Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Adware

Adware is a type of software that shows paid advertisements to users, either in its own interface, through integration with other software, or in separate windows or GUI elements. Adware can be legitimately installed as a way to generate revenue, or it can be unintentionally or maliciously installed as malware on a computer.

Learn more about “Adware”

Agent

An agent, or software agent, is a computer program that performs a function automatically for a human user or another program or system.

Learn more about “Agent”

Artificial Intelligence

Artificial intelligence (AI) is a type of intelligence demonstrated by machines, as opposed to natural intelligence, demonstrated by biological organisms.

Learn more about “Artificial Intelligence”

Attacker

An attacker is an individual or organization that carries out a cyberattack on a target with the intent of damaging, stealing, destroying, exposing, accessing, or otherwise modifying secure or sensitive information or systems.

Learn more about “Attacker”

Authentication

Authentication is used by computer systems and applications to check that a user or other application is who they claim to be, and can access the system and its data. If a user positively authenticates themselves, they are then granted access to the application and data.

Learn more about “Authentication”

B

Backdoor

A backdoor is a way to access computer systems, software, or data without having to go through standard authorization and login processes. Although backdoors are sometimes created by developers for building and testing, they are easily exploited by attackers to gain unauthorized access.

Learn more about “Backdoor”

Blacklist

A blacklist is a security feature that denies access to a system if the way the system is accessed is identical to the blacklist criteria. Blacklists are used to exclude certain types of access to sensitive data, systems, websites, or applications.

Learn more about “Blacklist”

Botnet

A botnet is a collection of compromised computers and other devices that can be used by hackers, criminals, and bad actors to carry out attacks on websites, devices, and technology across open, public networks. They recruit unprotected devices into a botnet network using trojans and malware and then exploit botnet machines to attack other internet resources.

Learn more about “Botnet”

Breach

A breach, or data breach, is damage caused by unauthorized access to your computer systems, software, or data that results in the exposure of sensitive information. A data breach can cause significant financial and reputational damage.

Learn more about “Breach”

C

Confidentiality

Confidentiality is an approach used to give authorized users access to sensitive data in accordance with business and role-based needs. It can also relate to the various methods used to ensure confidentiality against unauthorized users.

Learn more about “Confidentiality”

Cross-Site Scripting

Cross-site scripting is a type of vulnerability most often found in online web applications. The vulnerability allows hackers to exploit weaknesses in website code so that they can inject client-side scripts and malware into web pages when they are viewed by others.

Learn more about “Cross-Site Scripting”

Cybersecurity

Cybersecurity is a catch-all term for the various approaches, technology, tools, frameworks, methods, and best practices designed to secure computer systems from unauthorized access and exploitation.

Learn more about “Cybersecurity”

E

Encryption

Encryption is the process of making data more secure by using an algorithm to encrypt the data so it cannot be accessed, read, or used without a corresponding decryption key. Encryption is used to protect sensitive information.

Learn more about “Encryption”

Endpoint

An endpoint device is a device used to access a computer network. The device must be internet-capable and typically uses a TCP/IP protocol to send and receive data. Endpoint devices include desktop computers, laptops, tablets, smartphones, IoT devices, printers, and any other technology that can access an internet or organization’s network.

Learn more about “Endpoint”

Exploit

An exploit is a way for a criminal or hacker to gain access to, or take advantage of, a vulnerability or flaw in a computer system. Exploits can be entered through specialized software, as manual commands, or by using data chunks and other techniques. An exploit will typically be followed up with data theft or other damage to an organization’s data and IT systems.

Learn more about “Exploit”

F

Fingerprinting

Fingerprinting is a type of biometric technology, where someone who wants to access a sensitive system has their fingerprints recorded. Then, when they need to access the system, their fingerprints are scanned. Assuming a positive match, this is then combined with other login information to grant access.

Learn more about “Fingerprinting”

Firewall

A firewall is a type of technology that enforces rules on the type of data that can be transmitted into or out of a particular computer system or IT network. It is an early line of defense against unauthorized access to sensitive computer systems.

