Glossary
Cybersecurity Terms Explained
No jargon, no fluff. Plain-English definitions of cybersecurity terms that actually matter to your business.
8
A
Acceptable Use Policy (AUP)
An AUP tells employees what they can and cannot do with work computers and internet - like rules for using company cars but for technology.
Access Control
Access control is making sure people can only get into the rooms they need for their job. The janitor has keys to closets, not the safe. The accountant can see financial records, not HR files. It's about giving everyone the minimum access they need - and nothing more.
Access Review
Access reviews check if people still need their access - like going through keys and making sure only current employees have copies.
Adversarial Machine Learning
Adversarial ML is tricking AI by giving it confusing inputs - like putting a sticker on a stop sign that makes self-driving cars ignore it.
Adware
Adware fills your screen with pop-ups and ads you didn't ask for. It often sneaks onto your computer bundled with free software. While not always dangerous, it slows down your computer and can track what you do online to show you 'personalized' ads.
AI Security
AI security works both ways - protecting AI systems from being tricked or hacked, and using AI to catch cyber threats faster.
API Gateway
An API gateway is the front door for all your APIs - it checks IDs, controls traffic, and keeps out unwanted visitors.
API Security
API security protects the connections between applications - like securing the phone lines that different programs use to talk to each other.
Application Security Testing (AST)
AST is testing your apps for security bugs - using different methods to find different types of vulnerabilities.
APT
APTs aren't smash-and-grab attacks. They're patient, well-funded operations that infiltrate networks and stay hidden for months or years. Think government spies, not random hackers.
ARP Spoofing
On your local network, computers find each other using ARP. ARP spoofing tricks computers into sending their traffic through the attacker's machine first. It's like redirecting all office mail through a spy's desk before it reaches the recipient.
Asset Management
Asset management is keeping track of all your stuff - knowing what computers, software, and data you have and where they are.
Attack Surface Management (ASM)
ASM finds all the ways attackers could get in - discovering exposed assets you might not even know about.
Audit Finding
An audit finding is something an auditor says needs to be fixed - like a report card telling you where you need to improve.
Audit Trail
An audit trail is like a security camera for your computer systems - it records everything that happens so you can go back and see who did what and when.
AWS CloudTrail
CloudTrail is AWS security camera - it records every action taken in your AWS account so you can see what happened.
B
Backdoor
A backdoor is a secret entrance attackers leave behind. Even if you fix how they got in originally, the backdoor lets them come back whenever they want. Finding and closing all backdoors is crucial after a breach.
Backup
A backup is making copies of your important files and keeping them somewhere safe. If your computer crashes, gets stolen, or is attacked by ransomware, you can restore everything from your backup. It's like having spare keys to your house - if you lose one set, you're not locked out forever.
Bandwidth Monitoring
Bandwidth monitoring watches how much data flows on your network - sudden spikes might mean an attack or data theft.
BGP Security
BGP security protects internet routing - it stops attackers from redirecting your traffic through their networks.
Blockchain Security
Blockchain security protects crypto and smart contracts - the code and systems that manage digital assets need protection too.
Blue Team
Blue teamers are the defenders. They build the walls, watch the cameras, and respond when alarms go off. While red teams attack, blue teams defend.
Botnet
A botnet is like an army of hijacked computers. When your computer gets infected with certain malware, it becomes a 'zombie' that takes orders from a criminal mastermind. Together with thousands of other infected computers, it can be used to attack websites, send spam, or mine cryptocurrency - all without you knowing.
Brand Protection
Brand protection stops criminals from pretending to be your company - catching fake websites and scam emails.
Breach and Attack Simulation (BAS)
BAS is automated penetration testing that runs all the time - it checks if your defenses actually work against real attacks.
Breach Notification
Breach notification is telling people when their data gets stolen - most privacy laws say you have to let people know quickly so they can protect themselves.
Bring Your Own Key (BYOK)
BYOK lets you bring your own lock to the cloud storage unit - you control the key, so even the cloud company cannot peek inside.
Brute Force Attack
A brute force attack is like trying every possible combination on a lock until it opens. Computers can try millions of passwords per second. Simple passwords like '123456' get cracked instantly. Long, complex passwords take years or centuries to crack this way.
Bucket Policy
A bucket policy is the rulebook for who can access your cloud storage - it lists exactly who can read, write, or delete files.
Business Continuity Plan
A business continuity plan answers: How do we keep running if systems go down? Who does what? Where do we work? How do we communicate? Planning for disaster before disaster strikes.
Business Email Compromise (BEC)
BEC is when scammers pretend to be your boss or a vendor via email and ask you to wire money or share sensitive info. They might hack your CEO's actual email or create a lookalike address like [email protected] instead of [email protected]. These aren't obvious scam emails - they're carefully crafted to look legitimate.
Business Impact Analysis (BIA)
A BIA figures out what happens if things break - which systems are most important and how long you can live without them before causing serious problems.
C
CASB
CASB is a security guard for cloud apps. It watches what employees do in Dropbox, Salesforce, and other cloud services, and can block risky actions like sharing files publicly.
Change Management
Change management is having a plan before making changes - like thinking through how to move furniture before just shoving things around.
Chaos Engineering
Chaos engineering breaks things on purpose - to find out how systems fail before real problems happen.
Cloud Access Security Broker (CASB)
A CASB is a security checkpoint between your employees and cloud apps - it watches what data goes where and blocks risky behavior.
Cloud Compliance
Cloud compliance is proving your cloud setup follows all the rules - like passing safety inspections for your cloud infrastructure.
