Essential Cyber Security Glossary For Beginners

A

Authorization

Access rights or privileges granted to a user, program, or procedure or the act of granting those privileges.

Availability

Ensuring convenient and trustworthy access to and use of information.

Access Control List (ACL)

A mechanism that enforces access control for a system resource by enumerating the interchangeability of the system entities that are allowed to access the resources.

Authentication

Confirming the identity of a user, process, or device, is often a requirement to authorizing access to resources in an information system.

Asymmetric Encryption

Encryption system that uses a public-private key pair for encryption and/or digital signature.

Attack Surface

The set of facts on the perimeter of a system, a system component, or an environment where an attacker can try to enter or penetrate, cause an effect on, or pull data from, that system, system element,
or environment.

B

Bit

A binary digit having a value of 0 or 1.

Business Impact Analysis (BIA)

A bunch of eight bits or pieces that are treated either as a single commodity or as an array of 8 individual bits.

C

Certificate Authority

A trusted entity that allocates and withdraws public key certificates.

Common Vulnerabilities and Exposures (CVE)

A glossary of standard names for publicly known information system weaknesses and exposures. Each one is given a CVE designator, for example CVE-2023–22678 (where 2023 is the year the CVE was
identified).

Community Cloud

This is a cloud infrastructure is equipped for upscale use by a exact community of clients from organizations that have shared crises (e.g., mission, security conditions, policy, and compliance concerns). It may be owned, governed, and operated by one or more of the organizations in the community, a third party, or some variety of them, and it may exist on or off premises.

Cloud computing

A standard for enabling universal, timely, on-demand network access to a shared collection of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and freed with minimal management measures or service provider exchange.

Ciphertext

Data in its encrypted layout.

Compliance

An organization’s commitment to controlling policies, regulations, benchmarks, and approaches.

Confidentiality

The power to safeguard data so that unauthorized parties cannot view the data.

Cryptography

This domain illustrates the regulations, means, and techniques for the transformation of data to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification.

Cyber Kill Chain

Lockheed Martin’s attack flow representative includes Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control (C2), and Action on Objectives.

D

Denial-of-Service/Distributed Denial of Service (DOS/DDoS)

These are those kind of attacks that impact a website’s or service’s availability by sending too much data for a device to process.

Discretionary Access Control (DAC)

An access control poicy or procedure that leaves a specific amount of access control to the intention of the object’s owner, or anyone else who is entrusted to control the object’s access. The owner can decide who should have access rights to an object and what those rights should be.

Dual Controls/Dual Authorization

This is a system of storage and handling that is organized to deny an individual access to certain resources by demanding the existence and activities of at least two trusted persons, each capable of witnessing incorrect or unauthorized security procedures concerning the task being performed.

DMZ

A perimeter or circumference network or screened subnet divides an internal network that is more trusted from an external network that is less trusted. (i.e, PLC Controllers)

De-encapsulation

When data is communicated across a network, data may be counted at the beginning and end as headers and footers to support with routing and other procedures. That process is called encapsulation. This data is also terminated at certain moments as the data travels through the layers
of the OSI Model. That process is referred to as de-encapsulation.

Defense-in-Depth

This is a concept which is overall behind the defense in depth is to control risk by using various defensive approaches. Layering protection defenses in an application decreases the chance of a successful attack or invasion.

Disaster Recovery Plan

A documented plan for rescuing one or more information systems at an alternate facility in reaction to a major hardware or software failure or destruction of facilities.

Domain Name System (DNS)

The system by which Internet domain phrases and addresses are tracked and handled as defined by IETF RFC 1034 and other related RFCs.

Digital Certificate

A digitally signed representation of data that is as follows:
1) Recognizes the authority issuing it
2) Identifies the subscriber
3) Identifies its valid operational period (date issued / expiration date).

In the information assurance (IA) community, a certificate usually implies a public key certificate and can have the following types:

A digital declaration of information which at least
1) Specifies the certification authority (CA) issuing it
2) The names or identifies its subscriber
3) Contains the subscriber’s public key
4) Determinates its operational period, and
5) It is digitally signed by the certification authority issuing it.

E

Encryption

The cryptographic modification of data to construct ciphertext.