Learn more about “Firewall”

Footprinting

Footprinting is a technique that hackers and criminals use to find out about the specific environment or IT ecosystem a potentially vulnerable system operates in. This makes it easier for them to intrude into the system so they can steal data or cause other issues.

Learn more about “Footprinting”

H

HTTPS

HyperText Transport Protocol Secure (HTTPS) is a communication protocol used to access information from a secure web server. HTTPS uses strong encryption to prevent others from reading or hijacking data when it is in transit between a secure web server and a browser.

Learn more about “HTTPS”

I

Integrity

Computer system and data integrity relates to the methods and approaches used to protect data and systems from unauthorized access, and to ensure that any data is real, accurate, consistent, and valid across its entire lifecycle.

Learn more about “Integrity”

K

Key

A key, typically a network security key, is a series of numbers and characters that users, devices, apps, and infrastructure use to get legitimate access to a computer network. This ensures that only authentic people, processes, and technology can gain access.

Learn more about “Key”

L

Load Balancing

Malware is a type of malicious software that criminals use to gain access to computer systems, applications, and data. Malware comes in many varieties but is mainly designed to steal information and extort businesses for financial gain.

Learn more about “Load Balancing”

M

Malware

Malware is a type of malicious software that criminals use to gain access to computer systems, applications, and data. Malware comes in many varieties but is mainly designed to steal information and extort businesses for financial gain.

Learn more about “Malware”

Mitigation

Mitigation is the term for the various methods and techniques that security experts and others can use to minimize the risk of IT failure, data theft, and other activities that compromise data, systems, and applications.

Learn more about “Mitigation”

O

Office 365 Sign On

MS Office 365 Sign On can refer to how users get access to various Office 365 applications and data. It can also refer to the various techniques that are used to protect Office 365 accounts and data from unauthorized access.

Learn more about “Office 365 Sign On”

P

Patch

A patch is a fix that is applied to software, firmware, middleware, infrastructure, and other IT areas to improve or repair specific IT elements. In security terms, a patch is most often applied to remove vulnerabilities that could be exploited by criminals.

Learn more about “Patch”

Penetration Testing

Penetration testing is a way for companies to check their networks, systems, applications, and infrastructure for possible security vulnerabilities. A penetration testing team uses similar tools and techniques to those used by criminals and hackers to attempt to gain access to a corporation’s technology. They will then report back on gaps in security so that risks and issues can be resolved.

Learn more about “Penetration Testing”

Phishing

Phishing is an attack method used by hackers and criminals to get unwitting people to enter sensitive information and login details into a fraudulent website. Attackers typically use electronic communications like emails to influence people to enter details into their fraudulent websites.

Learn more about “Phishing”

Point of Sale

Point of Sale (POS) are software and systems that help a business to sell products and services to customers. POS systems will often integrate with other parts of the business to maximize revenue. POS systems can be vulnerable to employee fraud and theft.

Learn more about “Point of Sale”

Privacy

Privacy, also known as data privacy or information privacy is a way to define what data can be safely shared with third-parties without violating personal rights, business policies, or other factors.

Learn more about “Privacy”

Proxy

A proxy is a type of internet service that acts as an intermediary when transmitting and receiving information between users and services. A proxy server can protect the user’s identity or make it appear as if they are accessing data from a different IP address.

Learn more about “Proxy”

R

Ransomware

Ransomware is a specific type of malware that infects an organization’s IT systems and data. It then locks up and encrypts that data and only decrypts and allows access once a ransom is paid.

Learn more about “Ransomware”

Real-Time Streaming Protocol (RTSP)

Real-time streaming protocol is a way of managing the provision of media content to a device over the internet. It provides real-time media functionality between servers and client devices and allows for time-synchronized audio and video content. The protocol does not stream the media itself, rather it communicates with the server providing the data on the end user and device needs.

Learn more about “Real-Time Streaming Protocol (RTSP)”

Root

A “root” account is a special account on a computer system or network that provides privileged, superuser access and functions to special users. It is often targeted by hackers and malware using tools like a “rootkit.”

