The ABC of Cybersecurity
Welcome to the world of cybersecurity, where every byte of information is valuable and every click of a mouse could potentially expose you to a variety of cyber threats. With the ever-increasing use of technology in our daily lives, cybersecurity has become more important than ever before. From securing personal information to protecting sensitive business data, the world of cybersecurity has evolved to encompass a vast array of concepts, tools, and techniques.
However, with this evolution comes a complex and technical jargon that can be difficult to understand. To empower you with the necessary knowledge to navigate the complex world of cybersecurity, we have compiled a glossary of the most frequently used terms and phrases. So, buckle up and get ready to dive into the world of cybersecurity, one term at a time.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
Access Control | The practice of regulating and controlling access to resources or data within a system. |
Access Control List (ACL) | A list of permissions that determines which users or processes can access specific resources or data within a system. |
Access Point (AP) | A device that allows devices to connect to a wireless network. |
Account Management | The process of creating, maintaining, and terminating user accounts in a system. |
Accountability | The principle that individuals or organizations are responsible for their actions and can be held liable for any negative consequences resulting from those actions. |
Accreditation | The process of assessing the security of a system or network to determine if it meets specific security standards. |
Accredited | A system or network that has been evaluated and certified to meet specific security standards. |
Active Learning | A learning approach that involves learners actively participating in the learning process, often through interactive or hands-on activities. |
Ad Hoc Network | A temporary network that is set up for a specific purpose or duration, often without the need for a centralized infrastructure. |
Adaptive Testing | A testing approach that adjusts the difficulty level of questions based on the test taker’s responses. |
Administrative Account | A user account with elevated privileges that allow users to perform administrative tasks on a system or network. |
Advanced Encryption Standard (AES) | A widely-used encryption algorithm for securing data. |
Advanced Persistent Threats (APT) | A sophisticated, targeted cyber attack that typically involves multiple stages and is aimed at stealing sensitive information or disrupting critical systems. |
Advisory | A warning or recommendation issued by a security organization or vendor regarding a specific security threat or vulnerability. |
Alert | A notification that is triggered when a security event or condition occurs. |
Allow List | A list of authorized entities or actions that are allowed to access specific resources or data. |
Anti-Malware Software | Software designed to detect and remove malware (malicious software) from a system. |
Anti-Virus Software | Software designed to detect and remove viruses (a type of malware) from a system. |
Applicant | An individual who applies for a job or position. |
Application | Software or program designed to perform specific functions or tasks. |
Apprenticeship | A training program that combines on-the-job training with classroom instruction. |
Approved | A process or action that has been reviewed and authorized to meet specific security standards. |
Asset | Any resource, system, or data that is valuable to an organization. |
Associate | An employee who has a lower-level position and less responsibility than other employees. |
Asymmetric Cryptography | A type of encryption that uses two different keys (public and private) to encrypt and decrypt data. |
Attack Signature | A unique pattern or behavior associated with a specific type of cyber attack. |
Audit | A systematic review of a system or process to assess its compliance with specific standards or requirements. |
Audit Log | A record of all actions or events occurring within a system that is relevant to auditing or security. |
Audit Trail | A chronological record of all actions or events occurring within a system that is relevant to auditing or security. |
Authentication | The process of verifying the identity of a user or device attempting to access a system or network. |
Availability | The principle that resources or data should be accessible and usable by authorized users when needed. |
B
Back Door | A secret method of accessing a system or network that bypasses normal authentication and security measures. |
Backup | A copy of data or system configurations that can be used to restore the original data or configurations in the event of a disaster or system failure. |
Baselining | The process of establishing a baseline for normal system or network behavior, which can be used to detect anomalies or deviations from normal behavior. |
Bastion Host | A highly secure server or device that is placed at the edge of a network to protect it from attacks. |
Biometric | A physical or behavioral characteristic used for authentication, such as fingerprints or facial recognition. |
Black Box Testing | A testing approach that treats the system or application as a black box, testing only the inputs and outputs without examining the internal workings. |
Blacklist | A list of entities or actions that are prohibited or blocked from accessing specific resources or data. |
Block Cipher Algorithm | An encryption algorithm that divides data into blocks and encrypts each block separately. |
Block List | A list of entities or actions that are blocked or prohibited from accessing specific resources or data. |
Blue Team | A group responsible for defending a system or network against attacks. |
Bootcamp | An intensive training program, often in a military-style environment, that is designed to quickly develop skills or knowledge. |
Boundary | A physical or logical boundary that separates one system or network from another. |
Brute Force Attack | A cyber attack that involves trying every possible password or encryption key until the correct one is found. |
Buffer Overflow | A type of cyber attack that occurs when more data is written to a buffer than it can hold, causing the excess data to overflow into adjacent memory locations. |
Business Continuity Plan (BCP) | A plan that outlines the procedures and protocols to be followed in the event of a disaster or system failure, to ensure business operations can continue. |
Business Impact Analysis (BIA) | An assessment of the potential impact that a disruption or disaster could have on business operations and the organization as a whole. |
C
Candidate | A person who is being considered for a job or position. |
Career Pathway | A series of jobs or positions that can be pursued within a specific industry or profession. |
Certificate Management | The process of creating, distributing, and managing digital certificates used for authentication and encryption. |
Certificate Revocation List (CRL) | A list of digital certificates that have been revoked by the issuing certification authority. |
Certification | A process by which a person or organization is recognized as having met certain standards or requirements. |
Certification Authority (CA) | A list of digital certificates that have been revoked by the issuing certification authority. |
Certified | A person or organization that has been recognized as having met certain standards or requirements. |
Chain of Evidence | The documentation and preservation of evidence in a manner that ensures its integrity and admissibility in a court of law. |
Challenge-Response | A security mechanism used to authenticate a user or device by sending a challenge that requires a specific response, which is calculated using a secret key or algorithm. |
Charitable Incorporated Organisation | A type of UK charitable organization that provides limited liability protection to its trustees and members. |
Chartered | A formal document that outlines the purpose, principles, policies, and structure of an organization or institution. |
Chartered Status | The status of an individual or organization that has been granted a formal recognition of professional competence and integrity by a chartered body or institution. |
Checksum | A value that is calculated from a digital file or data stream to verify its integrity and detect any errors or corruption during transmission or storage. |
Chief Information Officer (CIO) | A senior executive responsible for overseeing the information technology and digital strategies of an organization. |
Chief Information Security Officer (CISO) | A senior executive responsible for overseeing the information security and risk management programs of an organization. |
Chief Technology Officer (CTO) | A senior executive responsible for overseeing the technology and innovation strategies of an organization. |
CIA | An acronym that stands for Confidentiality, Integrity, and Availability, which are the three key objectives of information security. |
Cipher | A mathematical algorithm or code used to encrypt or decrypt information for secure communication or storage. |
Cipher Text | The result of encrypting plain text using a cipher algorithm or key. |
Classified Information | Sensitive information that is designated as confidential, secret, or top secret based on its level of sensitivity and potential impact on national security. |
Clear Text | Plain, unencrypted text that is readable and understandable by humans or machines. |
Clearance | A security status granted to an individual or organization that allows them access to classified information or restricted areas based on a background investigation and clearance process. |
Cloud Computing | A model of delivering computing resources and services over the internet on a pay-per-use basis, instead of on-premise infrastructure. |
Code of Conduct (CoC) | A set of ethical principles and guidelines that govern the behavior and actions of individuals or organizations in a specific industry or profession. |
Code of Ethics | A set of ethical principles and standards that govern the behavior and actions of individuals or organizations in a specific profession or field. |
Collaborative Learning | A learning approach that involves groups of individuals working together to achieve a common goal, share knowledge and skills, and solve problems. |
Collision | A situation in cryptography where two different input values produce the same output value in a hash function, which can compromise the integrity and security of the algorithm. |
Commitment | A pledge or promise to uphold certain values, principles, or obligations, often used in the context of information security policies and procedures. |
Company Limited by Guarantee | A type of UK company structure used by non-profit organizations that provides limited liability protection to its members and trustees. |
Common Vulnerability Scoring System (CVSS) | A framework used to assess and prioritize the severity of security vulnerabilities based on their potential impact and exploitability. |
Competence | The ability, knowledge, skills, and experience required to perform a specific task, function, or role. |
Competency | The ability to apply knowledge, skills, and experience to achieve desired outcomes or results in a specific field or profession. |
Competency-Based Training | A training approach that focuses on developing specific competencies or skills required for |
Competency-Based Training | A type of training that focuses on developing the practical skills and knowledge needed to perform specific job functions or tasks. |
Compliance | The process of adhering to established laws, regulations, and policies to ensure that an organization operates in a legal and ethical manner. |
Compromise | A security incident in which an attacker gains unauthorized access to a system or network and obtains sensitive or confidential information. |
Computer Emergency Response Team (CERT) | A team of experts responsible for responding to and resolving cybersecurity incidents. |
Computer Incident Response Team (CIRT) | A team of experts responsible for detecting, investigating, and responding to cybersecurity incidents. |
Computer-Based Training (CBT) | A type of training that uses computer technology and multimedia to deliver educational content. |
Configuration Management | The process of managing and maintaining the configuration of hardware, software, and network components to ensure that they function properly and meet organizational requirements. |
