List of Common Terms Used in IT, Cybersecurity, and General Computing

Access Control

The means and mechanisms of managing access to and use of resources by users. 

 

Administrator

A person who is responsible for managing a computer system or network.

 

Adversary

An adversary is a process, user or device that possesses a threat to the network.

 

Adware

Computer advertising software that may or may not monitor computer use to 

target ads. 

 

Anti-Virus (Anti-Malware)

A security program designed to monitor a system for malicious software.

 

App Attack

An app attack occurs when a user unknowingly installs a harmful app on their tablet or smartphone and the app in turn steals their personal data.

 

APT (Advanced Persistent Threat)

A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation.

 

Attack

An attack is an action with malicious intention to interrupt the operations of a network or steal the data, etc.

 

Attack Mechanism

An attack mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target.

 

Attack Vector

An attack vector is a means and ways by which an attacker gains entry into the target system. Attackers mainly use the human element or the weak links to gain such access.

 

Authentication 

The process of proving an individual is a claimed identity.

 

Authorization

The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system.

 

Availability

Timely, reliable access to data, information, and systems by authorized users.

 

Backdoor

A backdoor or trapdoor is a process to gain unauthorized access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.

 

Backup

Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution.

 

Blacklist 

A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software.

 

Botnet

A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system's resources in order to perform illicit or criminal actions.

 

Brute Force Attack

A brute force attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion.

 

Bug

An error or mistake in software coding or hardware design or construction.

 

Cloud Computing 

A means to offer computing services to the public or for internal use through remote services.

 

Confidentiality

Restrictions placed on information access and disclosure, including means for 

protecting personal privacy and proprietary information. 

 

Cryptography

The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation.

 

Cyberattack 

Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets.

 

Cyber Crime

Criminal offenses committed on the internet or aided by the use of computer technology.

 

Cyber Ecosystem

The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet.

 

Cyber Espionage

The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information.

 

Cyber Insurance

Insurance that is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.

 

Cybersecurity

The efforts to design, implement, and maintain security for an organization's network, which is connected to the Internet.

 

Cyber Teams

Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization.

 

Cyberwarfare

Cyber warfare is virtual warfare waged online over the internet to weaken or harm the financial systems of an organization by stealing private and personal information available online on websites, etc.

 

Database

A database is a systematic collection and organization of data by individuals or organizations so that it can be easily stored, retrieved, and edited for future use.

 

Data Breach

The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment.

 

Data Integrity

A security benefit that verifies data is unmodified and therefore original, complete and intact.

 

Data Mining

The activity of analyzing and/or searching through data in order to find items of relevance, significance or value.

 

Data Theft

The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event.

 

DDoS (Distributed Denial of Service) Attack

An attack which attempts to block access to and use of a resource.

 

Decrypt

The act which transforms ciphertext (i.e. the unintelligible and seemingly random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form.

 

Detonation Chamber

Also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator (URL) requests in the safety of an isolated environment or virtualized sandbox. These protected and isolated execution environments provide a means of determining whether the associated attachments/applications contain malicious code.

 

DLP (Data Loss Prevention)

A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen. Data leakage occurs when copies of data are possessed by unauthorized entities.

 

Digital Certificate

A digital certificate is a piece of information that guarantees that the sender is verified, genuine and that he is the person who he claims to be. Otherwise known as public key information, digital certificate issued by certificate authority, helps exchange information over the internet in a safe and secure manner.

 

Digital Signature

A digital signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be, and that the information he sent out is first- hand, without any alterations. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.

 

Disaster

A sudden event, catastrophe caused by the forces of nature or by a human error that results in serious damages to nature, society, human life, and property. Disaster in a business or commercial sense disables an enterprise from delivering the essential tasks for a specified period; for organizations disasters may result in loss of resources, assets, including data.

 

Disruption

A disruption is an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).

 

DOS (Denial of Service)

An attack that attempts to block access to and use of a resource. It is a violation of availability.

 

Drive-by-Download

A security incident that occurs when a user unknowingly visits an infected/compromised website and malware is downloaded and installed without their knowledge.

 

Eavesdropping

The act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears).

 

EDR (Endpoint Detection and Response)

An endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

 

Electronic Signature

An electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature.

 

Encrypt

A process used to convert simple readable data known as plain text to unreadable data known as ciphertext which can only be converted to plain text (decrypt) if the user knows the encryption key.

 

Encryption Key

The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process.

Endpoint

An endpoint is a remote computing device that communicates back and forth with a network to which it is connected.

 

Exploit

An exploit is taking advantage of a weakness or a flaw in the system to intrude or attack it.

 

Extended Detection and Response (XDR)

SaaS tool that offers holistic, optimized security by integrating security products and data into simplified solutions. XDR security presents a more efficient, proactive solution. In contrast to systems like endpoint detection and response (EDR), XDR broadens the scope of security, integrating protection across a wider range of products, including an organization’s endpoints, servers, cloud applications, emails, and more. XDR combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats

 

False Positive

A false positive is an alert that incorrectly indicates that malicious activity is occurring.

