| Term or Phrase | Definition |
| Threat | A potential cause of an unwanted incident, which may result in harm to a system or organisation. |
| Vulnerability | A weakness in a system that can be exploited by a threat to cause harm or loss. |
| Risk | The potential for loss or damage when a threat exploits a vulnerability. |
| Exploit | A method or code that takes advantage of a vulnerability in a system. |
| Attack | An intentional act to harm or gain unauthorised access to systems. |
| Mitigation | Steps taken to reduce the severity or likelihood of a threat or vulnerability. |
| Patch | A fix or update to software that closes a vulnerability or bug. |
| Incident | An event that may indicate a breach or failure in security measures. |
| Remediation | Actions taken to fix or resolve a security issue after an incident. |
| Asset | Something valuable (like data, systems, or networks) that needs protection. |
| Phishing | A fraudulent email meant to trick users into revealing sensitive information. |
| Spear Phishing | A targeted phishing attack aimed at a specific individual or organization. |
| Whaling | A phishing attack aimed at high-level executives or key personnel. |
| Smishing | A phishing attack sent via text messages. |
| Vishing | A phishing scam conducted over the phone. |
| Malware | Malicious software designed to damage, disrupt, or gain access to a computer system. |
| Ransomware | Malware that encrypts a victim’s data and demands payment for the decryption key. |
| Spyware | Software that secretly gathers user information without their consent. |
| Adware | Unwanted software designed to throw ads at users, often intrusive. |
| Trojan Horse | Malicious software disguised as legitimate software. |
| Worm | A type of malware that spreads itself across networks. |
| Keylogger | Software that records keystrokes to steal sensitive data. |
| Botnet | A network of infected computers controlled remotely by an attacker. |
| Man-in-the-Middle (MitM) | An attack where the attacker secretly intercepts and possibly alters communication. |
| Denial-of-Service (DoS) | An attack that makes a system or service unavailable by overwhelming it with traffic. |
| Distributed Denial-of-Service (DDoS) | A coordinated DoS attack launched from multiple computers. |
| Zero-Day | A previously unknown vulnerability that is exploited before a fix is available. |
| SQL Injection | An attack that inserts malicious SQL code into a query to access data. |
| Cross-Site Scripting (XSS) | An attack where hackers inject scripts into webpages viewed by others. |
| Brute Force Attack | An attempt to crack passwords by trying many combinations rapidly. |
| Multi-Factor Authentication (MFA) | An authentication method requiring more than one verification factor. |
| Two-Factor Authentication (2FA) | A type of MFA using two distinct forms of identity verification. |
| Password Manager | Software that helps create and store strong, unique passwords. |
| Single Sign-On (SSO) | A login system that lets users access multiple applications with one set of credentials. |
| Access Control | Rules and systems that determine who can access what resources. |
| Role-Based Access Control (RBAC) | An access control system based on a user’s role in an organisation. |
| Least Privilege | Granting users only the access they need to perform their job duties. |
| Privileged Access Management (PAM) | Tools and policies to control and monitor access by high-privilege users. |
| Firewall | A security device or program that monitors and filters incoming/outgoing network traffic. |
| Intrusion Detection System (IDS) | A tool that monitors network traffic for suspicious activity or policy violations. |
| Intrusion Prevention System (IPS) | A system that detects and blocks potential threats in real time. |
| Virtual Private Network (VPN) | A secure connection over the internet that hides a user’s data and location. |
| Proxy | A server that acts as a go-between for a user and the internet. |
| Port Scanning | Scanning a system for open ports to identify possible vulnerabilities. |
| IP Address Spoofing | Faking an IP address to disguise the source of network traffic. |
| MAC Address | A hardware address that uniquely identifies a device on a network. |
| Network Segmentation | Dividing a network into segments to contain and limit threats. |
| Encryption | The process of converting data into a secure format to prevent unauthorized access. |
| Decryption | The process of converting encrypted data back into its original form. |
| Hashing | A way to convert data into a fixed-length string to verify its integrity. |
| Data Breach | An incident where sensitive or confidential data is accessed or disclosed without authorization. |
