The ABC of Cybersecurity

Welcome to the world of cybersecurity, where every byte of information is valuable and every click of a mouse could potentially expose you to a variety of cyber threats. With the ever-increasing use of technology in our daily lives, cybersecurity has become more important than ever before. From securing personal information to protecting sensitive business data, the world of cybersecurity has evolved to encompass a vast array of concepts, tools, and techniques.

However, with this evolution comes a complex and technical jargon that can be difficult to understand. To empower you with the necessary knowledge to navigate the complex world of cybersecurity, we have compiled a glossary of the most frequently used terms and phrases. So, buckle up and get ready to dive into the world of cybersecurity, one term at a time.




Access ControlThe practice of regulating and controlling access to resources or data within a system.
Access Control List (ACL)A list of permissions that determines which users or processes can access specific resources or data within a system.
Access Point (AP)A device that allows devices to connect to a wireless network.
Account ManagementThe process of creating, maintaining, and terminating user accounts in a system.
AccountabilityThe principle that individuals or organizations are responsible for their actions and can be held liable for any negative consequences resulting from those actions.
AccreditationThe process of assessing the security of a system or network to determine if it meets specific security standards.
AccreditedA system or network that has been evaluated and certified to meet specific security standards.
Active LearningA learning approach that involves learners actively participating in the learning process, often through interactive or hands-on activities.
Ad Hoc NetworkA temporary network that is set up for a specific purpose or duration, often without the need for a centralized infrastructure.
Adaptive TestingA testing approach that adjusts the difficulty level of questions based on the test taker’s responses.
Administrative AccountA user account with elevated privileges that allow users to perform administrative tasks on a system or network.
Advanced Encryption Standard (AES)A widely-used encryption algorithm for securing data.
Advanced Persistent Threats (APT)A sophisticated, targeted cyber attack that typically involves multiple stages and is aimed at stealing sensitive information or disrupting critical systems.
AdvisoryA warning or recommendation issued by a security organization or vendor regarding a specific security threat or vulnerability.
AlertA notification that is triggered when a security event or condition occurs.
Allow ListA list of authorized entities or actions that are allowed to access specific resources or data.
Anti-Malware SoftwareSoftware designed to detect and remove malware (malicious software) from a system.
Anti-Virus SoftwareSoftware designed to detect and remove viruses (a type of malware) from a system.
ApplicantAn individual who applies for a job or position.
ApplicationSoftware or program designed to perform specific functions or tasks.
ApprenticeshipA training program that combines on-the-job training with classroom instruction.
ApprovedA process or action that has been reviewed and authorized to meet specific security standards.
AssetAny resource, system, or data that is valuable to an organization.
AssociateAn employee who has a lower-level position and less responsibility than other employees.
Asymmetric CryptographyA type of encryption that uses two different keys (public and private) to encrypt and decrypt data.
Attack SignatureA unique pattern or behavior associated with a specific type of cyber attack.
AuditA systematic review of a system or process to assess its compliance with specific standards or requirements.
Audit LogA record of all actions or events occurring within a system that is relevant to auditing or security.
Audit TrailA chronological record of all actions or events occurring within a system that is relevant to auditing or security.
AuthenticationThe process of verifying the identity of a user or device attempting to access a system or network.
AvailabilityThe principle that resources or data should be accessible and usable by authorized users when needed.


Back DoorA secret method of accessing a system or network that bypasses normal authentication and security measures.
BackupA copy of data or system configurations that can be used to restore the original data or configurations in the event of a disaster or system failure.
BaseliningThe process of establishing a baseline for normal system or network behavior, which can be used to detect anomalies or deviations from normal behavior.
Bastion HostA highly secure server or device that is placed at the edge of a network to protect it from attacks.
BiometricA physical or behavioral characteristic used for authentication, such as fingerprints or facial recognition.
Black Box TestingA testing approach that treats the system or application as a black box, testing only the inputs and outputs without examining the internal workings.
BlacklistA list of entities or actions that are prohibited or blocked from accessing specific resources or data.
Block Cipher AlgorithmAn encryption algorithm that divides data into blocks and encrypts each block separately.
Block ListA list of entities or actions that are blocked or prohibited from accessing specific resources or data.
Blue TeamA group responsible for defending a system or network against attacks.
BootcampAn intensive training program, often in a military-style environment, that is designed to quickly develop skills or knowledge.
BoundaryA physical or logical boundary that separates one system or network from another.
Brute Force AttackA cyber attack that involves trying every possible password or encryption key until the correct one is found.
Buffer OverflowA type of cyber attack that occurs when more data is written to a buffer than it can hold, causing the excess data to overflow into adjacent memory locations.
Business Continuity Plan (BCP)A plan that outlines the procedures and protocols to be followed in the event of a disaster or system failure, to ensure business operations can continue.
Business Impact Analysis (BIA)An assessment of the potential impact that a disruption or disaster could have on business operations and the organization as a whole.


