To make things a little easier, we put together the following cyber security glossary filled with commonly used terms and definitions. This will give you a base understanding of the most popular jargon.
An actual assault, rather than scanning, perpetrated by a threat actor that attempts to access a system, its resources, data, or operations.
To physically separate or isolate a system from other systems or networks (verb).
A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents.
The process of finding, fixing, and preventing security vulnerabilities at the application level, as part of the software development process.
The attack surface refers to all the potential points where an unauthorised user could use to gain unauthorised access to an organisation's network or sensitive data, or to carry out a cyber-attack. [noun]
A criminal hacker who breaks into computer networks with malicious intent, usually for personal glory or financial gain.
A team of cyber security professionals who run the defensive and monitoring tools that protect the organisation from attack. A Blue Team will also engage in Purple Team activities and does this by defending an enterprise's information systems from mock attackers (i.e. the Red Team) as part of an operational exercise conducted according to rules.
Short for robot network. A collection of internet-connected devices, which may include PCs, servers and mobile devices, that are infected by a common type of malware and controlled by a single malicious actor.
An attack method that uses trial and error to crack passwords, login credentials, and encryption keys.
Chief Information Security Officer.
CISOs oversee an organisation's information, cyber, and technology security. Their responsibilities include developing, implementing, and enforcing security policies to protect critical data.
Also known as a UI redress attack; a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page.
Small files which are stored on a user’s computer. Cookies provide a way for the website to recognise individuals and keep track of their preferences.
A cyber-attack technique that involves stealing personal or financial data from users. This data can include usernames, passwords, credit card data, user IDs, and email addresses.
An attack or attempted attack against a computer or network that harmed, or potentially may harm, the confidentiality, integrity or availability of network data or systems.
A malicious and deliberate attempt to breach the information system.
Any criminal activity that involves a computer, network or networked device.
Something that may or may not happen but has the potential to cause serious damage. Cyber threats can lead to attacks on computer systems, networks and more.
A cyber-attack or series of attacks that target a country. Cyber warfare has the potential to wreak havoc on government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life.
Parts of the internet not accessible by normal browsers, but requiring TOR and knowledge of the destination.
The unauthorised movement or disclosure of sensitive information to a party, usually outside the organisation, that is not authorised to have or see the information.
Related Terms: data loss, data theft, exfiltration.
Distributed Denial-of-Service.
A cyber crime in which the attacker floods a target with internet traffic to prevent users from accessing connected online services and sites.
A cyber security approach that uses multiple layers of security for stronger overall protection. A layered defence helps security organisations reduce vulnerabilities, contain threats, and mitigate risk.
The processes and specialised techniques for gathering, retaining, and analysing system-related data (digital evidence) for investigative purposes.
A decoy system or network that serves to attract potential attackers.
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Indicator of Compromise.
Evidence that a cyber incident may have occurred or may be in progress.
Information Security.
The processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
A person or group of persons within an organisation who pose a potential risk through violating security policies.
Software that tracks or logs the keys struck on keyboards, typically in a covert manner so that users are unaware actions are being monitored.
Software that compromises the operation of a system by performing an unauthorised function or process.
Synonyms: malicious code, malicious applet, malicious logic
Man in The Middle.
A type of eavesdropping cyber-attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.
Multi Factor Authentication.
An authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a virtual private network (VPN).
Managed Security Service Provider.
Provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.
The NCSC is New Zealand’s lead agency for cyber security operations. The NCSC acts to protect Aotearoa New Zealand’s wellbeing and prosperity through trusted cyber security services. Part of the Government Communications Security Bureau (GCSB). CERT NZ recently integrated into the NCSC.
National Initiative for Cybersecurity Education.
A reference resource that classifies the typical skill requirements and duties of cyber security workers.
National Institute of Standards and Technology.
A nonregulatory government agency located in the US. NIST develops, promotes and maintains metrics and standards for several industries, including publishing the NICE framework.
Open-Source Intelligence.
