3/10/2021 NCSC glossary - NCSC.GOV.

UK

I NFORMAT I ON

NCSC glossary
T he NCSC glossary - a set of straightforward definitions for common cyber security
terms

ant ivirus
Software that is designed to detect, stop and remove viruses and other kinds of
malicious software.

app
Short for Application, typically refers to a software program for a smartphone or
tablet.

at t acker
Malicious actor who seeks to exploit computer systems with the intent to change,
destroy, steal or disable their information, and then exploit the outcome.

bot net
A network of infected devices, connected to the Internet, used to commit
coordinated cyber attacks without their owner's knowledge.

breach
An incident in which data, computer systems or networks are accessed or
affected in a non-authorised way.

https://www.ncsc.gov.uk/information/ncsc-glossary 1/10
 3/10/2021 NCSC glossary - NCSC.GOV.UK

browser
A software application which presents information and services from the web.

brut e force at t ack

Using a computational power to automatically enter a huge number of
combination of values, usually in order to discover passwords and gain access.

bring your own device (BYOD)

An organisation's strategy or policy that allows employees to use their own
personal devices for work purposes.

cert ificat e
A form of digital identity for a computer, user or organisation to allow the
authentication and secure exchange of information.

cloud
Where shared compute and storage resources are accessed as a service (usually
online), instead of hosted locally on physical services. Resources can include
infrastructure, platform or software services.

credent ials
A user's authentication information used to verify identity - typically one, or more,
of password, token, certificate.

cyber at t ack
Malicious attempts to damage, disrupt or gain unauthorised access to computer
systems, networks or devices, via cyber means.

cyber incident
A breach of the security rules for a system or service - most commonly;

Attempts to gain unauthorised access to a system and/or to data.

Unauthorised use of systems for the processing or storing of data.

https://www.ncsc.gov.uk/information/ncsc-glossary 2/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

Changes to a systems firmware, software or hardware without the system

owners consent.

Malicious disruption and/or denial of service.

cyber securit y
The protection of devices, services and networks — and the information on them
— from theft or damage.

dat a at rest
Describes data in persistent storage such as hard disks, removable media or
backups.

deny list
An access control mechanism that blocks named entities from communicating
with a computer, site or network. Can also be known as 'blacklisting' across the
industry.

dict ionary at t ack

A type of brute force attack in which the attacker uses known dictionary words,
phrases or common passwords as their guesses.

digit al foot print

A 'footprint' of digital information that a user's online activity leaves behind.

denial of service (DoS)

When legitimate users are denied access to computer services (or resources),
usually by overloading the service with requests.

download at t ack
The unintentional installation of malicious software or virus onto a device without
the users knowledge or consent. May also be known as a drive-by download.

https://www.ncsc.gov.uk/information/ncsc-glossary 3/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

encrypt ion
A mathematical function that protects information by making it unreadable by
everyone except those with the key to decode it.

end user device (EUD)

Collective term to describe modern smartphones, laptops and tablets that
connect to an organisation's network.

exploit
May refer to software or data that takes advantage of a vulnerability in a system
to cause unintended consequences.

firewall
Hardware or software which uses a defined rule set to constrain network traffic to
prevent unauthorised access to or from a network.

hacker
In mainstream use as being someone with some computer skills who uses them
to break into computers, systems and networks.

honeypot (honeynet )
Decoy system or network to attract potential attackers that helps limit access to
actual systems by detecting and deflecting or learning from an attack. Multiple

https://www.ncsc.gov.uk/information/ncsc-glossary 4/10
 3/10/2021 NCSC glossary - NCSC.GOV.UK

honeypots form a honeynet.

incident
A breach of the security rules for a system or service, such as:

attempts to gain unauthorised access to a system and/or data

unauthorised use of systems for the processing or storing of data

changes to a systems firmware, software or hardware without the system

owners consent

malicious disruption and/or denial of service

insider risks
The potential for damage to be done maliciously or inadvertently by a legitimate
user with privilleged access to systems, networks or data.

Int ernet of t hings (IoT)

Refers to the ability of everyday objects (rather than computers and devices) to
connect to the Internet. Examples include kettles, fridges and televisions.

macro

https://www.ncsc.gov.uk/information/ncsc-glossary 5/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

A small program that can automate tasks in applications (such as Microsoft

Office) which attackers can use to gain access to (or harm) a system.

malvert ising
Using online advertising as a delivery method for malware.

malware
Malicious software - a term that includes viruses, trojans, worms or any code or
content that could have an adverse impact on organisations or individuals.

mit igat ion

Steps that organisations and individuals can take to minimise and address risks.

net work
Two or more computers linked in order to share resources.

pat ching
Applying updates to firmware or software to improve security and/or enhance
functionality.

pent est
Short for penetration test. An authorised test of a computer network or system
designed to look for security weaknesses so that they can be fixed.

pharming

https://www.ncsc.gov.uk/information/ncsc-glossary 6/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

An attack on network infrastructure that results in a user being redirected to an

illegitimate website despite the user having entered the correct address.

phishing
Untargeted, mass emails sent to many people asking for sensitive information
(such as bank details) or encouraging them to visit a fake website.

plat form
The basic hardware (device) and software (operating system) on which
applications can be run.

ransomware
Malicious software that makes data or systems unusable until the victim makes a
payment.

rout er
A network device which sends data packets from one network to another based
on the destination address. May also be called a gateway.

soft ware as a service (SaaS)

Describes a business model where consumers access centrally-hosted software
applications over the Internet.

sanit isat ion

Using electronic or physical destruction methods to securely erase or remove
data from memory.

https://www.ncsc.gov.uk/information/ncsc-glossary 7/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

smishing
Phishing via SMS: mass text messages sent to users asking for sensitive
information (eg bank details) or encouraging them to visit a fake website.

social engineering
Manipulating people into carrying out specific actions, or divulging information,
that's of use to an attacker.

spear-phishing
A more targeted form of phishing, where the email is designed to look like it's from
a person the recipient knows and/or trusts.

t rojan
A type of malware or virus disguised as legitimate software, that is used to hack
into the victim's computer.

t wo-fact or aut hent icat ion (2FA)

The use of two different components to verify a user's claimed identity. Also
known as multi-factor authentication.

virus
Programs which can self-replicate and are designed to infect legitimate software
programs or systems. A form of malware.

https://www.ncsc.gov.uk/information/ncsc-glossary 8/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

Virt ual Privat e Net work (VPN)

An encrypted network often created to allow secure connections for remote
users, for example in an organisation with offices in multiple locations.

vulnerabilit y
A weakness, or flaw, in software, a system or process. An attacker may seek to
exploit a vulnerability to gain unauthorised access to a system.

wat er-holing (wat ering hole at t ack)

Setting up a fake website (or compromising a real one) in order to exploit visiting
users.

whaling
Highly targeted phishing attacks (masquerading as a legitimate emails) that are
aimed at senior executives.

zero-day
Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus
companies, that hackers can exploit.

PUBLISHED

23 November 2016

REVIEWED

https://www.ncsc.gov.uk/information/ncsc-glossary 9/10
3/10/2021 NCSC glossary - NCSC.GOV.UK

5 January 2018

https://www.ncsc.gov.uk/information/ncsc-glossary 10/10