The Dummies Guide to Cyber Security Terminology

The A-Z guide on Cyber Security Terminology brought to you by MetaCompliance.

A-Z Cyber Security Terminology

Adware – Adware refers to any piece of software or application that displays advertisements on your
computer.

Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorised
user gains access to a system or network without being detected.

Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove
malware.

Artificial Intelligence – Artificial intelligence (AI) refers to the simulation of human intelligence in
machines that are programmed to think like humans and mimic their actions.

Attachment – An attachment is a computer file sent with an email message.

Authentication – Authentication is a process that ensures and confirms a user’s identity.

Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a
restricted part of a computer system.

Backup – To make a copy of data stored on a computer or server to reduce the potential impact of
failure or loss.

Baiting – Online baiting involves enticing a victim with an incentive.

Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances.

Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or
malice.

Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and
mobile devices that are infected and controlled by a common type of malware.

Broadband – High-speed data transmission system where the communications circuit is shared between
multiple users.

Browser – A browser is software that is used to access the internet. The most popular web browsers are
Chrome, Firefox, Safari, Internet Explorer, and Edge.

Brute Force Attack – Brute force attack is an activity which involves repetitive successive attempts of
trying various password combinations to break into any website.

Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly
quit or behave in an unintended manner.

BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their
organisational networks.

Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an
attacker creates an invisible page or an HTML element that overlays the legitimate page.

Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store,
manage, and process data, rather than a local server or a personal computer.
Cookie – Cookies are small files which are stored on a user’s computer. Cookies provide a way for the
website to recognize you and keep track of your preferences.

Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in
computer software.

Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against
another.

Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a
system without the knowledge or authorization of the system’s owner.

Data Server – Data server is the phrase used to describe computer software and hardware that delivers
database services.

DDoS Attack – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal
traffic of a targeted server, service or network by overwhelming the target or its surrounding
infrastructure with a flood of Internet traffic.

Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered,
with the help of AI.

Domain name – The part of a network address which identifies it as belonging to a particular domain.

Domain Name Server – A server that converts recognisable domain names into their unique IP address

Download – To copy (data) from one computer system to another, typically over the Internet.
Exploit – A malicious application or script that can be used to take advantage of a computer’s
vulnerability.

Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses,
and worms that try to reach your computer over the Internet.

Hacking – Hacking refers to an unauthorised intrusion into a computer or a network.

Honeypot – A decoy system or network that serves to attract potential attackers.

HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages
and web applications.

Identity theft – Identity theft is a crime in which someone uses personally identifiable information in
order to impersonate someone else.

Incident Response Plan – An incident response policy is a plan outlying organisation’s response to an
information security incident.

Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around
the world that are now connected to the internet, collecting and sharing data.

IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP

address allows a device to communicate with other devices over an IP-based network like the internet.

IOS – An operating system used for mobile devices manufactured by Apple.

Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard,
typically in a covert manner so that you are unaware actions are being monitored.
Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer,
server, or computer network.

Malvertising – The use of online advertising to deliver malware.

Memory stick – A memory stick is a small device that connects to a computer and allows you to store
and copy information.

MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage
and transmission.

Multi-Factor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s

identity by requiring them to provide more than one piece of identifying information.

Packet Sniffer – Software designed to monitor and record network traffic.

Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications
between browser and web server are encrypted.

Patch – A patch is a piece of software code that can be applied after the software program has been
installed to correct an issue with that program.

Penetration testing – Penetration testing (also called pen testing) is the practice of testing a computer
system, network or Web application to find vulnerabilities that an attacker could exploit.

Phishing – Phishing is a method of trying to gather personal information using deceptive e-mails and
websites.
Policy Management – Policy Management is the process of creating, communicating, and maintaining
policies and procedures within an organisation.

Proxy Server – A proxy server is another computer system which serves as a hub through which internet
requests are processed.

Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into
disclosing sensitive information.

Ransomware – A type of malicious software designed to block access to a computer system until a sum
of money is paid.

Rootkit – Rootkits are a type of malware designed to remain hidden on your computer.

Router – A router is a piece of network hardware that allows communication between your local home
network and the Internet.

Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other
goods from an unsuspecting person.

Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading
potentially dangerous software.

Security Awareness Training – Security awareness training is a training program aimed at heightening
security awareness within an organisation.

Security Operations Centre (SOC) – A SOC monitors an organisation’s security operations to prevent,
detect and respond to any potential threats.
Server – A server is a computer program that provides a service to another computer programs (and its
user).

Smishing – Smishing is any kind of phishing that involves a text message.

Spam – Spam is slang commonly used to describe junk e-mail on the Internet.

Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential
information.

Software – Software is the name given to the programs you will use to perform tasks with your
computer.

Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or
individual, seeking unauthorized access to sensitive information.

Spyware – Spyware is a type of software that installs itself on a device and secretly monitors a victim’s
online activity.

Tailgating – Tailgating involves someone who lacks the proper authentication following an employee
into a restricted area.

Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface.

Traffic – Web traffic is the amount of data sent and received by visitors to a website.

Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers
to disguise as legitimate software to gain access to target users’ systems.
Two-Factor Authentication – Two-factor authentication (2FA), often referred to as two-step verification,
is a security process in which the user provides two authentication factors to verify they are who they
say they are.

USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices
such as digital cameras, printers, scanners, and external hard drives.

Username – A username is a name that uniquely identifies someone on a computer system.

Virus – A computer virus is a malicious software program loaded onto a user’s computer without the
user’s knowledge and performs malicious actions.

VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by
creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP)
address so your online actions are virtually untraceable.

Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack.

Vishing – Vishing is the telephone equivalent of phishing. It is an attempt to scam someone over the
phone into surrendering private information that will be used for identity theft.

Whaling – Whaling is a specific form of phishing that’s targeted at high-profile business executives and
managers.

Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform
vulnerability assessments for companies.
Worm – A computer worm is a malware computer program that replicates itself in order to spread to
other computers.

Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the
Internet or communicate with one another wirelessly within a particular area.

Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems.