Glossary
A growing glossary of technical, cybersecurity, and computer terms explained in plain language. Click on hyperlinked terms in articles to access definitions and return seamlessly to your reading.
Risk Assessment:
- A process to identify and evaluate potential threats to your data, devices, or systems.
- It helps you understand what could go wrong and how serious the damage might be.
- For example, it assesses risks like hacking, data theft, or system failures.
- This helps you decide what steps to take to reduce those risks.
Phishing:
- A scam where someone tricks you into sharing personal information, like passwords or credit card numbers.
- It often involves fake emails or websites pretending to be trustworthy, such as your bank.
- Example: An email saying “Your account is locked. Click here to fix it.”
- Always check the sender’s details and avoid clicking suspicious links.
Cybercriminal:
- A person who uses computers to commit illegal activities online.
- Examples include stealing personal data, hacking systems, or spreading harmful software.
- Their goal is often to make money by exploiting weak security.
- Protect yourself with strong passwords and updated software.
Social Engineer:
- Someone who manipulates people to gain access to information or systems.
- They exploit trust by pretending to be someone they’re not, like a coworker or technician.
- Example: Calling to ask for your password, claiming it’s for urgent maintenance.
- Always verify requests, even from people you know.
Playbook:
- A document or guide outlining steps to respond to security incidents.
- It helps teams know what to do during a cyberattack or data breach.
- Example: A playbook may include steps for detecting and containing malware.
- Ensures quick and effective responses to threats.
Malware:
- Short for "malicious software."
- A program designed to harm your computer or steal your data.
- Examples include viruses, ransomware, and spyware.
- Protect yourself by installing antivirus software and avoiding suspicious files.
Pretexting:
- A scam where someone lies to gain your trust and steal information.
- Example: Pretending to be your bank to ask for account details.
- The attacker creates a fake story to convince you to share sensitive data.
- Always verify requests before sharing personal information.
Baiting:
- A trap to lure you into sharing personal information or downloading malware.
- Example: A free USB drive containing harmful files.
- Can also involve fake offers or giveaways online.
- Be cautious of “too good to be true” deals.
Tailgating:
- When someone follows you into a secure area without proper authorization.
- Example: A stranger entering a locked office after you hold the door open.
- Always ensure unauthorized people don’t enter behind you.
- Helps protect physical spaces from unauthorized access.
MFA (Multi-Factor Authentication):
- A security method that uses more than one way to verify your identity.
- Examples: Password + code from your phone.
- Makes it harder for hackers to access your accounts.
- Enable MFA whenever possible for better security.
2FA (Two-Factor Authentication):
- A type of MFA that uses two methods to confirm your identity.
- Example: A password + a text message code.
- Adds an extra layer of security to your accounts.
- Even if your password is stolen, the second factor protects you.
Password:
- A secret word or phrase used to access accounts or devices.
- Strong passwords include a mix of letters, numbers, and symbols.
- Example: Use “MyDogL0ves$unsets” instead of “password123.”
- Never reuse passwords across different accounts.
Exploit:
- A way hackers take advantage of weaknesses in software or systems.
- Example: A bug in an app that lets someone access private information.
- Developers release updates to fix these flaws. Keep your software updated.
- Using outdated programs increases your risk of being exploited.
Vulnerability Assessment:
- A process to find and evaluate security weaknesses in your systems or network.
- It helps identify areas that attackers could exploit.
- Example: Checking if your software is outdated or if passwords are weak.
- Fixing vulnerabilities reduces the risk of cyberattacks.
Cybersecurity Posture:
- A measure of how well you protect your systems, data, and devices from threats.
- Includes tools, policies, and practices you use to stay secure.
- Example: Using firewalls, antivirus software, and strong passwords.
- A strong posture means you're better prepared to handle attacks.
Operating System:
- The main software that runs your computer or device.
- Manages hardware, files, and programs so everything works together.
- Examples: Windows, macOS, Linux, and Android.
- Keeping your operating system updated helps protect against threats.
Server Room:
- A secure space where servers and networking equipment are stored.
- Servers manage and store data for businesses or websites.
- These rooms are often temperature-controlled to prevent overheating.
- Only authorized personnel should have access to ensure security.
Encryption:
- A process that converts your data into a code to keep it private.
- Only authorized users can decode and access the information.
- Example: Messages in apps like WhatsApp are encrypted to prevent spying.
- It protects sensitive data like passwords and credit card details.
Encryption Protocols:
- Rules or methods used to encrypt data for security.
- Examples include HTTPS for secure websites and TLS for emails.
- They ensure data stays private during online communication.
- Using protocols helps protect your information from hackers.
Secure:
- Describes something protected from threats or harm.
- Examples: A password-protected account or an encrypted connection.
- Ensuring security means taking steps like using strong passwords.
- It reduces risks of data theft or unauthorized access.
Unsecure:
- Describes something exposed to risks or threats.
- Examples: An account without a password or an unencrypted connection.
- Unsecure systems are more vulnerable to attacks or data breaches.
- Always check for secure connections (e.g., websites starting with "https").
Role-Based:
- Limits access to systems or data based on a person’s role or job.
- Example: A manager might access reports that employees cannot.
- It ensures users only see what they need for their work.
- Helps prevent unauthorized access to sensitive information.
Logs:
- Records of activities or events in a system or application.
- Examples: Login attempts, file changes, or error messages.
- Logs help track what happened and who accessed your system.
- They are useful for troubleshooting and investigating security issues.
Patched:
- Describes software that has been updated to fix bugs or security issues.
- Keeping software patched helps protect against known vulnerabilities.
- Example: Installing updates on your computer ensures it stays patched.
- Always update software when patches are available.
Unpatched:
- Describes software that hasn’t been updated to fix bugs or security issues.
- Unpatched software is vulnerable to attacks.
- Example: Running an old version of Windows without updates.
- Always keep software up to date to reduce risks.
Security Gaps:
- Weak spots in your system that attackers can exploit.
- Examples: Weak passwords or unencrypted data.
- Finding and fixing gaps strengthens your overall security.
- Regular assessments can help identify these weaknesses.
Outdated Software:
- Software that hasn’t been updated with the latest features or fixes.
- It’s more vulnerable to security threats and bugs.
- Example: An old browser that doesn’t support modern encryption.
- Updating software keeps it secure and running smoothly.
Spam:
- Unwanted or irrelevant messages sent to a large number of people.
- Often used for advertising, phishing, or spreading malware.
- Example: Emails promoting fake offers or scams.
- Use spam filters to reduce unwanted messages in your inbox.
Generic Spam:
- Spam messages sent without targeting specific individuals or groups.
- Example: Mass emails promoting fake discounts or prizes.
- Generic spam often lacks personalization and appears suspicious.
- Delete suspicious messages without opening them.
Tech Disruptions:
- Interruptions in technology services that affect work or daily activities.
- Examples: System outages, software bugs, or internet issues.
- Disruptions can result from cyberattacks or technical failures.
- Regular system maintenance helps minimize disruptions.
Data:
- Information stored digitally, such as text, images, or numbers.
- Example: Customer details, transaction records, or photos.
- Protecting sensitive data is essential for privacy and security.
- Back up important data regularly to avoid loss.
Information:
- Organized or processed data that provides meaning or context.
- Example: A customer’s purchase history or a report summary.
- Accurate and secure information helps make better decisions.
- Protect information from unauthorized access or misuse.
Portal:
- A website or platform that provides access to multiple resources or services.
- Example: A school portal for students to view grades and assignments.
- Portals often require login credentials for secure access.
- Keep portal credentials private to prevent unauthorized use.
Website:
- A collection of web pages hosted on the internet, accessible through a browser.
- Example: Online stores, blogs, or educational platforms.
- Secure websites use "https" to protect user data during transactions.
- Verify websites before entering personal or financial information.
DMARC:
- Stands for "Domain-based Message Authentication, Reporting, and Conformance."
- A security protocol that protects email domains from phishing and spoofing.
- DMARC ensures emails come from legitimate sources and not impostors.
- Organizations use DMARC to protect their reputation and customers.
Identity Theft:
- When someone steals your personal information to commit fraud.
- Example: Using your name and credit card details to make purchases.
- Monitor accounts regularly to detect unauthorized activity.
- Use strong passwords and avoid sharing personal information online.
Data Breach:
- An incident where sensitive information is accessed or exposed without authorization.
- Example: A hacker stealing customer credit card details from a company.
- To prevent breaches, use strong security measures like encryption and firewalls.
- Regularly monitor systems to detect and respond to breaches quickly.
Spear Phishing:
- A targeted phishing attack aimed at specific individuals or organizations.
- Attackers often gather personal details to make their messages convincing.
- Example: An email pretending to be from your boss, asking for sensitive information.
- Always verify requests before sharing information or clicking links.
Whaling:
- A phishing attack targeting high-level executives or important individuals.
- Attackers often impersonate other executives or use convincing emails.
- Example: A fake email from the CEO requesting a wire transfer.
- Train executives to recognize phishing attempts and verify unusual requests.
BEC (Business Email Compromise):
- A scam where attackers impersonate a trusted individual in a company.
- Often used to trick employees into transferring money or sharing sensitive data.
- Example: A fake email from a vendor asking for payment to a new account.
- Verify requests through alternate channels before taking action.
Clone Phishing:
- A phishing attack where attackers replicate a legitimate email with a malicious twist.
- Example: A duplicate email with a harmful link replacing the original attachment.
- Always double-check the sender and links in emails before responding.
- Look for subtle differences in email addresses or domains.
Domain Spoofing:
- When attackers create fake websites or emails that look like legitimate ones.
- Example: A phishing site mimicking a bank’s login page to steal credentials.
- Check website URLs carefully to ensure they are authentic.
- Organizations use DMARC to prevent email spoofing.
Smishing:
- A phishing attack conducted through text messages or SMS.