Cloud Encryption
Cloud encryption scrambles your data so only you can read it - even if someone breaks into the cloud, they just see gibberish.
Cloud Forensics
Cloud forensics is detective work in the cloud - gathering evidence to understand what happened during a security incident.
Cloud Guardrails
Guardrails are like bumpers on a bowling lane - they prevent your cloud configurations from going in dangerous directions.
Cloud IAM
Cloud IAM is the bouncer and access list for your cloud - it checks who is allowed in and what each person is permitted to do.
Cloud Identity
Cloud identity is your digital ID card for the cloud - it proves who you are and controls what cloud resources you can access.
Cloud Incident Response
Cloud incident response is your emergency plan for cloud security problems - knowing what to do when something goes wrong.
Cloud Logging
Cloud logging records everything happening in your cloud - like security cameras that capture who did what and when.
Cloud Monitoring
Cloud monitoring is like having a dashboard showing everything happening in your cloud - you see problems as soon as they start.
Cloud Native Application Protection Platform (CNAPP)
CNAPP is an all-in-one cloud security toolkit - it protects your cloud from misconfigurations to runtime threats in one platform.
Cloud Native Security
Cloud native security is built for modern cloud apps - protecting containers, APIs, and serverless functions the way they need.
Cloud Penetration Testing
Cloud pen testing is hiring ethical hackers to try breaking into your cloud - they find holes so you can fix them first.
Cloud Security Assessment
A cloud security assessment is a health checkup for your cloud - experts examine everything to find security problems.
Cloud Security Posture Management (CSPM)
CSPM is like having a security guard who constantly checks that all your cloud doors are locked and windows are closed - it alerts you when something is misconfigured.
Cloud Storage Security
Cloud storage security is locking up your cloud file cabinet - making sure only authorized people can see files and everything is encrypted.
Cloud Workload Protection Platform (CWPP)
CWPP protects the actual programs running in the cloud - whether they are in containers, virtual machines, or serverless - like bodyguards for your cloud apps.
Command and Control (C2)
When malware infects your computer, it needs to phone home to the hackers for instructions. Command and control (C2) is how hackers talk to their malware - telling it what to steal, when to attack, or how to spread. Blocking C2 traffic can stop an attack in its tracks.
Compensating Control
A compensating control is a backup security measure - when you cannot use a lock, you might use a guard instead.
Compliance Framework
A compliance framework is like a checklist that tells you everything you need to do to follow the rules - it breaks down big requirements into manageable steps.
Computer Worm
Unlike viruses that need you to click something, worms spread by themselves across networks. They find vulnerable computers and infect them automatically, then use those to infect more. One worm can spread to millions of computers in hours without anyone clicking anything.
Confidential Computing
Confidential computing protects data even while it is being used - like a secure room where you can work on secrets safely.
Configuration Management
Configuration management is keeping track of how all your systems are set up - like having a manual for every machine so you know exactly how it should be configured.
Consent Management
Consent management is keeping track of all the permissions people give you - like remembering who said yes to receiving marketing emails and who said no.
Container Security
Container security protects apps packaged in containers - making sure both the package and what is inside are safe at every stage.
Continuous Monitoring
Continuous monitoring is always watching for problems - like security cameras that never turn off instead of checking once a day.
Control Testing
Control testing is checking if your security actually works - like testing if the fire alarm goes off when there is smoke.
Cookie Consent
Cookie consent is asking visitors if it is okay to remember things about them - those pop-ups you see asking about cookies are websites trying to get your permission.
Credential Monitoring
Credential monitoring alerts you when employee passwords appear in data breaches - so you can change them fast.
Credential Stuffing
Credential stuffing is when hackers take passwords stolen from one website and try them everywhere else. If your Netflix password was stolen and you used the same password for your bank, they'll get into your bank too. Hackers use automated tools to try millions of stolen passwords across hundreds of websites in minutes.
Cross-Border Data Transfer
Cross-border transfer is sending personal data to another country - like shipping a package internationally, there are rules about what can go where.
Cross-Site Scripting (XSS)
XSS is when hackers sneak their code onto a legitimate website. When you visit that page, their code runs in your browser as if it came from the real site. They can steal your login cookies, redirect you to fake sites, or make your browser do things without your permission.
Cryptojacking
Cryptojacking turns your computer into a cryptocurrency mine for criminals. Your computer does all the work (and uses all the electricity), but they get the crypto. Your computer gets slow, your electric bill goes up, and you get nothing. It can happen through malware or just visiting a sketchy website.
CVE
CVE is the naming system for security bugs. Each vulnerability gets a unique ID like CVE-2024-12345. When someone says 'patch CVE-2024-12345,' everyone knows exactly which bug they mean.
CVSS
CVSS gives each vulnerability a danger score from 0 to 10. A 9.8 is 'drop everything and patch now.' A 3.1 is 'add it to the list.' It helps you prioritize what to fix first.
Cyber Insurance
Cyber insurance is like car insurance but for hacking. If your business gets hit by a cyberattack, insurance can help pay for the damage - forensics, lawyers, notifying customers, even lost business while you're down. Some policies even include access to incident response experts who help you through a crisis.
Cyber Kill Chain
The kill chain breaks attacks into steps: reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives. Stop any step and you stop the attack.
Cyber Range
A cyber range is a practice battlefield for security teams - they can train on realistic attacks without risking real systems.
Cyber Threat Intelligence (CTI)
CTI is learning about your enemies - understanding who attacks organizations like yours and how they do it.
