An A-Z glossary of cyber security terms and definitions

Cyber security means protecting computer systems and networks from theft, damage, attacks, and other forms of criminal activity. Robust cyber security is essential to organisations of all shapes and sizes, as it protects you from loss of revenue, reputational damage, and financial disruption.

 

The terms and definitions around cyber security can prove intense. The terms are often confusing, relying on mythologies, metaphors, and portmanteaus. Do you know, for example, the difference between denial of a service and a man in the middle attacks, between phishing and vishing, between malware and ransomware? Are you up to date on trojan horses, eavesdropping, and watering holes?

 

The jargon can prove a bit much. So, we thought we would highlight some of the most important cyber security terms, offer definitions of each term, and aim to simplify as much as possible.

 

Protect your charity with Avast

 

 

Skip to relevant letter:

 

A – B – C – D – E – F – G – H – I – J – K – L – M – N – O – P – Q – R – S – T – U – V – W – X – Y – Z

 

 

A

 

Access control: Restricting access to resources, systems, or data based on the identity, permissions, and privileges of users, implemented through access control lists, role-based access control, or other mechanisms.

 

Account freezing: The temporary suspension of an account, usually in response to the detection of unusual or potentially threatening activity.

 

Advanced persistent threat (APT): A sophisticated and stealthy cyber attack conducted by skilled adversaries, such as nation state actors or organised cybercrime groups.

 

Adware: Software that displays advertisements or unwanted content to users, often bundled with free applications or downloaded without the user’s consent, potentially leading to privacy violations, system slowdowns, or security risks.

 

Allow list: A strategy that approves a list of email addresses, IP addresses, domain names or applications, while denying all others, to protect computers and networks from threats.

Antimalware: Any software that is designed to tackle the threat of malware. For more information, see Tech Target’s article: What is antimalware?

 

Antivirus: Software designed to detect, prevent, and remove malicious software (malware) from computers and networks, including viruses, worms, Trojans, and other types of malware.

 

Application security: Securing software applications and systems from vulnerabilities, exploits, and threats throughout the software development.

 

Application whitelisting: Allows only approved or trusted applications to execute or run on a system, while blocking or restricting the execution of unauthorised or malicious software.

 

Artificial intelligence (AI): The simulation of human intelligence in machines that are programmed to think like humans. For more, see: An A-Z glossary of artificial intelligence terms and definitions

 

Asset management: The process of identifying, categorising, and managing digital assets to ensure proper security controls and risk management.

 

Attack tree: A method for analysing and depicting the different ways a computer system might be attacked, often used in cyber security audits. See NCSC’s Risk Management advice.

 

Authentication: Verifying the identity of a user attempting to access a system, application, or network, typically through passwords, biometric factors, security tokens, or multi-factor authentication.

 

 

B

 

Backdoor: A hidden or undocumented entry point in software or systems that bypasses normal authentication or security controls, allowing unauthorised access or control by attackers.

 

Biometrics: An authentication type based on biological data that is unique and specific to a person (such as a fingerprint or face ID). Check out the NCSC’s Device Security Guidance.

 

Biometric authentication: A mechanism that uses unique physical or behavioural characteristics of individuals, such as fingerprints, facial recognition, or iris scans for identity verification.

 

Blockchain: A distributed ledger technology that enables secure and transparent transactions across multiple parties in a decentralised manner, commonly used in cryptocurrencies, smart contracts, and supply chain management. For more information, check out: How charities can use Blockchain.

 

Bluetooth: A wireless means of communicating between devices.

 

Bot: A software program or automated script that performs tasks on the internet, often used for legitimate purposes (web crawling or customer service chatbots), but can also be malicious.

 

Botnet: A network of compromised devices infected with malicious software controlled by a remote attacker, often to launch coordinated cyber attacks, distribute malware, and so on.

 

Browser: An application displaying information and accesses services from the web.

 

Brute-force attack: A cyber attack method where attackers attempt to gain unauthorised access to a system, application, or account by systematically trying all possible combinations of usernames, passwords, or encryption keys until the correct one is found.

