Outsmart. Outsecure. Outlast.
In the ever-evolving world of cyber security, understanding key terminology is essential to protect your business and personal data. This comprehensive cyber security glossary provides clear and concise definitions of the most important terms, concepts, and threats in the digital security landscape. From ransomware and phishing to zero-day exploits and encryption, this guide is designed to help you stay informed and secure. Whether you're an IT professional, a business owner, or just someone looking to enhance your cyber security knowledge, this glossary is your essential resource for comprehensive cyber security awareness.
A security measure requiring two distinct forms of verification before granting access to a system or account. (Also known as: Two-Step Verification)
Example: When logging into an email account, you enter your password and then input a verification code sent to your email.
See also: MFA (Multi-Factor Authentication)
An access control model that grants permissions based on user attributes such as role, location, or department.
Example: Employees can only access financial data if they are in the finance department and working from the office.
A set of mechanisms and policies designed to restrict unauthorised users from accessing systems, networks, or data. Access control typically involves authentication (verifying identity) and authorisation (granting permissions).
Example: In an office, employees may need to use a swipe card (authentication) to enter certain areas, and only managers may have permission (authorisation) to access sensitive files.
A device that allows wireless devices to connect to a wired network, commonly used in Wi-Fi networks.
Example: The router in your home acts as an access point, enabling your smartphone and laptop to connect to the internet.
A list of rules that specify who or what is allowed to access a resource and what operations they can perform.
Example: A firewall uses an ACL to permit or deny traffic from specific IP addresses.
A prolonged, targeted cyberattack where an intruder gains unauthorised access to a network and remains undetected for an extended period, often to steal sensitive data.
Example: A hacker group infiltrates a government agency's network and remains hidden for months, slowly exfiltrating classified documents.
Software that displays or downloads advertisements, often without the user's consent. While not always malicious, some adware can compromise privacy or security.
Example: You download a free video player, and it keeps showing pop-up adverts.
A security measure where a system or network is physically isolated from other networks, especially the internet, to protect against cyber attacks.
Example: Highly sensitive government computers are kept offline to prevent external hacking attempts.
The process of removing or altering personal identifiers in data sets to prevent individuals from being identified.
Example: Customer data is anonymised by replacing names and email addresses with generic IDs before being shared with researchers.
Techniques used to prevent or hinder digital forensic investigations by erasing or obscuring evidence.
Example: A hacker uses anti-forensics tools to delete logs and hide their tracks after a data breach.
A program designed to detect, prevent, and remove malicious software (malware) like viruses, worms, and trojans.
Example: Antivirus Software can scan your computer regularly and alert you if it finds a virus.
Allowing only approved applications to run on a system, blocking all others by default to prevent malware.
Example: A business uses application whitelisting to ensure only verified software runs on employee computers.
The total number of points where an attacker can attempt to enter or exploit a system.
Example: A web server running multiple applications has a larger attack surface than a single-purpose server.
The process of verifying a user's identity before granting access to a system or service. Common methods include passwords, fingerprints, and face recognition.
Example: Logging into your email by entering a username and a password.
The process of granting specific permissions to a user, device, or system based on verified identity and predefined rules, determining what actions they are allowed to perform.
Example: After logging into a file server, users with the role of "editor" are authorised to modify documents, while others can only view them.
A hidden method within software, hardware, or a system that allows someone to bypass normal authentication or security controls. Backdoors can be intentionally coded by developers for maintenance purposes or maliciously created by attackers to gain unauthorised access.
Example: A software developer includes a backdoor for troubleshooting, while a hacker might install a backdoor in a compromised server to maintain covert access.
Baiting is a social engineering attack where an attacker lures a victim into performing a specific action by offering something tempting, such as free software, a USB drive, or access to exclusive content. The bait often contains malware or leads to a phishing site.
Example: An employee finds a USB drive labelled "Confidential Payroll Data" in the office car park. Curious, they plug it into their work computer, unknowingly installing malware that grants the attacker remote access to the system.
Measures to protect the BIOS (Basic Input/Output System) from unauthorised changes or tampering.
Example: Enabling a BIOS password prevents unauthorised users from making changes to system settings.
A hacker who violates security for personal gain, malicious intent, or to cause damage to systems or data.
Example: A black hat hacker breaches a company's database and sells the stolen customer data on the dark web.
See also: White Hat Hacker, Hacker
A security strategy where specific applications, users, IP addresses, or processes that are known to be malicious or unauthorised are explicitly blocked from accessing a system, network, or resource. Everything not included on the blacklist is allowed by default, but may still be monitored for suspicious activity.
Example: A web server's firewall blacklists IP addresses associated with repeated unauthorised login attempts to prevent further access.
See also: Whitelisting
A group responsible for defending an organisation's systems and networks by identifying and mitigating security threats.
Example: The blue team monitors network traffic for suspicious activity and responds to any detected threats.
See also: Red Team, Purple Team
An automated software program that performs tasks online. Bots can be used for legitimate purposes or malicious activities, such as spamming.
Example: A search engine uses bots to index websites, while cyber criminals use bots to send out spam emails.
A network of internet-connected devices infected with malware and controlled by a central attacker. Botnets are often used for large-scale attacks like DDoS (Distributed Denial-of-Service).
Example: Thousands of infected computers are used simultaneously to overwhelm a website, making it crash.
See also: DDoS (Distributed Denial-of-Service), Zombie Computer
The process of informing affected individuals and authorities about a data breach, often required by law.
Example: After a data breach, a company sends emails to customers notifying them that their personal information may have been exposed.
A trial-and-error method where an attacker tries every possible password combination to gain access to an account.
Example: A hacker uses automated software to guess the password to your email by systematically trying every combination of letters and numbers.
A policy that allows employees to use their personal devices, like laptops or smartphones, for work purposes. This can introduce security risks if devices aren't properly secured.
Example: An employee uses their personal phone to access company emails.
An organisation that issues digital certificates to verify identities and secure online communications.
Example: Your web browser shows a padlock icon when visiting a secure website, indicating a valid certificate from a trusted CA.
A test used to determine whether a user is human, often to prevent automated bots from accessing websites.
Example: When signing up for a service, you might be asked to identify objects in a series of images (e.g., "Select all the traffic lights.").
Software that acts as a gatekeeper between users and cloud services to enforce security policies and protect data.
Example: A CASB monitors and controls employee access to cloud services like Google Drive and Dropbox.
A technique that tricks users into clicking something different from what they think, often to steal information or install malware.
Example: A deceptive webpage has a "Play" button that actually triggers a hidden download of malicious software.
A set of measures designed to protect data, applications, and services hosted in cloud environments.
Example: Encrypting data stored in Google Drive and using multi-factor authentication to access your cloud account.
A username and password that has been stolen or exposed, allowing unauthorised access to accounts.
Example: Hackers use compromised credentials from a data breach to log into victims' email accounts.
Systems that integrate digital and physical components, such as industrial control systems or smart grids.
Example: A smart factory uses CPS to automate and monitor production lines in real-time.
A type of cyber attack where attackers use large sets of stolen username and password combinations, often obtained from previous data breaches, to gain unauthorised access to multiple online accounts. This attack exploits the common practice of people reusing the same credentials across different platforms and services.
Example: After acquiring a database of stolen login credentials from a breached e-commerce website, attackers attempt to access users' social media and banking accounts using the same email and password combinations.
A web security vulnerability that allows attackers to inject malicious scripts into websites viewed by other users.
Example: An attacker inserts a script into a comment section of a blog, which then steals login cookies from anyone who views the comment.
The practice of securing information by converting it into an unreadable format (encryption) so only authorised users can decode it.
Example: Sending an encrypted email so only the intended recipient, who has the decryption key, can read it.
An attack where a malicious website tricks a user's browser into performing actions on another website where the user is authenticated.
Example: A user clicks a malicious link that causes their bank account to transfer funds without their knowledge.
Any deliberate attempt to damage, disrupt, or gain unauthorised access to computer systems, networks, or data.
Example: A hacker launches a ransomware attack on a hospital, encrypting patient records until a ransom is paid.
Illegal activities carried out using computers or the internet, such as hacking, fraud, or identity theft.
Example: A scammer steals credit card information through a fake shopping website.
The act of secretly obtaining sensitive information from individuals, organisations, or governments for strategic advantage.
Example: Hackers infiltrate a tech company's network to steal trade secrets about a new product.
The regular practices and habits that individuals and organisations follow to maintain security and protect against cyber threats.
Example: Regularly updating software, using strong passwords, and enabling multi-factor authentication are good cyber hygiene practices.
The ability of an organisation to prepare for, respond to, and recover from cyber attacks while continuing operations.
Example: A company with strong cyber resilience can quickly restore systems after a ransomware attack without major disruption.
A part of the internet not indexed by search engines, accessible only through special software, often associated with illegal activities.
Example: The dark web is used to trade stolen data, drugs, or illegal services, accessible through tools like Tor.
An incident where confidential or sensitive data is accessed or disclosed without authorisation.
Example: Hackers break into a retail company's database and steal customers' credit card details.
The process of converting data into a coded format to prevent unauthorised access. Only those with the decryption key can read it.
Example: Your online banking app encrypts your data, so even if it's intercepted, it can't be read without the correct key.
The unauthorised transfer of data from a computer or network to an external location, often performed stealthily.
Example: An attacker gains access to a company's database and secretly sends customer records to a remote server.
Ensuring that data remains accurate, consistent, and unaltered during storage or transmission.
Example: A financial report is transmitted securely to ensure it isn't tampered with during transfer.
Tools and strategies designed to prevent unauthorised access, use, or sharing of sensitive data.
Example: A company uses DLP software to prevent employees from sending confidential information via email.
The process of obscuring sensitive data by replacing it with fictional or altered data, maintaining usability while protecting privacy.
Example: In a training database, real customer names and credit card numbers are replaced with fake data.
The process of securely erasing data to prevent it from being recovered or misused.
Example: Before disposing of old hard drives, a company uses data sanitisation techniques to wipe all information.
A type of DoS attack launched from multiple compromised devices (botnet) to overwhelm a system.
Example: An e-commerce site is bombarded by traffic from thousands of infected devices, making it unusable.
See also: DoS (Denial-of-Service)
AI-generated media, such as videos or audio, that look and sound real but are manipulated to deceive viewers.
Example: A deepfake video shows a politician saying something they never actually said, causing public confusion.
The trail of data left by a person's online activities, including social media posts, website visits, and emails.
Example: Your digital footprint includes every comment, post, or review you've ever made online.
The process of collecting, analysing, and preserving digital evidence to investigate cyber crimes or security incidents.
Example: After a hacking incident, digital forensics experts recover deleted files to trace the attacker's activities.
A cryptographic method used to verify the authenticity and integrity of digital messages or documents.
Example: A digital signature on an email ensures it was sent by the stated sender and has not been tampered with.
An email authentication method that uses cryptographic signatures to verify that an email was sent from an authorised mail server and that its content has not been tampered with during transit.
Example: An outgoing email is digitally signed with DKIM, and the recipient's mail server verifies the signature to confirm its authenticity.