Endpoint

Typically, any device that an end-user interacts with, such as desktops, laptops, mobile phones, printers, tablets, Internet of Things devices, etc.

Endpoint Detection and Response (EDR)

EDR is a cybersecurity technology that constantly monitors an “endpoint” (e.g. mobile phone, laptop, Internet-of-Things device) to detect and mitigate malicious or adversarial cyber hazards.

F

Firewall

This is an inter-network connection device that restricts data communication traffic between two connected networks. A firewall may be either an application installed on a general-purpose computer or a trustworthy platform (appliance), which delivers or denies/drops packets on a network. Generally firewalls are used to define zone perimeters. Firewalls generally have rules restricting which ports are open.

Fragment Attack

In a fragment or chunk attack, a threat actor fragments data in such a way that a system is not able to put the data packets back together again.

File Transfer Protocol Secure (FTPS)

FTPS is nothing but an extension to the typically used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) cryptographic protocol.

File Transfer Protocol (FTP)

It is an Internet standard for transferring files over the Internet. FTP programs and utilities are used to upload and download Web pages, graphics, and other files between local media and a remote server that authorizes FTP access. There is also a secure version which is called as SFTP.

G

General Data Protection Regulation (GDPR)

The GDPR is a European data security law that gives individuals more control over their private information in the most basic performance. It’s coerced companies to reframe how they think about data privacy, making “privacy by design” principal.

Gramm-Leach-Bliley Act (GLBA)

This is an Act enacted in 1999 to improve competition in the financial services industry. It controls various things, but of certain interest for the field of cybersecurity, this act governs privacy rules around proclaiming nonpublic data and/or personally identifiable information (PII). It needs financial organizations to disclose clients about information
collected about them and how it is shared, used, and protected.

Governance

Corporate governance consists of the set of processes, commerce, policies, laws, and organizations impacting the way people execute, administer or retain an organization.

H

Hardware

The material physical components of a system.

Hashing

A method of computing a fairly unique output (called a hash digest) for an input of nearly any size (a file, text, image, etc.) by using a cryptographic hash function to the input data.

Hub

A common connection point for devices in a network. Hubs are commonly used to depart data from one device (or segment) to another.

Hybrid Cloud

A cloud infrastructure is a piece of two or more different cloud infrastructures (private, community, or public) that remain unusual entities but are bound together by standardized or proprietary technology that allows data and application portability (e.g., cloud bursting for
load-balancing between clouds)

Honeypot

A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be attractive to possible hackers and intruders, like honey is attractive to bears :)

Health Insurance Portability and Accountability Act (HIPAA)

This Act is mostly for the U.S. citizens updated the flow of healthcare data and prescribed how personally identifiable information (PII) is maintained by the healthcare and healthcare insurance industries should be safeguarded from fraud and theft.

Hypertext Transfer Protocol (HTTP)

It is a protocol that delivers the basis of all data transmissions on the World Wide Web (www), where a request-response model allows a web user to request something from a web server, which provides resources like HTML files and other multimedia files.

I

ISO/IEC 27001

This is a global standard on how to handle information security. It was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It describes provisions for inaugurating, executing, sustaining, and continuously improving the information security management system (ISMS) — the aim of which is to help organizations make the information assets they hold more secure.

Indicator of Compromise (IoC)

This is an antique marked on a network or in an operating system that, with high enthusiasm, exhibits a computer intrusion.

Incident Response

As Per NIST SP 800–61, incident response is rapidly detceting or witnessing incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and revitalizing IT services.

Identification

The methodology of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

Insider Threat

The danger or hazard that an insider will use her/his authorized access, wittingly or unwittingly, to damage the security of the organization and/or its systems.

Integrity

Protecting against inappropriate information modification or demolition, and encloses ensuring data non-repudiation and authenticity.

IP Address

An IP address is a numerical label such as 192.168.2.1 that is connected to a computer network that utilizes the (IP) Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing.

Intrusion Detection System (IDS)

It’s a system that detects attacks by grabbing and investigating network packets. Listening on a network element or switch, one network-based IDS can scan the network traffic impacting multiple hosts that are connected to the network segment.