D
Dark Web
The dark web is like a hidden neighborhood on the internet that you can't find with Google. You need special software to get there, and everyone wears masks (anonymity). While some people use it for privacy, it's also where criminals sell stolen passwords, credit cards, and business data - often within hours of stealing it.
Dark Web Monitoring
Dark web monitoring watches criminal forums - looking for stolen data, planned attacks, or mentions of your organization.
Data Breach
A data breach is when someone who shouldn't have access to your business information gets their hands on it. It's like if someone broke into your office and photocopied all your customer files. The difference is that digital breaches can affect thousands or millions of records in seconds, and the thieves can be anywhere in the world.
Data Classification
Data classification is like sorting your belongings into categories - some things are super valuable and need a safe, while others are fine on a shelf.
Data Controller
A data controller is the boss of your data - they decide why and how your information gets used and are responsible if something goes wrong.
Data Exfiltration
Data exfiltration is the getaway - it's when hackers actually steal your data by sending it out of your network to themselves. They might compress it, encrypt it, or disguise it as normal traffic. Once data leaves your network, you've lost control of it forever.
Data Minimization
Data minimization means only taking what you need - like asking for just an email address instead of collecting home address, phone, and birthday when not necessary.
Data Processor
A data processor is like a contractor you hire to handle data for you - they follow your instructions but you are still responsible for making sure things are done right.
Data Protection Officer (DPO)
A DPO is like a privacy guardian for an organization - they make sure the company follows all the rules about protecting people personal information.
Data Retention
Data retention is deciding how long to keep different types of information - like knowing when to throw away old receipts versus keeping tax documents for years.
Data Subject Rights
Data subject rights are your rights over your own information - like being able to see what a company knows about you, fix mistakes, or ask them to delete everything.
DDoS (Distributed Denial of Service)
A DDoS attack is like thousands of people calling your business phone at the same time so real customers can't get through. Your website or service gets so overwhelmed with fake requests that it crashes or becomes too slow to use. The attackers aren't breaking in - they're just drowning you in traffic.
Deception Technology
Deception tech fills your network with fake files, fake credentials, and fake servers. Attackers waste time on fakes while revealing themselves. It's honeypots on steroids.
Deep Packet Inspection (DPI)
DPI opens and reads network packets - not just checking the address but examining the contents inside.
Deepfake
Deepfakes are fake videos or audio made by AI - they can make anyone appear to say or do anything.
Defense in Depth
Don't rely on one lock. Use multiple layers - firewall, antivirus, EDR, training, monitoring. If attackers get past one defense, they hit another. No single point of failure.
Detection Engineering
Detection engineering builds the alarms for security threats - writing rules that catch bad guys while ignoring false alarms.
DevSecOps
DevSecOps puts security into every step of building software - instead of checking security at the end, it is built in from the start.
Differential Privacy
Differential privacy adds carefully calculated noise to data - you get accurate trends without being able to identify individuals.
Digital Identity
Digital identity is your online ID - the way you prove who you are to websites and apps.
Digital Risk Protection (DRP)
DRP watches the internet for threats to your organization - from stolen data to fake websites to criminal discussions.
Disaster Recovery Plan
Disaster recovery is how you rebuild after catastrophe. How fast can you restore from backups? What's the minimum needed to operate? RTO and RPO - how much downtime and data loss can you afford?
DLP
DLP watches for sensitive data trying to escape - someone emailing customer lists, uploading to personal cloud storage, or copying to USB drives. It blocks or alerts on these actions.
DMZ (Demilitarized Zone)
A DMZ is a buffer zone between your network and the internet - public-facing servers live here, separate from internal systems.
DNS Security
DNS security protects the internet phone book - it stops attackers from sending you to fake addresses and blocks connections to bad sites.
DNS Spoofing
DNS is like the phone book of the internet - it translates website names to addresses. DNS spoofing poisons this phone book so when you ask for 'bank.com', you get sent to a fake site instead. You typed the right address but ended up in the wrong place.
DNSSEC
DNSSEC adds digital signatures to DNS answers - it proves the response came from the real source and was not modified.
Double Extortion
Double extortion means even if you have backups, attackers threaten to leak your stolen data publicly. Pay to decrypt, AND pay to keep your data private. Having backups isn't enough anymore.
Drive-by Download
A drive-by download infects your computer just by visiting a website - no clicking required. The page exploits a vulnerability in your browser or plugins to silently install malware. This is why keeping your browser updated is so important.
Dropper
A dropper is a delivery system. It sneaks onto your computer looking harmless, then 'drops' the real malware. The dropper might be detected, but by then the damage is delivered.
Dumpster Diving
Old-school but effective: criminals literally search through your trash. Discarded documents can contain passwords written on sticky notes, financial statements, customer lists, or technical manuals. Shredding isn't paranoia - it's basic security.
Dynamic Application Security Testing (DAST)
DAST attacks your running app to find weaknesses - it acts like a hacker to find real security problems.
E
East-West Traffic
East-west traffic is communication between servers inside your network - attackers try to move this way after getting in.
Egress Filtering
Egress filtering controls what leaves your network - it stops stolen data and malware communications from getting out.
Encryption
Encryption is like writing a secret message in a code that only you and your friend understand. Even if someone intercepts the message, it's just gibberish to them without the secret key. Modern encryption is so strong that even the world's most powerful computers can't crack it.
Endpoint Detection and Response (EDR)
EDR is like a security camera system for your computers that's smart enough to spot suspicious behavior, not just known criminals. Traditional antivirus is like a bouncer with a photo list of banned people. EDR watches for anyone acting suspicious - even if they're not on the list - and can automatically lock them down.
Evidence Collection
Evidence collection is gathering proof that you are doing security right - like keeping receipts to prove you made purchases.