CandidateA person who is being considered for a job or position.
Career PathwayA series of jobs or positions that can be pursued within a specific industry or profession.
Certificate ManagementThe process of creating, distributing, and managing digital certificates used for authentication and encryption.
Certificate Revocation List (CRL)A list of digital certificates that have been revoked by the issuing certification authority.
CertificationA process by which a person or organization is recognized as having met certain standards or requirements.
Certification Authority (CA)A list of digital certificates that have been revoked by the issuing certification authority.
CertifiedA person or organization that has been recognized as having met certain standards or requirements.
Chain of EvidenceThe documentation and preservation of evidence in a manner that ensures its integrity and admissibility in a court of law.
Challenge-ResponseA security mechanism used to authenticate a user or device by sending a challenge that requires a specific response, which is calculated using a secret key or algorithm.
Charitable Incorporated OrganisationA type of UK charitable organization that provides limited liability protection to its trustees and members.
CharteredA formal document that outlines the purpose, principles, policies, and structure of an organization or institution.
Chartered StatusThe status of an individual or organization that has been granted a formal recognition of professional competence and integrity by a chartered body or institution.
ChecksumA value that is calculated from a digital file or data stream to verify its integrity and detect any errors or corruption during transmission or storage.
Chief Information Officer (CIO)A senior executive responsible for overseeing the information technology and digital strategies of an organization.
Chief Information Security Officer (CISO)A senior executive responsible for overseeing the information security and risk management programs of an organization.
Chief Technology Officer (CTO)A senior executive responsible for overseeing the technology and innovation strategies of an organization.
CIAAn acronym that stands for Confidentiality, Integrity, and Availability, which are the three key objectives of information security.
CipherA mathematical algorithm or code used to encrypt or decrypt information for secure communication or storage.
Cipher TextThe result of encrypting plain text using a cipher algorithm or key.
Classified InformationSensitive information that is designated as confidential, secret, or top secret based on its level of sensitivity and potential impact on national security.
Clear TextPlain, unencrypted text that is readable and understandable by humans or machines.
ClearanceA security status granted to an individual or organization that allows them access to classified information or restricted areas based on a background investigation and clearance process.
Cloud ComputingA model of delivering computing resources and services over the internet on a pay-per-use basis, instead of on-premise infrastructure.
Code of Conduct (CoC)A set of ethical principles and guidelines that govern the behavior and actions of individuals or organizations in a specific industry or profession.
Code of EthicsA set of ethical principles and standards that govern the behavior and actions of individuals or organizations in a specific profession or field.
Collaborative LearningA learning approach that involves groups of individuals working together to achieve a common goal, share knowledge and skills, and solve problems.
CollisionA situation in cryptography where two different input values produce the same output value in a hash function, which can compromise the integrity and security of the algorithm.
CommitmentA pledge or promise to uphold certain values, principles, or obligations, often used in the context of information security policies and procedures.
Company Limited by GuaranteeA type of UK company structure used by non-profit organizations that provides limited liability protection to its members and trustees.
Common Vulnerability Scoring System (CVSS)A framework used to assess and prioritize the severity of security vulnerabilities based on their potential impact and exploitability.
CompetenceThe ability, knowledge, skills, and experience required to perform a specific task, function, or role.
CompetencyThe ability to apply knowledge, skills, and experience to achieve desired outcomes or results in a specific field or profession.
Competency-Based TrainingA training approach that focuses on developing specific competencies or skills required for
Competency-Based TrainingA type of training that focuses on developing the practical skills and knowledge needed to perform specific job functions or tasks.
ComplianceThe process of adhering to established laws, regulations, and policies to ensure that an organization operates in a legal and ethical manner.
CompromiseA security incident in which an attacker gains unauthorized access to a system or network and obtains sensitive or confidential information.
Computer Emergency Response Team (CERT)A team of experts responsible for responding to and resolving cybersecurity incidents.
Computer Incident Response Team (CIRT)A team of experts responsible for detecting, investigating, and responding to cybersecurity incidents.
Computer-Based Training (CBT)A type of training that uses computer technology and multimedia to deliver educational content.
Configuration ManagementThe process of managing and maintaining the configuration of hardware, software, and network components to ensure that they function properly and meet organizational requirements.
Conflict of InterestA situation in which an individual or organization has competing interests or loyalties that may compromise their ability to make impartial decisions.
ContaminationThe process of introducing malware or other malicious software into a system or network.
Contextualised StandardA set of standards or guidelines that are tailored to the specific needs and requirements of an organization.
Continuing Professional Development (CPD)The process of maintaining and improving professional skills and knowledge through ongoing education and training.
Continuous Professional Development (CPD)See Continuing Professional Development (CPD).
CookieA small piece of data stored on a user's computer by a website, used to track user activity and preferences.
CountermeasureA defensive measure or action taken to protect against a potential threat or attack.
Critical National Infrastructure (CNI)The essential infrastructure and systems that are vital to the functioning of a country, such as energy, transportation, and telecommunications.
Cross CertificateA digital certificate that is issued by one Certificate Authority (CA) to another CA to establish trust between them.
Cross Site Scripting (XSS)A type of web-based attack in which an attacker injects malicious code into a web page viewed by other users.
CryptanalysisThe process of analyzing and breaking cryptographic algorithms to discover their weaknesses or vulnerabilities.
Cryptographic KeyA code or password used in cryptographic algorithms to encrypt and decrypt data.
Cryptographic StrengthThe level of security provided by a cryptographic algorithm, typically measured in the number of bits used in the encryption key.
CryptographyThe practice of using mathematical algorithms and principles to encrypt and protect sensitive data.
CSQFThe Cyber Security Qualifications Framework, a framework for the development and recognition of cyber security qualifications.
CSQF EndorsedA designation for a qualification that has been reviewed and endorsed by the Cyber Security Qualifications Framework.
CSQF RecognisedA designation for a qualification that has been recognized as meeting the standards of the Cyber Security Qualifications Framework.
Cyber SecurityThe practice of protecting computer systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction.
Cyber Security Incident Response Team (CSIRT)See Computer Emergency Response Team (CERT).
Cyber Security Incident Response Team (CSIRT)A group of trained individuals within an organization who are responsible for responding to and managing cyber security incidents.
Cyber Security ProfessionA profession that focuses on protecting computer systems, networks, and digital assets from unauthorized access, theft, damage, or disruption.
Cyber Security Qualifications Framework (CSQF)A framework that provides a set of standards and qualifications for cyber security professionals.
CybersecurityThe state or process of protecting computer systems, networks, and digital assets from unauthorized access, theft, damage, or disruption.
CyBOKThe Cyber Security Body of Knowledge, a comprehensive guide that provides an overview of the knowledge and skills required to work in the field of cyber security.
Cyclic Redundancy Check (CRC) A type of error-detecting code commonly used in digital networks and storage devices to detect accidental changes to data.


Demilitarised Zone (DMZ)A network security arrangement that provides a buffer between an internal network and an external network, typically the internet.
Denial of ServiceA cyber attack that aims to disrupt the normal functioning of a website or network, typically by flooding it with traffic or requests.
DevSecOpsAn approach to software development that emphasizes integrating security into the development process from the outset.
Digital SignatureAn electronic signature that is used to authenticate the identity of the sender of a digital message or document, and to indicate that the sender has approved the content of the message or document.
Disaster Recovery Plan (DRP)A plan that outlines the procedures that an organization will follow in the event of a major disaster, such as a fire, flood, or cyber attack, in order to restore its operations as quickly and efficiently as possible.
DisciplineA set of rules and procedures that are designed to ensure that employees follow best practices and comply with organizational policies and standards.
Disk ImagingThe process of creating a copy of the entire contents of a hard drive or other storage device, including the operating system, applications, and data.
Distributed Denial of Service (DDoS)A type of denial-of-service attack in which multiple compromised systems are used to launch a coordinated attack on a single target, typically a website or network.
DiversityThe practice of promoting and valuing differences among people, including differences in race, gender, ethnicity, age, religion, and sexual orientation.


Easter EggHidden content, message, or feature in a software, game, or website.
Eavesdropping AttackIntercepting and listening to private communication without authorization.
Egress FilteringRestricting outgoing network traffic to prevent unauthorized access or data leaks.
eLearningLearning delivered through electronic technology, often over the internet.
Elliptic Curve AlgorithmA mathematical algorithm used in cryptography for generating public and private keys.
Elliptic Curve Cryptography (ECC)A public key cryptography system that uses elliptic curve algorithms for encryption.
EncryptThe process of converting plaintext into ciphertext to secure communication.
Encryption AlgorithmA mathematical algorithm used for encrypting and decrypting data in cryptography.
EscrowA third-party account that holds funds or assets until a specific condition or obligation is met.
Ethics CommitteeA group of individuals responsible for promoting ethical standards and practices within an organization.
EventAn occurrence that is of significance to the security of an information system.
Evidence-based trainingA training approach that uses research and empirical evidence to design effective training programs.
ExaminationAn assessment or test to evaluate an individual's knowledge, skills, or abilities.
Exemplifying QualificationA qualification that demonstrates a high level of competence in a specific area.
External AuditAn independent assessment of an organization's financial, operational, or security controls by an outside party.
ExtranetA private network that provides secure access to specific external users, such as partners or customers.