See also: SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting, and Conformance)
An email authentication protocol that uses SPF and DKIM to verify an email's authenticity and provides domain owners with reporting capabilities to monitor and enforce email authentication policies.
Example: A company implements a DMARC policy to instruct recipient servers to reject any emails that fail SPF or DKIM checks.
See also: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail)
DNS filtering is a technique used to restrict access to certain websites based on domain names. It prevents users from reaching malicious or inappropriate sites by blocking DNS queries that resolve to blacklisted domains.
Example: A business implements DNS filtering to block employees from accessing known malware sites and prevent accidental downloads of ransomware.
See also: Protective DNS (PDNS)
An attack that manipulates DNS (Domain Name System) records to redirect users to fraudulent websites.
Example: You type in your bank's website address, but DNS spoofing sends you to a fake site designed to steal your login details.
An attack where a system is overwhelmed with traffic or requests, making it unavailable to legitimate users.
Example: A hacker floods a website with so many requests that it crashes and can't be accessed.
See also: DDoS (Distributed Denial-of-Service)
The unintentional download of malware when visiting a compromised website, often without the user's knowledge.
Example: Visiting an infected website causes a malicious file to be downloaded onto your computer automatically.
An attack where a hacker intercepts private communications, such as emails or phone calls, to steal sensitive information.
Example: An attacker uses a packet sniffer to capture login credentials sent over an unencrypted Wi-Fi network.
A security solution that continuously monitors endpoint devices (such as computers, servers, and mobile devices) for suspicious activity, detects threats, and responds to security incidents in real time.
Example: EDR software detects and stops malware on an employee's laptop before it can spread to the network.
See also: MDR (Managed Detection and Response)
A mathematical process used to encrypt and decrypt data, ensuring secure communication and data protection.
Example: AES (Advanced Encryption Standard) is an encryption algorithm widely used to encrypt sensitive data like financial transactions.
A string of characters used in encryption algorithms to encode or decode data, ensuring secure communication.
Example: Your messaging app encrypts messages using an encryption key so only the recipient can read them.
Any device that connects to a network and serves as a potential entry point for cyber threats, such as computers, servers, smartphones, tablets, IoT devices, and workstations.
Example: A company implements endpoint security measures on all employee laptops and mobile devices to prevent malware infections and unauthorised access.
Protective measures and tools designed to secure endpoint devices such as desktops, laptops, tablets, and smartphones from cyber threats. It typically includes antivirus software, firewalls, encryption, and advanced threat detection to prevent unauthorised access and data breaches.
Example: Installing antivirus software and encrypting data on company laptops.
Security software that provides comprehensive protection for endpoint devices, combining antivirus, anti-malware, and firewall features.
Example: An organisation installs an EPP on all employee laptops to protect against malware and unauthorised access.
A system where encryption keys are held by a trusted third party, allowing access in emergencies or by authorised request.
Example: A company stores encryption keys with a third party to ensure they can access data if their systems fail.
A piece of code or technique that takes advantage of a vulnerability in a system to perform malicious actions.
Example: An attacker uses an exploit to gain access to a server running outdated software.
A collection of tools used by cyber criminals to exploit known vulnerabilities in systems or software.
Example: An exploit kit targets unpatched versions of a web browser to install ransomware on users' devices.
Malware that resides in a computer's memory rather than the hard drive, making it difficult to detect and remove.
Example: An attacker exploits a vulnerability in a web browser to run fileless malware that steals data during a session.
A security system (hardware or software) that monitors and controls incoming and outgoing network traffic based on security rules.
Example: Your home router may have a firewall that only allows authorised traffic through.
A data protection and privacy regulation enacted by the European Union (EU) that governs how organisations collect, store, process, and share the personal data of EU citizens. Although it is an EU regulation, GDPR applies to any organisation worldwide, including Australian businesses, that handle the personal data of individuals located in the EU.
Example: An e-commerce business selling products to customers in Europe must ensure its website complies with GDPR requirements, such as obtaining explicit consent for data collection, providing clear privacy notices, and offering customers the ability to delete their personal data upon request.
A person who uses technical skills to access systems or data. Hackers can be ethical (white hat) or malicious (black hat).
Example: A white hat hacker finds vulnerabilities in a company's system and helps them fix it.
See also: White Hat Hacker, Black Hat Hacker
A physical device that securely manages and protects cryptographic keys, performing encryption and decryption operations.
Example: Banks use HSMs to secure customer transaction data and protect encryption keys from theft.
A malicious modification to hardware that can create security vulnerabilities or backdoors.
Example: A compromised microchip in a computer can allow attackers to bypass security measures.
When two different pieces of data produce the same hash value, potentially compromising data integrity.
Example: An attacker exploits a hash collision to trick a system into accepting a malicious file as legitimate.
An algorithm that converts data into a fixed-length string (hash) for verification purposes. Hashes are used to ensure data integrity.
Example: When you download a file, its hash value can be compared with the original to ensure it hasn't been altered.
A decoy system designed to lure attackers, allowing security teams to observe their methods and gather intelligence.
Example: A fake database is set up to attract hackers and track their activities without risking real data.
Software that allows multiple virtual machines to run on a single physical server, managing their resources and isolation.
Example: VMware and Hyper-V are popular hypervisors used to create and manage virtual machines.
See also: VM (Virtual Machine)
Managing and provisioning infrastructure through code and automation tools, rather than manual configuration.
Example: Using tools like Terraform to script the setup of servers, networks, and databases automatically.
Policies and technologies for managing user identities and controlling access to systems and data.
Example: IAM ensures that only authorised employees can access sensitive HR records.