Evil Twin Attack
An evil twin is a fake WiFi network that looks just like the real one - it tricks you into connecting so attackers can spy.
Exception Management
Exception management is how you handle rule-breaking that is allowed - when someone needs permission to not follow a rule and tracking that permission.
Exploit
A vulnerability is a weakness; an exploit is the attack that uses it. Finding a vulnerability is like finding an unlocked window. An exploit is actually climbing through it.
Exposure Management
Exposure management looks at all your security weaknesses together - prioritizing what matters most to fix first.
F
FIDO2
FIDO2 is a new way to log in without passwords - it uses security keys or fingerprints that cannot be phished.
Fileless Malware
Most malware installs files on your computer that antivirus can find. Fileless malware is sneakier - it lives only in your computer's memory and uses built-in Windows tools to do bad things. When you restart, it's gone from memory, but it often finds ways to come back.
Firewall
A firewall is like a bouncer for your network. It checks everyone trying to get in or out and only lets through traffic that's on the approved list. Suspicious visitors get blocked at the door. Most computers have a built-in software firewall, and businesses often add a hardware firewall for extra protection.
G
H
Hashing
Hashing turns your password into a scrambled string. The same password always gives the same hash, but you can't reverse it to get the password back. That's why sites store password hashes, not actual passwords.
Homomorphic Encryption
Homomorphic encryption lets you do math on encrypted data - like working with locked boxes and getting the right answer when you open them.
Honeypot
A honeypot is a trap - a fake system that looks valuable but exists only to catch hackers. When someone touches it, you know something bad is happening because legitimate users never access it.
Hybrid Cloud Security
Hybrid cloud security protects both your local servers and cloud resources together - one security approach for everything.
I
IaC Scanning
IaC scanning checks your infrastructure code for security problems before you build anything - like having someone review blueprints before construction.
IAM
IAM controls who can access what. It's the system that creates accounts, manages passwords, and decides which employees can see which data. Get it wrong, and the wrong people see the wrong things.
Identity Federation
Federation is like having a passport that works in multiple countries - you log in once and can access different cloud services.
Identity Governance
Identity governance is managing who has access to what from the moment they join until they leave - making sure the right people have the right access.
IDS
IDS watches your network like a security camera. It sees suspicious activity and alerts you, but doesn't automatically block anything. It's detection, not prevention.
Immutable Infrastructure
Immutable infrastructure means never patching servers - instead you throw away old ones and build new, secure ones.
Incident Response
Incident response is your game plan for when something goes wrong. It's like a fire drill - you don't wait until there's an actual fire to figure out how to evacuate. You plan ahead, practice, and when an emergency happens, everyone knows their role and what to do.
Information Security Policy
The information security policy is the main security rulebook - it says security is important and sets up how the organization will protect its data.
Infostealer
An infostealer is a thief that lives in your computer. It grabs every password you've saved in your browser, your credit card info from autofill, your crypto wallet data, and anything else valuable. Then it sends everything to hackers who either use it themselves or sell it to other criminals.
Infrastructure as Code (IaC)
IaC is writing code that builds your servers and networks - like having a recipe that creates infrastructure the same way every time.
Initial Access Broker
Initial access brokers are like locksmiths for criminals. They break in and sell the keys to ransomware gangs. Your company might be for sale on the dark web right now without you knowing.
Insider Threat
An insider threat is when the danger comes from inside your own team. It could be a disgruntled employee stealing data before they quit, a careless worker clicking on a phishing email, or a contractor accessing systems they shouldn't. These threats are hard to detect because the person already has the keys to the building.
Interactive Application Security Testing (IAST)
IAST watches from inside while your app runs tests - it sees exactly how data flows and where security fails.
Intrusion Detection System (IDS)
An IDS is a security alarm for your network - it watches for break-in attempts and raises alerts when something suspicious happens.
Intrusion Prevention System (IPS)
An IPS is a security guard that stops attacks, not just reports them - it blocks bad traffic before it reaches its target.
IOC
IOCs are fingerprints attackers leave behind - IP addresses they used, file hashes of their malware, domains they control. Security tools use IOCs to detect if the same attackers are in your network.
IoT Security
IoT security protects smart devices like cameras, thermostats, and sensors - they are computers that need protection too.
IPS
IPS is IDS with teeth. Instead of just alerting on suspicious traffic, it automatically blocks it. It sits inline with your network traffic and stops attacks as they happen.
IPsec
IPsec encrypts network traffic at the IP level - it wraps each packet in protective encryption before sending.
IPv6 Security
IPv6 security protects the newer internet addressing system - it brings new features and new security challenges.
K
Key Management Service (KMS)
KMS is a secure lockbox for your encryption keys - it keeps them safe and controls who can use them to lock or unlock data.
Key Risk Indicator (KRI)
A KRI is an early warning sign for risk - like watching storm clouds gather before rain starts.
Keylogger
A keylogger is like having someone look over your shoulder and write down everything you type. Every password, every message, every credit card number. It can be a program hiding on your computer or even a physical device plugged into your keyboard.
Kubernetes Security
Kubernetes security is about keeping your container orchestra safe - making sure only the right containers talk to each other and no bad actors get in.
L
Landing Zone
A landing zone is a pre-built, secure foundation for your cloud - like a model home with security already installed.
Lateral Movement
Once hackers get into one computer on your network, they don't stop there. Lateral movement is how they jump from computer to computer, looking for the good stuff - your financial data, customer records, or admin passwords. One compromised laptop can lead to your entire network being owned.