FailoverThe process of switching to a backup system or component in the event of a failure in the primary system to minimize downtime and maintain continuity of operations.
False PositiveA result or alert that is generated by a security system or tool indicating a threat or attack that is actually not present.
Fermat's Last TheoremA mathematical theorem that was famously unsolved for over 350 years until it was finally proven in 1994.
FirewallA security system or device that monitors and controls incoming and outgoing network traffic based on predetermined security rules to prevent unauthorized access or attacks.
FirmwareA type of software that is embedded into hardware components such as routers, printers, or mobile devices to provide low-level control and functionality.
FlawA weakness or vulnerability in a system or application that can be exploited by attackers to compromise the system.
Forensic CopyA bit-for-bit copy of digital data or storage media that is created for the purpose of investigation or analysis without altering the original data.
ForensicsThe process of collecting, analyzing, and preserving digital evidence to investigate and reconstruct events related to a security incident or crime.
Formal ProofA mathematical proof that is based on a rigorous, logical, and systematic approach to demonstrate the truth or validity of a theorem or proposition.
Functional TestingFunctional Testing is a type of software testing that verifies the functionality and behavior of an application or system by testing each of its features and functions.


Graduated securityGraduated security refers to the layered approach of implementing various security measures to protect a system or network, with each layer providing an additional level of security to mitigate risks and threats.


HackerAn individual who uses technical skills and knowledge to gain unauthorized access to computer systems or networks for malicious purposes or personal gain.
HardeningThe process of securing a computer system or network by eliminating potential vulnerabilities and weaknesses through various security measures and configurations.
Hash FunctionA mathematical function that converts data of arbitrary size into a fixed-size output, typically used for data integrity and authentication purposes.
High AvailabilityThe ability of a computer system or network to provide uninterrupted service and minimal downtime, often achieved through redundancy and failover mechanisms.
HoneypotA decoy system or network designed to lure attackers and gather information about their tactics and techniques.
Host Intrusion Prevention System (HIPS)A type of intrusion prevention system that is installed on individual hosts or endpoints to monitor and block potential threats or attacks.
Hybrid Instructor-Led TrainingA type of training or education that combines elements of both traditional classroom instruction and online or digital learning.


ImpactThe effect that an incident or event has on an organization's operations, assets, or reputation.
Inadvertent DisclosureThe accidental or unintentional release of sensitive or confidential information to an unauthorized party.
IncidentAny event or occurrence that could potentially harm an organization's assets, operations, or reputation.
Incident Response Plan (IRP)A documented and structured plan for responding to and managing cybersecurity incidents.
InclusionThe practice of including individuals with diverse backgrounds and perspectives in decision-making processes or activities.
Industrial Control System (ICS)A type of computer system used to manage and control industrial processes and critical infrastructure.
Information OwnerThe individual or group that is responsible for the accuracy, completeness, and security of a particular set of information or data.
Information SecurityThe protection of information assets from unauthorized access, use, disclosure, modification, or destruction.
Information Security ArchitectAn individual responsible for designing and implementing information security solutions and systems within an organization.
Information SharingThe practice of exchanging information or intelligence related to cybersecurity threats or incidents between organizations or entities.
Inside ThreatA security threat that originates from within an organization, such as a current or former employee or contractor.
Instructor-Led TrainingA form of training or education in which an instructor leads a class or session and provides instruction and feedback to learners.
IntegrityThe quality of information or data being complete, accurate, and consistent over time and across different systems or platforms.
Intellectual Property (IP)Intangible assets, such as patents, copyrights, and trademarks, that are protected under law and are owned by an individual or organization.
Internal AuditAn independent and objective evaluation of an organization's internal controls, processes, and procedures to ensure compliance and identify potential risks or weaknesses.
Internal NetworkA private network within an organization that is used for internal communication and data exchange.
Internal Security TestingThe process of testing an organization's internal systems and networks to identify vulnerabilities and weaknesses that could be exploited by attackers.
InternetA global network of interconnected computers and devices that allows for communication and information exchange.
Internet Protocol (IP)A protocol that governs the transmission of data over the internet or other networks.
IntranetA private network within an organization that is used for internal communication and collaboration.
IntrusionAn unauthorized attempt to access, exploit, or compromise a computer system or network.
Intrusion Detection System (IDS)A system that monitors network traffic and alerts administrators to potential security threats or attacks.
Intrusion Prevention System (IPS)A system that monitors network traffic and actively blocks or prevents potential security threats or attacks.
IP Security (IPSec)A protocol used to secure internet protocol (IP) communication by encrypting data packets.
IssueA problem or concern that needs to be addressed or resolved within an organization or system.
IT Security PolicyA formal document that outlines an organization's policies, procedures, and guidelines for information technology security.


