An individual, group, organization, or government that executes an attack.
Attack surface
The set of ways in which an adversary can enter a system and potentially cause damage.
Attack signature
An attack signature is a unique piece of information that is used to identify a particular cyberattack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.
Authentication
The process of verifying the identity or other attributes of an entity (user, process, or device). This process is used to allow access to an online location or resource to the right individual by validating the identification.
Autorun worm
Autorun worms are malware programs that use the Windows AutoRun feature to launch automatically when the device, usually a USB drive, is plugged into a PC. AutoPlay, a similar technology has been used recently to deliver the infamous Conficker worm. Microsoft has set on new systems the AutoRun setting to off, so this issue should disappear in the future.
Backdoor Trojan
A backdoor Trojan is a way to take control of a system without permission. Usually, a backdoor Trojan poses as a legitimate program spreading though phishing campaigns and fooling users into clicking a malicious link or accessing malware on a website. Once the system is infected, the Trojan can access sensitive files, send, and receive data online and track the browsing history. To avoid this type of infection, you should keep the system up to date with the latest patches and have strong anti-malware protection.
Backup
A backup is an exact copy of your files, your system files or any other system resources you need to protect. This precaution is necessary for all types of unpredictable events, like a system crash or when you remove or lose those files. The backup is supposed to be independent from your system and be used only when necessary. There are also cases when the system or those files become infected, and you need to recover them. Or when the system is blocked by a ransomware.
Behavior monitoring
Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
Black box
A method of penetration testing in which the hacker is given no prior information other than a target network or computer system to hack.
Blackhat hacker
Skilled computer users with malicious intents, they seek to compromise the security of a person or organization for personal gain. Blackhat hackers frequently specialize, for example in malware development, spam delivery, exploit discovery, DDoS attacks and more. Not all Blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder. Their favorite targets are financial information (such as credit card data or bank accounts), personal information (like email accounts and passwords), as well as sensitive company data (such as employee/client databases).
Blacklist
A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software. The blacklist is a list of specific files known to be malicious or otherwise are unwanted. Any program on the list is prohibited from executing while any other program, whether benign or malicious, is allowed to execute by default.
Blended Threat
A blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.
Blue Team
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Boot sector malware
A boot sector malware can replicate the original boot sector of the system, so that at the following system boot-up, the malware may become active. This way, the boot kit in the boot sector manages to hide its presence before the operating system can load up. This is a clear advantage for the malware, which is loaded before the system and the anti-malware solution. Since it loads before the security solution, it can even disable it and make it useless against it.This type of infection is usually difficult to clean.
Bot
Internet bots or web bots are software programs that perform automated tasks and specific operations. Though some bots serve harmless purposes in video games or online locations, there are a number of bots that can be employed in large networks, from where they can deliver malicious ads on popular sites or launch distributed online attacks against a number of designated targets.
Browser hijacking
Browser hijacking is the process of changing the default homepage or search engine in your web browser by a malicious program without your permission. The user can notice that the affected changes cannot be reversed, and a security tool needs to be used against this type of software. It is not considered a serious threat to the overall system security, but it needs to be addressed fast since web browsing is affected.
Brute force attack
A brute force attack is a technique used by hackers in which a high number of keywords or password combinations are tested in order to gain access to a site or a network. This is one of the main reasons users should set strong passwords.
Buffer overflow
A buffer overflow takes place when a program or an application tries to store excess data in a temporary storage area (a buffer) and that extra information overflows into other parts of a computer’s memory. This is something hackers took advantage from and these types of attacks can lead to unauthorized code running or system crashes.
Botnet
A collection of computers compromised by malicious code and controlled across a network.
Bug
An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Bulk Encryption
Bulk encryption is a set of security protocols that provide the necessary means to encrypt and decrypt data transmissions in order to offer protection from security breaches and online theft.
Business Impact Analysis
Business Impact Analysis is an important key element of an organization’s business continuity plan that detects vulnerabilities and analyzes their operational and financial impact on the overall business plan. According to the analysis, strategies are planned to minimize the detected risks.
BYOD
BYOD (acronym for Bring Your Own Device) is a company policy by which employees are allowed to bring their own devices (laptops, smartphones, tablets, etc.) to work. This type of flexibility increases the number of vulnerabilities in a company’s environment, since the devices are managed and secured individually.
Cache
A cache is a technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag.
Cache Cramming
Cache cramming is a technique to trick a browser into running malicious Java code from the local disk, instead of the Internet. The execution of local code (which runs with less permissions) enables online criminals access the target computer.
Catfishing
Common on social networking and online dating sites. Sometimes a catfish’s sole purpose is to engage in a fantasy but sometimes the catfish’s intent is to defraud a victim, seek revenge or commit identity theft.
Chief Information Officer (CIO)
The Chief Information Officer is the title name of the person that is responsible for the information technology system in a company. The job responsibilities include planning the technology architecture, align corporate network to the business developed and develop a secure financial management system for the company.
CISO
CISO (Chief Information Security Officer) is a senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. CSO (Chief Security Officer) is another name used for the same job.
Code injection
The code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code.
Cloud computing
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Clickjacking
A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user. Clickjacking can be performed in many ways; one of which is to load a web page transparently behind another visible page in such a way that the obvious links and objects to click are facades, so clicking on an obvious link actually causes the hidden page’s link to be selected.
Computer Abuse
Computer abuse is the unethical use of a computer to launch online attacks, like phishing andmalware delivery campaigns, sabotage and cyberwar activities.