Living off the Land
Instead of bringing weapons, attackers use tools already in your house - PowerShell, WMI, cmd. Security tools expect malware, not built-in Windows features being misused. Very hard to detect.
Load Balancer Security
Load balancer security uses the traffic distributor as a security checkpoint - it can block attacks and enforce encryption.
Logic Bomb
A logic bomb is like a time bomb in software. It sits quietly in a program doing nothing until something triggers it - maybe a certain date, or an employee getting fired. Then it activates and can delete files, crash systems, or cause other damage.
M
Malware
Malware is like a digital disease for your computer. Just like you can catch a cold, your computer can catch malware - and it can spread from one computer to another. Some malware steals your information, some locks your files, and some just causes chaos. The good news? Unlike real diseases, there are simple 'vaccines' you can use.
Man-in-the-Middle Attack
Imagine sending a letter to a friend, but someone intercepts it, reads it, maybe changes it, then sends it on. The attacker sits 'in the middle' of your conversation without either side knowing. This happens on public WiFi a lot.
Maturity Model
A maturity model shows how grown-up your security is - from just starting out to being a well-oiled machine with everything automated.
MDR
MDR is like hiring a security team without having a security team. Experts watch your systems 24/7 and respond to threats for you. Great for companies without dedicated security staff.
Micro-segmentation
Micro-segmentation divides your network into tiny secure zones - each application has its own protected space.
MISP
MISP is a free tool for sharing threat information - organizations can collaborate on defending against attacks.
MITRE ATT&CK
MITRE ATT&CK is like an encyclopedia of how hackers attack. It categorizes every known attack technique so defenders can systematically check if they can detect each one.
MSSP
MSSPs are outsourced security departments. They monitor your firewalls, run your security tools, and alert you to problems. Good for companies that can't build their own security team.
Multi-Cloud Security
Multi-cloud security is protecting your stuff spread across different clouds - like having one security system for houses in different cities.
Multi-Factor Authentication (MFA)
MFA is using more than just a password - like needing both a key and a code to get into a building instead of just one.
Mutual TLS (mTLS)
mTLS is like two people showing ID to each other before talking - both sides prove who they are, not just the server.
N
NetFlow
NetFlow records summaries of network conversations - who talked to whom, how much data, and for how long.
Network Access Control (NAC)
NAC is like a bouncer checking IDs and dress codes before letting devices onto your network - no unauthorized or unhealthy devices allowed.
Network Access Control List (NACL)
NACLs are security checkpoints at subnet borders - they check traffic coming in and going out without remembering previous connections.
Network Baseline
A network baseline is knowing what normal looks like - so you can spot when something unusual happens.
Network Detection and Response (NDR)
NDR watches all network traffic for suspicious patterns - it spots threats that slip past other defenses by understanding normal behavior.
Network Device Management
Network device management is controlling who can change your routers and switches - and tracking every change they make.
Network Forensics
Network forensics is CSI for networks - examining traffic recordings to understand what attackers did and how.
Network Hardening
Network hardening is locking down everything that does not need to be open - fewer doors mean fewer ways for attackers to get in.
Network Proxy
A proxy is a middleman for network connections - traffic goes through it so it can be inspected and controlled.
Network Security
Network security is protecting the roads and highways your data travels on - making sure no one can intercept or tamper with information as it moves.
Network Segmentation
Instead of one big network, you have many small ones. If attackers get into accounting, they can't reach engineering. Like having locked doors between departments instead of one open floor plan.
Network TAP
A network TAP is like a wire splitter - it copies all traffic passing through so security tools can analyze it.
Network Traffic Analysis (NTA)
NTA studies how traffic flows on your network - it spots weird patterns that might mean an attacker is present.
Network Visibility
Network visibility is seeing everything on your network - you cannot protect what you cannot see.
Next-Generation Firewall (NGFW)
An NGFW is a smart firewall that understands apps and threats, not just ports - it knows the difference between legitimate browsing and malicious traffic.
North-South Traffic
North-south traffic crosses your network border - traffic coming in from or going out to the internet.
O
P
Packet Capture (PCAP)
Packet capture is recording every word of network conversations - perfect for figuring out exactly what happened during an incident.
PAM
Admin accounts are the keys to the kingdom. PAM locks those keys in a vault, logs every time they're used, and records what admins do. If an admin account gets hacked, you'll know exactly what happened.
Passkeys
Passkeys are like passwords that you cannot forget or have stolen - they use your device security to prove it is you.
Password Manager
A password manager is like a super-secure lockbox for all your passwords. Instead of trying to remember dozens of passwords (or worse, using the same password everywhere), you remember one strong master password and the lockbox handles the rest. It can even create random, unguessable passwords for you.
Password Spraying
Instead of trying 1000 passwords on one account (which gets locked), password spraying tries one common password like 'Summer2024!' on 1000 accounts. Some will work because people use predictable passwords. It's slow but effective and hard to detect.
Passwordless Authentication
Passwordless means logging in without typing a password - using your face, fingerprint, or a security key instead.
Patch Management
Patch management is keeping all your software up to date. When software companies find security holes, they release patches to fix them. If you don't install these updates, you're leaving known doors open for hackers. It's like your lock company telling you about a flaw in your deadbolt and offering a free fix - you'd be foolish not to take it.
Payload
The payload is the damage. An exploit gets the attacker in; the payload is what they do once inside - steal data, install ransomware, create a backdoor.
Penetration Testing
Penetration testing is hiring a professional to try to break into your business - with your permission. They use the same techniques real hackers would use, but instead of stealing your data, they tell you how they got in and how to fix it. It's like hiring someone to test your home security by trying to break in.