JammingJamming is a type of cyberattack that involves the intentional interference of wireless signals in order to disrupt communication.


KerberosA network authentication protocol used to verify the identity of users and devices in a networked environment.
KeyA string of characters or values used to encrypt or decrypt data in a cryptographic system.
Key EscrowA process where a copy of a cryptographic key is held by a third party, such as a government agency, in case it is needed for legal or security reasons.
Key EscrowA type of malware that records keystrokes made on a keyboard, often used to steal sensitive information such as login credentials or financial data.


Least PrivilegeA security principle that ensures that users or processes are only given the minimum access privileges necessary to perform their tasks.
Licensed BodyAn organization that has been granted the legal right to issue licenses or certifications for a particular field or profession.
LicenseeA person or entity that has been granted the legal right to use a particular software or technology under the terms of a license agreement.
Link EncryptionA type of encryption that protects data as it is transmitted between two devices or systems over a network.
Local Area Network (LAN)A network that connects devices and computers within a limited geographic area, such as a home, office, or school.
Logic BombA type of malware that is designed to activate when certain conditions are met, such as a specific date or time, and can cause damage or disruption to a system or network.


Macro VirusA type of computer virus that infects macro-enabled documents, such as those created in Microsoft Office.
Malicious CodeAny code or software that is designed to harm a computer system, steal data, or gain unauthorized access.
MalwareAny software that is designed to harm a computer system, steal data, or gain unauthorized access. This includes viruses, Trojans, and other types of malicious code.
Man-in-the-middle (MitM) AttackA type of cyberattack where an attacker intercepts communications between two parties to eavesdrop, steal data, or manipulate the conversation.
Manual Key TransportA method of securely transferring encryption keys between parties by physically transporting them.
MediaAny device or means used to store or transmit information, including hard drives, USB drives, and network devices.
MemberA user who has been granted access to a system or network.
Membership LevelThe level of access and privileges granted to a user within a system or network.
Message DigestA fixed-length, unique representation of a message or data set that is used for authentication, verification, or encryption purposes.
Message Digest 5 (MD5)A widely used cryptographic hash function that produces a 128-bit hash value.
MetricsQuantitative measures used to evaluate the effectiveness of a security program, such as the number of successful attacks prevented or the time taken to detect and respond to a breach.
Mission CriticalRefers to systems, applications, or data that are essential to an organization's operations and whose loss or compromise would have a significant impact on the organization's ability to function.
Multi-Factor Authentication (MFA)A security method that requires users to provide two or more types of authentication, such as a password and a fingerprint scan, to access a system or network.
Multilevel Security (MLS)A security model that provides varying levels of access and control based on the sensitivity of the data being accessed.
Mutual AuthenticationA security method where both parties in a communication exchange verify each other's identities before proceeding.
Mutual SuspicionA state of distrust or suspicion between two parties in a communication exchange, where each party assumes the other is a potential threat.


Need-To-KnowThe principle of providing access to sensitive information only to those individuals who require it to perform their job functions.
NetworkA group of interconnected computers and other devices that can communicate with each other to share resources and information.
Network Admission Control (NAC)A security technology that enforces compliance of devices before granting access to a network.
Network ResilienceThe ability of a network to maintain its functions and services despite cyber-attacks, hardware or software failures, and other disruptions.
Network SniffingThe process of intercepting and capturing network traffic to monitor and analyze network communication.


On-Demand LearningA type of learning in which the learner can access the course materials at their convenience and pace.
One Time Pad (OTP)A cryptographic technique that uses a random key only once for encrypting and decrypting a message.
One-Way Hash FunctionA mathematical function that converts data of arbitrary size into a fixed-size output, which is practically impossible to reverse.
Online Instructor-Led TrainingA type of learning in which the instructor delivers the course through an online platform, and learners can participate and interact in real time.
Operations Security (OpSec)A process of identifying, analyzing, and protecting critical information, systems, and activities from adversaries.
Outside ThreatA potential threat that originates from outside the organization, such as hackers, malware, or other external entities.
Over-The-Air (OTA)A method of wirelessly transmitting software updates, configuration changes, or other data to mobile devices, IoT devices, or other systems.