Intrusion Prevention System (IPS)

A technique or a system that can detect an nosy activity and can also attempt to stop the activity, ideally before it reaches its targets.

Infrastructure as a Service (IaaS)

In this cloud service model, the capacity provided to the client is to provision processing, storage, networks, and other essential computing resources where the client can deploy and run arbitrary software, which can include operating systems and applications. The client does not handle or regulate the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited power of select networking components (e.g., host firewalls)

Internet Control Message Protocol (ICMP)

In Internet communications, this protocol delivers status and error messages about whether a host or service is available. For example, if you try to navigate to a website and it is not available, this protocol is used to intercommunicate that status. It is not used for actually sending
data the way that TCP and UDP do.

Internet Protocol (IP)

The Internet Protocol (IP) is the collection of controls used for forwarding datagrams across network borders and adequately routing and relaying packets from a source host to a destination. IPv4 has been the predominant version; however, since 2006, IPv6 has begun to replace it and provide more available addresses, as well as better security and quality.

Internet Message Access Protocol (IMAP)

This protocol is the set of measures used by email clients to recover email messages from a mail server.

L

Likelihood in Cyber Security

A weighted characteristic established on a impressionistic breakdown of the probability that a given threat is capable of exploiting a given exposure or a set of exposures.

Lightweight Directory Access Protocol (LDAP)

This is a protocol which provides the prototype for possessing directory information services on a network to provide information about users, systems, networks, services, and applications that are available on a network. There’s also a LDAP Secure (LDAPS) which is a secure encrypted version of this protocol.

M

Mandatory Access Control

An access control approach where access judgments are made by a central administration, not by the respective owner of an entity.

Man in the Middle

An attack where the enemy places himself in between the user and the system so that he can intercept and modify data traveling between them.

Multi-factor Authentication (MFA)

An authentication approach that needs more than one of the following to attest a user like Something the user knows (like a password), something the user has (like a token or similar device), and/or something the user is (biometrics).

Mantrap

A mantrap is a physical security access control system
including a small space with two sets of interlocking doors, such that the first set of entrances must close before the second set unlocks.

MITRE ATT&CK Framework

A framework sustained by the MITRE Corporation that describes Adversarial Tactics, Strategies & Common Knowledge to describe how cybersecurity threat actors perform attacks.

N

Network

It’s a system enforced with a pack of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.

Non-Repudiation

Assurance that the sender of data is provided with evidence of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.

Need to Know

Judgment made by an approved holder of official information that a forthcoming recipient needs access to specific official information to carry out authorized duties.

Network Time Protocol (NTP)

It’s a protocol that provides the regulations and standards for clock synchronization between computer systems.

Network File System (NFS)

This is a distributed file system protocol that allows a user to access files over a network. In which NFS v4 provides robust security.

O

Oversized Packet Attack

An attack is where a threat hacker transmits a network packet that is more extensive than predicted or larger than the receiving system can tolerate. This can be a type of Denial of Service attack.

P

Packet

This is the logical unit of network communications produced by the transport layer.

Payment Card Industry Data Security Standard (PCI DSS)

An information security standard allocated by the Payment Card Industry Security Standards Council is for organizations that handle impressed credit cards from major card schemes.

Phishing

A method for attempting to acquire sensitive data, such as bank account numbers, through a deceitful solicitation in email or on a website, in which the perpetrator masquerades as an honest business or reputable person.

Payload

Consists of the data handed down from the previous layer.

Plaintext

Data that has not been encrypted; comprehensible data that has a purpose and can be understood without the application of decryption.

Personally Identifiable Information (PII)

Data that can be used to differentiate or trace an individual’s identity — such as name, national id number, biometric data records — either independently or when integrated with other confidential or identifying information that is linked or linkable to a specific person (e.g., date and place of birth, mother’s maiden name, etc.).

Principle of Least Privilege

The regulation is that a security architecture should be designed so that each entity is granted the minimum system resources and permissions that the entity needs to execute its function.

Privilege Escalation

The exploitation of a bug or defect in the system that allows for a higher privilege level than what would typically be allowed.

