FAQ & Cyber Glossary
What is cybersecurity and why does it matter?
Cybersecurity is the practice of protecting systems, networks, and data from theft, damage, or unauthorized access. It matters because cyber threats can lead to financial loss, reputational harm, and operational disruption, making it essential for safeguarding both individuals and organizations.
What are the most common types of cyber attacks?
The most common types of cyber attacks include:
Phishing - Fraudulent emails or messages that trick users into revealing sensitive information or clicking malicious links.
Malware - Malicious software including viruses, trojans, spyware, and worms that infect systems to steal data or cause damage.
Ransomware - Attacks that encrypt files and demand payment for their release, often crippling entire organizations.
DDoS (Distributed Denial-of-Service) - Overwhelming a system with traffic to make it unavailable to legitimate users.
Man-in-the-Middle Attacks - Intercepting communications between two parties to steal data or inject malicious content.
SQL Injection - Exploiting database vulnerabilities through malicious code to access or manipulate sensitive data.
Password Attacks - Including brute force attempts and credential stuffing to gain unauthorized access to accounts.
Social Engineering - Manipulating people into breaking security procedures or divulging confidential information.
These attacks often target the weakest link in security - human behavior - which is why user awareness and training are just as important as technical defenses.
Cybersecurity Glossary (Getting past the vegetable soup!)
Access Control - The security technique that regulates who or what can view, use, or access resources in a computing environment. It's a fundamental security concept that ensures only authorized users and systems can access specific data, applications, or physical locations.
Advanced Persistent Threat (APT) - A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period, typically to steal sensitive data.
Attack Vector - the path, method, or route that a cybercriminal uses to gain unauthorized access to a system, network, or device.
Authentication - The process of verifying the identity of a user, device, or system before granting access to resources or data.
Backdoor - A hidden method of bypassing normal authentication or security controls in a system, often installed by attackers to maintain unauthorized access.
Backup - A copy of a system or data for file restoration or archival purposes.
Blue Team - a group of people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate, etc.
Botnet - A network of compromised computers or devices controlled remotely by an attacker to perform coordinated malicious activities like DDoS attacks or spam distribution.
Brute Force Attack - A trial-and-error method used to obtain information such as passwords or encryption keys by systematically trying all possible combinations.
Business Continuity Plan - Tthe plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
Certificate Authority (CA) - A trusted entity that issues digital certificates to verify the identity of websites, organizations, or individuals in secure communications.
Cipher - An algorithm used to perform encryption or decryption of data, transforming readable information into an unreadable format and vice versa.
Cloud Computing - Utilization of remote servers in the data-center of a cloud provider to store, manage, and process your data instead of using local computer systems.
Credential Stuffing - A type of cyberattack where attackers use large lists of stolen username and password combinations (often obtained from previous data breaches) to attempt automated login attempts across multiple websites and services.
The attack exploits a common user behavior: password reuse. Since many people use the same username and password across different accounts, attackers take credentials leaked from one breach and systematically "stuff" them into login pages of other sites to see which ones work.
Cyber Fusion Center - a centralized cybersecurity operations hub that integrates threat intelligence, security automation, incident response, threat detection, and related security functions. Unlike traditional blue team/red team structure, cyber fusion centers emphasize proactive, intelligence-driven, and automated workflows to improve visibility, coordination, and effectiveness in managing security risks and incidents while ensuring governance and compliance standards are met.
Cryptography - The practice and study of techniques for securing communication and data through encryption, ensuring confidentiality, integrity, and authenticity.
Data Breach - An incident where sensitive, protected, or confidential data is accessed, stolen, or used by unauthorized individuals.
DDoS (Distributed Denial of Service) - An attack that overwhelms a system, server, or network with traffic from multiple sources, making it unavailable to legitimate users.
Encryption - The process of converting plaintext data into coded form (ciphertext) to prevent unauthorized access during storage or transmission.
Endpoint Security - Protection measures applied to end-user devices like computers, smartphones, and tablets to prevent security threats and unauthorized access.
Exploit - A piece of software, data, or sequence of commands that takes advantage of a vulnerability to cause unintended behavior in a system.
Firewall - A network security system that monitors and controls incoming and outgoing traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.
Hashing - A cryptographic function that converts data into a fixed-size string of characters, creating a unique digital fingerprint used for data integrity verification.
Honeypot - A decoy system or network designed to attract attackers and detect, deflect, or study hacking attempts without risking actual production systems.