Conflict of Interest | A situation in which an individual or organization has competing interests or loyalties that may compromise their ability to make impartial decisions. |
Contamination | The process of introducing malware or other malicious software into a system or network. |
Contextualised Standard | A set of standards or guidelines that are tailored to the specific needs and requirements of an organization. |
Continuing Professional Development (CPD) | The process of maintaining and improving professional skills and knowledge through ongoing education and training. |
Continuous Professional Development (CPD) | See Continuing Professional Development (CPD). |
Cookie | A small piece of data stored on a user's computer by a website, used to track user activity and preferences. |
Countermeasure | A defensive measure or action taken to protect against a potential threat or attack. |
Critical National Infrastructure (CNI) | The essential infrastructure and systems that are vital to the functioning of a country, such as energy, transportation, and telecommunications. |
Cross Certificate | A digital certificate that is issued by one Certificate Authority (CA) to another CA to establish trust between them. |
Cross Site Scripting (XSS) | A type of web-based attack in which an attacker injects malicious code into a web page viewed by other users. |
Cryptanalysis | The process of analyzing and breaking cryptographic algorithms to discover their weaknesses or vulnerabilities. |
Cryptographic Key | A code or password used in cryptographic algorithms to encrypt and decrypt data. |
Cryptographic Strength | The level of security provided by a cryptographic algorithm, typically measured in the number of bits used in the encryption key. |
Cryptography | The practice of using mathematical algorithms and principles to encrypt and protect sensitive data. |
CSQF | The Cyber Security Qualifications Framework, a framework for the development and recognition of cyber security qualifications. |
CSQF Endorsed | A designation for a qualification that has been reviewed and endorsed by the Cyber Security Qualifications Framework. |
CSQF Recognised | A designation for a qualification that has been recognized as meeting the standards of the Cyber Security Qualifications Framework. |
Cyber Security | The practice of protecting computer systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction. |
Cyber Security Incident Response Team (CSIRT) | See Computer Emergency Response Team (CERT). |
Cyber Security Incident Response Team (CSIRT) | A group of trained individuals within an organization who are responsible for responding to and managing cyber security incidents. |
Cyber Security Profession | A profession that focuses on protecting computer systems, networks, and digital assets from unauthorized access, theft, damage, or disruption. |
Cyber Security Qualifications Framework (CSQF) | A framework that provides a set of standards and qualifications for cyber security professionals. |
Cybersecurity | The state or process of protecting computer systems, networks, and digital assets from unauthorized access, theft, damage, or disruption. |
CyBOK | The Cyber Security Body of Knowledge, a comprehensive guide that provides an overview of the knowledge and skills required to work in the field of cyber security. |
Cyclic Redundancy Check (CRC) | A type of error-detecting code commonly used in digital networks and storage devices to detect accidental changes to data. |
D
Demilitarised Zone (DMZ) | A network security arrangement that provides a buffer between an internal network and an external network, typically the internet. |
Denial of Service | A cyber attack that aims to disrupt the normal functioning of a website or network, typically by flooding it with traffic or requests. |
DevSecOps | An approach to software development that emphasizes integrating security into the development process from the outset. |
Digital Signature | An electronic signature that is used to authenticate the identity of the sender of a digital message or document, and to indicate that the sender has approved the content of the message or document. |
Disaster Recovery Plan (DRP) | A plan that outlines the procedures that an organization will follow in the event of a major disaster, such as a fire, flood, or cyber attack, in order to restore its operations as quickly and efficiently as possible. |
Discipline | A set of rules and procedures that are designed to ensure that employees follow best practices and comply with organizational policies and standards. |
Disk Imaging | The process of creating a copy of the entire contents of a hard drive or other storage device, including the operating system, applications, and data. |
Distributed Denial of Service (DDoS) | A type of denial-of-service attack in which multiple compromised systems are used to launch a coordinated attack on a single target, typically a website or network. |
Diversity | The practice of promoting and valuing differences among people, including differences in race, gender, ethnicity, age, religion, and sexual orientation. |
E
Easter Egg | Hidden content, message, or feature in a software, game, or website. |
Eavesdropping Attack | Intercepting and listening to private communication without authorization. |
Egress Filtering | Restricting outgoing network traffic to prevent unauthorized access or data leaks. |
eLearning | Learning delivered through electronic technology, often over the internet. |
Elliptic Curve Algorithm | A mathematical algorithm used in cryptography for generating public and private keys. |
Elliptic Curve Cryptography (ECC) | A public key cryptography system that uses elliptic curve algorithms for encryption. |
Encrypt | The process of converting plaintext into ciphertext to secure communication. |
Encryption Algorithm | A mathematical algorithm used for encrypting and decrypting data in cryptography. |
Escrow | A third-party account that holds funds or assets until a specific condition or obligation is met. |
Ethics Committee | A group of individuals responsible for promoting ethical standards and practices within an organization. |
Event | An occurrence that is of significance to the security of an information system. |