Protocol

A collection of regulations (i.e., concerning layouts and procedures) to enforce and control some type of connection (e.g., communication) between systems.

Private Cloud

The cloud infrastructure is provisioned for sole use by a single organization incorporating multiple consumers (e.g., business units). It may be owned, managed, and utilized by the organization, a third party, or some mixture of them, and it may exist on or off premises.

Platform as a Service (PaaS)

It is a cloud service instance where the ability delivered to the consumer is to deploy onto the cloud infrastructure consumer-created or obtained applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not operate or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and perhaps configuration settings for the application-hosting environment.

Public Cloud

In this cloud deployment model, the cloud infrastructure is provisioned for available and is utilized by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

R

Risk Management

It’s the methodology of controlling risks to administrative operations (including mission, functions, image, or reputation), corporate assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the enactment of a risk mitigation process; and (iii) engagement of techniques and approaches for the constant monitoring of the security state of the information system.

Router

A computer that is a gateway between two networks at OSI layer 3 and that relays and handles data packets through that inter-network. The most common form of router operates on IP packets.

Remote Code Execution (RCE)

In a Remote Code Execution (RCE) attack, a threat actor will have already gained access to a target device (possibly via phishing or another form of social engineering), and then the attacker will remotely launch some sort of code, such as malware or even already existing code on the target network, to conduct some sort of malicious action.

Role-Based Access Control (RBAC)

An authorization system built on Azure Resource Manager that is used to provide granulated access to Azure resources based on roles. It uses three elements: security principal, role definition, and scope.

Recovery Time Objective (RTO)

The across-the-board length of time an information system’s elements can be in the recovery phase before negatively affecting the organization’s mission or mission/business operations. Another way of looking at this is that it is the portion of time in which you need to fix systems after a disaster or catastrophe to avoid an inappropriate circumstances for the business.

Recovery Point Objective (RPO)

The point in time to which data must be recovered after an outage. Another way of looking at this is that it correlates to how often you should create backups of your data because if a disaster should hit between backups, this would be the amount of data you would lose. Possibly your backups are created every three hours. If you were to lose three hours of data, would that be adequate for your business or would that be too great of a loss? When you are planning for a disaster, you need to consider this and make modifications to your backup processes consequently.

S

Secure Shell (SSH)

SSH is a cryptographic network protocol used for secure remote login and
command-line execution. Its non-secure replica is Telnet.

Security Orchestration Automation and Response (SOAR)

A SOAR integrates various software tools that allow an organization to collect data about security threats and answer to security events without human assistance. A SOAR platform has three main components which are known as orchestration, automation, and response.

Side-Channel Attack

An attack facilitated by leakage of data from a physical cryptosystem. Factors that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and auditory emissions.

Sarbanes-Oxley Act (SOX)

This act places requirements on all U.S. public company boards of directors and management and public accounting firms. Several requirements of the act also devote to privately held companies, such as the deliberate devastation of proof to interfere a national investigation.

Segregation of Duties

This term is also known as Separation of Duties, this phrase directs to the focus that no user should be given enough rights to misuse the system on their own. For example, the person privileging a paycheck should not also be the one who can qualify them. Separation of duties can be implemented either statically (by defining conflicting roles, i.e., roles which cannot be committed by the same user) or dynamically (by enforcing the control at access time).

Security Information and Event Management (SIEM)

A SIEM includes software products and services that integrate security information management (SIM) and security event management (SEM). They provide real-time breakdown of security alerts generated by applications and network hardware.

Security Education, Training, and Awareness (SETA)

There is no authorized illustration for this, but just be conscious that it refers to the security training and awareness that an organization provides for its employees. It contains everything from proper classroom training to online training modules and posters and reminders placed throughout the workplace.

Security Control

Protection or countermeasure defined for an information system or an organization planned to protect the confidentiality, integrity, and availability of its data and to meet a set of defined security prerequisites.

Server

A computer or device on a network that handles network resources. Examples include file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries).

Segmentation

A network security method that violates a network down into smaller LANs with firewalls at each connection point to assure that each LAN remains secure.

Server Message Block (SMB)

This protocol is the prototype for sharing access to files and printers across nodes on a network. Another protocol that can do the same thing but in a secure mode is also known as Network File System (NFS).