 

BYOD (bring your own device): A policy allowing employees to use their personal devices (such as smartphones, tablets, or laptops) for work-related tasks, presenting security challenges related to data protection, device management, and network security. Check out: What is Bring Your Own Device?

 

 

C

 

ChatGPT: An AI model designed to mimic human conversation, based on the input it receives. Will play a significant role in the future of cyber security. Check out our brief history of ChatGPT.

 

Cloud computing: The delivery of computing services over the internet on a pay-as-you-go basis, offering scalability, flexibility, and cost-effectiveness but also presenting security challenges related to data protection, privacy, and compliance. Check out: How secure is your cloud?

 

Cryptanalysis: The study of cryptographic algorithms and systems to identify weaknesses or vulnerabilities that can be exploited to decrypt encrypted data without proper authorisation or knowledge of the encryption key. For more information, check out the OWASP: Cryptanalysis.

 

Cryptocurrency: A digital currency that uses cryptography for secure transactions and to control the creation of new units, such as Bitcoin, Ethereum, or Litecoin, often used for online payments, investments, or as a store of value. See: Should charities use cryptocurrencies?

 

Cyber attack: An intentional act of compromising computer systems, networks, or devices through unauthorised access, disruption, or manipulation of data, often with malicious intent to steal information, cause damage, or disrupt operations. Check out: The ultimate guide to cyber security.

 

Cyber hygiene: The practice of maintaining good cyber security habits and behaviours, such as keeping software up to date, using strong passwords, enabling MFA, avoiding suspicious links or attachments, and regularly backing up data to reduce the risk of cyber attacks and data breaches.

 

Cyber insurance: Insurance designed to protect against financial losses resulting from cyber attacks, data breaches, etc, providing coverage for costs related to breach response, legal expenses, regulatory fines, and third-party liabilities. See: What is cyber insurance (and do I need it)?

 

Cyber resilience: Ability of organisations to withstand, adapt to, and recover from cyber attacks, data breaches, or other security incidents while maintaining critical business operations, often achieved through proactive security measures, incident response planning, and business continuity strategies.

 

Cyber security: The practice of protecting computer systems, networks, and data from cyber threats through security measures, policies, and technologies.

 

Cyber strategy: A long-term plan of action with the aim of implementing cyber security. Here is the NCSC’s guidance on developing a cyber strategy.

 

Cyber threat intelligence (CTI): Insights about cyber threats, adversaries, and potential risks collected, analysed, and disseminated to help organisations understand, detect, and mitigate cyber threats more effectively, enabling proactive threat detection, incident response, and risk management.

 

 

D

 

Data breach: The unauthorised access, disclosure, or exposure of sensitive or confidential information, such as personal data, financial records, or intellectual property, often resulting from cyber attacks, insider threats, or accidental leaks. Check out: How to protect yourself from data breaches.

 

Data encryption: Converting plain text or data into ciphertext using cryptographic algorithms and keys to protect it from unauthorised access or interception.

 

Dark web: A part of the internet that is not indexed by conventional search engines and requires special software or configurations to access, often used for illegal or illicit activities, such as selling stolen data, trading drugs or weapons, or hosting cybercrime forums and marketplaces.

 

Denial-of-service (DoS) attack: A cyber attack method where attackers flood a target system, network, or website with a large volume of traffic or requests, overwhelming its resources and causing disruption or downtime for legitimate users. Read more: What is a denial-of-service attack?

 

Dictionary attack: A brute-force attack in which the words in a dictionary, phrases, or common passwords are used to guess certain credentials. Read more: What is a dictionary attack?

 

Digital certificate: A document  that binds an entity’s identity to a public key, used to authenticate and verify the identity of websites, servers, or individuals in secure communications over the internet.

 

Distributed denial-of-service (DDoS) attack: A variant of DoS attack where multiple compromised systems (botnets) are coordinated to simultaneously launch a DoS attack against a target system or network, amplifying the impact and making mitigation more challenging.