Packet FilterA security mechanism that monitors and filters incoming and outgoing network traffic based on predetermined security rules.
Packet SnifferA program or device that intercepts and logs network traffic for analysis.
Passive AttackAn attack on a system that does not involve any active attempts to penetrate or damage the system.
PasswordA secret code used to authenticate and grant access to a system or service.
Password GeneratorA software tool that creates strong and random passwords.
Password ProtectedA system or resource that requires a password for access.
PatchA software update that addresses security vulnerabilities or software bugs.
Patch ManagementThe process of applying patches to software or systems to keep them up-to-date and secure.
Peer ReviewA process of evaluating and critiquing work by colleagues in the same field or profession.
Penetration TestingA method of assessing the security of a system or network by simulating an attack.
PerimeterThe boundary between a secure internal network and the untrusted external network.
Personal DataAny information that can identify an individual, such as name, address, or date of birth.
Personal FirewallA firewall that runs on an individual's computer and protects it from external threats.
Personal Identification Number (PIN)A numeric code used to authenticate a user's identity.
Personally Identifiable Information (PII)Information that can be used to identify an individual, such as name, social security number, or date of birth.
PhishingA social engineering technique used to trick individuals into providing sensitive information, such as usernames and passwords.
Physically Isolated NetworkA network that is completely isolated from other networks, often used for sensitive or classified information.
Plain TextData that is not encrypted and can be easily read by anyone.
Port ScanningThe process of scanning a network to identify open ports and potential vulnerabilities.
Portable Electronic Device (PED)A mobile device, such as a smartphone or tablet, that can store and transmit data.
PortalA website or application that provides access to information, resources, or services.
PractitionerAn individual who practices or works in a particular field or profession.
PrivacyThe right to control access to personal information.
Private KeyA secret code used in public key cryptography to decrypt encrypted data.
PrivilegeThe level of access and control granted to a user or program.
ProfessionA type of work that requires specialized education, training, and skills.
ProfessionalAn individual who is trained and skilled in a particular profession.
Professional DevelopmentThe ongoing process of improving skills and knowledge in a particular profession.
Professional RegistrationThe process of obtaining professional recognition and credentials in a particular field or profession.
ProfessionalismThe conduct, skills, and values associated with a particular profession.
ProficiencyThe level of skill and knowledge in a particular area or field.
Promiscuous ModeA network interface mode that allows the interface to receive all network traffic, including traffic that is not intended for the interface.
ProtocolA set of rules and standards for communication between devices or systems.
ProxyAn intermediary server that acts as a gateway between a client and a server.
Pseudorandom Number Generator (PRNG)A software algorithm that generates a sequence of random-looking numbers.
PsychometricsThe study of psychological measurements, such as intelligence or personality.
Public Domain SoftwareSoftware that is not copyrighted and can be used and distributed freely.
Public KeyA code used in public key cryptography to encrypt data.
Public Key CryptographyA method of encryption that uses two keys, a public key and a private key, for secure communication.


Qualifications DirectoryA comprehensive database of recognized qualifications that can be used to verify the status of a specific qualification.
Qualifications FrameworkA framework that provides a structured approach to the development, accreditation, assessment, and recognition of qualifications.
QuarantineA security measure that isolates potentially harmful files, software, or devices from the rest of the system or network to prevent the spread of malware or other security threats.


