Glossary of Cyber Security Terms

Cyber security uses lots of words that you may be unfamiliar with.  To help with blog posts, refer to this list, which will be added to from time to time.  As you read the blog posts, you will see these terms in use.

Access – to be able to utilize a portion of a device and ask it to perform actions on your behalf related most often to data.

Access Control / Access Control List (ACL) – in terms of users of devices, this is a list of what they can access on the device.

Actor State – a nation involved in hacking activities.

Adware – software that displays unwanted ads.

Air Gap – a system that can’t be reached via the Internet or the corporate network or otherwise is said to be “air gapped” from the rest of the network.

Application – a program or programs who functions together to provide a service to the user.

APT – Advanced Persistent Threat – a bad actor with sophisticated levels of expertise and large resources to allow it to achieve its objectives using multiple attack vectors.

Attacker – another name for hacker or it could be a group of hackers or even a nation-state.

Attack Surface – this is the amount of exposure to attack in a system (with system being a computer or a network or a network and one to many computers.)

Backdoor – a means of access to a device that bypasses the normal security mechanisms.

Bad Actor – not a person with poor acting skills.  Rather someone who is attempting to perpetrate “bad” upon your cyber systems.

Biometrics – identity based on fingerprints, iris scans or other body uniqueness used in place of or in addition to passwords.

Bitcoin – a method of payment on the Dark Web.

Black Hat Hacker – a hacker who finds and then exploits computer system weaknesses and does not notify anyone but rather keeps the information for their or their organization’s use.

Blue Team – a group of cyber security experts who are defending a system.  Blue teams are often played against red teams in an effort to tighten security.

Bot – a compromised computer attached to the Internet used remote control to perform activities directed at other computers on the Internet.

Botnet – a network of bot’s often used for DDos attacks.

Breach – can be applied to a network or any device on the network and mean when the bad actor has penetrated that device/network and accesses data contained therein or compromises the function of said device or causes a kinetic side effect.

Container – a way to package up an application and all its dependencies.  Generally not as secure as using virtual servers.

Cryptography – the use of mathematical techniques to provide confidentiality, data integrity, entity authentication and data origin authentication.

Cyber – a word derived from cybernetics and refers to anything related to computers.

Cyber Security – software, configuration, actions, policies, training, and preparation taken to secure one’s cyberspace.

Cyberspace – various networks used in information technology infrastructure that includes devices, the Internet, and data.  It can also be defined as an electronic medium in which communications take place on the Internet.

Cyber Warfare – actions taken by actor states to breach the defenses (cyber security) of the cyberspace of their opposition.  Russia has used this recently in conjunction with regular warfare and hence the term “hybrid warfare”.   Another name for this, in some instances, is ‘Cyber Terrorism’.

Dark Web – sites on the Internet that hide their identity and IP addresses using encryption.  These sites are not accessible from the standard search engines.  Used by hackers and others for nefarious purposes.

Data Diddling – altering some of the contents of data to make the data untrustworthy.

DDos Attack – distributed denial of service attack.  This type of attack is done by sending valid requests to the server in such numbers that the responses overwhelm the server and it does not have enough horsepower (CPU cycles) to respond to legitimate requests.  This renders the server as though it were offline or ineffective.

Decryption – the opposite of encryption.  The use of the encryption key and the encrypted data to extract the original, unencrypted data.

Defense in Depth – multiple layers of defense to make penetration of a system very difficult.

DMZ – Demilitarized Zone – think of this as a network and components between a trusted network and one that is untrusted to protect the trusted network.

DNS (Domain Name System) Servers – translate from a domain name such as ‘’ to the IP address of the server the site is on, such as

Encryption – converting data into a form that is not decipherable.  How good the encryption is determines if it can be decrypted by the wrong person or not.

Exfiltration – a military term applied to data meaning its removal from the system by an attacker.   This indicates that it is one thing to attack and system and get in and another to get the data found off the system.

External PEN Test – penetration testing done from outside the system and without a login.  This attempts to mimic an attacker to see if the system is easy to breach.

Firewall – a group of components (hardware and/or software) that form a barrier between two networks or between a network and a device.

Hacker – one who attempts to circumvent a computer or network’s security.  They can be good or bad, see also Black Hat Hacker and White Hat Hacker.
Honeypot – a server with nothing of value used to measure the types of attacks used.

Incident – something has happened but we aren’t sure so it is called an incident until we determine a breach has occurred.

Incident Response Plan – a written plan of what an organization needs to do in the case of an incident or breach.

Information Assurance – the practice of managing risks related to information.

Insider Threat – the theft of information, sabotage, or theft of credentials by someone who has access to the client’s system.