 

DNS spoofing: A cyber attack where attackers manipulate the Domain Name System (DNS) to redirect users to malicious or fraudulent websites by modifying DNS records or poisoning DNS caches, leading to phishing attacks, malware downloads, or data theft.

 

Doxxing: Researching and publishing sensitive information about an individual or organisation on the internet without their consent, often with the intent to harass, intimidate, extort, or cause harm.

 

 

E

 

Eavesdropping: The unauthorised interception or monitoring of communications, data transmissions, or network traffic by attackers to capture sensitive information, such as passwords, credit card numbers, or confidential business data, without the knowledge or consent of the parties involved.

 

Encryption: The process of converting plain text or data into ciphertext using cryptographic algorithms and keys to protect it from unauthorised access or interception, ensuring confidentiality, integrity, and privacy during storage, transmission, or processing. See: Encryption: should you embrace or avoid it?

 

Encryption key: A cryptographic key used to encrypt and decrypt data during the encryption and decryption process, ensuring the confidentiality and integrity of the information, typically generated and managed through cryptographic algorithms and key management practices.

 

Endpoint detection and response (EDR): Continuously monitors endpoint activities and behaviours for signs of malicious activity, anomalies, or security incidents, providing real-time threat detection, investigation, and response capabilities to protect against advanced threats and targeted attacks.

 

Endpoint security: The protection of endpoints (computers, laptops, mobile devices, servers, etc) from cyber threats through measures such as antivirus software, firewalls, and intrusion detection systems.

 

Ethical hacking: Testing and assessing the security of systems, networks, or applications by simulating cyber attacks, identifying vulnerabilities, and providing recommendations for remediation, performed by certified professionals known as ethical hackers or penetration testers.

 

Exploit kit: A collection of pre-packaged and automated tools, scripts, or software components used by attackers to exploit vulnerabilities, often delivered through malicious websites, compromised web pages, or malicious email attachments to infect victims with malware or compromise their devices.

 

 

F

 

False positive: A security alert, detection, or warning generated by security systems or tools that incorrectly identifies benign or legitimate activities, behaviours, or events as malicious or suspicious, leading to unnecessary alerts, investigations, or resource consumption.

 

Firewall: A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules, policies, or access control lists, to prevent unauthorised access, malicious activities, or data breaches.

 

Full disk encryption (FDE): A security technique that encrypts the entire storage device to protect data at rest from unauthorised access or theft, ensuring integrity even if the device is lost or stolen.

 

 

G

 

Gateway: A network device or software component that serves as an entry point between two different networks, controlling and facilitating the flow of traffic between them, often equipped with security features like firewalls and intrusion detection/prevention systems.

 

General Data Protection Regulation (GDPR): EU Legal framework to protect privacy and personal data. For more resources and for information on UK GDPR, check out the ICO.

 

Governance, risk, and compliance (GRC): A framework that helps organisations manage and align their governance, risk management, and compliance activities to achieve objectives, ensure compliance, and mitigate risks related to information security, data privacy, and regulatory requirements.

 

GPG (GNU privacy guard): An open-source encryption software program that provides cryptographic privacy and authentication for data communication, file encryption, and digital signatures, based on the OpenPGP standard, offering secure email communication and file encryption capabilities.

 

Grey hat hacker: An individual who engages in hacking activities, sometimes for ethical purposes and sometimes for malicious intent, exhibiting characteristics of both white hat and black hat hackers. For more information, check out Techopedia’s definition: What is Gray Hat Hacker?

 

Greylisting: An anti-spam technique used by mail servers to temporarily reject or defer emails from unknown or suspicious senders with a “try again later” response, forcing legitimate email servers to resend messages, while often delaying or blocking spam or unsolicited emails from reaching inboxes.

 

 

H

 

Hacker: An individual with technical skills and knowledge of systems, networks, and software, who exploits vulnerabilities, bypass security controls, or gain unauthorised access to systems or data, often categorised as white hat, black hat, or grey hat hackers based on their motivations.