Policies and processes for managing and securing user identities and access rights within an organisation.
Example: Regular reviews ensure employees have the correct level of access and that former employees' accounts are deactivated.
The process of verifying a person's identity before granting them access to systems, services, or information.
Example: A bank requires photo identification and proof of address when setting up a new account.
The act of stealing someone's personal information to commit fraud, such as making purchases or taking out loans.
Example: A cyber criminal uses stolen personal details to open a credit card account in someone else's name and racks up debt without their knowledge.
A security system that monitors network traffic for suspicious activities and alerts administrators if potential threats are detected.
Example: An IDS identifies an unusual number of login attempts from different countries and warns the security team about a possible attack.
The process of identifying, managing, and mitigating cyber security incidents to minimise damage and restore normal operations.
Example: After a malware infection, the IT team follows an incident response plan to remove the malware and recover affected systems.
See also: Incident Response Plan
A structured set of instructions and procedures designed to help an organisation detect, respond to, and recover from cyber security incidents.
Example: When a data breach occurs, the IT team follows the incident response plan, which outlines steps like isolating affected systems, notifying stakeholders, and restoring data from backups.
See also: Incident Response
A security risk posed by individuals within an organisation, such as employees or contractors, who may misuse their access for malicious purposes or due to negligence.
Example: An employee with access to sensitive customer data copies it onto a USB drive and sells it to competitors.
A network of connected devices that can collect and exchange data, such as smart home gadgets and industrial sensors.
Example: A smart thermostat that you control via a mobile app is part of the IoT.
A list of IP addresses that are blocked due to malicious activity or policy violations.
Example: A company blacklists IP addresses linked to spam emails to protect its network.
A technique where an attacker falsifies the source IP address of a data packet to disguise their identity or impersonate a trusted source.
Example: An attacker sends a malicious email that appears to come from a colleague's IP address to trick you into clicking a harmful link.
Software tools that identify if a mobile device has been jailbroken to bypass security restrictions.
Example: A banking app refuses to run if it detects that the device has been jailbroken.
See also: Jailbreaking
Removing software restrictions imposed by a device manufacturer to install unauthorised apps or modify system settings.
Example: Jailbreaking an iPhone to install apps not available on the App Store.
Granting temporary, time-limited access to resources to minimise security risks associated with prolonged access.
Example: An IT administrator receives JIT access to a secure server only when maintenance is required.
A network authentication protocol that uses tickets to allow secure communication over an insecure network.
Example: Employees in a company network use Kerberos to securely access shared resources without repeatedly entering passwords.
Malicious software or hardware that records every keystroke made on a device, often used to capture passwords, credit card details, or other sensitive information.
Example: A cyber criminal installs a keylogger on a public computer, capturing login details from unsuspecting users.
A behavioural biometric method that identifies users based on their typing patterns and rhythms.
Example: A system detects unusual typing patterns and flags a login attempt as potentially fraudulent.
Malicious code programmed to trigger when specific conditions are met, such as a certain date or event.
Example: A disgruntled employee installs a logic bomb that deletes files if they are fired.
Malware that infects files containing macros, such as Microsoft Word or Excel documents, and executes malicious code.
Example: An infected Excel spreadsheet runs a macro that deletes files when opened.
Malicious advertisements that spread malware when users click on them or simply view them.
Example: An online advert on a legitimate website installs ransomware on a user's computer when clicked.
A general term for any malicious software designed to damage, disrupt, or exploit computers, networks, or data. Types include viruses, worms, ransomware, and spyware.
Example: A user downloads some free software from an unofficial website, unknowingly installing malware that tracks their keystrokes and steals their login credentials.
The study of malware to understand its origin, behaviour, and impact, helping to develop effective defences.
Example: A security analyst examines a ransomware sample to determine how it encrypts files.
See also: Malware
Software that allows organisations to manage and secure employees' mobile devices remotely.
Example: IT administrators use MDM to enforce security policies on company-issued smartphones.
A cybersecurity service where a third-party provider actively monitors, detects, and responds to security threats on behalf of an organisation. MDR services combine human expertise with automated tools to provide continuous threat protection.
Example: A small business without an in-house security team subscribes to an MDR service that continuously monitors its network and alerts the company when suspicious activity is detected.
See also: EDR (Endpoint Detection and Response)
A security method that requires users to provide two or more verification factors to access an account or system.
Example: Logging into your banking app by entering your username and password and then confirming a code sent to your mobile phone.
See also: 2FA (Two-Factor Authentication)
Malware that infects a web browser to intercept and manipulate online transactions.
Example: MitB malware captures your online banking login details while you're making a payment.
An attack where a cybercriminal intercepts and possibly alters communication between two parties without their knowledge.
Example: An attacker intercepts data transferred between your laptop and a public Wi-Fi network, stealing login credentials for your email.
Measures taken to protect mobile devices from threats like malware, data theft, and unauthorised access.
Example: Using device encryption, biometric authentication, and remote wipe features to secure smartphones.
A third-party company that provides ongoing IT management and support services, including system monitoring, maintenance, cybersecurity, and helpdesk support, typically on a subscription basis.
Example: A small business hires an MSP to manage its IT infrastructure, ensuring that its network, cloud services, and cybersecurity measures are maintained and up to date.
See also: MSSP (Managed Security Services Provider)
A specialised type of MSP that focuses on cybersecurity, offering services such as threat monitoring, incident response, vulnerability assessments, and endpoint protection.
Example: A business hires an MSSP to monitor its network for cyber threats, protect its servers and workstations from malware, and provide rapid response to security incidents, reducing the risk of financial and operational disruptions.