Identity and Access Management - Processes and technologies that manage and enforce user access rights to systems and data.
Incident Response - The organized approach to addressing and managing the aftermath of a security breach or cyberattack to minimize damage and recovery time.
Intrusion Detection System (IDS) - A device or software that monitors network traffic for suspicious activity and alerts administrators to potential security threats.
Intrusion Prevention System (IPS) - Similar to IDS but actively blocks or prevents detected threats in real-time rather than just alerting administrators.
Keylogger - Malicious software or hardware that records every keystroke made on a device, often used to steal passwords and sensitive information.
Least Privilege - The practice of giving users or programs only the minimum level of access necessary to perform their tasks.
Left of Boom - A term originally borrowed from military jargon and now widely used in cybersecurity to refer to all all proactive measures taken to prevent an incident (e.g., patch management, employee training, threat monitoring).
Malware - Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, trojans, ransomware, and spyware.
Man-in-the-Middle (MitM) Attack - An attack where the attacker secretly intercepts and potentially alters communication between two parties who believe they are directly communicating.
Multi-Factor Authentication (MFA) - A security method requiring two or more verification factors to gain access, combining something you know, have, or are.
Patch - A software update designed to fix vulnerabilities, bugs, or improve functionality in existing programs or operating systems.
Penetration Testing (Pen test)- Authorized simulated cyberattacks performed to evaluate system security and identify vulnerabilities before malicious actors can exploit them.
Phishing - A social engineering attack where attackers impersonate legitimate entities to trick individuals into revealing sensitive information or credentials.
Public Key Infrastructure (PKI) - A framework of policies and technologies for creating, managing, and revoking digital certificates and public-private key pairs.
Red Team - a group of authorized professionals who simulate real-world attacks to test an organization's defenses and identify vulnerabilities, helping improve security by emulating potential adversaries' tactics and techniques.
Ransomware - Malicious software that encrypts a victim's files or locks their system, demanding payment for restoration of access.
Right of Boom - A term originally borrowed from military jargon and now widely used in cybersecurity to refer to reactive strategies used to to minimize damage and restore operations after a breach (e.g., forensic analysis, incident response, system restoration, communication management).
Risk Assessment - The process of identifying, analyzing, and evaluating potential security threats and vulnerabilities to determine their potential impact.
Rootkit - Malicious software designed to provide unauthorized root or administrative access to a system while hiding its presence from detection tools.
Sandboxing - A security mechanism that isolates running programs in a controlled environment to prevent them from affecting other parts of the system.
Security Information and Event Management (SIEM) - Software that aggregates and analyzes security data from across an organization to detect threats and ensure compliance.
Social Engineering - Psychological manipulation techniques used to trick people into divulging confidential information or performing actions that compromise security.
Spear Phishing - A targeted phishing attack directed at specific individuals or organizations, using personalized information to increase credibility.
SQL Injection - An attack technique where malicious SQL code is inserted into application queries to manipulate databases and access unauthorized data.
SSL/TLS (Secure Sockets Layer/Transport Layer Security) - Cryptographic protocols that provide secure communication over computer networks, commonly used for HTTPS connections.
Threat Intelligence - Information about current or potential cybersecurity threats that helps organizations understand risks and make informed security decisions.
Trojan Horse - Malware disguised as legitimate software that tricks users into installing it, providing attackers with unauthorized access or other malicious capabilities.
Two-Factor Authentication (2FA) - A security process requiring two different authentication factors, typically something you know (password) and something you have (phone or token).
Virus - Self-replicating malicious code that attaches itself to clean files and spreads throughout a system, potentially corrupting or destroying data.
Vulnerability - A weakness or flaw in a system, application, or process that can be exploited by threats to gain unauthorized access or cause harm.
VPN (Virtual Private Network) - An encrypted connection over the internet that provides secure remote access and protects data transmission from interception.
Web Application Firewall (WAF) - A security solution that filters and monitors HTTP traffic between a web application and the internet to protect against attacks.
Whitelisting - A security practice that allows only pre-approved programs, applications, or IP addresses to access a system or network, blocking everything else by default.
Worm - Self-replicating malware that spreads across networks without user interaction, often exploiting security vulnerabilities to propagate.
Zero-Day Vulnerability - A previously unknown security flaw in software that is exploited by attackers before the vendor has a chance to create a patch.
Zero Trust Security - A security model that requires strict identity verification for every person and device attempting to access resources, regardless of their location relative to the network perimeter.