| Personally Identifiable Information (PII) | Information that can be used to identify an individual. |
| Personal Data | Any information that can be used to directly or indirectly identify a person. |
| Special Category Data | A specific type of personal data that is more sensitive and requires extra protection. |
| Data Loss Prevention (DLP) | Tools and strategies used to prevent unauthorized sharing or access to data. |
| Tokenisation | Replacing sensitive data with non-sensitive placeholders. |
| Anonymisation | The process of removing personal identifiers from data to protect privacy. |
| SIEM (Security Information and Event Management) | Software that aggregates and analyses security data in real time for threat detection. |
| EDR (Endpoint Detection and Response) | A tool that detects and responds to threats on individual devices. |
| XDR (Extended Detection and Response) | An advanced security system combining data across multiple security layers. |
| SOC (Security Operations Centre) | A team or facility that monitors and responds to security incidents. |
| Penetration Testing (Pen Test) | Simulated attacks to test an organisation’s security defences. |
| Vulnerability Scanner | Software that scans systems for known vulnerabilities. |
| Red Team | Security experts who simulate attacks to test defences. |
| Blue Team | Security professionals who defend systems from attacks. |
| Purple Team | Teams that blend offensive and defensive security roles. |
| Bug Bounty | Programs that pay individuals for finding and reporting bugs. |
| Threat Intelligence | Information about potential or existing threats used to improve security. |
| Security Posture | An organisation’s overall cybersecurity health and readiness. |
| Log Analysis | Reviewing system logs to detect unusual or suspicious behaviour. |
| GDPR (General Data Protection Regulation) | A law regulating data privacy and protection in the EU. |
| HIPAA (Health Insurance Portability and Accountability Act) | A U.S. law that protects health data privacy and security. |
| PCI-DSS (Payment Card Industry Data Security Standard) | Security standards for companies that process credit card information. |
| ISO 27001 | An international standard for managing information security. |
| NIST (National Institute of Standards and Technology) | A U.S. agency providing cybersecurity frameworks and guidance. |
| SOC 2 | A security standard used in auditing cloud service providers. |
| Audit Trail | A record showing who accessed or modified data and when. |
| Governance | Oversight and control mechanisms for managing security policies and processes. |
| Policy | A set of rules and guidelines used to protect its digital systems, data, and users. |
| Security Awareness Training | Training programs to help employees understand and practice good security habits. |
| Alert Fatigue | Overwhelm from too many security alerts, making real threats hard to spot. |
| False Positive | A harmless activity wrongly flagged as malicious. |
| Indicators of Compromise (IOC) | Signs that a system has been compromised. |
| Indicators of Attack (IOA) | Signs that an attack is currently happening or in progress. |
| Kill Chain | The stages of a cyberattack from planning to execution. |
| MITRE ATT&CK Framework | A knowledge base of adversary tactics and techniques. |
| Playbook (Incident Response) | A documented procedure for handling specific security incidents. |
| Containment | Containing a security breach to stop it from spreading. |
| Eradication | Removing the root cause of a security incident. |
| Recovery | Restoring systems and data to normal after an incident. |
| Social Engineering | Tricking people into giving up confidential information through manipulation. |
| Security Hygiene | Basic steps and practices to maintain good digital security. |
| Security by Design | Building systems with security in mind from the start. |
| Shadow IT | Unauthorised use of applications or devices within an organisation. |
| Insider Threat | A threat that originates from someone inside the organisation. |
| Attack Surface | The total set of points where an attacker can try to enter a system. |
| Security Culture | The values and behaviours that prioritise and support cybersecurity within an organisation. |
| Risk Appetite | The level of risk an organisation is willing to tolerate. |
| Defence in Depth | Using multiple layers of defence to protect information systems. |
| Zero Trust | A security model that assumes no user or system is trustworthy by default. |
| Threat Modelling | A process of identifying and assessing potential threats and vulnerabilities. |
| Security Baseline | A minimum set of security settings and practices all systems must follow. |