Evidence-based training | A training approach that uses research and empirical evidence to design effective training programs. |
Examination | An assessment or test to evaluate an individual's knowledge, skills, or abilities. |
Exemplifying Qualification | A qualification that demonstrates a high level of competence in a specific area. |
External Audit | An independent assessment of an organization's financial, operational, or security controls by an outside party. |
Extranet | A private network that provides secure access to specific external users, such as partners or customers. |
F
Failover | The process of switching to a backup system or component in the event of a failure in the primary system to minimize downtime and maintain continuity of operations. |
False Positive | A result or alert that is generated by a security system or tool indicating a threat or attack that is actually not present. |
Fermat's Last Theorem | A mathematical theorem that was famously unsolved for over 350 years until it was finally proven in 1994. |
Firewall | A security system or device that monitors and controls incoming and outgoing network traffic based on predetermined security rules to prevent unauthorized access or attacks. |
Firmware | A type of software that is embedded into hardware components such as routers, printers, or mobile devices to provide low-level control and functionality. |
Flaw | A weakness or vulnerability in a system or application that can be exploited by attackers to compromise the system. |
Forensic Copy | A bit-for-bit copy of digital data or storage media that is created for the purpose of investigation or analysis without altering the original data. |
Forensics | The process of collecting, analyzing, and preserving digital evidence to investigate and reconstruct events related to a security incident or crime. |
Formal Proof | A mathematical proof that is based on a rigorous, logical, and systematic approach to demonstrate the truth or validity of a theorem or proposition. |
Functional Testing | Functional Testing is a type of software testing that verifies the functionality and behavior of an application or system by testing each of its features and functions. |
G
Graduated security | Graduated security refers to the layered approach of implementing various security measures to protect a system or network, with each layer providing an additional level of security to mitigate risks and threats. |
H
Hacker | An individual who uses technical skills and knowledge to gain unauthorized access to computer systems or networks for malicious purposes or personal gain. |
Hardening | The process of securing a computer system or network by eliminating potential vulnerabilities and weaknesses through various security measures and configurations. |
Hash Function | A mathematical function that converts data of arbitrary size into a fixed-size output, typically used for data integrity and authentication purposes. |
High Availability | The ability of a computer system or network to provide uninterrupted service and minimal downtime, often achieved through redundancy and failover mechanisms. |
Honeypot | A decoy system or network designed to lure attackers and gather information about their tactics and techniques. |
Host Intrusion Prevention System (HIPS) | A type of intrusion prevention system that is installed on individual hosts or endpoints to monitor and block potential threats or attacks. |
Hybrid Instructor-Led Training | A type of training or education that combines elements of both traditional classroom instruction and online or digital learning. |
I
Impact | The effect that an incident or event has on an organization's operations, assets, or reputation. |
Inadvertent Disclosure | The accidental or unintentional release of sensitive or confidential information to an unauthorized party. |
Incident | Any event or occurrence that could potentially harm an organization's assets, operations, or reputation. |
Incident Response Plan (IRP) | A documented and structured plan for responding to and managing cybersecurity incidents. |
Inclusion | The practice of including individuals with diverse backgrounds and perspectives in decision-making processes or activities. |
Industrial Control System (ICS) | A type of computer system used to manage and control industrial processes and critical infrastructure. |
Information Owner | The individual or group that is responsible for the accuracy, completeness, and security of a particular set of information or data. |
Information Security | The protection of information assets from unauthorized access, use, disclosure, modification, or destruction. |
Information Security Architect | An individual responsible for designing and implementing information security solutions and systems within an organization. |
Information Sharing | The practice of exchanging information or intelligence related to cybersecurity threats or incidents between organizations or entities. |
Inside Threat | A security threat that originates from within an organization, such as a current or former employee or contractor. |
Instructor-Led Training | A form of training or education in which an instructor leads a class or session and provides instruction and feedback to learners. |
Integrity | The quality of information or data being complete, accurate, and consistent over time and across different systems or platforms. |
Intellectual Property (IP) | Intangible assets, such as patents, copyrights, and trademarks, that are protected under law and are owned by an individual or organization. |
Internal Audit | An independent and objective evaluation of an organization's internal controls, processes, and procedures to ensure compliance and identify potential risks or weaknesses. |
Internal Network | A private network within an organization that is used for internal communication and data exchange. |
Internal Security Testing | The process of testing an organization's internal systems and networks to identify vulnerabilities and weaknesses that could be exploited by attackers. |
Internet | A global network of interconnected computers and devices that allows for communication and information exchange. |
Internet Protocol (IP) | A protocol that governs the transmission of data over the internet or other networks. |
