Glossary

A

Access control – Configuring systems in order that individuals and other systems accessing them are able to carry out only the functions they should be allowed to, and no more.

Advanced Persistent Threat (APT) – Is when a stealthy actor gains access to a computer network and remains undetected for a prolonged time.

Antivirus – Software that is designed to detect, stop and remove viruses and other kinds of malicious software.

App – Short for Application, typically refers to a software program for a smartphone or tablet.

Artificial Intelligence (AI) – The development of computer systems or machines to perform tasks normally requiring human intelligence.

Attacker – Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome.

Authentication – Confirming the identity of an individual who is trying to connect to and use a computer system.

B

Backdoor – An unofficial means to access a system or application – one that’s not officially supported and doesn’t form part of the accepted or tested design, but which was inserted by one or more of the developers to provide a means of side-stepping the formal security mechanisms.

Biometric – A characteristic of your body which, in the context of cyber security, can be used to identify you; examples are your irises and fingerprints.

Botnet – Short for ‘robot network’ is a network of infected devices, connected to the Internet, used to commit coordinated cyber attacks.

Breach – An incident in which data, computer systems or networks are accessed or affected in an unauthorised way.

Bring your own device (BYOD) – An organisation’s strategy or policy that allows employees to use their own personal devices for work purposes.

Browser – A software application which presents information and services from the web.

Brute force attack – Using a computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access.

C

Certificate – A form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information.

Cloud – Where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services.

Common Vulnerability Scoring System (CVSS) – An industry standard for assessing the severity of a Vulnerability on a computer system and representing it as a “score” between 0 (no risk) and 10 (severe risk).

Compliance – The level to which systems and security are operated in accordance with documented standards, policies and procedures.

Compromise – A successful penetration into a system by a bad actor despite the security mechanisms defending it.

Cookie – A token embedded into Web pages that let the owner of the site you’re connected to track your progress, remember who you’re logged in as, and so on.

Credentials – A user’s authentication information used to verify identity – typically one, or more, of password, token, certificate.

Credential reuse – This type of attack relies as much on a malicious actor’s intentions and abilities as it does on the frequency with which users use identical passwords when logging on to different websites. If one website’s database containing user logon credentials are leaked, cyber criminals attempt to use this information to access user data from other websites.

Cross-site scripting – In this type of attack, a malicious actor targets a specific website’s users by injecting a legitimate website’s content with code that can infect users’ browsers. Any information the user communicates through the website is then funnelled directly to the attacker.

Cryptography – The discipline of transforming data from its raw form into a form where it cannot easily be read by unauthorised individuals.

Cyber attack – Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

Cyber incident – A breach of the security rules for a system or service – most commonly;

• Attempts to gain unauthorised access to a system and/or to data.
• Unauthorised use of systems for the processing or storing of data.
• Changes to a systems firmware, software or hardware without the system owners consent.
• Malicious disruption and/or denial of service.

Cyber security – The protection of devices, services and networks — and the information on them — from theft or damage.

 

D

Data at rest – Describes data in persistent storage such as hard disks, removable media or backups.

Denial of Service (DoS) – When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Deny list – An access control mechanism that blocks named entities from communicating with a computer, site or network. Can also be known as ‘blacklisting’ across the industry.

Dictionary attack – A type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses.

Digital footprint – A ‘footprint’ of digital information that a user’s online activity leaves behind.

Drive-by download – The unintentional installation of malicious software or virus onto a device without the users knowledge or consent. May also be known as a download attack.

Distributed Denial of Service (DDoS) – A security attack whereby the attacker exploits dozens, hundreds of thousands of systems around the world to target simultaneous attacks against a single organisation. It relies on the attacker being able to get a piece of [Malware] onto those worldwide systems. The idea of DDoS is that the collective bandwidth and processing power of the machines doing the attack far exceed the bandwidth and processing power of the attacked organisation. See also Denial of Service.

E

Encryption – A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End user device (EUD) – Collective term to describe modern smartphones, laptops and tablets that connect to an organisation’s network.

Endpoint Detection and Response (EDR) – Is a category of tools used to detect and investigate threats on endpoint devices

Extended Detection and Response (XDR) – Is a category of tools that stitch together data from previously siloed data sources from endpoints, networks, clouds – even third parties.

Exploit – May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences.

 

F

Firewall – Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network.

 

G

 

H

Hacker – A term that has been used throughout media and popular culture to describe physical and information security enthusiasts who commit unlawful acts. However, in reality, a hacker is simply a curious, outside-the-box thinker who creates unorthodox solutions for everyday problems. The actions and methods by which these problems are solved is called “hacking”.

Honeypot (Honeynet) – Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.

Human Error – Unintentional actions – or lack of action – by employees and users that cause, spread or allow a security breach to take place.