 

Firewall

A security tool, which may be a hardware or software solution that is used to filter network traffic.

 

Freeware

Freeware is an application, program, or software available for use at no cost.

 

Hacker

A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities.

 

Hacktivism

Attackers who hack for a cause or belief rather than some form of personal gain.

 

Hardware

Hardware is the physical component of an information system. See also software and firmware.

 

Honeypot

A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems.

 

Hub

A common connection point for devices in a network. Hubs commonly are used to pass data from one device (or network segment) to another.

 

Identity Fraud

A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual.

 

Identity Theft

Crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, often for economic gain.

 

Incident

An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident.

 

Information Security 

The process that ensures the protection of information and information systems 

from unauthorized access, use, disclosure, disruption, modification or destruction. 

 

Integrity

A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored.

 

Intrusion Detection 

The act of detecting actions that attempt to compromise the confidentiality, 

integrity or availability of a resource. 

 

IP Address

A unique address that identifies a device on the internet or a local network. IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via the internet or local network.

 

ISP (Internet Service Provider)

The organization that provides connectivity to the Internet for individuals or companies.

 

Keylogging 

The action of recording (logging) the keys struck on a keyboard, typically 

covertly, so that the person using the keyboard is unaware that their actions are 

being monitored. Often secretly downloaded by malware, keylogging enables the 

theft of usernames and passwords among other things.

 

Mac Address

A media access control address (mac address) is also known as the physical address and is a unique identifier assigned to the network interface for communication.

 

Malware 

Refers to malicious software (malware) programs designed to damage or perform 

other unwanted actions on a computer system. Examples of malware are viruses, 

worms, Trojan horses, and spyware.

 

 

Management Safeguards 

The security safeguards or countermeasures for an information system that focus 

on the management of risk and the management of information system security. 

 

MDR (Managed Detection and Response)

Cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response.

 

MSP (Managed Service Provider)

A third-party company that remotely manages a customer's information technology, infrastructure and end-user systems. Small and medium-sized businesses, nonprofits and government agencies hire MSPs to perform a defined set of day-to-day management services. These services may include network and infrastructure management, security and monitoring.

 

MSSP (Managed Security Service Provider)

MSSPs offer network security services to an organization. As a third party, an MSSP can alleviate the strain on IT teams, as well as free up crucial time the organization needs to support and expand operations.

 

Multi-factor Authentication 

A security system that requires returning users to enter more than just credentials 

(username and password) to access an account or device, such as two-factor or 

three-factor authentication. 

 

Network

An information system implemented with a collection of interconnected components such as computers, routers, hubs, cabling, and telecommunications controllers.

 

Network Segmentation

Splitting a network into sub-networks, for example, by creating separate areas on the network which are protected by firewalls configured to reject unnecessary traffic. Network segmentation minimizes the harm of malware and other threats by isolating it to a limited part of the network.8

 

NIST Cybersecurity Framework

A widely used, risk-based approach to managing cybersecurity composed of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Cybersecurity Framework includes references to standards, guidelines, and best practices. The Framework is voluntary for private sector use; federal agencies must use this risk management approach.

 

Operational Safeguards 

Security for an information system that is primarily implemented and executed by 

people rather than by a system. 

 

Operating System

The software “master control application” that runs a computer or electronic device.

 

Patch

An update or change or an operating system or application. A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities.

 

Patch Management

The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications.

 

Payload

The cargo information within a data transmission. Normally the part of a malware program that performs a malicious action.

 

Penetration (Pen) Testing

A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts. This is an advanced form of security assessment that should only be used by environments with a mature security infrastructure.

 

Personally Identifiable Information (PII)

Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).

 

Phishing 

An attempt by an individual or group to solicit personal information from 

unsuspecting users by employing social engineering techniques. Phishing emails 

are crafted to appear as if they have been sent from a legitimate organization or 

known individual. These emails often attempt to entice users to click on a link 

that will take the user to a fraudulent website that appears legitimate.

 

Polymorphic Viruses

‘Poly’ refers to many and ‘morphic’ refers to forms. Therefore as the name suggests, a polymorphic virus is a complicated computer virus that changes its form as it propagates to avoid detection by antivirus. It is a self-encrypting virus that pairs a mutation engine along with a self-propagating program code.

 

Port

A port is an end point of communication in an operating system. It is identified for each address and protocol by a 16-bit number, commonly known as the port number.

 

Privacy

Digital privacy is more than the security of personal information. It also covers the processing of information about individuals for a business’ operational purposes throughout the information lifecycle (from collection through disposal) and addressing risks that this processing could create for these individuals. These problems could range from embarrassment, discrimination, or loss of autonomy to more tangible harms such as identity theft or physical harm.

 

Ransomware 

A type of malicious software, or malware, designed to block access to a 

computer system until a ransom is paid. Ransomware is typically spread through 

phishing emails or by unknowingly visiting an infected website.

 

Remote Access

Access to an organization’s information system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet).