See also: MSP (Managed Service Provider)
A specialised security service that not only detects threats but actively investigates and responds to them in real time, often by neutralising or mitigating attacks before they cause damage.
Example: After detecting a ransomware attack in progress, an MTR provider steps in, quarantines the affected systems, removes the malware, and implements security patches to prevent further infections.
Security measures that restrict access to a network based on user identity, device security, and compliance with policies.
Example: Only devices with up-to-date antivirus software are allowed to connect to the company's network.
The process of discovering devices, users, and services on a network, often as part of reconnaissance by attackers.
Example: An attacker scans a corporate network to find active devices and potential vulnerabilities.
The capture, analysis, and investigation of network traffic to identify security incidents or breaches.
Example: After a data breach, analysts review network logs to trace the source of the attack.
Dividing a computer network into smaller, isolated segments to enhance security and limit the spread of threats.
Example: A company separates its customer database from its employee network so that a breach in one area doesn't affect the other.
The process of capturing and analysing data packets on a network to identify potential threats or gather information.
Example: A security analyst uses a network sniffer to detect unauthorised data transfers.
An open standard for access delegation, allowing secure access to resources without sharing passwords.
Example: A user grants a project management app permission to access their cloud storage account using OAuth, enabling the app to fetch and display relevant files without requiring the user's login credentials.
A firewall technique that controls the flow of data packets based on predefined security rules, such as IP addresses and ports.
Example: A firewall blocks packets from an unknown IP address trying to access the company network.
A software tool that securely stores and generates strong, unique passwords for different accounts.
Example: An employee uses a password manager to create and store unique, complex passwords for each of their work-related accounts, ensuring they don't need to remember every password individually.
A set of rules designed to create strong, secure passwords and enforce regular password changes.
Example: A company requires employees to use passwords with at least 12 characters, including numbers and symbols.
A software update designed to fix security vulnerabilities, bugs, or performance issues.
Example: Microsoft releases a patch to address a security flaw in Windows, which users need to install to stay protected.
The process of regularly updating software to fix security vulnerabilities, bugs, and performance issues.
Example: An IT team applies a security patch to operating systems and applications each month to protect against newly discovered vulnerabilities.
See also: Patch
The second Tuesday of each month when Microsoft releases security updates for its software.
Example: IT departments schedule updates on Patch Tuesday to ensure systems stay secure.
See also: Patch, Patch Management
The component of malicious software (malware) responsible for executing the intended harmful action, such as data theft, system damage, or unauthorised access, once the malware has infiltrated a system.
Example: A ransomware payload encrypts files on a victim's computer and displays a ransom note demanding payment to restore access.
A set of security standards for protecting credit card data during processing, storage, and transmission.
Example: Online retailers must comply with PCI DSS to ensure customer payment information is secure.
A cyber security professional who performs authorised hacking on an organisation's systems, networks, or applications to identify and help fix security vulnerabilities.
Example: A financial institution hires a penetration tester to attempt to break into its online banking platform. The tester discovers a vulnerability that allows unauthorised access to customer accounts and provides a report with recommendations to fix the issue.
See also: Penetration Testing
A simulated cyber attack performed by security experts (ethical hackers) to identify vulnerabilities in a system or network.
Example: A company hires a penetration tester to attempt to break into their network, uncovering weak points that need to be secured.
See also: Penetration Tester
A cyber attack that redirects users from legitimate websites to fraudulent ones to steal personal information. Unlike phishing, pharming can occur even if the user types the correct URL.
Example: You enter your bank's web address, but malware on your device redirects you to a fake version of the site, prompting you to enter your login credentials.
A social engineering attack where cyber criminals send fraudulent emails or messages designed to trick recipients into revealing sensitive information or clicking malicious links.
Example: You receive an email claiming to be from your bank, asking you to click a link and enter your account details, but the link leads to a fake website.
Hacking into telecommunication systems, often to make free calls or exploit phone networks.
Example: In the early days of phone hacking, phreakers used tones to bypass long-distance call charges.
Measures designed to protect physical assets, such as buildings, servers, and devices, from theft, damage, or unauthorised access.
Example: Installing CCTV cameras and secure entry systems to protect a data centre.
A technique used to identify open ports and services on a network, often as a reconnaissance step before an attack.
Example: Hackers scan a company's network for open ports to find vulnerable services.
A social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into divulging confidential information.
Example: An attacker calls an employee, claiming to be from IT support, and convinces them to share their login credentials to "fix a technical issue."
Exploiting vulnerabilities to gain higher access rights within a system than originally granted, enabling attackers to perform unauthorised actions.
Example: A user with standard access exploits a vulnerability to gain administrator privileges, allowing them to install software or access sensitive files.
Protective DNS (PDNS) is a security service that analyses and filters DNS queries to prevent access to malicious domains. It blocks connections to phishing sites, malware command-and-control servers, and other cyber threats before they can cause harm.
Example: An employee accidentally clicks on a phishing link in an email. However, the company's PDNS service detects that the domain is linked to known phishing activity and blocks the request, preventing the user from accessing the harmful website.
A group of cyber security professionals that integrates the functions of both the Red Team (attackers) and Blue Team (defenders) to enhance an organisation's security posture. The Purple Team facilitates collaboration and information sharing between the Red and Blue Teams to identify vulnerabilities, improve defences, and ensure effective threat mitigation. Their role is to ensure that offensive testing (Red Team) directly informs defensive strategies (Blue Team).
Example: After the Red Team conducts a simulated phishing attack and successfully compromises user credentials, the Purple Team helps the Blue Team improve email filtering and employee training to prevent future incidents.
A method of encrypting data using principles of quantum mechanics to ensure secure communication that is resistant to hacking.
