Term or Phrase
|
Definition
|
| Threat |
A potential cause of an unwanted incident, which may result in harm to a system or organisation. |
| Vulnerability |
A weakness in a system that can be exploited by a threat to cause harm or loss. |
| Risk |
The potential for loss or damage when a threat exploits a vulnerability. |
| Exploit |
A method or code that takes advantage of a vulnerability in a system. |
| Attack |
An intentional act to harm or gain unauthorised access to systems. |
| Mitigation |
Steps taken to reduce the severity or likelihood of a threat or vulnerability. |
| Patch |
A fix or update to software that closes a vulnerability or bug. |
| Incident |
An event that may indicate a breach or failure in security measures. |
| Remediation |
Actions taken to fix or resolve a security issue after an incident. |
| Asset |
Something valuable (like data, systems, or networks) that needs protection. |
| Phishing |
A fraudulent email meant to trick users into revealing sensitive information. |
| Spear Phishing |
A targeted phishing attack aimed at a specific individual or organization. |
| Whaling |
A phishing attack aimed at high-level executives or key personnel. |
| Smishing |
A phishing attack sent via text messages. |
| Vishing |
A phishing scam conducted over the phone. |
| Malware |
Malicious software designed to damage, disrupt, or gain access to a computer system. |
| Ransomware |
Malware that encrypts a victim’s data and demands payment for the decryption key. |
| Spyware |
Software that secretly gathers user information without their consent. |
| Adware |
Unwanted software designed to throw ads at users, often intrusive. |
| Trojan Horse |
Malicious software disguised as legitimate software. |
| Worm |
A type of malware that spreads itself across networks. |
| Keylogger |
Software that records keystrokes to steal sensitive data. |
| Botnet |
A network of infected computers controlled remotely by an attacker. |
| Man-in-the-Middle (MitM) |
An attack where the attacker secretly intercepts and possibly alters communication. |
| Denial-of-Service (DoS) |
An attack that makes a system or service unavailable by overwhelming it with traffic. |
| Distributed Denial-of-Service (DDoS) |
A coordinated DoS attack launched from multiple computers. |
| Zero-Day |
A previously unknown vulnerability that is exploited before a fix is available. |
| SQL Injection |
An attack that inserts malicious SQL code into a query to access data. |
| Cross-Site Scripting (XSS) |
An attack where hackers inject scripts into webpages viewed by others. |
| Brute Force Attack |
An attempt to crack passwords by trying many combinations rapidly. |
| Multi-Factor Authentication (MFA) |
An authentication method requiring more than information than just a password. Often involves something you have such as phone to receive SMS messages or a key fob. |
| Two-Factor Authentication (2FA) |
A type of MFA using two distinct forms of identity verification. |
| Password Manager |
Software that helps create and store strong, unique passwords. |
| Single Sign-On (SSO) |
A login system that lets users access multiple applications with one set of credentials. |
| Access Control |
Rules and systems that determine who can access what resources. |
| Role-Based Access Control (RBAC) |
An access control system based on a user’s role in an organisation. |
| Least Privilege |
Granting users only the access they need to perform their job duties. |
| Privileged Access Management (PAM) |
Tools and policies to control and monitor access by high-privilege users. |
| Firewall |
A security device or program that monitors and filters incoming/outgoing network traffic. |
| Intrusion Detection System (IDS) |
A tool that monitors network traffic for suspicious activity or policy violations. |
| Intrusion Prevention System (IPS) |
A system that detects and blocks potential threats in real time. |
| Virtual Private Network (VPN) |
A secure connection over the internet that hides a user’s data and location. |
| Proxy |
A server that acts as a go-between for a user and the internet. |
| Port Scanning |
Scanning a system for open ports to identify possible vulnerabilities. |
| IP Address Spoofing |
Faking an IP address to disguise the source of network traffic. |
| MAC Address |
A hardware address that uniquely identifies a device on a network. |
| Network Segmentation |
Dividing a network into segments to contain and limit threats. |
| Encryption |
The process of converting data into a secure format to prevent unauthorised access. |
| Decryption |
The process of converting encrypted data back into its original form. |
| Hashing |
A way to convert data into a fixed-length string to verify its integrity. |
| Data Breach |
An incident where sensitive or confidential data is accessed or disclosed without authorisation. |