Persistence
Persistence is how attackers stay even after you restart or change passwords. They might add themselves to startup, create scheduled tasks, or install services. Finding all persistence mechanisms is key to truly removing an attacker.
Phishing
You know those scam calls pretending to be your bank? Phishing is the email version. Someone pretends to be Netflix, your boss, or the IRS to trick you into giving up your password or clicking a bad link. The email looks real, but it's a trap.
PKI
PKI is the system that makes digital certificates trustworthy. It's how browsers know to trust a certificate - a chain of trusted authorities vouching for each other.
Post-Quantum Cryptography
Post-quantum crypto is new encryption that quantum computers cannot crack - preparing our locks for the quantum future.
Pretexting
Pretexting is lying with a plan. An attacker might pretend to be IT support needing your password, or an auditor requiring financial records. They build a believable story to get what they want. The more convincing the story, the more likely you'll fall for it.
Principle of Least Privilege
Give people only the access they need, nothing more. The intern doesn't need admin rights. The accountant doesn't need access to HR files. Less access means less damage if compromised.
Privacy by Design
Privacy by design means building privacy into products from the start - like putting locks on doors when building a house, not trying to add them later.
Privacy Enhancing Technologies (PETs)
PETs let you use data for analysis while protecting individual privacy - getting insights without exposing personal details.
Privacy Impact Assessment (PIA)
A PIA is like checking your homework before turning it in - you look at everything you are doing with personal information to make sure you are not creating privacy problems.
Private Link
Private Link creates a private door to cloud services - your traffic never touches the internet, staying entirely within the cloud.
Privilege Escalation
Privilege escalation is when a hacker starts with limited access (like a regular employee) and finds ways to get more power (like an admin). It's like a visitor badge somehow turning into a master key. They might start small but end up controlling everything.
Privileged Access Management (PAM)
PAM is extra security for admin accounts - the special accounts that can do anything need extra protection and monitoring.
Protocol Analysis
Protocol analysis studies how network conversations happen - it spots when protocols are misused or abused.
Purple Team
Purple teaming is when attackers and defenders work together instead of against each other. Red team shows exactly how they got in, blue team shows why they missed it, and everyone learns.
Q
R
Ransomware
Imagine someone breaks into your office, puts all your filing cabinets in a locked safe, and demands $10,000 for the combination. That's ransomware - except it's your computer files, and the "safe" is unbreakable encryption.
Ransomware-as-a-Service (RaaS)
RaaS is ransomware franchising. Developers build the malware, affiliates deploy it against victims, and they split the profits. It lets unskilled criminals launch sophisticated attacks.
Recovery Point Objective (RPO)
RPO is how much data you can afford to lose - if you back up every hour, you might lose up to an hour of work if disaster strikes.
Recovery Time Objective (RTO)
RTO is how long you can afford to be broken - if your website needs to be back up within 4 hours, your RTO is 4 hours.
Red Team
Red teamers are the good guys who think like bad guys. They try to break into your company using the same tricks real attackers would, then tell you how they did it so you can fix the problems.
Regulatory Compliance
Regulatory compliance is following all the rules that apply to your business - like making sure you have the right licenses and follow industry safety standards.
Remediation Plan
A remediation plan is your to-do list for fixing problems - it says what needs to be done, who will do it, and when it will be finished.
Replay Attack
Imagine recording someone unlocking a door with their voice command, then playing that recording to unlock it yourself. A replay attack captures legitimate network traffic and plays it back to trick systems into doing something again - like re-authorizing a payment.
Reverse Proxy
A reverse proxy is a receptionist for your servers - all requests go through it first for screening and distribution.
Right to Be Forgotten
The right to be forgotten lets you ask companies to erase your data completely - like asking someone to forget they ever met you.
Risk Assessment
Risk assessment is figuring out what could go wrong and how bad it would be - like checking your house for fire hazards and deciding which ones to fix first.
Rogue Access Point
A rogue AP is an unauthorized WiFi hotspot on your network - it might be an attacker or an employee breaking the rules.
Rootkit
A rootkit is like a burglar who not only breaks into your house but also makes themselves invisible. They can do whatever they want while your security cameras show nothing wrong. They're extremely hard to detect because they hide at the deepest level of your computer.
Runtime Security
Runtime security watches your apps while they run - it spots and stops bad behavior as it happens, like a security guard watching live.
S
Sandbox
A sandbox is like a bomb disposal unit's safe room. You put suspicious files inside and watch what they try to do. If they're malicious, they can only hurt the sandbox, not your real systems.
SDN Security
SDN security protects programmable networks - when one computer controls all your switches, that computer needs extra protection.
Secrets Management
Secrets management is a secure vault for passwords and keys - instead of writing them down, you store them safely and control who can access them.
Secure Access Service Edge (SASE)
SASE puts your network security in the cloud - wherever your users are, security follows them like a portable force field.
Secure Enclave
A secure enclave is a protected vault inside your device - it handles secrets like fingerprints where nothing else can touch them.
Secure Web Gateway (SWG)
An SWG is a security checkpoint for web browsing - it blocks dangerous websites and controls what employees can access online.
Security Automation
Security automation makes computers do the boring security work - so humans can focus on the hard problems.
Security Awareness Program
A security awareness program teaches employees about security - like safety training but for computers and data instead of physical hazards.
Security Awareness Training
Security awareness training teaches your team how not to get hacked. Since most attacks start by tricking employees (phishing, social engineering), training your people is one of the most effective security investments. It's like defensive driving training - you learn to recognize and avoid dangers.
