Cybersecurity Glossary
A glossary of commonly used terms in cybersecurity.
Here's a glossary of commonly used terms in cybersecurity:
- Cybersecurity: The practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage.
- Malware: Short for malicious software, it refers to any software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
- Firewall: A security device or software that monitors and filters network traffic based on predefined security rules, preventing unauthorized access to or from a private network.
- Encryption: The process of encoding information or data in such a way that it becomes unintelligible to unauthorized users, ensuring its confidentiality and integrity.
- Phishing: A type of cyber attack where attackers masquerade as trustworthy entities to deceive individuals into providing sensitive information, such as passwords or credit card details.
- Ransomware: A type of malicious software that encrypts a victim's data, rendering it inaccessible, and demands a ransom payment in exchange for decrypting the data.
- Vulnerability: A weakness or flaw in a system's security measures that can be exploited by attackers to gain unauthorized access or compromise the system.
- Patch: A software update released by vendors or developers to fix security vulnerabilities or address bugs in software or operating systems.
- Intrusion Detection System (IDS): A security tool that monitors network traffic or system events for signs of unauthorized access, attacks, or malicious activity.
- Two-Factor Authentication (2FA): A security mechanism that requires users to provide two different forms of identification or credentials (e.g., password and SMS code) to access a system or service.
- Social Engineering: The psychological manipulation of individuals to trick them into revealing sensitive information or performing actions that can be exploited by attackers.
- Zero-day Exploit: An attack that targets a previously unknown vulnerability or weakness in a system for which no patch or fix is available.
- Denial of Service (DoS) Attack: An attack aimed at overwhelming a system, network, or service with a flood of illegitimate requests or traffic, rendering it unavailable to legitimate users.
- Penetration Testing: The practice of assessing the security of a system or network by simulating real-world attacks to identify vulnerabilities and weaknesses.
- Data Breach: An incident where unauthorized individuals gain access to sensitive or confidential data, potentially resulting in its exposure, theft, or misuse.
- VPN (Virtual Private Network): A technology that provides a secure and encrypted connection between a user's device and a private network, protecting data transmission over public networks.
- Antivirus: Software designed to detect, prevent, and remove malicious software (viruses, worms, Trojans, etc.) from computer systems.
- Multi-factor Authentication (MFA): Similar to 2FA, it is a security method that requires users to provide multiple forms of authentication, such as a fingerprint, password, and security token.
- Incident Response: The process of responding to and managing a cybersecurity incident, including identifying, mitigating, and recovering from security breaches.
- Cyber Threat Intelligence: Information gathered and analyzed about potential cyber threats, including threat actors, tactics, techniques, and indicators of compromise (IOCs).