Computer Forensics
Computer forensics is connected to digital forensic science and is the practice by which digital data is collected and analysed for legal purposes. The main goal is to identify, analyse and present facts about digital information. The conclusions can be used in fight against cybercrime or for civil proceedings.
Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Computer Incident Response Team (CIRT)
The Computer Incident Response Team investigates network security incidents that occur when unauthorized access takes place to network resources or protected data. Their job is to analyse how the incident took place and provide a response, by discovering how the breach occurred and what information has been lost.
Confidentiality
Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
Cookie
A cookie is a small text file which is placed on your computer when you visit a website. This cookie allows the website to keep track of your visit details and store your preferences. These cookies were designed to be helpful and increase the website speed the next time you access that location. At the same time, they are very useful for advertisers who can match the ads to your interests after they see your browsing history.
Crimeware
Crimeware is distinct from adware or spyware and it’s created for identity theft operations that use social engineering schemes to gain access to a user’s online accounts. Crimeware is a growing issue for networks’ security, as numerous types of malware look to steal valuable data from the systems. The retrieved information may be sent to other interested parties for a certain price.
Cross Site Scripting (XSS)
Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.
CSO
CSO (Chief Security Officer) is a top-level executive in charge of ensuring the security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business-oriented objectives, as he is responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. CISO (acronym for Chief Information Security Officer) is another name used for the same job.
Cyber Attack
Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets. Cyberattacks can be initiated through exploitation of a vulnerability in a publicly exposed service, through tricking a user into opening an infectious attachment, or even causing automated installation of exploitation tools through innocent website visits.
Cyber incident
A cyber incident takes place when there is a violation of a security policy imposed on computer networks and the direct results affect an entire information system.
Cyber Espionage
Cyber espionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter.
Cyber security
Cyber security is a general term that refers to the possibility of organizing a defensive strategy against online criminals and their malicious actions. A complete cyber security strategy includes multiple tools and methods to protect an operating system from classical viruses and trojans, spyware, financial and data stealing malware. At the same time, online security is important and needs to be protected with other means, like VNP software and backup solutions.
Cyber weapon
The term “cyber-weapon” refers to an advanced and sophisticated piece of code that can be employed for military or intelligence purposes. The term has recently emerged from the military area to name malicious software that can be used to access enemy computer networks.
Dark Web
The dark web refers to websites and online content that exists outside the reach of traditional earch engines and browsers. This content is hidden by encryption methods (in most cases, these sites use the Tor encryption tool to hide their identity and location) and can only be accessed with specific software, configuration settings or pending approval from their admins. The dark web is known for being a hub for illegal activities (drug and crime transactions, dark hat hacking and so on).
Data Asset
A data asset is a piece of information that contains valuable records. It can be a database, a document or any type of information that is managed as a single entity. Like any asset, the information involved contains financial value that is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.
Data Integrity
Data integrity refers to information property that has not been altered or modified by an unauthorized person. The term is used to refer to information quality in a database, data warehouse or other online locations.
Data leakage
Data leakage describes a data loss of sensitive information, usually from a corporation or large company, that results in unauthorized personnel access to valuable data assets. The sensitive data can be company information, financial details or other forms of data that puts the company name or its financial situation at risk.
Data loss
Data loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cybercriminal hands. To prevent data loss, IT teams install backup and recovery equipment to avoid losing important information.
Data theft
Data theft describes illegal operations in which private information is retrieved from a company or an individual. Usually, the stolen data includes credentials for online accounts and banking sites, credit card details or valuable corporate information. In the last years these types of operations have increased, and it has now become necessary to protect data by additional security means.
Darknet
The dark net is part of the deep web, but it refers to websites that are specifically used for nefarious reasons.
Decipher
To convert enciphered text to plain text by means of a cryptographic system.
Deep Web
The deep web is a similar concept to the dark web but has a less shady nature. The world wide web content which is not indexed by traditional search engines is known as the deep web and preferred by certain groups for its increased privacy levels. However, unlike the dark web, the deep web doesn’t require its users to be particularly tech-savvy and is not hidden by sophisticated methods; all you need is to know the address of the website you want to access.
Denial of service attack (DDoS)
This type of online attack is used to prevent normal users from accessing an online location. In this case, a cybercriminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.
Dialer
A dialer in the information security world is a spyware device or program that is used to maliciously redirect online communication. Such a software disconnects the legitimate phone connection and reconnects to a premium rate number, which results in an expensive phone bill received by the user. It usually installs itself on the user’s system.
Digital Signature
A digital signature is a technique used to encrypt and validate the authenticity and integrity of a message, software or digital document. The digital signature is difficult to duplicate by a hacker, that’s why it is important in information security.
Disaster Recovery Plan (DRP)
A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.
DNS Cache Poisoning
DNS cache poisoning is a method used by online criminals to launch online attacks. This method supposes the domain name system’s modification, which results in returning an incorrect IP address. The purpose is to divert traffic to a malicious server, which is controlled by hackers. That’s why the DNS is considered poisoned, and it should be taken down by the authorities.
DNS hijacking
DNS hijacking or DNS redirection is an online attack that overrides a computer’s TCP/IP settings to direct communication to a malicious server controlled by cybercriminals.
Document malware
Document malware takes advantage of vulnerabilities in applications that let users read or edit documents.
Domain Hijacking
Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.
Domain shadowing
Domain shadowing is a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputation-based filters and pass their malicious traffic as safe.
Dormant code
Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern frastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.
Dridex
Dridex is a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and additional personal information and its fundamental objective is banking fraud.