Security Awareness Training
Your employees are your first line of defense - or your weakest link. Security awareness training teaches them to spot phishing, protect passwords, and report suspicious activity.
Security Chaos Engineering
Security chaos engineering tests if your security really works - by simulating attacks and failures to find gaps.
Security Control
Security controls are the things you do to stay safe - like locks on doors, passwords on computers, and backup copies of important files.
Security Groups
Security groups are like bouncers at the door of each cloud server - they check every connection and only let approved traffic through.
Security Metrics
Security metrics are numbers that show how your security is doing - like a health score for your organization security.
Security Orchestration
Security orchestration makes all your security tools work together automatically - like a conductor leading an orchestra.
Security Policy
A security policy is the rule book for security - it tells everyone what they can and cannot do with company data and systems.
Security Questionnaire
A security questionnaire is a test about security practices - companies send these to vendors to make sure they take security seriously.
Separation of Duties
Separation of duties means no one person can do everything - like how banks need two people to open a safe, so no one can steal without a partner.
Serverless Security
Serverless security protects code that runs without you managing servers - since you cannot see the server, you focus on protecting what your code does.
Service Account
A service account is like a robot employee ID - it lets automated systems prove who they are and access the resources they need.
Service Control Policy (SCP)
An SCP is a master rulebook for your AWS organization - it sets boundaries that nobody can cross, even administrators.
Service Mesh
A service mesh is like a postal system for microservices - it handles secure delivery, tracks packages, and makes sure messages get to the right place.
Session Hijacking
When you log into a website, it gives you a special ticket (session token) so you don't have to log in again for every page. Session hijacking is when someone steals that ticket and uses it to pretend to be you. They get full access to your account without knowing your password.
Shadow IT
Shadow IT is when employees use apps and services the company does not officially approve - like using personal Dropbox for work files.
Shared Responsibility Model
The shared responsibility model is like renting an apartment - the landlord secures the building, but you lock your own door and protect your belongings.
Shift Left Security
Shift left means finding security bugs early, during coding instead of after release - like checking your work before turning it in.
Shoulder Surfing
Someone watches you type your password at a coffee shop. Simple, but effective. Public places are risky for entering sensitive information.
SIEM
SIEM is like a security camera system that watches all your computers and alerts you when something suspicious happens. It collects logs from everywhere and connects the dots.
Sigma Rules
Sigma is a universal language for detection rules - write once, run on any SIEM.
SIM Swapping
SIM swapping is when criminals trick your phone company into moving your number to their phone. Suddenly they get your texts - including those two-factor authentication codes. They can reset passwords and take over your accounts. Your phone just stops working.
Single Sign-On (SSO)
SSO is one login for everything - instead of remembering dozens of passwords, you log in once and can access all your work apps.
Smart Contract Security
Smart contract security checks code that handles crypto - bugs here mean lost money that cannot be recovered.
Smishing
Smishing is phishing via text message. 'Your package is delayed - click here.' 'Your bank account is locked - verify now.' These texts look urgent and legitimate but lead to fake websites that steal your info. They work because people trust texts more than emails.
SOAR
SOAR tools automate the boring parts of security. When something suspicious happens, they can automatically block it, notify people, and document everything without humans clicking buttons.
SOC
A SOC is mission control for cybersecurity. Analysts watch screens of alerts, investigate suspicious activity, and respond to incidents around the clock. It's where security happens in real-time.
Social Engineering
Social engineering is when bad guys trick you instead of your computer. They might pretend to be your boss, IT support, or a vendor to get you to share passwords, transfer money, or click dangerous links. It works because humans naturally want to be helpful and trust others - and scammers exploit that.
Software Bill of Materials (SBOM)
An SBOM is an ingredient list for software - it shows everything that went into building an application.
Software Composition Analysis (SCA)
SCA checks all the libraries your code uses - finding security problems and licensing issues in borrowed code.
Software-Defined WAN (SD-WAN)
SD-WAN is a smart traffic controller for your network connections - it finds the best path for data and keeps things secure.
SPAN Port
A SPAN port copies traffic from switch ports to a monitoring port - like listening in on network conversations.
Spear Phishing
Regular phishing is like junk mail addressed to "Current Resident." Spear phishing is like a scam letter that uses your name, knows where you work, and mentions your recent projects. Because it's personalized, it's much more convincing - and much more dangerous.
Spyware
Spyware is like having a spy living in your computer. It watches everything you do - websites you visit, things you type, files you open - and reports back to whoever installed it. Some spyware can even turn on your webcam or microphone.
SQL Injection
When you fill out a form on a website, your input goes to a database. SQL injection is when hackers type special code instead of normal text, tricking the database into giving up secrets or letting them in. It's one of the oldest and most common web attacks.
SSL/TLS Certificate
That padlock in your browser? It means the site has a certificate proving it's really who it claims to be, and your connection is encrypted. Without it, anyone could pretend to be your bank.
SSL/TLS Inspection
SSL inspection opens encrypted envelopes to check for threats - then seals them back up before delivery.
Standard Contractual Clauses (SCCs)
SCCs are pre-written legal agreements that make it okay to send data to countries that do not have strong privacy laws - they promise to protect the data anyway.
Static Application Security Testing (SAST)
SAST reads your code looking for security mistakes - like a spell checker but for security bugs.
STIX/TAXII
STIX is a language for describing threats, TAXII is a way to share them - like email format and the email system.
STRIDE
STRIDE is a checklist for finding security threats - six categories of bad things that attackers might try.
