Cyber Security Terms & Definitions
Cybersecurity – The practice of protecting computer systems, networks, and sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction.
Malware – Any software designed to harm or exploit a computer system, including viruses, worms, Trojans, spyware, and adware.
Phishing – A social engineering technique used to trick people into revealing sensitive information, such as passwords, usernames, or credit card numbers, by posing as a trustworthy entity in an electronic communication.
Social engineering – The use of psychological manipulation or deception to trick individuals into divulging confidential information or performing actions that would compromise their security.
Encryption – The process of converting plaintext data into a coded form, known as ciphertext, to protect it from unauthorized access.
Firewall – A software or hardware-based network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules.
Two-factor authentication – A security mechanism that requires two forms of identification to access a system or application, typically a password and a secondary verification method, such as a fingerprint or security token.
Vulnerability – A weakness or flaw in a system, network, or application that can be exploited by an attacker to compromise the security of the system or steal sensitive data.
Patching – The process of applying software updates or fixes to address security vulnerabilities or bugs in a system or application.
Incident response – The process of identifying, investigating, and responding to security incidents, such as cyber attacks or data breaches, to minimize the impact on an organization.
Risk assessment – The process of identifying potential security risks and evaluating their likelihood and potential impact on an organization’s operations, assets, and reputation.
Access control – The process of restricting access to resources, systems, or applications based on the principle of least privilege to prevent unauthorized access and reduce the risk of data breaches.
Data classification – The process of categorizing data based on its level of sensitivity, value, or regulatory requirements to determine the appropriate level of protection and access control.
Incident reporting – The process of reporting security incidents or potential security incidents to the appropriate internal or external stakeholders to enable timely response and remediation.
Security awareness – The practice of educating employees, customers, or other stakeholders about cybersecurity risks and best practices to improve their security awareness and behavior.
Authentication – The process of verifying the identity of a user or system by requiring proof of identity, such as a password, biometric data, or security token.
Authorization – The process of granting or denying access to a resource, system, or application based on the user’s identity, role, or privileges.
Incident management – The process of managing and resolving security incidents, including containment, eradication, recovery, and follow-up activities.
Digital forensics – The process of collecting, analyzing, and preserving digital evidence to support an investigation into a security incident or cybercrime.
Network segmentation – The process of dividing a network into smaller, isolated segments to improve security and limit the potential impact of a security breach.
Data loss prevention – The process of preventing sensitive data from being leaked or stolen by unauthorized users or systems, through policies, controls, and monitoring.
Penetration testing – The process of testing a system or network for vulnerabilities by simulating an attack, to identify weaknesses and prioritize remediation efforts.
Security controls – The technical or administrative measures implemented to reduce the risk of security incidents, such as access controls, encryption, logging, and monitoring.
Threat intelligence – The information collected and analyzed to identify potential threats, vulnerabilities, and attack patterns, to inform proactive security measures and incident response.
Incident response plan – A documented plan outlining the steps to be taken in response to a security incident, including roles and responsibilities, communication protocols, and remediation actions.
Disaster recovery – The process of restoring critical systems and data after a catastrophic event, such as a natural disaster or cyber attack, to minimize business disruption and data loss.
Compliance – The process of adhering to regulatory requirements, industry standards, or internal policies related to security, privacy, and data protection.
Social media policy – A set of guidelines and restrictions governing the use of social media by employees, to reduce the risk of data breaches, reputational damage, or legal liabilities.
Risk management – The process of identifying, assessing, and prioritizing risks to an organization’s assets, operations, and reputation, and implementing appropriate risk mitigation measures.
Cloud security – The practice of securing data and applications stored in cloud environments, through measures such as encryption, access controls, and monitoring.
Zero trust – A security model that assumes no implicit trust based on a user’s location or identity, and requires continuous verification of user access and behavior.
Endpoint security – The practice of securing endpoints, such as laptops, desktops, and mobile devices, from cyber threats, through measures such as anti-virus software, firewalls, and access controls.
Secure coding – The practice of writing software code that is free of vulnerabilities and adheres to secure coding principles, to reduce the risk of exploitation by attackers.
Supply chain security – The practice of securing the supply chain, including third-party vendors and suppliers, to reduce the risk of cyber attacks and data breaches.
Threat hunting – The process of actively searching for threats and potential security breaches, through manual or automated techniques, to detect and prevent attacks.
Red teaming – The process of simulating a real-world attack by a skilled adversary, to test and improve an organization’s security defenses and incident response capabilities.
Security information and event management (SIEM) – A system that aggregates and analyzes security event data from multiple sources, to detect and respond to security incidents.
Identity and access management (IAM) – The practice of managing user identities and access to systems, applications, and data, to ensure proper authentication and authorization.
Multifactor authentication – A security mechanism that requires two or more forms of identification to access a system or application, to improve security beyond traditional passwords.
Data privacy – The practice of protecting personal or sensitive data from unauthorized access or disclosure, in compliance with legal or regulatory requirements.
Network security – The practice of securing a network from cyber threats, through measures such as firewalls, intrusion detection systems, and monitoring.
Incident escalation – The process of escalating a security incident to higher-level management or security teams, based on predefined criteria or severity levels.
Business continuity – The practice of maintaining critical business operations during and after a disruptive event, such as a natural disaster or cyber attack, through measures such as backup and recovery plans.
Cyber insurance – Insurance policies that provide coverage for financial losses and liabilities related to cyber incidents, such as data breaches or business interruption.
Security culture – The values, beliefs, and behaviors that promote a culture of security within an organization, through training, awareness, and accountability.