Drive-by attack
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
Due diligence
Due diligence compels organizations to develop and deploy a cyber security plan to prevent fraud, abuse, and deploy means to detect them if they occur, in order to maintain confidential business data safe.
DumpSec
DumpSec is a security tool that dumps a variety of information about a system’s users, file system, registry, permissions, password policy, and services.
Dumpster diving
Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.
Dyreza / Dyre
Dyreza (also called Dyre) is a banking Trojan (financial malware) that appeared in 2014, whose behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of keylogging, circumventing SSL mechanisms and twofactor authentication, and is usually spread through phishing emails.
Eavesdropping Attack
Network Eavesdropping or network sniffing is an attack that aims to capture information transmitted over a network by other computers. The objective is to acquire sensitive information like passwords, session tokens, or any kind of confidential information
Encrypted Network
A network on which messages are encrypted using a special algorithm in order to prevent unauthorized people from reading them.
Encryption
Encryption is a process of maintaining data integrity and confidentiality by converting plain data into a secret code with the help of an algorithm. Only authorized users with a key can access encrypted data or cipher text.
End-to-End Encryption
This process involves using communications encryption to make information unavailable to third parties. When being passed through a networking, the information will only be available to the sender and the receiver, preventing ISPs or application service providers to discover or tamper with the content of the communication.
End-to-End Security
The way of ensuring that data transmitted through an information system stays secure and safe from origin point to destination.
Enterprise Risk Management
The methods and processes that organizations use to identify and manage cyber security risks that could endanger its corporate mission. As part of this plan, the organization will also establish a plan to protect its assets and a plan to react in case a cyber security risk becomes reality.
Exploit
An exploit is taking advantage of a weakness or a flaw in the system to intrude, attack it..
Exploit kit
Exploit kits (EKs) are computer programs designed to find flaws, weaknesses, or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber-attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it.
Exploit kits-as-a-service
Exploit kits as-a-service are a relatively recent business model employed by cyber criminals in which they create, manage and sell or rent exploit kits which are accessible and easy to use in cyber-attacks. Exploit kits-as-a-service don’t require much technical expertise to be used, they are cheaper (especially if rented), they’re flexible and can be packed with different types of malware, offer broader reach, are usually difficult to detect and can be used to exploit a wide range of vulnerabilities. This business model makes it very profitable for exploit kit makers to sell their malicious code and increase their revenues.
External Security Testing
Security testing conducted from outside the organization’s security perimeter.
Fake antivirus malware
Rogue antivirus or rogue security is a form of computer malware that simulates a system infection that needs to be removed. The users are asked for money in return for removal of malware, but it is nothing but a form of ransomware.
False positive
A false positive is identified when a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there’s a malware threat on your PC, but it could happen that the program it’s blocking is safe.
File binder
File binders are applications used by online criminals to connect multiple files together in one executable that can be used in launching malware attacks.
Financial malware
Financial malware is a category of specialized malicious software designed to harvest financial information and use it to extract money from victims’ accounts. Because it is a rather new type of malware, it is also very sophisticated and it can easily bypass traditional security measures, such as antivirus. Financial malware is capable of persisting in the affected system for a long time, until it gathers the information associated with financial transactions and it can start to leak money from the targeted account. Banking fraud cybercrimes are one of the most serious cyber threats in the current risk landscape.
Firewall
A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
Flip button
In the malware world, a flip button appears when spyware or adware solutions trick users into following various actions and installing malicious software on the system.
Flooding
Flooding is a security attack used by hackers against a number of servers or web locations. Flooding is the process of sending a large amount of information to such a location in order to block its processing power and stop its proper operation.
Forensic Specialist
A forensic specialist in IT security is a professional who identifies and analyses online traffic and data transfer in order to reach a conclusion based on the discovered information.
Form Grabber
Malware designed to record sensitive information that the targeted user provides in forms on the Internet. These malwares particularly target the victim’s financial information.
Gray box
A method of penetration testing in which the hacker is given some information about the internal details of the target network in order to provide a quick summary of some specific strengths and weaknesses in that network’s security
Hacker
A hacker is generally regarded as a person who manages to gain unauthorized access to a computer system in order to cause damage. But keep in mind that there are two types of hackers: Whitehat hackers, who do penetration testing and reveal their results to help create more secure systems and software, and Blackhat hackers, who use their skills for malicious purposes.
Hacktivism
Hacktivism is the activity of using hacking techniques to protest or fight for political and social objectives. One of the most well-known hacktivist groups in the world is Anonymous.
Heartbleed vulnerability
Heartbleed is a security bug that appeared in 2014, which exposed information that was usually protected by SSL/TLS encryption. Because of a serious vulnerability that affected the OpenSSL library, attackers could steal data that was kept confidential by a type of encryption used to secure the Internet. This bug caused around 500.000 web servers (17% of all severs on the Internet) to be exposed to potential data theft.
Hoax
A hoax is a false computer virus warning. You may receive such hoaxes via email, instant messaging or social media. Before acting on it, be sure to go online and check the validity of the claim. Also, when you have proof that it’s fake, it’s a good idea to inform the sender as well. Remember that such hoaxes can lead to malicious websites which can infect your devices with malware.
Honeymonkey
This is an automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have. Another name for this is Honey Client.
Honeypot
Programs that simulate one or more network services that you designate on your computer’s ports. An attacker assumes you’re running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker’s keystrokes. This could give you advanced warning of a more concerted attack.
HTTPS scanning
This is another name of a Man-in-the-Middle attack. Scanning HTTPS (Hypertext Transfer Protocol Secure) content allows the attackers to decrypt, analyze, and re-encrypt content between websites that use SSL (Secure Sockets Layer) for security and a user’s browser. This type of attack is usually used to snoop in on information exchanges and steal confidential data.