Learn more about “Root”

S

Scraping

Data scraping allows a computer program to extract information from human-readable output, most often created by another computer program. Data scraping can be used on websites, software applications, and other areas.

Learn more about “Scraping”

Security Assertion Markup Language

Security Assertion Markup Language (SAML) is a way to securely pass authorization credentials so that a user can access SaaS applications.

Learn more about “Security Assertion Markup Language”

Security Token

A security token is a device used in two-factor or multifactor authentication to authenticate a user and authorize them to access an organization’s network, systems, and data. A security token is often used alongside other security measures to grant access.

Learn more about “Security Token”

Single Sign On

Single sign on is a method of logging in and authenticating with a computer system once that then gives you access to multiple systems without having to enter separate login credentials on each one.

Learn more about “Single Sign On”

Sniffing

Sniffing is a way to trace, intercept, and read data as it is being transmitted over public networks like the internet. It is used by developers and security experts to identify issues and optimize data transfer and by criminals and other bad actors to steal data and gain unauthorized access to computer systems.

Learn more about “Sniffing”

Social Engineering

Social engineering is a way to attack computer software, systems, and information through manipulating employees, third parties, and other people and groups. Social engineering attempts to convince unwitting victims to provide authorized access to hackers through the use of trickery and scams.

Learn more about “Social Engineering”

Spyware

Spyware is a type of malicious software (malware) that criminals use to steal information about computer systems, applications, and data. Spyware is mainly designed to gain access to sensitive data and systems so that information can be used for financial gain.

Learn more about “Spyware”

SQL Injection

An SQL Injection is a type of attack on a computer system. It injects “bad” code into a database in an attempt to manipulate the database, expose sensitive information, or otherwise disrupt business operations.

Learn more about “SQL Injection”

T

Trojan Horse

A Trojan Horse is a specific type of malware that misleads users about what it will do. It initially appears harmless, but once it infects a system, it releases a payload that may cause operational harm or expose sensitive data.

Learn more about “Trojan Horse”

Two Factor Authentication

Two Factor Authentication is a way to verify the identities of users through a combination of passwords, logins, and another authentication factor. If a user positively authenticates themselves through two factor authentication, they are then granted access to the application and data.

Learn more about “Two Factor Authentication”

U

User Accounts

A user account is a way for an individual to connect with a particular service, system, or computer network. User accounts help to identify individuals within the network and provide certain access levels and privileges, depending on what the account is intended to do.

Learn more about “User Accounts”

V

Vulnerability

A vulnerability is a flaw in a computer system that a criminal or hacker can exploit to get unauthorized access to systems, data, or applications.

Learn more about “Vulnerability”

W

Web 2.0

Web 2.0 is an informal term applied to websites that allow true, two-way interaction between users and content. These types of website focus on ease-of-use, user-generated content, participation, and interoperability. Social media websites, Software as a Service (SaaS), and other web-based technologies are all good examples of Web 2.0.

Learn more about “Web 2.0”

Web Application Firewall

A web application firewall is a security service deployed to protect online applications. It monitors traffic to and from a web application and filters or blocks it if it meets, or fails to meet, certain criteria. A web application firewall differs from a traditional firewall because it monitors and controls traffic between specific online applications, rather than between servers.

Learn more about “Web Application Firewall”

Whitelist

A whitelist is a security feature that only allows access to systems, software, or data if the way the system is accessed is identical to the whitelist criteria. Whitelists are used to ensure only access meeting predefined filters or authorization is allowed access to sensitive areas.

Learn more about “Whitelist”

Z

Zero Day Vulnerability

A zero day vulnerability is a brand new flaw in computer systems, code, or software that is unknown to the vendors, developers, or other parties that would be in a position to fix the code or patch the vulnerability. This is a significant risk as if these zero day vulnerabilities are detected by hackers, they can be exploited with little recourse.

Learn more about “Zero Day Vulnerability”