Radio Frequency Identification (RFID)A wireless technology that uses radio waves to identify and track objects.
Random Number Generator (RNG)A computer program or hardware device that generates random numbers for use in encryption and other security-related functions.
Read AccessThe ability to view or retrieve information stored in a computer system or network.
Recognized StandardA set of guidelines, principles, or requirements that have been formally recognized or approved by a recognized authority or industry body.
Recovery Point Objective (RPO)The maximum amount of data loss that an organization is willing to tolerate in the event of a disaster.
Recovery ProceduresThe steps and processes that an organization follows to restore its IT systems and operations after a disaster or other disruptive event.
Recovery Time Objective (RTO)The maximum amount of time that an organization is willing to tolerate for the recovery of its IT systems and operations after a disaster or other disruptive event.
Red TeamA group of security professionals who simulate attacks on an organization's systems and infrastructure to identify vulnerabilities and weaknesses.
RegisterA database or system that contains information about individuals, devices, or other entities that are authorized to access a system or network.
RegistrantAn individual or entity that has registered with a particular system or network to gain authorized access.
RegistrationThe process of providing identifying information to a system or network to gain authorized access.
RegulationA legal or administrative rule or requirement that organizations must follow to ensure compliance with specific security, privacy, or other standards.
RemediationThe process of correcting or mitigating security vulnerabilities or weaknesses in a system or network.
Remote AccessThe ability to access a computer system or network from a remote location, typically through the internet or a virtual private network (VPN).
Remote LearningThe delivery of education or training content to students or employees who are not physically present in a classroom or training facility.
Remote MaintenanceThe ability to manage and maintain computer systems or network devices from a remote location.
Removable MediaAny type of physical storage device that can be easily removed from a computer or other devices, such as USB drives or external hard drives.
Replay AttacksAn attack in which an attacker intercepts and retransmits data that has been previously captured to gain unauthorized access to a system or network.
Residual RiskThe level of risk that remains after security controls and other mitigating factors have been put in place.
ResilienceThe ability of a system or organization to withstand and recover from a disruptive event, such as a cyber attack or natural disaster.
RevalidationThe process of reviewing and verifying the effectiveness of security controls and other measures regularly.
RiskThe potential for loss, damage, or harm to an organization's assets or operations due to a security incident or other threat.
Risk AssessmentThe process of identifying and evaluating potential security risks and vulnerabilities in an organization's systems, processes, and operations.
Risk MitigationThe process of reducing or eliminating potential security risks and vulnerabilities in an organization's systems, processes, and operations.
Risk ToleranceThe level of risk that an organization is willing to accept to achieve its business objectives.
Rogue DeviceA device that has been connected to a network without authorization or approval, and may pose a security risk.
Role-Based Access Control (RBAC)A security model that restricts access to system resources based on the role or job function of the user.
Root Cause Analysis (RCA)The process of identifying the underlying cause of a security incident or other problem, to prevent it from happening again in the future.
RootkitA type of malicious software that is designed to hide its presence and activity on a system or network.
Royal CharterA Royal Charter is a formal document issued by a monarch granting certain rights and privileges to a person or organization.


SaltA cryptographic technique that adds a random value to the input of a hash function to prevent attackers from using precomputed tables to determine the original input.
SandboxingA security mechanism used to isolate a software application or process from the rest of the system to prevent it from accessing or modifying sensitive data or resources.
SanitizationThe process of removing or masking sensitive information from a document or data set to protect it from unauthorized disclosure.
Secure Hash Algorithm (SHA)A family of cryptographic hash functions used to generate fixed-size, unique message digests of input data.
Secure Socket Layer (SSL)A deprecated protocol used for establishing secure, encrypted connections over the internet. It has been replaced by Transport Layer Security (TLS).
Secure Software Development Life Cycle (S-SDLC)A process used to develop software applications with security as a top priority at every stage of the development life cycle.
SecurityThe state of being protected against unauthorized access, use, disclosure, disruption, modification, or destruction of data or systems.
Security Assertion Markup Language (SAML)An XML-based standard used for exchanging authentication and authorization data between different security domains.
Security IncidentAn event that potentially compromises the confidentiality, integrity, or availability of an information system or the information it processes, stores, or transmits.
Security Information and Event Management (SIEM)A software solution that collects and analyzes security-related data from various sources to detect and respond to security threats.
Security PolicyA set of rules, guidelines, and procedures that define the security requirements, responsibilities, and practices of an organization or system.
Security PostureThe overall security status of an organization or system, including its security policies, procedures, controls, and technologies.
Self-Paced LearningA mode of learning in which students can learn at their own pace and on their schedule, without the need for a live instructor or a fixed class schedule.
Self-Regulatory BodyAn organization that establishes and enforces standards, best practices, or codes of conduct for a particular industry, profession, or technology.
Semi-Quantitative AssessmentAn assessment that combines qualitative and quantitative methods to evaluate the likelihood and impact of security threats or risks.
Sensitive InformationInformation that, if disclosed, could result in harm, embarrassment, or liability to an individual, organization, or government.
Service Level Agreement (SLA)A contract that specifies the level of service, availability, and performance that a service provider will deliver to its customers.
Short Message Service (SMS)A messaging service used to send and receive text messages on mobile devices.
SkillsThe ability to perform a task or activity effectively, based on knowledge, experience, and practice.
Skills GapA mismatch between the skills that employers need and the skills that job seekers or employees possess.
SmishingA type of social engineering attack that uses text messages or SMS to trick users into revealing sensitive information or downloading malware.
SnifferA software or hardware tool used to intercept and analyze network traffic for troubleshooting, security, or monitoring purposes.
Social EngineeringThe use of psychological manipulation, deception, or trickery to exploit human vulnerabilities and gain unauthorized access to information or systems.
Software Development Life Cycle (SDLC)The process used to design, develop, test, and deploy software applications.
SpamUnsolicited and unwanted email messages, often sent in bulk, to advertise or promote products, services, or scams.
SpecialismA particular area of expertise, knowledge, or skill within a larger field or profession.
SpecificationA detailed description of the functional and technical requirements of a system or software application.
Split BrainA condition in which two or more nodes in a distributed system lose connectivity and start operating independently, potentially leading to data inconsistency or other issues.
Split TunnellingA networking concept where a single VPN connection is divided into two or more separate tunnels, allowing some traffic to bypass the VPN while the rest is encrypted.
SpoofingA technique used by attackers to disguise themselves as a trustworthy source to gain unauthorized access or steal sensitive information.
StandardA set of guidelines or specifications established by an authority or industry group to ensure consistency and quality in a particular area.
Static KeyA cryptographic key that remains the same throughout the communication process and is shared between parties to encrypt and decrypt data.
SteganographyA technique used to hide a message within another file or image in such a way that it is not detectable by normal means.
Supervisory Control and Data Acquisition (SCADA)A type of industrial control system used to monitor and control equipment in critical infrastructure sectors such as energy, water, and transportation.
System AdministratorA professional responsible for managing and maintaining the computer systems and networks of an organization.
System Development Life Cycle (SDLC)A process used to design, develop, and maintain information systems in a structured and systematic manner.