Hybrid attack
A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Identity Theft
Identity theft refers to the process of stealing someone’s personal identification data and using it online in order to pose as that person. Hackers can make use of a person’s name, photos, papers, social security number and so on, to gain financial advantage at this person’s expense (by obtaining credit or by blackmailing), or as a means of damaging the person’s reputation etc.
Incident response
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Information Assurance
This is a set of measures designed to protect and defend data and information systems by ensuring that they are always available, that their integrity is safe, that they’re confidential and authentic (non-repudiation principle). These measures include having a data backup to restore information in case of an unfortunate event, having cyber security safeguards in place and ensuring that detection and reaction capabilities are featured.
Information Flow Control
This is an important safeguard in companies, created to ensure that data transfers in an information system comply with the security policy and are as safe as possible.
Information Security
The tactics, tools, measures and actions taken to protect data and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction. Its purpose is to ensure the confidentiality, integrity, and availability of the data and information systems.
Information Security Policy
A must-have for any company, this includes up the directives, regulations, rules, and practices that define how an organization should manage, protect and distribute information.
Information Security Risk
A risk in this category can be evaluated according to how and how much it threatens a company’s operations (including mission, functions, brand, reputation) or assets, employees, partners etc. A risk is based on the potential for cyber criminals to gain unauthorized access and use it to collect confidential data, disclose it to the public or to unauthorized parties, modify it or destroy it, thus disrupting the organization’s activity.
Information System Resilience
A resilient information system is a system that can continue to work even while under attack, even if becomes degraded of weakened. Moreover, it has to be able to recover from a successful attack fast and regain operational capabilities, at least for the core functions.
Information Systems Security (INFOSEC)
One of the most used terms in cyber security, INFOSEC, is the protection of information systems against unauthorized access or attempts to compromise and modify data, whether it’s stored data, processed data or data that’s being transmitted. The necessary measures to detect, document and counter these threats are also included in INFOSEC.
Inside Threat
The insider threat usually refers to employees or other people with authorized access who can potentially harm an information system by destroying it or parts of it, by disclosing or modifying confidential information and by causing denial of service.
Integrity
Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.
Intellectual Property
This refers to useful artistic, technical or industrial information, concepts, ideas or knowledge that clearly show that they’re owned by someone who has control over them, either in physical form or in representation.
Internal Security Testing
This type of testing is conducted from inside an organization, to examine the resilience and strength of a company’s security perimeter and defences.
Internet worm
Internet worms were created by researchers in the 1980s to find a reliable way of growing the Internet through self-replicating programs that can distribute themselves automatically through the network. An Internet worm does exactly that: it distributes itself across the web by using the computers’ Internet connection to reproduce.
Intrusion
Intrusion refers to the act of getting around a system’s security mechanisms to gainunauthorized access.
Intrusion Detection Systems (IDS)
This is a security management system set up to actively protect computer and networks. It works by analyzing information from various areas of a computer/network o spot potential security breaches. These breaches can be either caused by intrusions (external attacks) and misuse (insider attacks).
IP Flood
This is a Denial-of-Service attack which aims to send a host an avalanche of pings (echo request packages) that the protocol implementation cannot manage. This causes a system to fail and send a denial-of-service error.
IP Spoofing
This is a tactic used by cyber criminals to supply a false IP address that masquerades a legitimate IP. This helps the attacker gain an unfair advantage and trick the user or a cyber security solution that’s in place.
Keylogging
Through keylogging, cyber criminals can use malicious software to record the keystrokes on a users’s keyboard, without the victim realizing it. This way, cyber criminals can collect information such as passwords, usernames, PIN codes and other confidential data.
Kovter
Kovter is a Trojan whose primary objective is performing click-fraud operations on the PC it compromises. However, in 2015 Kovter incorporated new cloaking tricks in order to evade detection, which is why cyber criminals started using it to deliver other types of malware, such as ransomware, or to recruit PCs into botnets
Link jacking
A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.
Likelihood of Occurrence
This defines the probability of a specific threats to exploit a given vulnerability, based on a subjective analysis.
Logic Bomb
This is a piece of code that a miscreant can insert into software to trigger a malicious function when a set of defined conditions are met.
Low Impact
This level of impact of a cyber threat or cyber-attack on an organization shows that there could be a loss of confidentiality, integrity, or availability, but with limited consequences. This includes reducing the capabilities of the organization, while still retaining the ability to function, but also other minor damages, financial loss or harm to people.
Macro Virus
This type of virus attached itself to documents and uses macro programming options in a document application (such as Microsoft Word or Excel) to execute malicious code or propagate itself.
Malicious Applet
This is a small application that is automatically downloaded and executed, being capable of performing an unauthorized action/function on an information system.
Malicious Code
This is a type of software camouflaged to seem useful and suitable for a task, but which actually obtains unauthorized access to system resources or fools a user into executing other malicious actions.
Malvertisement
This is an online ad infected with malicious code that can even be injected into a safe, legitimate website, without the website owner’s knowledge. This is short for “malware advertisement”.
Malvertising
This is also called “malicious advertising” and it refers to how malware is distributed through online advertising networks. This type of technique is widely use to spread financial malware, data-stealing malware, ransomware and other cyber threats.
Malware
Malware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs.
Malware-as-a-service
This type of malware is developed by cyber criminals to require little or no expertise in hacking, to be flexible, polymorphic, offer a broader reach and often comes packed with ready-coded targets. Malware-as-a-service can be bought or rented on the deep web and in cybercriminal communities, and sometimes can even include technical support from its makers and their team, which they run as a business. The main purpose behind it is making as much money as possible.