 

Hacking: The illicit practice of exploiting vulnerabilities in computer systems, networks, or software applications to gain unauthorised access, manipulate data, disrupt operations, or cause damage. For more information, check out: What to do in the event of a cyber attack.

 

Hashing: A cryptographic process that converts input data into a fixed-size string of characters, called a hash value, using hash functions, to ensure data integrity, verify authenticity, or protect sensitive information, with common algorithms including MD5, SHA-1, and SHA-256.

 

Honeypot: A decoy system or network deployed to attract and deceive attackers, allowing security teams to monitor, analyse, and learn about their tactics, techniques, and tools, and gather threat intelligence to enhance security defenses and incident response strategies.

 

HTTP secure (HTTPS): A secure communication protocol used for transferring encrypted data between a web browser and a web server over the internet, providing confidentiality, integrity, and authentication through the use of SSL/TLS encryption, indicated by “https://” in the URL address.

 

 

I

 

Identity and access management (IAM): A framework or set of technologies and processes used to manage and control user identities, authentication, authorisation, and privileges within an organisation’s IT environment, ensuring that only authorised users have access to resources and data.

 

Incident management: The process of managing and responding to security incidents, including identification, assessment, containment, eradication, and recovery, to minimise impact, restore services, and prevent recurrence. See: We need to talk openly about cyber security.

 

Incident response: The process of managing and addressing security incidents, such as cyber attacks, data breaches, or system compromises, in a coordinated and effective manner to minimise damage, contain threats, and restore normal operations. See: What to do in the event of a cyber attack.

 

Information security: The practice of protecting sensitive information and data assets from unauthorised access, disclosure, alteration, or destruction, through a combination of security controls, policies, procedures, and technologies, to preserve confidentiality, integrity, and availability.

 

Insider threat: A security risk or threat posed by individuals within an organisation, such as employees, contractors, or partners, who misuse their access privileges, credentials, or knowledge to intentionally or unintentionally compromise security, steal data, or disrupt operations. Check out NCSC Guidance.

 

Intrusion detection system (IDS): A security technology that monitors and analyses network or system activities for signs of unauthorised access, malicious activities, or security policy violations, generating alerts or triggering actions to mitigate threats and protect against cyber attacks.

 

Internet security: The protection of networks, systems, and data from cyber threats and attacks originating from the internet, including malware, phishing, DDoS attacks, and cybercrime, through security measures such as firewalls, antivirus software, intrusion detection systems, and secure communication protocols.

 

Internet protocol security (IPsec): A suite of protocols used to secure Internet Protocol (IP) communications by providing encryption, authentication, and integrity protection for IP packets, ensuring secure and private communication over IP networks such as the internet.

 

IoT security: The protection of Internet of Things (IoT) devices, networks, and ecosystems from cyber threats through security measures such as encryption, authentication, access control, firmware updates, and network segmentation, to ensure the integrity, confidentiality, and availability of IoT systems and data. For more information on IoT, check out: Stay connected with the Internet of Things.

 

 

J

 

JavaScript security: Refers to securing JavaScript code and preventing security vulnerabilities in web applications that may arise from JavaScript execution, such as cross-site scripting (XSS) attacks.

 

 

K

 

Kerberos: A network authentication protocol that provides secure authentication for client-server applications by using symmetric key cryptography. See: What is Kerberos and How Does it Work?

 

Keylogger: A type of malicious software or hardware device that records keystrokes on a computer or mobile device, often used by attackers to steal sensitive information such as passwords, credit card numbers, or personal messages.

 

Key management system (KMS): Used to generate, store, share, use and destroy cryptographic keys. See more information from the NCSC: Mythbusting cloud key management services.

 

 

L

 

Lightweight directory access protocol (LDAP): An open, vendor-neutral application protocol for accessing and managing directory services over TCP/IP networks, commonly used for user authentication, authorisation, and directory services in networked environments.