| Personally Identifiable Information (PII) |
Information that can be used to identify an individual. |
| Personal Data |
Any information that can be used to directly or indirectly identify a person. |
| Special Category Data |
A specific type of personal data that is more sensitive and requires extra protection. |
| Data Loss Prevention (DLP) |
Tools and strategies used to prevent unauthorised sharing or access to data. |
| Tokenisation |
Replacing sensitive data with non-sensitive placeholders. |
| Anonymisation |
The process of removing personal identifiers from data to protect privacy. |
| SIEM (Security Information and Event Management) |
Software that aggregates and analyses security data in real time for threat detection. Allows cyber personnel to monitor, alert and act on threats. |
| EDR (Endpoint Detection and Response) |
A tool that detects and responds to threats on individual devices. |
| XDR (Extended Detection and Response) |
An advanced security system combining data across multiple security layers. |
| SOC (Security Operations Centre) |
A team or facility that monitors and responds to security incidents. |
| Penetration Testing (Pen Test) |
Simulated attacks to test an organisation’s security defences. |
| Vulnerability Scanner |
Software that scans systems for known vulnerabilities. |
| Red Team |
Security experts who simulate attacks to test defences. |
| Blue Team |
Security professionals who defend systems from attacks. |
| Purple Team |
Teams that blend offensive and defensive security roles. |
| Bug Bounty |
Programs that pay individuals for finding and reporting bugs. |
| Threat Intelligence |
Information about potential or existing threats used to improve security. |
| Security Posture |
An organisation’s overall cybersecurity health and readiness. |
| Log Analysis |
Reviewing system logs to detect unusual or suspicious behaviour. |
| GDPR (General Data Protection Regulation) |
A law regulating data privacy and protection in the EU. |
| HIPAA (Health Insurance Portability and Accountability Act) |
A U.S. law that protects health data privacy and security. |
| PCI-DSS (Payment Card Industry Data Security Standard) |
Security standards for companies that process credit card information. |
| ISO 27001 |
An international standard for managing information security. |
| NIST (National Institute of Standards and Technology) |
A U.S. agency providing cybersecurity frameworks and guidance. |
| SOC 2 |
An audit standard used to confirm information security practices align with the U.S. AICPA criteria. |
| Audit Trail |
A record showing who accessed or modified data and when. |
| Governance |
Oversight and control mechanisms for managing security policies and processes. |
| Policy |
A set of rules and guidelines used to protect its digital systems, data, and users. |
| Security Awareness Training |
Training programs to help employees understand and practice good security habits. |
| Alert Fatigue |
Overwhelm from too many security alerts, making real threats hard to spot. |
| False Positive |
A harmless activity wrongly flagged as malicious. |
| Indicators of Compromise (IOC) |
Signs that a system has been compromised. |
| Indicators of Attack (IOA) |
Signs that an attack is currently happening or in progress. |
| Kill Chain |
The stages of a cyberattack from planning to execution. |
| MITRE ATT&CK Framework |
A knowledge base of adversary tactics and techniques. |
| Playbook (Incident Response) |
A documented procedure for handling specific security incidents. |
| Containment |
Containing a security breach to stop it from spreading. |
| Eradication |
Removing the root cause of a security incident. |
| Recovery |
Restoring systems and data to normal after an incident. |
| Social Engineering |
Tricking people into giving up confidential information through manipulation. |
| Security Hygiene |
Basic steps and practices to maintain good digital security. |
| Security by Design |
Building systems with security in mind from the start. |
| Shadow IT |
Unauthorised use of applications or devices within an organisation. |
| Insider Threat |
A threat that originates from someone inside the organisation. |
| Attack Surface |
The total set of points where an attacker can try to enter a system. |
| Security Culture |
The values and behaviours that prioritise and support cybersecurity within an organisation. |
| Risk Appetite |
The level of risk an organisation is willing to tolerate. |
| Defence in Depth |
Using multiple layers of defence to protect information systems. |
| Zero Trust |
A security model that assumes no user or system is trustworthy by default. |
| Threat Modelling |
A process of identifying and assessing potential threats and vulnerabilities. |
| Security Baseline |
A minimum set of security settings and practices all systems must follow. |