Example: Quantum key distribution is used to exchange encryption keys securely between two parties.
The process of isolating infected files, devices, or systems to prevent the spread of malware or other security threats.
Example: Antivirus software detects a suspicious file and places it in quarantine, preventing it from affecting other parts of the system.
A type of malware that encrypts a user's data or system, with attackers demanding payment (ransom) to restore access.
Example: An employee opens a malicious email attachment, causing ransomware to encrypt company files until a ransom is paid.
Malware that allows attackers to remotely control an infected system, often used for surveillance or data theft.
Example: An attacker uses a RAT to activate a victim's webcam and monitor their activity.
A group of security professionals that simulates real-world attacks on an organisation to test its defences and identify vulnerabilities.
Example: The red team launches a mock phishing campaign to see if employees will click malicious links, helping improve training and awareness.
See also: Blue Team, Purple Team
An attack where valid data is captured and resent to trick a system into unauthorised actions.
Example: An attacker intercepts and replays a login request to gain access to a secure system.
See also: Wormhole Attack
The process of identifying, analysing, and evaluating potential security risks to determine their impact and the steps needed to mitigate them.
Example: A company performs a risk assessment to identify vulnerabilities in its network and prioritises fixing the most critical issues.
See also: Vulnerability Assessment
The process of reducing the likelihood or impact of security threats through proactive measures and controls.
Example: Encrypting sensitive data and enforcing strong passwords to mitigate the risk of data breaches.
A software solution that allows IT service providers to remotely monitor, manage, and maintain an organisation's IT infrastructure, including computers, servers, and networks.
Example: An IT provider uses RMM software to monitor the health of a client’s servers, automatically deploying security patches and detecting hardware failures before they cause downtime.
An unauthorised Wi-Fi access point installed on a network, often used by attackers to intercept traffic.
Example: A hacker sets up a rogue access point in a coffee shop to steal data from users who connect.
Malicious software that grants attackers deep access to a system while hiding its presence, making it difficult to detect.
Example: A rootkit infects a computer and allows an attacker to control the system remotely without the user knowing.
A security technique that isolates applications, processes, or files in a controlled environment to prevent them from affecting the main system. This method allows security professionals or systems to test or analyse suspicious code safely without risking harm to the primary network or data.
Example: Before deploying a new software update, the IT team runs it in a sandbox environment to check for potential vulnerabilities or compatibility issues.
A security feature that ensures a device only boots using software trusted by the manufacturer.
Example: If malware tries to alter your computer's boot process, Secure Boot prevents the system from starting.
A thorough review and evaluation of an organisation's security policies, systems, and procedures to identify vulnerabilities, ensure compliance with security standards, and verify the effectiveness of security controls.
Example: A company conducts a security audit to ensure that client records are securely stored, employee devices have up-to-date antivirus software, and access to sensitive files is restricted to authorised staff only.
Programmes designed to educate employees on recognising and preventing cyber security threats, such as phishing and social engineering attacks.
Example: Employees attend a training session on how to identify suspicious emails and avoid falling for phishing scams.
The overall strength of an organisation's security measures and its readiness to respond to threats.
Example: A company with strong security policies, regular training, and robust defences has a good security posture.
An attack where an attacker takes over an active user session to gain unauthorised access to data or services.
Example: An attacker intercepts a user's session token to gain access to their email account.
A unique identifier issued to a user during a session to maintain authentication and track activity.
Example: When you log into a website, a session token keeps you logged in until you sign out.
The use of unauthorised applications, devices, or services within an organisation, often leading to security risks.
Example: Employees using personal cloud storage accounts to share work files without IT approval.
An attack that exploits indirect information, such as power consumption or timing data, to extract sensitive information.
Example: Analysing the power usage of a device to determine encryption keys.
A security solution that collects, analyses, and correlates log data from various systems to identify security threats, ensure compliance, and provide real-time incident alerts.
Example: A retail company uses a SIEM system to monitor login attempts across all its branches, detecting an unusual spike in failed login attempts from foreign IP addresses, indicating a potential brute-force attack.
A type of phishing attack delivered via SMS text messages, often tricking users into clicking malicious links.
Example: A text message claims your package delivery failed and asks you to click a link to reschedule, which installs malware.
See also: Phishing
A centralised team that monitors, detects, and responds to security incidents in real time.
Example: A bank's SOC monitors its network 24/7 to detect and respond to cyber threats.
Manipulating people into performing actions or divulging confidential information by exploiting human psychology rather than technical vulnerabilities.
Example: An attacker calls an employee, pretending to be from IT support, and tricks them into revealing their password.
Unsolicited and often irrelevant emails or messages, usually sent in bulk for advertising purposes or to spread malware.
Example: Your inbox fills up with emails offering fake lottery winnings or dubious investment opportunities.
A highly targeted phishing attack aimed at a specific individual or organisation, often using personalised details to appear more convincing.
Example: You receive an email that appears to be from your manager, asking you to download an urgent file, which actually contains malware.
See also: Phishing
An email authentication protocol that allows domain owners to specify which mail servers are authorised to send emails on behalf of their domain. It helps prevent email spoofing and phishing.
Example: A company sets up an SPF record in its DNS to specify that only its official mail servers can send emails using its domain.
See also: DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting, and Conformance)
Malicious software that secretly gathers information about a user's activities without their knowledge, often to steal sensitive data.
Example: Spyware installed on a smartphone monitors calls, messages, and location, sending the data to an attacker.
A type of attack where malicious SQL code is inserted into a database query to manipulate or steal data.
Example: An attacker enters specially crafted input into a website's login field to bypass authentication and access the database.