Internal PEN Test – pen testing from inside using a valid login to see what hacking can be done using the login.

Intrusion Detection – the act of detecting when a computer, server or network has been entered by software not belonging there.

IP Address – the address of your device on the Internet.  The old address standard was IPv4 which has been upgraded to IPv6 because the world was running out of addresses and the expected avalanche of addresses needed for IoT devices.

ISP – Internet Service Provider – one of many companies who provide access to the Internet.   Some example are, but not limited to, Time Warner Cable, AT&T, Google, and Verizon.

Keylogger – software that logs all your keystrokes to a file and then exfiltrates that file to another computer.  A good way to steal logins and passwords.

Layered Defense – see Defense in Depth.

Login or Log In – the action of identifying yourself to the system in a manner that it knows who you are and then allows you to take actions upon it based on its ACL settings for you.

Malware – software that compromises the operation of device or network by performing an unauthorized function.

Malware Signature – a group of bytes of code, a portion of the malware program, that is unique to that malware and becomes its “signature”.

NIST – National Institute of Standards and Technology and keeper of the cyber security standards for FISMA, the government information security standard.

NIST Cyber Security Framework – published in 2014, this framework is short in length (less than 40 pages) and is an attempt to take an organization from where they are in cyber security to the next level.

Password – a unique token known only to you and the computer you are attempting to gain access to.

PEN Testing – penetration testing or simulated attacks on the system to gain entry.

Penetration – gaining entry to a system.

Phishing – the sending of many emails to people, hoping to snag someone who opens the email and clicks on the link or runs the attachment to compromise their system.

Polymorphic Malware – malware that can modify its own signature while running.

Ransomware – software that encrypts a computer or a database and then demands a ransom be paid, often in bitcoins, so that the decryption key is given to the victim.

Red Team – a group of cyber security specialists who are attacking just like the bad guys to test defenses.

Revenge Porn – when text or photos shared (see Sexting below) are released to the general public, using digital means, as a means of revenge.

Risk – the potential for an unwanted outcome to occur.

Risk Management –  management of risk through controlling it to an acceptable level.  There is always a tradeoff between risk and cost of the risk mitigation efforts.

Root Kit – software tools with administrator privileges installed on a device designed to maintain its presence and avoid detection while still being able to function.

Security Hole – this could apply to an application, a server, a workstation, or a network.  It is something not right that could allow a hacker to penetrate the system.

Sexting – sharing of sexually provacative photos or text with another using digital means.

Spear Phishing – a highly target phishing campaign that is directed against a population as small as one person.  Much more research an effort goes into making this email seem real to the reader.

Spoofing –  a situation where a person or program or masquerades as another by falsifying data and gains their permissions or causes the attribution of their actions to be to the other person or program.

Spyware – software that enables spying upon the activities of a user or computer’s activities.  This is done by transmitting information from a computer without being detected.

SSL / TLS – protocols providing data encryption and authentication between a computer (server) and a user’s browser.  SSL has proven vulnerable and is being replaced by TLS.

System – a computer or a network or a network and one to many computers.

Threat – a circumstance or event that claims or has the potential to exploit vulnerabilities and to adversely impact an organization.

Threat Vector – the way the treat attempts to enter a system.  For example, the threat vector for a phishing campaign is initially email and then the malwares deposited on the system via opening a link or executing an attachment.

Trojan – another name for Trojan Horse, which is benign in appearance as in having a useful function but hides within itself another potentially malicious function.

TTP – tactics, techniques and procedures (sometimes tools, techniques, procedures).  It is the signature of the bad actor and their work can often be attributed to them by looking for their TTP.

Two Factor Authentication – the use of more than one medium to login.  For example, the regular login may trigger the sending of a pin to the user’s email or phone which must also be entered to finally login.

VPN – a temporary encrypted link over the Internet between two points which creates a private network of shared resources that are not accessible to the outside world.

Virus – a computer program that can infect a computer and then replicate itself and spread to other computers in a network usually through attachment to a document, program or email.

Virus Checker – a program that is installed on a workstation or server and protects against viruses by looking for their signature and then quarantining the file so it cannot run on the computer.

Vulnerability – a portion of a system that is weak and can be attacked.  This could be a piece of software with a bug in the software that allows attack, or a system whose patches have not been applied and so on.

White Hat Hacker – one of the good guys who hacks systems to find vulnerabilities and then let the owner of the vulnerability know so they can fix it.

Worm – a self-replicating, self-propagating program that uses a network to spread itself.

Zero Day Virus – a virus with a signature not yet recognized  by virus checkers.  Often used with spear phishing to gain access.

Author: wturner713

For more about me, see:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s