 

Restore

The process of returning a system back to a state of normalcy.

 

Risk

The extent to which an entity is threatened by a potential circumstance or event. Risk typically is a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Information system-related security risks arise from the loss of confidentiality, integrity, or availability of information or information systems. These risks reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.

 

Risk Assessment 

The process of identifying risks and determining the probability of occurrence, 

the resulting impact and additional security controls that would mitigate this 

impact. 

 

Risk Management 

The process of managing risks through risk assessment; cost-benefit analysis; 

the selection, implementation, and assessment of security controls; and the 

formal authorization to operate the system. The process includes consideration 

of effectiveness, efficiency and constraints due to laws, directives, policies, or 

regulations. 

 

Rootkit

A rootkit is a type of malicious software that is activated each time the system boots up. Rootkits are difficult to detect as they are activated before your system’s operating system has completely booted up.

 

Router

A device that allows communication between different networks. Routers determine the best path for forwarding data to its destination.

 

SaaS (Software-as-a-Service)

A type of cloud computing service where the provider offers the customer the ability to use a provided application.

 

Safeguard 

Protective measures prescribed to meet the security requirements specified for 

an information system. Safeguards may include security features, management 

constraints, personnel security and security of physical structures, areas, and 

devices. 

 

Sandboxing

A means of isolating applications, code or entire operating systems in order to perform testing or evaluation.

 

Security Controls 

Safeguards designed to protect the confidentiality, integrity and availability of a 

system and its information. 

 

Security Plan 

Formal document that provides an overview of the security requirements for the 

information system and describes the security controls in place or planned for 

meeting those requirements. 

 

Server

A server is a computer entity or a machine that waits for requests from other machines or software (clients) and responds to them. The purpose of a server is to share data or hardware and software resources among clients.

 

Social Engineering 

The manipulation of people into performing actions such as deviating from 

standard security practices or divulging confidential information that give 

attackers access to systems or confidential information.

 

Social Media

Forms of electronic communications, including websites and applications, that enable users to create and share content or to participate in social networking.

 

Spam

Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

 

Spear Phishing 

Phishing attempts directed at specific individuals or companies; attackers may 

gather personal information about their target to increase their probability of 

success. This technique is by far the most successful on the Internet today, 

accounting for 91% of attacks

 

Spyware 

Software installed into an information system to gather information on individuals 

or organizations without their knowledge. 

 

SQL Injection

Sql injection is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative sql statements are inserted into an entry field for execution.

 

Syslog

A syslog is a widely used standard for message logging facility in unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.

 

Tamper

Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services.

 

Tech Support Scams

A security exploit in which scammers call, place alarming pop-up messages on a computer, offer free “security” scans, or set up fake websites to convince someone that his/her computer is infected or has a problem. The scammers then ask to be paid to fix the non-existent problem.

 

Technical Safeguards 

Controls for a system that are primarily implemented and executed by the 

information system through mechanisms contained in the hardware, software or 

firmware components of the system. 

 

Threat 

Any circumstance or event with the potential to adversely impact operations, 

assets or individuals through an information system via unauthorized access, 

destruction, disclosure, modification of information and/or denial of service. 

 

Threat Assessment

The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization.

 

Trojan Horse 

A form of malware where a malicious payload is embedded inside of a benign host file. The victim is tricked into believing that the only file being retrieved is the viewable benign host. However, when the victim uses the host file, the malicious payload is automatically deposited onto their computer system.

 

Two-Factor Authentication (2FA)

The means of proving identity using two authentication factors, usually considered stronger than any single factor authentication. A form of multi-factor authentication. Valid factors for authentication include Type 1: Something you know such as passwords and PINs; Type 2: Something you have such as smart cards or OTP (One Time Password) devices; and Type 3: Someone you are such as fingerprints or retina scans (aka biometrics).

 

Unauthorized Access

Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system.

 

User

A user is any person, organization entity, or automated process that accesses a system, whether authorized to do so or not. Users generally use a system or a software product without the technical expertise required to fully understand it.

 

Virus 

A computer program used to compromise a computer system by performing 

functions that may be destructive. A virus may alter other programs to include a 

copy of itself and execute when the host program or other executable component 

is executed. 

 

Vishing

A form of phishing attack which takes place over VoIP. In this attack, the attacker uses VoIP systems to be able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity.

 

VPN (Virtual Private Network)

A communication link between systems or networks that is typically encrypted in order to provide a secured, private, isolated pathway of communications.

 

Vulnerability 

Weakness in a system through procedures, internal controls or implementation that 

could be exploited or triggered by a threat source.

 

Watering Hole Attack

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

 

Whitelist

A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the approved software. Any code that is not on the list, whether benign or malicious, will not be able to execute on the protected system. (See blacklist.)

 

Wiping

Overwriting media (like a hard drive) or portions of media to hinder reconstruction of the data.

 

Worm 

A computer program used to compromise a computer system by impacting 

performance. A worm can travel from computer to computer across network 

connections replicating itself.

 

Zero Day Attacks

An attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.