Intranet | A private network within an organization that is used for internal communication and collaboration. |
Intrusion | An unauthorized attempt to access, exploit, or compromise a computer system or network. |
Intrusion Detection System (IDS) | A system that monitors network traffic and alerts administrators to potential security threats or attacks. |
Intrusion Prevention System (IPS) | A system that monitors network traffic and actively blocks or prevents potential security threats or attacks. |
IP Security (IPSec) | A protocol used to secure internet protocol (IP) communication by encrypting data packets. |
Issue | A problem or concern that needs to be addressed or resolved within an organization or system. |
IT Security Policy | A formal document that outlines an organization's policies, procedures, and guidelines for information technology security. |
J
Jamming | Jamming is a type of cyberattack that involves the intentional interference of wireless signals in order to disrupt communication. |
K
Kerberos | A network authentication protocol used to verify the identity of users and devices in a networked environment. |
Key | A string of characters or values used to encrypt or decrypt data in a cryptographic system. |
Key Escrow | A process where a copy of a cryptographic key is held by a third party, such as a government agency, in case it is needed for legal or security reasons. |
Key Escrow | A type of malware that records keystrokes made on a keyboard, often used to steal sensitive information such as login credentials or financial data. |
L
Least Privilege | A security principle that ensures that users or processes are only given the minimum access privileges necessary to perform their tasks. |
Licensed Body | An organization that has been granted the legal right to issue licenses or certifications for a particular field or profession. |
Licensee | A person or entity that has been granted the legal right to use a particular software or technology under the terms of a license agreement. |
Link Encryption | A type of encryption that protects data as it is transmitted between two devices or systems over a network. |
Local Area Network (LAN) | A network that connects devices and computers within a limited geographic area, such as a home, office, or school. |
Logic Bomb | A type of malware that is designed to activate when certain conditions are met, such as a specific date or time, and can cause damage or disruption to a system or network. |
M
Macro Virus | A type of computer virus that infects macro-enabled documents, such as those created in Microsoft Office. |
Malicious Code | Any code or software that is designed to harm a computer system, steal data, or gain unauthorized access. |
Malware | Any software that is designed to harm a computer system, steal data, or gain unauthorized access. This includes viruses, Trojans, and other types of malicious code. |
Man-in-the-middle (MitM) Attack | A type of cyberattack where an attacker intercepts communications between two parties to eavesdrop, steal data, or manipulate the conversation. |
Manual Key Transport | A method of securely transferring encryption keys between parties by physically transporting them. |
Media | Any device or means used to store or transmit information, including hard drives, USB drives, and network devices. |
Member | A user who has been granted access to a system or network. |
Membership Level | The level of access and privileges granted to a user within a system or network. |
Message Digest | A fixed-length, unique representation of a message or data set that is used for authentication, verification, or encryption purposes. |
Message Digest 5 (MD5) | A widely used cryptographic hash function that produces a 128-bit hash value. |
Metrics | Quantitative measures used to evaluate the effectiveness of a security program, such as the number of successful attacks prevented or the time taken to detect and respond to a breach. |
Mission Critical | Refers to systems, applications, or data that are essential to an organization's operations and whose loss or compromise would have a significant impact on the organization's ability to function. |
Multi-Factor Authentication (MFA) | A security method that requires users to provide two or more types of authentication, such as a password and a fingerprint scan, to access a system or network. |
Multilevel Security (MLS) | A security model that provides varying levels of access and control based on the sensitivity of the data being accessed. |
Mutual Authentication | A security method where both parties in a communication exchange verify each other's identities before proceeding. |
Mutual Suspicion | A state of distrust or suspicion between two parties in a communication exchange, where each party assumes the other is a potential threat. |
N
Need-To-Know | The principle of providing access to sensitive information only to those individuals who require it to perform their job functions. |
Network | A group of interconnected computers and other devices that can communicate with each other to share resources and information. |
Network Admission Control (NAC) | A security technology that enforces compliance of devices before granting access to a network. |
Network Resilience | The ability of a network to maintain its functions and services despite cyber-attacks, hardware or software failures, and other disruptions. |
Network Sniffing | The process of intercepting and capturing network traffic to monitor and analyze network communication. |
O
On-Demand Learning | A type of learning in which the learner can access the course materials at their convenience and pace. |
One Time Pad (OTP) | A cryptographic technique that uses a random key only once for encrypting and decrypting a message. |
One-Way Hash Function | A mathematical function that converts data of arbitrary size into a fixed-size output, which is practically impossible to reverse. |
Online Instructor-Led Training | A type of learning in which the instructor delivers the course through an online platform, and learners can participate and interact in real time. |
Operations Security (OpSec) | A process of identifying, analyzing, and protecting critical information, systems, and activities from adversaries. |