Used by attackers to discover publicly available information related to the target organisation that could be used to aid attacks and help refine targets.
A program fix that eliminates a vulnerability that would otherwise potentially be exploited by a hacker.
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
The use of fake emails to deceive individuals into providing sensitive information or clicking on malicious links.
Related terms: Smishing / Vishing
The loss of control, compromise, unauthorised disclosure, unauthorised acquisition, or any similar occurrence where (1) a person other than an authorised user accesses or potentially accesses data or (2) an authorised user accesses data for an unauthorised purpose.
A type of malware that locks up an organisations files and/or systems, followed by demands for money to unlock them.
A group authorised and organised to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cyber security posture.
The process of assessing threats and vulnerabilities to key assets and then working out the likelihood and impact of any attack. The assessment will give an inherent risk to the organisation, assuming no controls in place, a current risk, with current controls in place and the organisation can then decide if they need to reduce that level of risk with further controls or risk mitigation strategies.
Secure Access Service Edge.
A cloud architecture model that combines network and security-as-a-service functions together and delivers them as a single cloud service.
Building security practices into project frameworks from the beginning to ensure technology and processes are free of vulnerabilities and resilient to cyber-attacks.
A combination of the terms security and operations, is a methodology that IT managers implement to enhance the connection, collaboration and communication between IT security and IT operations teams.
A rule or set of rules that define what an organisation expects as acceptable use of an organisation's information and services and the means for protecting the organisation's information assets.
Security Information and Event Management.
A security solution that helps organisations detect threats as they disrupt business.
A social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals.
Security Operations Centre.
An intelligence hub for a company, gathering data from across the organisation's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritise and respond to potential cyber security threats.
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Spear phishing is an email spoofing attack that targets a specific individual, seeking unauthorised access to sensitive information. It’s a precise version of phishing which is often done en masse.
Spidering, also known as web crawling or web scraping, is the process of automatically extracting information from websites using web crawlers or spiders. A web crawler is a bot or automated script that systematically navigates through a website's pages, following links and gathering data. The collected data can include text, images, URLs, and other relevant information. Related terms: phishing, smishing, vishing
Spyware is a type of software that installs itself on a device and secretly monitors a victim’s online activity.
Government-backed entities that conduct cyber espionage, sabotage, or other offensive activities to advance their nation's interests.
A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing a cyber incident or attack.
A threat actor is anything that can impact an asset. It can be internal or external to the organisation, malicious or accidental or more high level like regulators and natural disasters. Threat actors are discovered by undertaking a threat modelling activity.
The process of identification and assessment of the capabilities and activities of cyber criminals or foreign intelligence entities.
The Onion Router.
An advanced form of VPN that uses layers of routing to hide the origin or the user. This is the way the dark web is accessed. It is also used by persecuted groups to avoid government surveillance.
Any access that violates the stated security policy of an organisation.
virtual Chief Information Security Officer.
A skilled and experienced cyber security professional who provides the same level of expertise and guidance as an in-house CISO but typically on a remote, on-demand basis.
Also know as ‘voice phishing’, this is a type of phishing attack where scammers use phone calls to trick individuals into revealing personal information, such as passwords or credit card numbers, by pretending to be a legitimate entity.
Virtual Private Network.
Provides online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask Internet Protocol (IP) addresses so online actions take more effort to trace.
A characteristic or specific weakness that renders an organisation or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
Helps protect systems from threats when browsing the web by actively scanning data that is transferred to prevent malware from being downloaded and run on PCs.
A malware computer program that replicates itself to spread to other computers.
A specific form of phishing that targets high-profile business executives and managers.
An ethical hacker who uses their skills to identify security vulnerabilities.
A recently discovered vulnerability that hackers can use to attack systems.
A security framework requiring all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
Kordia’s independent cyber consultants – Aura Information Security work closely with businesses to help them manage their cyber security risk, with actionable insights and advice on the right approaches and tools to tackle this in the most effective way.
If you need support to improve your organisations cyber security posture, speak to one of our consultants or your Kordia representative for more information.