 

Local area network (LAN): A network that connects devices within a limited geographic area, such as a home, office building, or campus, allowing for the sharing of resources, data, and services among connected devices.

 

Log management: The process of collecting, storing, analysing, and managing log data generated by various systems, applications, and devices in an IT infrastructure, to support security monitoring, incident response, compliance, and troubleshooting activities.

 

 

M

 

Malware: Malicious software designed to infiltrate or damage a computer system, including viruses, worms, Trojans, ransomware, and adware. Read: How to protect against malware-infected downloads.

 

Malvertising: Using online advertising as a delivery method for malware.

 

Man-in-the-middle (MitM) attack: An attack that intercepts and alters communication between two parties without their knowledge. For more: Five types of cyber attacks you ought to know.

 

Mobile device management (MDM): Software used to monitor, manage, and secure mobile devices such as smartphones and tablets within an organisation.

 

Multi-factor authentication (MFA) or two-factor authentication (2FA): A security method that requires two or more forms of authentication to verify a user’s identity. Often used when signing into websites or devices as an additional measure of security. See: What is two-factor authentication?

 

 

N

 

NCSC: The National Cyber Security Centre, the UK’s national technical authority on cyber security. They support businesses and non-profits from cyber attacks and to respond in the even of an attack.

 

Network intrusion detection system (NIDS): A security system that monitors and analyses network traffic to identify and respond to potential cyber threats or attacks.

 

 

O

 

OAuth: An open standard for access delegation, used as a way for users to grant websites or applications access to their information on other websites but without giving them the passwords.

 

One-time password (OTP): A password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs help in reducing the risk of frauds like phishing because the password is not reusable.

 

Onion routing: A technique for anonymous communication. Messages are encapsulated in layers of encryption, analogous to layers of an onion, and transmitted through a series of network nodes called onion routers. For more information, see: What is onion routing and how does it work?

 

Operating system security: Measures and controls that ensure the confidentiality, integrity, and availability of data and resources associated with an operating system.

 

Out-of-band authentication: A security process that uses two different signals or channels to verify the identity of a user or transaction, enhancing security by providing a separate confirmation path.

 

Overflow attack: A type of attack where the attacker sends more data to a than it can hold, causing data to overflow into adjacent storage, which can then be overwritten with malicious code. For more information, check out: What is a buffer overflow?

 

Over-the-air (OTA) update: The wireless delivery of new software, firmware, or other data to mobile devices. While critical for device security, it can also be a vector for attacks if not properly secured.

 

 

P

 

Packet sniffing: The process of monitoring and capturing data packets as they pass through a network. Packet sniffers can be used for legitimate network management or for malicious data interception.

 

Patch management: Managing updates for technologies, such as acquiring, testing, and installing multiple patches to an administered computer system. For more: Why you need patch management.

 

Password: Characters used to verify identity, usually to gain access to an account, website, or system. For more information: How to know if your password has been compromised.

 

Password manager: Software that allows individuals or businesses to generate, store, and retrieve passwords. Used to make hacking more difficult. Check out: Why you need a password manager.

 

Password spraying: When attackers try commonly used passwords to access many accounts.

 

Penetration testing: A simulated cyber attack against your system to check for vulnerabilities. Pen testers use the same techniques as attackers to find and demonstrate the security flaws in systems.

 

Pharming: A cyberattack intended to redirect a website’s traffic to another, bogus site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

 

Phishing: The fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. For examples of phishing that will give you an indication: Real examples of phishing emails.

 

Plaintext: Any text or data that is not encrypted and is in a format that can be understood directly without decryption. It is the raw input to encryption processes and the output of decryption processes.

 

Port scanning: The act of systematically scanning a computer’s ports to identify open doors and vulnerabilities. It’s often used by administrators to verify security policies of their systems and by attackers to identify network services running on a host and exploit vulnerabilities.