 

I

Incident – A breach of the security rules for a system or service, such as:

• attempts to gain unauthorised access to a system and/or data
• unauthorised use of systems for the processing or storing of data
• changes to a systems firmware, software or hardware without the system owners consent
• malicious disruption and/or denial of service

Indicators of Compromise (IoC) – are pieces of forensic data that identify potentially malicious activity on a network or system.

Insider risks – The potential for damage to be done maliciously or inadvertently by a legitimate user with privileged access to systems, networks or data.

Internet of Things (IoT) – Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.

Internet of Medical Things (IoMT) – Refers to the ability of medical objects (rather than computers and devices) to connect to the Internet. Examples include remote patient monitoring, equipment tracking and connected inhalers.

 

J

JSON (JavaScript Object Notation) – A lightweight data-interchange format that is easy for humans to read and write and for machines to parse and generate. It’s structured as a collection of name/value pairs (objects) and ordered lists of values (arrays), making it a popular choice for data transmission in web applications.

 

K

 

L

 

M

Macro – A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Malvertising – Using online advertising as a delivery method for malware.

Malware – an amalgamation of ‘Malicious‘ and ‘software’, is a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals.

Managed Detection and Response (MDR) – A service provided by security organisations whereby they provide 24×7 threat detection, hunting and response capabilities.

Mean Time to Detect (MTTD) – The average time passed between the onset of an IT incident and its discovery.

Mean Time to Respond (MTTR) – The average time it takes to neutralise an identified threat or system failure from the first alert.

Mitigation – Steps that organisations and individuals can take to minimise and address risks.

 

N

Network – Two or more computers linked in order to share resources.

Network Admission Control (NAC) – A mechanism whereby the network infrastructure forbids a device from communicating until it has proven its identity and that its operating software and Anti-Malware Software are up to date.

O

 

P

Patching – Applying updates to firmware or software to improve security and/or enhance functionality.

Pentest – Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.

Pharming – An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.

Phishing – Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website.

Platform – The basic hardware (device) and software (operating system) on which applications can be run.

 

Q

Quarantine – A storage area to which Anti-Malware Software moves infected files for further inspection, removing them from their original locations in order that they cannot cause damage.

Quishing or QR Phishing – Involves a cyber attack strategy that uses QR codes to trick targets into visiting malicious websites or downloading malware.

QR Spoofing – Entails tampering with legitimate QR codes to divert to malicious websites.

R

Ransomware – Malicious software that makes data or systems unusable until the victim makes a payment.

Router – A network device which sends data packets from one network to another based on the destination address. May also be called a gateway.

 

S

Sanitisation – Using electronic or physical destruction methods to securely erase or remove data from memory.

Security event management (SEM) – Is a subsection within the field of computer security, where software products and services combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware.

Security information and event management (SIEM) – Combines SIM and SEM capabilities.

Security information management (SIM) – the collection of data such as log files into a central repository for trend analysis.

Security operations centre (SOC) – a centralised function within an organisation employing people, processes, and technology to continuously monitor and improve an organisation’s security posture while preventing, detecting, analysing, and responding to cyber security incidents.

Security orchestration, automation and response (SOAR) – A solution stack of compatible software programs that allow an organisation to collect data about security threats, and respond to low-level security events without human assistance.

Session hijacking – malicious actor takes control of communication between a user and server, enabling him/her to steal the data flowing between the two parties.

Smishing – Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.

Social engineering – Manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.

Software as a service (SaaS) – Describes a business model where consumers access centrally-hosted software applications over the Internet.

Software Bill of Materials (SBOM) – Is a record of various components used in building software that enables faster identification and remediation of vulnerabilities.

Spear-phishing – A more targeted form of phishing, where the email is designed to look like it’s from a person the recipient knows and/or trusts.

SQL injection attack – This type of attack specifically targets databases built using the SQL programming language. In this case, a malicious actor may breach the database through the language the database is built with; this can lead the database to reveal information contained within it to unauthorised users.

 

T

Trojan – A type of malware or virus disguised as legitimate software, that is used to hack into the victim’s computer.

Two-factor authentication (2FA) – The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.

 

U

 

V

Virus – Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.

Virtual Private Network (VPN) – An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.

Vulnerability – A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.

 

W

Water-holing (watering hole attack) – Setting up a fake website (or compromising a real one) in order to exploit visiting users.

Whaling – Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.

 

X

 

Y

 

Z

Zero-day – Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that cyber criminals can exploit.

Thanks to:

Hacking is NOT a Crime. (2021). https://www.hackingisnotacrime.org.

Imperial College. (2019). Improving Cyber Security In The NHS. Available: https://www.imperial.ac.uk/media/imperial-college/institute-for-security-science-and-technology/Cyber-report-spreads-lores.pdf.

National Cyber Security Centre. (2021). NCSC glossary. Available: https://www.ncsc.gov.uk/information/ncsc-glossary.