SSL (Secure Sockets Layer) = A cryptographic protocol designed to establish a secure and encrypted connection between two systems over a network. SSL ensures that data transmitted between these systems remains confidential, authenticated, and protected from interception or tampering. While commonly associated with securing communication between web browsers and web servers (HTTPS), SSL can also secure email communications, file transfers, instant messaging, and other network services. Although SSL has been largely replaced by its successor, TLS (Transport Layer Security), the term "SSL" is still widely used to refer to secure communication protocols.
Example: When you see a padlock icon in your browser's address bar, it indicates the website is using SSL/TLS encryption.
See also: TLS (Transport Layer Security)
The practice of hiding secret information within other non-suspicious data, such as images or audio files.
Example: Someone embeds a confidential message within an image file and sends it via email. Only the intended recipient, who knows how to extract the hidden text, can read the message.
Tailgating (also known as piggybacking) is a physical security breach where an unauthorised person follows an authorised person into a restricted area without proper authentication.
Example: An attacker carrying a box pretends to be a delivery person and waits near a secure office entrance. When an employee enters using their access card, the attacker walks in behind them without swiping a card, gaining unauthorised access to the building.
The process of identifying potential security threats through monitoring, analysis, and automated tools.
Example: An antivirus program detects malware on a computer and alerts the user to take action.
The proactive process of searching for cyber threats or attackers within a network, often using advanced tools and techniques to identify hidden threats.
Example: A security analyst reviews system logs and network traffic to detect unusual activity that may indicate a hidden attack.
Information and analysis about current or potential cyber threats to help organisations proactively defend against attacks.
Example: Security teams use threat intelligence reports to stay aware of new ransomware variants targeting their industry.
The process of identifying, evaluating, and mitigating potential security threats to systems, applications, or networks.
Example: A development team performs threat modelling to identify potential risks in a new application and plan countermeasures.
The total sum of all possible vulnerabilities, entry points, or attack vectors in a system that an attacker could exploit.
Example: A company identifies its threat surface as including its website, email server, customer database, employee laptops and devices, point-of-sale (POS) systems, Wi-Fi network, cloud services, cloud storage, and remote work tools.
The method or pathway used by an attacker to exploit a vulnerability and gain unauthorised access to a system or network.
Example: Phishing emails and infected USB drives are common threat vectors used to deliver malware to an organisation's network.
TLS (Transport Layer Security) = A cryptographic protocol designed to provide secure and encrypted communication between two systems over a network. TLS ensures data confidentiality, integrity, and authentication during transmission, protecting it from interception, tampering, or forgery. TLS is the successor to SSL (Secure Sockets Layer) and offers improved security, stronger encryption algorithms, and better performance. It is widely used to secure web traffic (HTTPS), email communications, file transfers, instant messaging, and other network-based services.
Example: Websites with HTTPS use TLS to protect data during transactions, such as online banking or shopping.
See also: SSL (Secure Sockets Layer)
A digital object used to authenticate users and grant access to systems or services. Tokens can be hardware-based or software-based.
Example: When logging into a secure system, a user may receive a one-time token via a mobile app for verification.
The process of replacing sensitive data, like credit card numbers, with unique tokens that have no exploitable value, enhancing security.
Example: When making an online payment, your credit card number is replaced by a token so the actual data isn't stored on the retailer's server.
The process of monitoring and examining network traffic to detect patterns, anomalies, or potential security threats.
Example: Analysts notice an unusual amount of data being sent to an external server, indicating potential data exfiltration.
A hidden method within software that allows bypassing security controls, often planted by developers or attackers.
Example: An unethical programmer adds a trapdoor to a system so they can access it secretly after it's deployed.
A type of malware (malicious software) that appears to be legitimate or useful but, once installed, performs hidden malicious activities, such as stealing data, installing additional malware, or providing remote access to attackers.
Example: A user downloads what appears to be a free software program, but once installed, it secretly allows attackers to remotely control the computer.
The process of sending data through a secure, encrypted channel within a network, often used in VPNs.
Example: A remote worker uses a VPN to tunnel their internet traffic securely through the company's network.
See also: VPN (Virtual Private Network)
A type of cyber attack where attackers register domain names similar to popular websites to trick users into visiting malicious sites.
Example: A fake website called "gogle.com" is set up to steal login details from users who mistype the real "google.com."
A security feature that helps prevent unauthorised changes to a system by prompting users for permission when actions require administrative privileges.
Example: When you try to install new software on your computer, UAC asks you to confirm the action to prevent malicious installations.
A solution that manages and secures all types of endpoint devices, such as laptops, mobiles, and tablets, from a single platform.
Example: An IT team uses UEM software to enforce security policies and push updates to all employee devices.
A security solution that integrates multiple protective measures, such as firewall, antivirus, and intrusion detection, into a single platform.
Example: A small business uses a UTM device to protect its network from malware, phishing, and unauthorised access.
The process of creating virtual versions of hardware, storage, or networks to improve efficiency and security.
Example: A server hosts multiple virtual machines to allow different operating systems to run simultaneously.
See also: VM (Virtual Machine)
Malicious code that attaches itself to legitimate files and spreads when the infected file is executed, causing harm to systems or data.
Example: You open a file attachment from an unknown sender, and it infects your computer with a virus that deletes important files.
Voice-based phishing where attackers use phone calls to trick individuals into providing sensitive information.
Example: A scammer calls, pretending to be from your bank, and asks for your account details to "verify your identity."
See also: Phishing
A software-based simulation of a physical computer that allows multiple operating systems to run on the same hardware.
Example: Developers use a virtual machine to test a new application on Windows while running a Mac.