Outside Threat | A potential threat that originates from outside the organization, such as hackers, malware, or other external entities. |
Over-The-Air (OTA) | A method of wirelessly transmitting software updates, configuration changes, or other data to mobile devices, IoT devices, or other systems. |
P
Packet Filter | A security mechanism that monitors and filters incoming and outgoing network traffic based on predetermined security rules. |
Packet Sniffer | A program or device that intercepts and logs network traffic for analysis. |
Passive Attack | An attack on a system that does not involve any active attempts to penetrate or damage the system. |
Password | A secret code used to authenticate and grant access to a system or service. |
Password Generator | A software tool that creates strong and random passwords. |
Password Protected | A system or resource that requires a password for access. |
Patch | A software update that addresses security vulnerabilities or software bugs. |
Patch Management | The process of applying patches to software or systems to keep them up-to-date and secure. |
Peer Review | A process of evaluating and critiquing work by colleagues in the same field or profession. |
Penetration Testing | A method of assessing the security of a system or network by simulating an attack. |
Perimeter | The boundary between a secure internal network and the untrusted external network. |
Personal Data | Any information that can identify an individual, such as name, address, or date of birth. |
Personal Firewall | A firewall that runs on an individual's computer and protects it from external threats. |
Personal Identification Number (PIN) | A numeric code used to authenticate a user's identity. |
Personally Identifiable Information (PII) | Information that can be used to identify an individual, such as name, social security number, or date of birth. |
Phishing | A social engineering technique used to trick individuals into providing sensitive information, such as usernames and passwords. |
Physically Isolated Network | A network that is completely isolated from other networks, often used for sensitive or classified information. |
Plain Text | Data that is not encrypted and can be easily read by anyone. |
Port Scanning | The process of scanning a network to identify open ports and potential vulnerabilities. |
Portable Electronic Device (PED) | A mobile device, such as a smartphone or tablet, that can store and transmit data. |
Portal | A website or application that provides access to information, resources, or services. |
Practitioner | An individual who practices or works in a particular field or profession. |
Privacy | The right to control access to personal information. |
Private Key | A secret code used in public key cryptography to decrypt encrypted data. |
Privilege | The level of access and control granted to a user or program. |
Profession | A type of work that requires specialized education, training, and skills. |
Professional | An individual who is trained and skilled in a particular profession. |
Professional Development | The ongoing process of improving skills and knowledge in a particular profession. |
Professional Registration | The process of obtaining professional recognition and credentials in a particular field or profession. |
Professionalism | The conduct, skills, and values associated with a particular profession. |
Proficiency | The level of skill and knowledge in a particular area or field. |
Promiscuous Mode | A network interface mode that allows the interface to receive all network traffic, including traffic that is not intended for the interface. |
Protocol | A set of rules and standards for communication between devices or systems. |
Proxy | An intermediary server that acts as a gateway between a client and a server. |
Pseudorandom Number Generator (PRNG) | A software algorithm that generates a sequence of random-looking numbers. |
Psychometrics | The study of psychological measurements, such as intelligence or personality. |
Public Domain Software | Software that is not copyrighted and can be used and distributed freely. |
Public Key | A code used in public key cryptography to encrypt data. |
Public Key Cryptography | A method of encryption that uses two keys, a public key and a private key, for secure communication. |
Q
Qualifications Directory | A comprehensive database of recognized qualifications that can be used to verify the status of a specific qualification. |
Qualifications Framework | A framework that provides a structured approach to the development, accreditation, assessment, and recognition of qualifications. |
Quarantine | A security measure that isolates potentially harmful files, software, or devices from the rest of the system or network to prevent the spread of malware or other security threats. |
R
Radio Frequency Identification (RFID) | A wireless technology that uses radio waves to identify and track objects. |
Random Number Generator (RNG) | A computer program or hardware device that generates random numbers for use in encryption and other security-related functions. |
Read Access | The ability to view or retrieve information stored in a computer system or network. |
Recognized Standard | A set of guidelines, principles, or requirements that have been formally recognized or approved by a recognized authority or industry body. |
Recovery Point Objective (RPO) | The maximum amount of data loss that an organization is willing to tolerate in the event of a disaster. |
Recovery Procedures | The steps and processes that an organization follows to restore its IT systems and operations after a disaster or other disruptive event. |
Recovery Time Objective (RTO) | The maximum amount of time that an organization is willing to tolerate for the recovery of its IT systems and operations after a disaster or other disruptive event. |
Red Team | A group of security professionals who simulate attacks on an organization's systems and infrastructure to identify vulnerabilities and weaknesses. |
Register | A database or system that contains information about individuals, devices, or other entities that are authorized to access a system or network. |
Registrant | An individual or entity that has registered with a particular system or network to gain authorized access. |
Registration | The process of providing identifying information to a system or network to gain authorized access. |
