Cybersecurity Glossary

Welcome to your essential Cybersecurity Glossary! Whether you’re new to cybersecurity or brushing up on your vocabulary, understanding the jargon is crucial to navigating the complexities of keeping data and networks secure. Here, we break down key terms and acronyms to empower you with the knowledge you need to protect your business and personal information.


Authentication: The process of verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an IT system.

Access Control: The selective restriction of access to data, which is a fundamental concept in security that minimizes risk to the business or organization.


Botnet: A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to transmit spam or launch attacks.

Breach: A security incident where information is accessed without authorization.


Cryptography: The practice and study of techniques for secure communication in the presence of third parties called adversaries.

Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks.


DDoS (Distributed Denial of Service): A type of cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.


Encryption: The method by which information is converted into secret code that hides the information’s true meaning.


Firewall: A network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.


Governance: The process that ensures the effective and efficient use of IT in enabling an organization to achieve its goals.


HTTPS (Hypertext Transfer Protocol Secure): An extension of HTTP used for secure communication over a computer network, and is widely used on the Internet.


Incident Response: A term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence.


Malware: Software that is intended to damage or disable computers and computer systems.


Phishing: The fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.


Ransomware: A type of malicious software designed to block access to a computer system until a sum of money is paid.


SSL (Secure Sockets Layer): A standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client.

Social Engineering: The art of manipulating people so they give up confidential information.


Trojan Horse: A type of malware that is often disguised as legitimate software.


Vulnerability: A weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system.


Worm: A malware computer program that replicates itself in order to spread to other computers.

This glossary is not exhaustive but offers a foundation for the terminology you’ll frequently encounter in the realm of cybersecurity. Understanding these terms is the first step toward developing a robust security posture for your business.