Man-in-the-middle Attack
Through this attack, cyber criminals can change the victim’s web traffic and interpose themselves between the victim and a web-based service the victim is trying to reach. At that point, the attacker can either harvest the information that’s being transmitted via the web or alter it. This type of attack is often abbreviated to MITM, MitM, MIM, MiM or MITMA..
Mazar BOT
Mazar BOT is a strain of malware targeting Android devices which first emerged in February 2016. The malware spreads through SMSs sent to random numbers, which include a link shortened through a URL shortner service (such as bit.ly). Once clicked, the link installs the Mazar BOT malware on the affected device, gaining the ability to write, send, receive and read SMS, access Internet connections, call phones, erase the phone it’s installed on and many more. Mazar BOT doesn’t run on smartphones running Android with the Russian language option. Spoofing has also been observed in Mazar BOT attacks.
Mobile code
This is a type of software that can be transferred between systems (across a network) and which can also be executed on a local system, such as a computer, without the recipient’s explicit consent. Here are some examples of mobile code that you may come across: JavaScript, VBScript, Flash animations, Shockwave movies, Java applets, ActiveX controls and even macros embedded in Microsoft Office or Excel documents.
Mobile phone malware
This type of malware targets mobile phones, tablets and other mobile devices, and it aims to disrupt their normal functions, cause system damage or data leakage and/or data loss.
Moderate Impact
When this type of impact is estimated or observed on an information system, it means that confidentiality, integrity, or availability have suffered a significant blow. The organization may record barely working primary functions and significant damage to its assets, finances and individuals.
Multifactor Authentication
This type of authentication uses two or more factors to achieve authentication. These factors can include something the users knows (a password or a PIN), something the user has (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).
Network Sniffing
This is a technique that uses a software program to monitor and analyse network traffic. This can be used legitimately, to detect problems and keep an efficient data flow. But it can also be used maliciously, to harvest data that’s transmitted over a network.
Non-repudiation
A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
Offline Attack
This type of attack can happen when an attacker manages to gain access to data through offline means, such as eavesdropping, by penetrating a system and stealing confidential information or looking over someone’s shoulder and obtaining credentials to secret data.
Outside Threat
This refers to an unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.
OWASP (Open Web Application Security Project)
An Internet community focused on understanding web technologies and exploitations. Their goal is to help anyone with a website improve the security of their site through defensive programming, design and configuration. Their approach includes understanding attacks in order to know how to defend against them. OWASP offers numerous tools and utilities related to website vulnerability evaluation and discovery as well as a significant amount of training and reference material related to all things web security.
Packet Sniffer
This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc.
Parasitic viruses
A type of virus that’s capable of associating itself with a file or inserting itself into a file. To remain undetected, this virus will give control back to the software it infected. When the operating system looks at the infected software, it will continue to give it rights to run as usual. This means that the virus will be able to copy itself, install itself into memory or make other malicious changes to the infected PC. Although this type of virus appeared early on in the history of computer infections, it’s now making a comeback.
Passive attack
This is a type of attack during which cyber criminals try to gain unauthorized access to confidential information. It’s called passive because the attacker only extracts information without changing the data, so it’s more difficult to detect as a result.
Password cracking
Password cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in the system password file until a match is found.
Password sniffing
This is a tactic used by cyber criminals to harvest passwords. They do this through monitoring and snooping in on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.
Patch
A patch is a small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.
Patch Management
This refers to the activity of getting, testing and installing software patches for a network and the systems in it. Patch management includes applying patches both for security purposes and for improving the software programs used in the network and the systems within it.
Patching
Patching is the process of updating software to a different version. It is also referred to as updating the software to the latest version available and is key in removing bugs of the previous version.
Payload
A payload is the actual application data a packet contains. It is part of the transmitted data which is the fundamental purpose of the transmission. In summary, payload refers to the actual intended message in a transmission.
Pen test
A colloquial term for penetration test or penetration testing.
Penetration
In cyber security, penetration occurs when a malicious attacker manages to bypass a system’s defenses and acquire confidential data from that system.
Penetration Testing
This is a type of attack launched a network or computer system in order to identify security vulnerabilities that can be used to gain unauthorized access to the network’s/system’s features and data. Penetration testing is used to help companies better protect themselves against cyber-attacks.
Personal Firewall
This is a type of firewall that’s installed and runs on personal computers. A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
Pharming
This is a type of online scam aimed at extracting information such as passwords, usernames and more from the victim. Pharming means redirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This type of attacks usually targets banking and ecommerce websites. What makes it difficult to detect is that, even if the victim types in the right URL, the redirect will still take the user to the fake website, operated by IT criminals.
Phishing
Phishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card details by impersonating as a trustworthy entity. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Plaintext
This is how ordinary text is called before it’s encrypted or after being decrypted. When someone says that your passwords are stored in plaintext, it means that they can be read by anyone snooping into your private information, because the passwords aren’t encrypted. This is a big lapse in cyber security, so watch out for it.
Polymorphic code
Polymorphic code is capable of mutating and changing while maintaining the initial algorithm. Each time it runs, the code morphs, but keeps its function. This tactic is usually used by malware creators to keep their attacks covert and undetected by reactive security solutions.
Polymorphic malware
Polymorphic malware is capable of transforming itself into various derivative versions that perform the same function and have the same objective. By using obfuscated code and constantly changing their code, polymorphic malware strains can infect information systems without being detected by solutions such as traditional malware, which is a key asset in the perspective of cyber criminals.
