Know the language

Cybersecurity Glossary

A comprehensive, plain-English glossary of cybersecurity terms from authentication to zero-day.

Know the language

Cybersecurity Glossary

Plain-English definitions of common security terminology, A to Z.

A

Authentication
The process of verifying that a user or system is who it claims to be.
Antivirus
Software designed to detect, block, and remove known malicious programs.

B

Botnet
A network of infected devices remotely controlled to perform coordinated malicious actions.
Breach
An incident in which sensitive or protected data is accessed without authorization.

C

CAPTCHA
A challenge used to distinguish human users from automated bots.
Cyber Hygiene
Routine practices that keep systems and accounts healthy and secure.

D

DDoS
A distributed denial-of-service attack that overwhelms a system with traffic to disrupt availability.
Data Encryption
Converting data into unreadable form to protect it from unauthorized access.

E

Encryption
A method of encoding data so only authorized parties can read it.
Endpoint
Any device — laptop, phone, server — connected to a network.

F

Firewall
A system that filters incoming and outgoing network traffic based on security rules.
False Positive
An alert that incorrectly flags legitimate activity as malicious.

H

Hashing
A one-way function that converts data into a fixed-length string, commonly used for password storage.

I

IAM
Identity and Access Management — systems that control who can access which resources.
Incident Response
The structured process an organization follows after a security event.

M

Malware
Any software intentionally designed to cause damage or unauthorized access.
MFA
Multi-Factor Authentication — requiring two or more verification methods to log in.

P

Phishing
A social engineering technique that tricks users into revealing sensitive information.
Patch
An update released by a vendor to fix a security vulnerability.

R

Ransomware
Malware that encrypts files and demands payment for their release.
Risk Assessment
The process of identifying and evaluating potential security threats.

S

Social Engineering
Manipulating people into divulging confidential information or performing actions.
Spyware
Software that secretly monitors and collects user activity.

T

Threat Actor
An individual or group responsible for a cyberattack or malicious activity.
Two-Factor Authentication
A security process requiring two different verification methods.

V

VPN
Virtual Private Network — encrypts internet traffic and masks the user's IP address.
Vulnerability
A weakness in a system that could be exploited to cause harm.

X

XSS
Cross-Site Scripting — a vulnerability allowing attackers to inject scripts into trusted websites.

Z

Zero-Day
A vulnerability that is exploited before the vendor has released a fix.