An attacker is an individual or organization that carries out a cyberattack on a target with the intent of damaging, stealing, destroying, exposing, accessing, or otherwise modifying secure or sensitive information or systems.
Authentication is used by computer systems and applications to check that a user or other application is who they claim to be, and can access the system and its data. If a user positively authenticates themselves, they are then granted access to the application and data.
A backdoor is a way to access computer systems, software, or data without having to go through standard authorization and login processes. Although backdoors are sometimes created by developers for building and testing, they are easily exploited by attackers to gain unauthorized access.
A blacklist is a security feature that denies access to a system if the way the system is accessed is identical to the blacklist criteria. Blacklists are used to exclude certain types of access to sensitive data, systems, websites, or applications.
A breach, or data breach, is damage caused by unauthorized access to your computer systems, software, or data that results in the exposure of sensitive information. A data breach can cause significant financial and reputational damage.
Confidentiality is an approach used to give authorized users access to sensitive data in accordance with business and role-based needs. It can also relate to the various methods used to ensure confidentiality against unauthorized users.
Cybersecurity is a catch-all term for the various approaches, technology, tools, frameworks, methods, and best practices designed to secure computer systems from unauthorized access and exploitation.
Encryption is the process of making data more secure by using an algorithm to encrypt the data so it cannot be accessed, read, or used without a corresponding decryption key. Encryption is used to protect sensitive information.
An exploit is a way for a criminal or hacker to gain access to, or take advantage of, a vulnerability or flaw in a computer system. Exploits can be entered through specialized software, as manual commands, or by using data chunks and other techniques. An exploit will typically be followed up with data theft or other damage to an organization’s data and IT systems.
Fingerprinting is a type of biometric technology, where someone who wants to access a sensitive system has their fingerprints recorded. Then, when they need to access the system, their fingerprints are scanned. Assuming a positive match, this is then combined with other login information to grant access.
A firewall is a type of technology that enforces rules on the type of data that can be transmitted into or out of a particular computer system or IT network. It is an early line of defense against unauthorized access to sensitive computer systems.
Footprinting is a technique that hackers and criminals use to find out about the specific environment or IT ecosystem a potentially vulnerable system operates in. This makes it easier for them to intrude into the system so they can steal data or cause other issues.
HyperText Transport Protocol Secure (HTTPS) is a communication protocol used to access information from a secure web server. HTTPS uses strong encryption to prevent others from reading or hijacking data when it is in transit between a secure web server and a browser.
Computer system and data integrity relates to the methods and approaches used to protect data and systems from unauthorized access, and to ensure that any data is real, accurate, consistent, and valid across its entire lifecycle.
A key, typically a network security key, is a series of numbers and characters that users, devices, apps, and infrastructure use to get legitimate access to a computer network. This ensures that only authentic people, processes, and technology can gain access.
Malware is a type of malicious software that criminals use to gain access to computer systems, applications, and data. Malware comes in many varieties but is mainly designed to steal information and extort businesses for financial gain.
Mitigation is the term for the various methods and techniques that security experts and others can use to minimize the risk of IT failure, data theft, and other activities that compromise data, systems, and applications.
MS Office 365 Sign On can refer to how users get access to various Office 365 applications and data. It can also refer to the various techniques that are used to protect Office 365 accounts and data from unauthorized access.
A patch is a fix that is applied to software, firmware, middleware, infrastructure, and other IT areas to improve or repair specific IT elements. In security terms, a patch is most often applied to remove vulnerabilities that could be exploited by criminals.
Phishing is an attack method used by hackers and criminals to get unwitting people to enter sensitive information and login details into a fraudulent website. Attackers typically use electronic communications like emails to influence people to enter details into their fraudulent websites.
Point of Sale (POS) are software and systems that help a business to sell products and services to customers. POS systems will often integrate with other parts of the business to maximize revenue. POS systems can be vulnerable to employee fraud and theft.
Privacy, also known as data privacy or information privacy is a way to define what data can be safely shared with third-parties without violating personal rights, business policies, or other factors.
A proxy is a type of internet service that acts as an intermediary when transmitting and receiving information between users and services. A proxy server can protect the user’s identity or make it appear as if they are accessing data from a different IP address.
Ransomware is a specific type of malware that infects an organization’s IT systems and data. It then locks up and encrypts that data and only decrypts and allows access once a ransom is paid.
A “root” account is a special account on a computer system or network that provides privileged, superuser access and functions to special users. It is often targeted by hackers and malware using tools like a “rootkit.”
Data scraping allows a computer program to extract information from human-readable output, most often created by another computer program. Data scraping can be used on websites, software applications, and other areas.
A security token is a device used in two-factor or multifactor authentication to authenticate a user and authorize them to access an organization’s network, systems, and data. A security token is often used alongside other security measures to grant access.
Single sign on is a method of logging in and authenticating with a computer system once that then gives you access to multiple systems without having to enter separate login credentials on each one.
Social engineering is a way to attack computer software, systems, and information through manipulating employees, third parties, and other people and groups. Social engineering attempts to convince unwitting victims to provide authorized access to hackers through the use of trickery and scams.
Spyware is a type of malicious software (malware) that criminals use to steal information about computer systems, applications, and data. Spyware is mainly designed to gain access to sensitive data and systems so that information can be used for financial gain.
An SQL Injection is a type of attack on a computer system. It injects “bad” code into a database in an attempt to manipulate the database, expose sensitive information, or otherwise disrupt business operations.
A Trojan Horse is a specific type of malware that misleads users about what it will do. It initially appears harmless, but once it infects a system, it releases a payload that may cause operational harm or expose sensitive data.
Two Factor Authentication is a way to verify the identities of users through a combination of passwords, logins, and another authentication factor. If a user positively authenticates themselves through two factor authentication, they are then granted access to the application and data.
A user account is a way for an individual to connect with a particular service, system, or computer network. User accounts help to identify individuals within the network and provide certain access levels and privileges, depending on what the account is intended to do.
A whitelist is a security feature that only allows access to systems, software, or data if the way the system is accessed is identical to the whitelist criteria. Whitelists are used to ensure only access meeting predefined filters or authorization is allowed access to sensitive areas.
A zero day vulnerability is a brand new flaw in computer systems, code, or software that is unknown to the vendors, developers, or other parties that would be in a position to fix the code or patch the vulnerability. This is a significant risk as if these zero day vulnerabilities are detected by hackers, they can be exploited with little recourse.