Pop-up ad
Pop-up ads are windows used in advertising. They appear on top of your browser window when you’re on a website, and they’re often annoying because they are intrusive. While they’re not malicious by nature, sometimes they can become infected with malware, if a cyber attacker compromises the advertising networks that’s serving the pop-up.
Potential Impact
When a cyber security risk is assessed, the loss of the 3 essential factors is considered: confidentiality, integrity and availability. If a risk becomes a cyber-attack, it can have low, moderate or high impact.
Proprietary Information (PROPIN)
Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches.
Proxy server
A proxy server is a go-between a computer and the Internet. Proxies are used to enhance cyber safety because they prevent attackers from invading a computer/a private network directly.
Recovery
The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Ransomware
Ransomware is a type of malware (malicious software) which encrypts all the data on a PC or obile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the, if the victim pays the ransom, he/she will get the decryption key. The most reliable solution is to back up your data in at least 3 different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.
Red Team
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
Red Team exercise
An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.
Real-time reaction
This is a type of immediate reaction and response to a spotted compromise attempt. This is done in due time so the victim can ensure protection against unauthorized network access.
Redundancy
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Remote access
This happens when someone uses a dedicated program to access a computer from a remote location. This is a norm for people who travel a lot and need access to their company’s network. But cyber criminals can also use remote access to control a computer they’ve previously hacked into.
Remote access Trojan / RAT
Remote Access Trojans (RATs) use the victim’s access permissions and infects computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cybercriminal-controlled servers and websites.
Remote diagnostics / maintenance
This is a maintenance service carried on by authorized companies/individuals who use the Internet to communicate with the company’s network.
Residual risk
This is a type of risk that remains after all available security measures and tactics have been applied. Because there is no such thing as 100% cyber security, a residual risk remains for each identifiable cyber threat.
Reverse engineering
Acquiring sensitive data by disassembling and analysing the design of a system component. This is one of the most valuable activities in cyber security intelligence gathering.
Risk assessment
This is a risk analysis process that defines an organization’s cyber security risks and their potential impact. Security measures are then suited to match the importance and potential impact of the risks identified because of the risk assessment.
Risk management
This is the process by which an organization manages its cyber security risks to decrease their potential impact and take the adequate measures to avoid cyber-attacks. Doing a risk assessment is also part of the process, as well as the risk mitigation strategy and all the procedures that must be applied in order to ensure proper defences against cyber threats. This is a continuous process and should be viewed as a cycle.
Reverse Proxy
Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.
Risk mitigation
This is the process by which risks are evaluated, prioritized and managed through mitigation tactics and measures. Since any company has a dynamic environment, a periodical revision should be a defining characteristic of the risk mitigation process.
Rogue security software
Rogue security software (usually antivirus) is a common Internet scam used by cyber criminals to mislead victims and infect their PCs with malware. Malicious actors could also use fake antivirus to trick victims into paying money or extort them (like ransomware does) into paying for having the rogue software removed. So please only buy security software from trusted vendors or from the software makers themselves.
Rogueware
This is a type of deceitful malware which claims to be a trusted and harmless software program (such as antivirus). Cyber criminals use rogueware to harvest data from their victims or to trick them intro paying money. Often, rogueware also includes adware functions, which adds a burden and a potential risk to the infected PC.
Role Based Access Control
Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
Root cause analysis
This is the process used to identify the root causes for certain security risks in an organization. This must be done with the utmost attention to detail and by maintaining an objective perspective.
Rootkit
A collection of tools (programs) that a hacker uses to mask intrusion and obtain administratorlevel access to a computer or computer network. For example, rookit malware is capable of covering up the fact that a PC has been compromised. By gaining administrator rights on the affected PC (through exploits or social engineering), attackers can maintain the infection for a long time and are notoriously difficult to remove.
Safeguards
This refers to a set of protection measures that have to meet an information system’s core security requirements, in order to ensure confidentiality, integrity, and availability. This includes everything from employee security to ensuring the safety of physical structures and devices, to management limitations and more.
Scareware
This is a type of malware (or rogueware) that employs social engineering to intimidate and confuse the victims through shock, anxiety, fear and time reistrictions. The objective is to maliciously persuade the victims into buying unwanted software. The software could be rogue security software, ransomware or other type of malware. For example, malicious actors often try to manipulate users that their computer is infected with a virus and that the only way to get rid of it is to pay for, download and install a fake antivirus, which, of course, turns out to be the malware itself.
Scavenging
This is the action of trying to find confidential or sensitive data by searching through a system’s data residue.
Security Policy
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Security controls
This is a set of safeguards designed to avoid and mitigate the impact of cyber security risks that an organization has.
Session Hijacking
Take over a session that someone else has established.
Session Key
In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
Security impact analysis
An organization should always conduct a security impact analysis to determine if certain changes to the information systems have influenced and impacted its security state.
Security requirements
Security requirements are derived from multiple sources and make up for the security necessities of an information system, in order to ensure confidentiality, integrity, and availability of the information that’s managed, transmitted or stored in the system. The sources for security requirements can be legislation, directives, policies, standards, best practices, regulations, procedures or other business necessities.
Sensitive information
This type of information is defined by the fact that not everyone can access it. Sensitive information is data that is confidential for a certain category of users, who can view, access and use this data. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.
Signature
In cyber security, a signature is an identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. For example, traditional antivirus solutions can spot, block and remove malware based on their signature, when the antivirussees that a piece of software on your PC matched the signature of a malicious software stored in their database.
