Know the languageCybersecurity Glossary
Plain-English definitions of common security terminology, A to Z.
A
- Authentication
- The process of verifying that a user or system is who it claims to be.
- Antivirus
- Software designed to detect, block, and remove known malicious programs.
B
- Botnet
- A network of infected devices remotely controlled to perform coordinated malicious actions.
- Breach
- An incident in which sensitive or protected data is accessed without authorization.
C
- CAPTCHA
- A challenge used to distinguish human users from automated bots.
- Cyber Hygiene
- Routine practices that keep systems and accounts healthy and secure.
D
- DDoS
- A distributed denial-of-service attack that overwhelms a system with traffic to disrupt availability.
- Data Encryption
- Converting data into unreadable form to protect it from unauthorized access.
E
- Encryption
- A method of encoding data so only authorized parties can read it.
- Endpoint
- Any device — laptop, phone, server — connected to a network.
F
- Firewall
- A system that filters incoming and outgoing network traffic based on security rules.
- False Positive
- An alert that incorrectly flags legitimate activity as malicious.
H
- Hashing
- A one-way function that converts data into a fixed-length string, commonly used for password storage.
I
- IAM
- Identity and Access Management — systems that control who can access which resources.
- Incident Response
- The structured process an organization follows after a security event.
M
- Malware
- Any software intentionally designed to cause damage or unauthorized access.
- MFA
- Multi-Factor Authentication — requiring two or more verification methods to log in.
P
- Phishing
- A social engineering technique that tricks users into revealing sensitive information.
- Patch
- An update released by a vendor to fix a security vulnerability.
R
- Ransomware
- Malware that encrypts files and demands payment for their release.
- Risk Assessment
- The process of identifying and evaluating potential security threats.
S
- Social Engineering
- Manipulating people into divulging confidential information or performing actions.
- Spyware
- Software that secretly monitors and collects user activity.
T
- Threat Actor
- An individual or group responsible for a cyberattack or malicious activity.
- Two-Factor Authentication
- A security process requiring two different verification methods.
V
- VPN
- Virtual Private Network — encrypts internet traffic and masks the user's IP address.
- Vulnerability
- A weakness in a system that could be exploited to cause harm.
X
- XSS
- Cross-Site Scripting — a vulnerability allowing attackers to inject scripts into trusted websites.
Z
- Zero-Day
- A vulnerability that is exploited before the vendor has released a fix.