Regulation | A legal or administrative rule or requirement that organizations must follow to ensure compliance with specific security, privacy, or other standards. |
Remediation | The process of correcting or mitigating security vulnerabilities or weaknesses in a system or network. |
Remote Access | The ability to access a computer system or network from a remote location, typically through the internet or a virtual private network (VPN). |
Remote Learning | The delivery of education or training content to students or employees who are not physically present in a classroom or training facility. |
Remote Maintenance | The ability to manage and maintain computer systems or network devices from a remote location. |
Removable Media | Any type of physical storage device that can be easily removed from a computer or other devices, such as USB drives or external hard drives. |
Replay Attacks | An attack in which an attacker intercepts and retransmits data that has been previously captured to gain unauthorized access to a system or network. |
Residual Risk | The level of risk that remains after security controls and other mitigating factors have been put in place. |
Resilience | The ability of a system or organization to withstand and recover from a disruptive event, such as a cyber attack or natural disaster. |
Revalidation | The process of reviewing and verifying the effectiveness of security controls and other measures regularly. |
Risk | The potential for loss, damage, or harm to an organization's assets or operations due to a security incident or other threat. |
Risk Assessment | The process of identifying and evaluating potential security risks and vulnerabilities in an organization's systems, processes, and operations. |
Risk Mitigation | The process of reducing or eliminating potential security risks and vulnerabilities in an organization's systems, processes, and operations. |
Risk Tolerance | The level of risk that an organization is willing to accept to achieve its business objectives. |
Rogue Device | A device that has been connected to a network without authorization or approval, and may pose a security risk. |
Role-Based Access Control (RBAC) | A security model that restricts access to system resources based on the role or job function of the user. |
Root Cause Analysis (RCA) | The process of identifying the underlying cause of a security incident or other problem, to prevent it from happening again in the future. |
Rootkit | A type of malicious software that is designed to hide its presence and activity on a system or network. |
Royal Charter | A Royal Charter is a formal document issued by a monarch granting certain rights and privileges to a person or organization. |
S
Salt | A cryptographic technique that adds a random value to the input of a hash function to prevent attackers from using precomputed tables to determine the original input. |
Sandboxing | A security mechanism used to isolate a software application or process from the rest of the system to prevent it from accessing or modifying sensitive data or resources. |
Sanitization | The process of removing or masking sensitive information from a document or data set to protect it from unauthorized disclosure. |
Secure Hash Algorithm (SHA) | A family of cryptographic hash functions used to generate fixed-size, unique message digests of input data. |
Secure Socket Layer (SSL) | A deprecated protocol used for establishing secure, encrypted connections over the internet. It has been replaced by Transport Layer Security (TLS). |
Secure Software Development Life Cycle (S-SDLC) | A process used to develop software applications with security as a top priority at every stage of the development life cycle. |
Security | The state of being protected against unauthorized access, use, disclosure, disruption, modification, or destruction of data or systems. |
Security Assertion Markup Language (SAML) | An XML-based standard used for exchanging authentication and authorization data between different security domains. |
Security Incident | An event that potentially compromises the confidentiality, integrity, or availability of an information system or the information it processes, stores, or transmits. |
Security Information and Event Management (SIEM) | A software solution that collects and analyzes security-related data from various sources to detect and respond to security threats. |
Security Policy | A set of rules, guidelines, and procedures that define the security requirements, responsibilities, and practices of an organization or system. |
Security Posture | The overall security status of an organization or system, including its security policies, procedures, controls, and technologies. |
Self-Paced Learning | A mode of learning in which students can learn at their own pace and on their schedule, without the need for a live instructor or a fixed class schedule. |
Self-Regulatory Body | An organization that establishes and enforces standards, best practices, or codes of conduct for a particular industry, profession, or technology. |
Semi-Quantitative Assessment | An assessment that combines qualitative and quantitative methods to evaluate the likelihood and impact of security threats or risks. |
Sensitive Information | Information that, if disclosed, could result in harm, embarrassment, or liability to an individual, organization, or government. |
Service Level Agreement (SLA) | A contract that specifies the level of service, availability, and performance that a service provider will deliver to its customers. |
Short Message Service (SMS) | A messaging service used to send and receive text messages on mobile devices. |
Skills | The ability to perform a task or activity effectively, based on knowledge, experience, and practice. |
Skills Gap | A mismatch between the skills that employers need and the skills that job seekers or employees possess. |
Smishing | A type of social engineering attack that uses text messages or SMS to trick users into revealing sensitive information or downloading malware. |
Sniffer | A software or hardware tool used to intercept and analyze network traffic for troubleshooting, security, or monitoring purposes. |