Skimming
Skimming happens when a malicious actor uses a tag reader in an unauthorized manner, in order to collect information about a person’s tag. The victim never knows or accepts to be skimmed. For example, card skimming is an illegal practice which consists of the illegal collection of data from a card’s magnetic stripe. This information can then be copied onto a blank card’s magnetic stripe and used by malicious actors to make purchases and withdraw cash in the name of the victim.
Smurf
The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
Sniffer
A sniffer is a tool used to monitor traffic over a network. It can be used legitimately, to detect issues with the data flow. But it can also be used by malicious actors, to harvest data that’s transmitted over a network.
Social engineering
A euphemism for non-technical or low-technology means – such as lies, impersonation, tricks, bribes, blackmail, and threats – used to attack information systems.
Spam
Spam is made up of unsolicited emails or other types of messages sent over the Internet. Spam is often used to spread malware and phishing, which is why you should never open, reply to or download attachments from spam messages. Spam cam come your way in the form of emails, instant messages, comments, etc.
Spam filtering software
This is a type of program which can analyse emails and other types of messages (i.e. instant messages) to weed out spam. If spam filtering software decides to categorize a message as spam, it’ll probably move that message to a dedicated folder.
Spear phishing
Spear phishing is a cyber-attack that aims to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective, because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.
Spillage
Information spillage happen when data is moved from a safe, protected system to another system, which is less secure. This can happen to all types of data, from health information to financial or personal data. If the system the data is moved to is less secure, people who should not have access to this information may be able to access it.
Spoofing (Email)
This is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.
Spy-phishing
This is a type of malware that employs tactics found in both phishing and spyware. By combining these cyber threats, spy-phishing is capable of downloading applications that can run silently on the victim’s system. When the victims open a specific URL, the malware will collect the data the victim puts into that website and send it to a malicious location (like a web server). This technique is used to extend the duration of the phishing attack, even after the phishing website has been taken down.
Spyware
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals, so it can be used in consequent cyber-attacks.
SQL injection
This is a tactic that used code injection to attack applications which are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.
SSL / Secure Sockets Layer
SSL comes from Secure Sockets Layer, which is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https) and users should avoid inputting their data in websites that don’t use SSL.
Stealware
This is a type of malware which is capable of transferring data or money to a third, malicious party. This type of malware usually targets affiliate transactions. It then uses an HTTP cookie to redirect the commission earned by an affiliate marketer to an unauthorized third party.
Strong authentication
This is a specific requirement that calls for employing multiple authentication factors from different categories and sophisticated technology to verify an entity’s identity. Dynamic passwords, digital certificates, protocols and other authentication elements are part of strong authentication standards. This is especially applied in banking and financial services, where access to an account has to be tied to a real person or an organization.
Supply chain attack
This type of attack aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cyber criminals often manipulate with hardware or software during the manufacturing stage to implant rootkits or tie in hardware-based spying elements. Attackers can later use these implants to attack the organization they’re after.
Suppression measure
This can be any action or device used to reduce the security risks in an information system. This is part of the risk mitigation process, aimed at minimizing the security risks of an organization or information system.
Suspicious files and behavior
Suspicious behavior is identified when files exhibit an unusual behavior pattern. For example, if files start copying themselves to a system folder, this might be a sign that those file have been compromised by malware. Traditional antivirus solutions incorporate this type of detection to spot and block malware.
Symmetric cryptography
A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Symmetric key
A symmetric key is a cryptographic key that is used in a symmetric cryptographic algorithm.
System administrator / Sysadmin
The sysadmin, how it’s also called, is a person in charge of all the technical aspects of an information system. This includes aspects related to configuration, maintenance, ensuring reliability and the necessary resources for the system to run at optimal parameters while respecting a budget and more.
System integrity
This state defines an information system which is able to perform its dedicated functions at optimal parameters, without intrusion or manipulation (either intended or not).
Tampering
The intentional activity of modifying the way an information system works, in order to force it to execute unauthorized actions.
Targeted threat
Targeted threats are singled out because of their focus: they are usually directed at a specific organization or industry. These threats are also designed to extract sensitive information from the target, so cyber criminals take a long time to prepare these threats. They are carefully documented, so the chances for successful compromise can be as big as possible. Targeted threats are delivered via email (phishing, vishing, etc.), they employ Zero Days and other vulnerabilities to penetrate an information system, and many more. Government and financial organizations are the most frequent targets for this type of cyber threats.
Threat
In cyber security, a threat is a possible security violation that can become certainty if the right context, capabilities, actions and events unfold. If a threat becomes reality, it can cause a security breach or additional damages.
Threat Actor
Synonym(s): Threat Agent
Threat agent
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Threat analysis
This refers to the process of examining the sources of cyber threats and evaluating them in relation to the information system’s vulnerabilities. In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Threat assessment
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Threat event
A threat event is defined as a potentially harmful situation for an information system that can have unwanted consequences.
Threat model
A threat model is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network.
Threat monitoring
Threat monitoring is a continuous process. During this process, security audits and other information in this category are gathered, analysed and reviewed to see if certain events in the information system could endanger the system’s security.
Threat scenario
A threat scenario draws information from all available resources and focuses on three key elements: Vulnerabilities, Threats and Impact. This helps associate a specific cyber threat to one or more threat sources and establish priorities.
Threat shifting
It is the process of adapting protection measures in response to cyber attackers’ everchanging tactics. Countermeasures must be constantly updated to meet the challenges posed by polymorphic malware.