See also: Virtualisation
A technology that securely extends a private network across a public network, allowing users or multiple networks to connect as if they were directly linked to the private network. A VPN creates an encrypted tunnel that protects data integrity and confidentiality while in transit. This enables remote users to securely access private resources and allows organisations to securely connect multiple office locations over the internet.
Example: A company uses a VPN to connect its headquarters' network with branch offices, allowing employees to share resources and data securely between locations.
See also: Tunnelling, VPN Service
A commercial offering provided by third-party companies that allows users to encrypt their internet traffic, mask their IP address, bypass geographical restrictions, or attempt to maintain privacy while browsing the internet. However, while a VPN service can help protect data in transit and obscure a user's location, it carries its own risks and does not guarantee complete anonymity or security from all types of cyber threats.
Example: A user subscribes to a VPN service to encrypt their internet connection while using public Wi-Fi at an airport, preventing potential attackers from intercepting their sensitive information.
See also: VPN (Virtual Private Network)
A weakness or flaw in a system, network, or software that can be exploited by attackers to gain unauthorised access or cause damage.
Example: An outdated version of a web browser with unpatched vulnerabilities allows an attacker to install malware on your device.
The systematic process of identifying and evaluating weaknesses in a system or network to determine potential risks.
Example: An IT team conducts a vulnerability assessment and finds outdated software that needs patching.
See also: Risk Assessment
The ongoing process of identifying, assessing, prioritising, and remediating security vulnerabilities in systems.
Example: An IT team scans the network on a weekly basis for vulnerabilities and applies patches to keep systems secure.
A security tool that monitors and filters HTTP traffic to protect web applications from attacks like SQL injection and cross-site scripting.
Example: A WAF blocks malicious requests attempting to exploit a vulnerability in an online application.
An attack where hackers compromise websites frequently visited by their target audience to infect visitors with malware.
Example: A hacker infects a popular industry forum with malware, knowing employees from specific companies frequently visit the site.
Embedding identifying information into digital content to trace ownership or detect unauthorised use.
Example: A photographer adds a watermark to their images to prevent unauthorised copying.
Web filtering is a broader security measure that controls access to websites based on content categories, reputation, or security risks. It can use DNS filtering, URL filtering, and content analysis to block harmful or non-compliant web traffic.
Example: A school uses web filtering to prevent students from accessing adult content, social media, and gaming sites during school hours while allowing educational resources.
See also: Protective DNS (PDNS), DNS Filtering
The automated extraction of data from websites, which can be used for legitimate purposes or malicious activities.
Example: A company scrapes product prices from competitors' websites to adjust their pricing strategy.
A type of phishing attack that targets high-level executives or decision-makers within an organisation to steal sensitive information.
Example: A cybercriminal sends a convincing email to a CEO, impersonating a supplier and requesting a large wire transfer.
See also: Phishing
A security testing method where the tester has full knowledge of the system's internal structure, code, and logic.
Example: Developers perform white box testing on new software to identify and fix security flaws in the code.
An ethical hacker who uses their skills to identify and fix security vulnerabilities in systems, helping organisations improve security.
Example: A company hires a white hat hacker to conduct a security audit and discover weaknesses before malicious hackers do.
See also: Black Hat Hacker, Hacker
A security strategy where only explicitly approved applications, users, IP addresses, or processes are allowed access to a system, network, or resource. Everything not included on the whitelist is automatically blocked by default, reducing the attack surface and limiting potential threats.
Example: A company's IT department whitelists specific software applications on employee computers, ensuring that only approved programs can run on the network.
See also: Blacklisting
Protective measures to secure wireless networks, such as encryption, passwords, and authentication protocols.
Example: Enabling WPA3 encryption on your home Wi-Fi network to prevent unauthorised access.
A type of malware that replicates itself and spreads to other devices, often causing widespread network disruption.
Example: The "ILOVEYOU" worm spread through email attachments, infecting millions of computers worldwide by replicating itself.
A network security attack where an attacker captures data packets at one location in a network, tunnels them to another location, and then replays them, disrupting communication or bypassing security measures. This attack is commonly seen in wireless networks, such as ad hoc or sensor networks.
Example: In a corporate Wi-Fi network, an attacker sets up rogue devices to intercept data packets from employees' laptops, tunnels them to a remote server, and replays them to gain unauthorised access to confidential business data.
See also: Replay Attack
A security protocol designed to protect wireless networks by encrypting data and ensuring secure communication.
Example: WPA3 encryption is used on home Wi-Fi routers to prevent unauthorised access.
An advanced security solution that integrates multiple security layers (such as endpoint, network, cloud, and email security) into a unified platform to provide enhanced threat detection and response capabilities.
Example: An XDR platform detects a phishing email sent to an employee, tracks the related network activity, and automatically blocks any malicious connections to prevent data exfiltration.
See also: EDR (Endpoint Detection and Response), MDR (Managed Detection and Response)
An attack that targets a vulnerability unknown to the software vendor, giving them "zero days" to provide a fix.
Example: An attacker discovers a flaw in a web browser and uses it to steal data before a patch is released.
A security model where no user or device is trusted by default, requiring continuous verification for access to resources.
Example: Employees must verify their identity each time they access company systems, even when working from the office.
A device that has been compromised by malware and is controlled remotely by an attacker, often used in botnets for cyber attacks.
Example: A hacker uses thousands of zombie computers to launch a Distributed Denial-of-Service (DDoS) attack on a website.
See also: Botnet
A process that has completed execution but still remains in the system's process table, consuming system resources.
Example: After a program crashes, its zombie process lingers and takes up system memory.