Spoofing

It is the intentional enticement of a user or resource to take inaccurate action. like Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. A specific illustration of spoofing is where a threat actor fakes the sending address of communication to gain illegal entry into a secure system.

Symmetric Encryption

It is the use of encryption algorithms utilizing an identical secret key for encryption and decryption.

Security File Transfer Protocol (SFTP)

SFTP is a network protocol that delivers file access, file transfer, and file management over any dedicated data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities.

Software

Computer programs and associated data that can be dynamically documented and changed during implementation.

Software as a Service (SaaS)

It is a cloud service instance where the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are available from various client devices via either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The client does not operate or manage the underlying cloud infrastructure including network, servers, operating systems, storage, or even unique application capabilities, with the possible exception of limited user-specific application configuration settings.

SQL Injection

The sort of attack that manipulates websites that authorize the attacker to pass malicious and antagonistic and insufficiently-evaluated user information to database back-ends.

Simple Network Management Protocol (SNMP)

This is a prototype for organizing and managing data related to network management and monitoring.

Simple Mail Transport Protocol (SMTP)

It’s a primary protocol utilized to transmit electronic mail messages on the Internet.

Switch

A device that conducts incoming data from any of numerous input ports to the specific output port that will take the data toward its planned destination.

T

Threat Actor

An individual or a group posing a threat.

Trojan

A useful or ostensibly useful program that includes secret code of a malicious character that executes when the program is invoked. Oftentimes, it possesses a backdoor that allows the threat actor to gain access after it is installed.

Telnet

Telnet is an application protocol utilized for text-based transmission with a remote host.

Transmission Control Protocol (TCP)

The Transmission Control Protocol (TCP) is the collection of practices used to demonstrate a connection between a client and server before data can be sent. It concerns a three-way handshake to demonstrate that connection, and it also involves error-checking to ensure the connection is good. These standards add to the trustworthiness of this protocol but also add latency.

Transmission Control Protocol/Internet Protocol (TCP/IP) Model

It’s a network model with four layers: link, internet, transport, and application. Used together, these layers utilize a suite of protocols to depart or pass data through the layers in a certain order when a user sends information and then again in reverse order when the data is received. The main protocols used are the TCP (Transmission Control Protocol), IP (Internet Protocol), and UDP (User Datagram Protocol). The TCP/IP Standard predates the OSI Model, which uses seven layers to represent this network communication process.

U

User Datagram Protocol

The User Datagram Protocol (UDP), is the set of controls used to construct connectionless transmission for the objectives of transmitting datagrams to other hosts on an IP network. Unlike TCP, it does not involve a handshake to designate a connection; however, it does provide checksums for data integrity and port numbers for addressing. UDP is used in cases where error checking and connections are unneeded and time sharpness is of highest preference.

V

VPN

A Virtual Private Network is built on top of existing networks that can deliver a secure communications means for transmission between networks.

Vulnerability

Fault or weakness in an information system, system security techniques, internal controls, or a performance that could be exploited or initiated by a threat source.

Virus

A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrode or delete data on a computer, use e-mail programs to extend itself to other computers, or even erase everything on a hard disk.

VLAN

A Virtual Local Area Network is a analytical group of workstations, servers, and network devices. It is partitioned and separated within a network at the data link layer. A single physical local area network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices on one or more physical LANs can be configured to communicate within the same VLAN, as if they were connected to the same physical LAN.

W

Worm

A computer program that can run independently, can reproduce an entire working version of itself onto other hosts on a network and may destroy computer resources destructively.

Web Shell

A web shell is a shell-like interface that allows a web server to be remotely accessed, often for cyberattacks. A web shell is exceptional in that a web browser is used to interact with it.

WLAN

A wireless area network is a group of computers and devices that are located in the same surroundings, forming a network founded on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN.

Z

Zero Trust

A prototype based on withdrawing the arrangement thought that the network has any trusted space. Security is controlled at each potential level, denoting the finest asset. Microsegmentation of workloads is a mechanism of this model.

Zero Day Attack

An attack that exploits a previously unknown hardware, firmware, or software vulnerability.