Threat source
Threat source refers to the objective and method used by cyber attackers to exploit a security vulnerability or a certain context in order to compromise an information system. Triggering a system vulnerability may happen accidentally or on purpose.
Time-dependent password
This type of password can be either valid for a limited amount of time or it can be valid for use during a specific interval in a day. Time-dependent passwords are most often generated by an application and are part of the two-factor or multi-factor authentication mechanisms.
Token
In security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found under the form of a key fob, a USB, an ID card or a smart card.
TOR (The Onion Router)
Free software designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.
Triple wrapped
Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple wrapped.
Tracking cookie
This type of cookies are places on users’ computers during web browsing sessions. Their purpose is to collect data about the user’s browsing preferences on a specific website, so they can then deliver targeted advertising or to improve the user’s experience on that website by delivering customized information.
Traffic analysis
During this process, the traffic on a network is intercepted, examined and reviews in order to determine traffic patterns, volumes and extract relevant statistics about it. This data is necessary to improve the network’s performance, security and general management.
Traffic Encryption Key (TEK)
This is a term specific to network security, which depicts the key used to encrypt the traffic within a network.
Trojan (Trojan horse)
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Trojans can be used to spy on a user’s activity (web browsing, computer activity, etc.), to collect and harvest ensitive data, to delete files, to download more malware onto the PC and more.
Typhoid adware
This is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, nonencrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is malware or a phishing attack.
Unauthorized access
When someone gains unauthorized access, it means that they’ve illegally or illegitimately accessed protected or sensitive information without permission.
Unauthorized disclosure
This happens when sensitive, private information is communicated or exposed to parties who are not authorized to access the data.
URL injection
A URL (or link) injection is when a cybercriminal created new pages on a website owned by someone else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website’s web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated WordPress or plugins.
Virtual Private Network / VPN
A VPN, short for Virtual Private Network, uses the Internet public infrastructure to connect to a private network. VPNs are usually created and owned by corporations. By using encryption and other security means, a VPN will hide your online activity from attackers and offer extra shield when you want to safely navigate online.
Virus
Virus is a malicious program usually attached to a legitimate or harmless program. When the program runs, the virus gets executed and performs activities that harm infected machines and their data. A virus can copy itself and spread to other files.
Virus hoax
A computer virus hoax is a message that warns about a non-existent computer virus threat. This is usually transmitted via email and tells the recipients to forward it to everyone they know. Computer hoaxes are usually harmless, but their intent is not innocent, since they exploit lack of knowledge, concern or ability to investigate before aking the action describedin the hoax.
Vishing
Vishing (short for Voice over IP phishing) is a form of phishing performed over the telephone or voice over IP (VoIP) technology, such as Skype. Unsuspecting victims are duped into revealing sensitive or personal information via telephone calls, VoIP calls or even voice mail.
Vulnerability
A vulnerability, also known as a security vulnerability, is a flow or error in a software or operating system that can let hackers take control of the affected machine and use it for illegal activities. Vulnerabilities have to solved as soon as they are discovered, before a cybercriminal takes advantage and exploits them.
Web bug
A web bug, also called a web beacon or pixel tag, is a small, transparent GIF image, usually not bigger than 1 pixel. It’s embedded in an email or webpage and is usually used in connection with cookies. Web bugs are designed to monitor your activity and they load when you open an email or visit a website. Most common uses are marketing-related: for email tracking (to see if readers are opening the emails they receive, when they open them), web analytics (to see how many people visited a website), advertisement statistics (to find out how often an ad appears or is being viewed), IP addresses gathering, type of browser used.
Website Spoofing
Website spoofing refers to creating a fake site that looks exactly like a trusted and popular website, in order to collect personal or financial information from users. Spoofed websites are created using legitimate logos, colors, designs, etc., to make them look realistic.
Whale Phishing
Whale phishing is a campaign that is aimed particularly at wealthier individuals. It is also known as whaling.
Whitehat hacker
Also known as ethical hackers, they uses their abilities to identify security weaknesses in systems in a way that will allow the system’s owners to fix the weakness.
Whitelist
A list of entities that are considered trustworthy and are granted access or privileges.
Worm
A worm is a stand-alone malware that can self-replicate itself. Unlike a virus, it does not require a ‘host program’ to attach itself to. It spreads by placing its functional copies in email attachments, instant messages, networks, flash drives, etc. A worm can be used to distribute Trojans, viruses, spam, phishing emails, and other forms of malware. Worms may also include “payloads” that damage host computers, commonly designed to steal data, delete files, send documents via email or install backdoors.
Zero Day
A Zero Day or Zero Hour attack are attacks that use vulnerabilities in computer software that cyber criminals have discovered and software makers have not patched (because they weren’t aware that those vulnerabilities exist). These are often exploited by cyber attackers before the software or security companies become aware of them. Sometimes, Zero Days are discovered by security vendors or researchers and kept private until the company patches the vulnerabilities
Zero Day virus / malware
A Zero Day virus, also known as Zero Day malware, is a computer virus, Trojan horse or other malware, previously unknown by the software maker or by traditional antivirus producers. This means the vulnerability is also undisclosed publicly, though it might be known and quietly exploited by cyber attackers. Because it’s not known yet, this means patches and antivirus software signatures are not yet available for it and there is little protection against an attack.
Zero-Day attack
A Zero Day (or Zero Hour or Day Zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero Day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer finds out about the vulnerability
Zombie
A zombie refers to a computer that has been taken over by a hacker. Hackers usually create a large group of zombie computers called botnet, to launch their attacks. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers or launch of DoS (Denial of Service) attacks, with the owner being unaware of it.