Supply Chain Attack
A supply chain attack is like poisoning the water supply instead of breaking into individual houses. Attackers compromise a software company or vendor that many businesses trust, then use that access to attack everyone who uses that vendor's products. One successful attack can hit thousands of victims.
Supply Chain Security
Supply chain security checks everything that comes into your organization - making sure vendors and software are not compromised.
Synthetic Data
Synthetic data is fake data that acts real - it has the same patterns but no actual people information.
T
Tabletop Exercise
A tabletop is like a fire drill for cyber incidents. You gather the team and talk through 'What would we do if ransomware hit right now?' Finding gaps in your plan before a real emergency.
TACACS+
TACACS+ is a central login system for network equipment - one place to control who can access routers and switches.
Tailgating
Tailgating is when someone sneaks into a secure building by following closely behind an employee who opens the door. They might pretend to be a delivery person, act like they forgot their badge, or just catch the door before it closes. Once inside, they can access computers, plant bugs, or steal equipment.
Third-Party Attestation
Third-party attestation is getting an outside expert to confirm you are secure - like having an inspector approve your building instead of just saying it is safe yourself.
Threat Hunting
Instead of waiting for alerts, threat hunters actively search for hidden attackers. They assume the worst - that someone is already inside - and look for evidence. Finding threats before they cause damage.
Threat Intelligence
Threat intelligence is like having a spy who tells you what the bad guys are planning. Instead of waiting to be attacked, you learn what tools hackers are using, who they're targeting, and how to defend against them. It turns you from reactive to proactive.
Threat Intelligence Platform (TIP)
A TIP gathers all threat information in one place - turning raw data into actionable intelligence for defenders.
Threat Modeling
Threat modeling is thinking like an attacker to find weaknesses - before you build something, figure out how it could be broken.
Trojan
A Trojan is named after the famous wooden horse from Greek mythology. It looks like something good (a free game, useful software, or interesting file) but has malicious code hidden inside. When you install it, you're unknowingly letting hackers into your computer.
Trusted Platform Module (TPM)
A TPM is a security chip in your computer - it stores secrets safely and proves your system has not been tampered with.
TTP
TTPs describe HOW attackers attack, not just what they used. While malware changes constantly, attack methods stay similar. Understanding TTPs helps you defend against attack patterns, not just specific tools.
Two-Factor Authentication (2FA)
2FA is like having two locks on your front door instead of one. Even if someone steals your key (password), they still can't get in without the second key (usually a code sent to your phone). It's the single most effective thing you can do to protect your accounts.
Typosquatting
Type 'gooogle.com' instead of 'google.com' and you might land on a fake site. Typosquatters register domain names that are common misspellings, then use them to steal credentials, serve malware, or make money from your mistake. Check URLs carefully before entering passwords.
V
Vendor Risk Management
Vendor risk management is checking out companies before you do business with them - making sure they will protect your data as well as you would.
Vishing
Vishing is phishing by phone. Someone calls pretending to be your bank, the IRS, or tech support. They create urgency - 'Your account is compromised!' - to make you reveal passwords or send money. With AI voice cloning, they can even sound like people you know.
VPC Peering
VPC peering is like building a private tunnel between two cloud networks - traffic flows directly without going through the internet.
VPC Security
VPC security is building walls and gates in your cloud network - it controls what traffic can flow where and who can reach what.
VPN (Virtual Private Network)
A VPN is like a private tunnel for your internet traffic. Normally, anyone watching the highway can see where you're going. A VPN puts you in an invisible car - your internet provider, hackers on public WiFi, and websites can't see who you are or what you're doing.
VPN Security
VPN security protects the encrypted tunnels remote workers use - making sure the connection itself is safe.
Vulnerability
A vulnerability is a security hole - like a broken lock or an unlocked window in your house. It's a weakness that attackers can use to get in. Software companies constantly find and fix vulnerabilities, which is why keeping your software updated is so important.
Vulnerability Management
Vulnerability management is finding and fixing security holes - like checking your house for weak spots where burglars could get in.
W
WAF
A WAF sits in front of your website and blocks attacks like SQL injection and XSS before they reach your servers. It's a specialized bouncer for web traffic.
Watering Hole Attack
Instead of attacking you directly, hackers infect a website they know you'll visit - like a predator waiting at a watering hole. Industry forums, supplier websites, or professional associations are common targets. You think you're safe because it's a trusted site, but it's been poisoned.
Web3 Security
Web3 security protects the new decentralized internet - wallets, DeFi apps, and NFTs all need special protection.
Wire Fraud
Wire fraud is when criminals trick you into sending money to them instead of where it's supposed to go. They might pretend to be your vendor with 'new bank details' or your CEO ordering an urgent transfer. Once the wire goes through, the money is usually gone forever - banks rarely recover it.
Wireless Security
Wireless security protects your WiFi - it makes sure only authorized people can connect and no one can eavesdrop.
Workload Identity
Workload identity gives your apps their own ID card - they can prove who they are without you managing passwords.
WPA3
WPA3 is the newest WiFi security standard - it is harder to crack and protects against password guessing attacks.
X
Y
Z
Zero Trust
Zero trust means 'never trust, always verify.' Just because you're inside the office network doesn't mean you're trusted. Every access request is verified like you're a stranger.
Zero Trust Network Access (ZTNA)
ZTNA checks who you are and your device before every access - network location does not matter, only verified identity.
Zero-Day Vulnerability
A zero-day is a secret security hole in software that nobody knows about except hackers. It's like finding out your front door lock can be opened with a credit card, but nobody - including the lock company - knows about it yet. Until it's discovered and fixed, anyone who knows the trick can get in.
Is your business exposed?
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required