Tabletop ExerciseA simulation or role-playing exercise that allows participants to practice responding to simulated cybersecurity incidents in a safe and controlled environment.
TelecommunicationThe transmission of data and information over a distance, typically using electronic or digital means.
ThreatAny potential danger or harm that could result from a cybersecurity attack, including attacks on computer systems, networks, or data.
Threat AnalysisThe process of identifying and assessing potential cybersecurity threats, vulnerabilities, and risks to an organization or system.
Time BombA type of malware that is designed to activate or execute a malicious payload at a specific date or time.
Transport Layer Security (TLS)A cryptographic protocol used to secure communications over the internet and other networks.
Trap DoorA hidden or secret entry point in a computer system that can be used to bypass security measures and gain unauthorized access.
Triple DES (3DES)A symmetric-key encryption algorithm used to encrypt sensitive data and communications.
Trojan HorseA type of malware that disguises itself as a legitimate program or file, but is assigned to perform malicious actions on the infected system.
Trusted CertificateA digital certificate issued by a trusted third party that verifies the authenticity of a website or other online resource.
TunnelingThe process of encapsulating one network protocol within another, typically to allow secure communication over an unsecured network.
Two-Factor Authentication (2FA)A security process that requires users to provide two forms of identification or authentication to access a system or resource.


UserA person who interacts with a computer system or software application to perform tasks or access information.


ValidationThe process of ensuring that data or information is accurate, complete, and conforms to a specified standard or requirement.
Virtual Machine (VM)A virtualized operating system or application environment that runs on top of a host computer system, allowing multiple operating systems or applications to run on a single physical machine.
Virtual Private Network (VPN)A secure connection that allows remote users to securely access private networks over the internet.
VirusMalicious software that is designed to replicate itself and spread from one computer system to another, often causing damage to the infected systems.
VulnerabilityA weakness or flaw in a computer system, network, or application that can be exploited by attackers to gain unauthorized access, steal data, or cause damage.


Warm SiteA backup data center or facility that can be used as an alternative in the event of a disaster or system failure.
Web Application Firewall (WAF)A type of firewall that is specifically designed to protect web applications from attacks.
Web Filtering SoftwareSoftware that is designed to monitor and control access to websites and other online content.
White Box TestingA type of software testing that involves examining the internal workings of an application, usually with access to the source code.
WhitelistA list of trusted entities or programs that are granted access to a system or network.
Wi-Fi Protected Access (WPA)A security protocol used to protect wireless networks from unauthorized access.
Wired Equivalent Privacy (WEP)An older security protocol used to protect wireless networks from unauthorized access, which has been largely superseded by newer and more secure protocols.
Wireless Access PointA device that allows wireless devices to connect to a wired network.
Wireless Application Protocol (WAP)A protocol used to access information and services on the internet using mobile devices.
Wireless Local Area Network (WLAN)A type of wireless network that allows devices to connect to a local network or the internet without the need for physical cables.
WormA type of malware that is designed to replicate itself and spread to other systems or networks.


X.509It is an ITU-T standard that defines the format of public key certificates, which are used for authentication, encryption, and digital signatures in public key cryptography.


YubiKeyA hardware authentication device used for two-factor authentication (2FA) and multi-factor authentication (MFA).
Yield ManagementA security strategy that balances the need for system availability with the need for security.
YARAA pattern matching tool used to identify and classify malware.


Zero Day AttackA type of cyber attack that exploits a software vulnerability before a patch or fix is available, making it difficult to defend against.
ZeroizationThe process of erasing sensitive data or cryptographic keys from a device or system, ensuring that the data is irrecoverable.