- Example: A text claiming you’ve won a prize with a link to a malicious site.
- Do not click links or share information from unknown text messages.
- Verify unexpected messages directly with the sender.
Vishing:
- Voice phishing, where attackers call to steal sensitive information.
- Example: A caller pretending to be from your bank, asking for account details.
- Do not share sensitive information over the phone unless you initiated the call.
- Verify the caller’s identity before responding.
BYOD (Bring Your Own Device):
- A policy where employees or students use their personal devices for work or school.
- Examples: Laptops, tablets, or smartphones connected to organizational networks.
- Set security guidelines for personal devices to protect sensitive data.
- Require antivirus software and strong authentication for all BYOD devices.
Biometric Authentication:
- A security method that uses physical traits to verify identity.
- Examples: Fingerprints, facial recognition, or voice patterns.
- Biometric methods add a layer of protection to devices and systems.
- Ensure devices with biometric features are securely configured.
Incident Response:
- The steps taken to address and recover from a cybersecurity incident.
- Includes detecting, reporting, investigating, and resolving the issue.
- Example: Responding to a ransomware attack by isolating affected systems.
- Every organization should have an incident response plan in place.
Security Incidents:
- Events that threaten the confidentiality, integrity, or availability of data.
- Examples: Hacking attempts, phishing attacks, or data breaches.
- Monitor systems regularly to detect and respond to incidents quickly.
- Train staff to recognize and report security incidents promptly.
Cybersecurity Incident:
- A specific event involving a security breach or cyberattack.
- Examples: Ransomware attacks, unauthorized access, or data theft.
- Responding quickly helps reduce damage and restore systems.
- Having an incident response plan ensures preparedness for such events.
Tamper:
- To interfere with something, often to damage or alter it without permission.
- Example: Hackers may tamper with files to inject malicious code.
- Protect files by restricting access and using encryption.
Open-Source:
- Software where the source code is publicly available for anyone to view, use, or modify.
- Example: Linux is a popular open-source operating system.
- Open-source projects encourage collaboration and transparency.
Spoofing Emails:
- Emails that appear to come from a trusted source but are fake.
- Example: A spoofed email pretending to be from your bank to steal information.
- Verify the sender’s email address before responding or clicking links.
DNS (Domain Name System):
- A system that translates domain names (like example.com) into IP addresses.
- Example: When you type a website address, DNS helps connect you to the server hosting it.
- DNS is like the internet's phonebook, making navigation easier.
DKIM (DomainKeys Identified Mail):
- A security method that adds a digital signature to your emails.
- It helps verify the email is from your domain and hasn’t been tampered with.
- Recipients use DKIM to ensure the email’s authenticity.
SPF (Sender Policy Framework):
- A security protocol that lists servers authorized to send emails for your domain.
- It helps prevent others from sending fake emails using your domain.
- Set up SPF records to protect your domain from spoofing.
Domain Reputation:
- A score that reflects how trustworthy your email domain is.
- Good reputation increases the chances your emails reach inboxes instead of spam.
- To improve reputation, avoid spam-like behavior and use SPF, DKIM, and DMARC.
Spam Filters:
- Tools that automatically detect and block unwanted or harmful emails.
- Example: Emails with suspicious links or language may be marked as spam.
- Spam filters help protect users from phishing and scams.
WPA2:
- A wireless security standard that encrypts data on Wi-Fi networks.
- It ensures data transmitted over the network is secure from attackers.
- Use WPA2 for better security on your Wi-Fi connection.
WPA3:
- The latest wireless security standard, offering stronger encryption than WPA2.
- Provides better protection against password guessing attacks.
- Upgrade to WPA3 if supported by your router and devices.
Wi-Fi:
- A technology that allows devices to connect to the internet wirelessly.
- Example: Connecting your phone to your home’s wireless network.
- Use strong passwords to secure your Wi-Fi and prevent unauthorized access.
MDM (Mobile Device Management):
- A system for managing and securing mobile devices in an organization.
- Example: Companies use MDM to enforce security policies on employee phones.
- MDM helps protect sensitive data and track lost or stolen devices.
Attack Surfaces:
- The different points in a system where an attacker could gain access.
- Includes hardware, software, and human interactions that could be exploited.
- Example: Unsecured devices, outdated software, or weak passwords.
- Minimize attack surfaces by updating systems, enforcing strong passwords, and restricting unnecessary access.
CSPM (Cloud Security Posture Management):
- Cloud Security Posture Management (CSPM) tools monitor cloud settings to detect security risks.
- They identify misconfigurations, such as open databases or weak access controls.
- Example: A CSPM tool alerts you if a cloud storage bucket is publicly accessible.
- Helps you ensure compliance and protect sensitive data in the cloud.
Cloud Security:
- Protecting data, applications, and systems stored in the cloud from unauthorized access.
- Includes encryption, access controls, and monitoring for unusual activity.
- Example: Using multi-factor authentication (MFA) to secure cloud accounts.
- Ensures data in cloud services like Google Drive or AWS stays safe.