Social Engineering | The use of psychological manipulation, deception, or trickery to exploit human vulnerabilities and gain unauthorized access to information or systems. |
Software Development Life Cycle (SDLC) | The process used to design, develop, test, and deploy software applications. |
Spam | Unsolicited and unwanted email messages, often sent in bulk, to advertise or promote products, services, or scams. |
Specialism | A particular area of expertise, knowledge, or skill within a larger field or profession. |
Specification | A detailed description of the functional and technical requirements of a system or software application. |
Split Brain | A condition in which two or more nodes in a distributed system lose connectivity and start operating independently, potentially leading to data inconsistency or other issues. |
Split Tunnelling | A networking concept where a single VPN connection is divided into two or more separate tunnels, allowing some traffic to bypass the VPN while the rest is encrypted. |
Spoofing | A technique used by attackers to disguise themselves as a trustworthy source to gain unauthorized access or steal sensitive information. |
Standard | A set of guidelines or specifications established by an authority or industry group to ensure consistency and quality in a particular area. |
Static Key | A cryptographic key that remains the same throughout the communication process and is shared between parties to encrypt and decrypt data. |
Steganography | A technique used to hide a message within another file or image in such a way that it is not detectable by normal means. |
Supervisory Control and Data Acquisition (SCADA) | A type of industrial control system used to monitor and control equipment in critical infrastructure sectors such as energy, water, and transportation. |
System Administrator | A professional responsible for managing and maintaining the computer systems and networks of an organization. |
System Development Life Cycle (SDLC) | A process used to design, develop, and maintain information systems in a structured and systematic manner. |
T
Tabletop Exercise | A simulation or role-playing exercise that allows participants to practice responding to simulated cybersecurity incidents in a safe and controlled environment. |
Telecommunication | The transmission of data and information over a distance, typically using electronic or digital means. |
Threat | Any potential danger or harm that could result from a cybersecurity attack, including attacks on computer systems, networks, or data. |
Threat Analysis | The process of identifying and assessing potential cybersecurity threats, vulnerabilities, and risks to an organization or system. |
Time Bomb | A type of malware that is designed to activate or execute a malicious payload at a specific date or time. |
Transport Layer Security (TLS) | A cryptographic protocol used to secure communications over the internet and other networks. |
Trap Door | A hidden or secret entry point in a computer system that can be used to bypass security measures and gain unauthorized access. |
Triple DES (3DES) | A symmetric-key encryption algorithm used to encrypt sensitive data and communications. |
Trojan Horse | A type of malware that disguises itself as a legitimate program or file, but is assigned to perform malicious actions on the infected system. |
Trusted Certificate | A digital certificate issued by a trusted third party that verifies the authenticity of a website or other online resource. |
Tunneling | The process of encapsulating one network protocol within another, typically to allow secure communication over an unsecured network. |
Two-Factor Authentication (2FA) | A security process that requires users to provide two forms of identification or authentication to access a system or resource. |
U
User | A person who interacts with a computer system or software application to perform tasks or access information. |
V
Validation | The process of ensuring that data or information is accurate, complete, and conforms to a specified standard or requirement. |
Virtual Machine (VM) | A virtualized operating system or application environment that runs on top of a host computer system, allowing multiple operating systems or applications to run on a single physical machine. |
Virtual Private Network (VPN) | A secure connection that allows remote users to securely access private networks over the internet. |
Virus | Malicious software that is designed to replicate itself and spread from one computer system to another, often causing damage to the infected systems. |
Vulnerability | A weakness or flaw in a computer system, network, or application that can be exploited by attackers to gain unauthorized access, steal data, or cause damage. |
W
Warm Site | A backup data center or facility that can be used as an alternative in the event of a disaster or system failure. |
Web Application Firewall (WAF) | A type of firewall that is specifically designed to protect web applications from attacks. |
Web Filtering Software | Software that is designed to monitor and control access to websites and other online content. |
White Box Testing | A type of software testing that involves examining the internal workings of an application, usually with access to the source code. |
Whitelist | A list of trusted entities or programs that are granted access to a system or network. |
Wi-Fi Protected Access (WPA) | A security protocol used to protect wireless networks from unauthorized access. |
Wired Equivalent Privacy (WEP) | An older security protocol used to protect wireless networks from unauthorized access, which has been largely superseded by newer and more secure protocols. |
Wireless Access Point | A device that allows wireless devices to connect to a wired network. |
Wireless Application Protocol (WAP) | A protocol used to access information and services on the internet using mobile devices. |
Wireless Local Area Network (WLAN) | A type of wireless network that allows devices to connect to a local network or the internet without the need for physical cables. |
Worm | A type of malware that is designed to replicate itself and spread to other systems or networks. |
X
X.509 | It is an ITU-T standard that defines the format of public key certificates, which are used for authentication, encryption, and digital signatures in public key cryptography. |