 

 

Q

 

Quantum computing: Computing that uses quantum-mechanical phenomena to perform operations on data. It has the potential to impact cybersecurity, both positively, by improving encryption methods, and negatively, by breaking current encryption standards. What is Quantum Computing?

 

Quid pro quo attack: Social engineering attack where the attacker promises a benefit in exchange for information.

 

 

R

 

Ransomware: A type of malicious software designed to block access to a computer system or data until a sum of money is paid. Ransomware encrypts the victim’s files, making them inaccessible, and demands a ransom for the decryption key. See: What is ransomware?

 

Risk assessment: The process of identifying, analysing, and evaluating risk. It helps in understanding the cybersecurity risks to the organisation’s information assets and determining the likelihood and impact of different cybersecurity events. Check out: The five steps of risk assessment.

 

Risk management: The process of identifying, assessing, and controlling threats to an organisation’s capital and earnings. These risks stem from a variety of sources including financial uncertainties, legal liabilities, strategic management errors, accidents, and natural disasters.

 

Rivest-Shamir-Adleman (RSA): An algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm, meaning it uses two different keys – one public and one private. The public key can be shared with everyone, but the private key must be kept secret.

 

Root certificate: A public certificate issued by a trusted certificate authority (CA) that identifies the CA. Root certificates are at the base of an SSL certificate chain and are used to verify the authenticity of all certificates that it has issued.

 

Rootkit: Malicious software tools that enable unauthorised access to a computer or area of its software and hide the existence of certain processes or programs from normal methods of detection. Rootkits can allow continued privileged access to a computer while actively hiding its presence.

 

Router: A networking device that forwards data packets between networks. Routers perform the traffic directing functions on the Internet. A router is connected to data lines from different networks.

 

Rule-based access control: A security model in which the system administrator defines the rules that govern access to resource objects. These rules are based on conditions, such as time of day or the user’s role.

 

Runtime application self-protection (RASP): A security technology that runs on a server and kicks in when an application runs. It’s designed to detect attacks on an application in real-time.

 

 

S

 

Sandbox: An isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they are running. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.

 

Security assertion markup language (SAML): An open standard that allows identity providers to pass authorisation credentials to service providers. SAML is used for single sign-on  for web applications.

 

Security information and event management (SIEM): A solution that provides real-time analysis of security alerts generated by applications and network hardware. It enables organisations to detect, analyse, and respond to security threats.

 

Security operations center (SOC): A centralised unit that deals with security issues on an organisational and technical level. A SOC is responsible for ensuring that potential security incidents are correctly identified, analysed, defended, investigated, and reported.

 

Session hijacking: The exploitation of a valid computer session–sometimes also called a session key–to gain unauthorised access to information or services in a computer system.

 

Social engineering: The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

 

Software as a service (SaaS): A software distribution model in which a third-party provider hosts applications and makes them available to customers. SaaS is one of the three main categories of cloud computing, alongside infrastructure as a service (IaaS) and platform as a service (PaaS).

 

Spear phishing: An email-spoofing attack that targets a specific organisation or individual, seeking unauthorised access to data. Spear phishing is not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.

 

Spoofing: When criminal make their communications appear from a legitimate source. Email addresses, display names, and domains can be spoofed. See: Free anti-fraud resources for your charity.

 

Spyware: A type of malware installed on devices without consent, which then collect data and send it to a third party. For more, please read: The battle against spyware.

 

SQL injection: A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for. SQL injection is one of the oldest, most prevalent, and most dangerous web application vulnerabilities.

 

 

T

 

Tailgating: An unauthorised person following an authorised person into a secured area, typically by closely following them through a door. A physical security breach that can apply to cybersecurity contexts when unauthorised users gain access to secured resources through legitimate users.

 

Threat assessment: The process of identifying and evaluating potential threats to an organisation’s information security. This includes analysing the likelihood of a threat occurring and its potential impact on the organisation.

 

Tokenisation: The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenisation is often used to protect personal data, such as credit card numbers, by substituting them with an algorithmically generated number called a token.

 

Transport layer security (TLS): A cryptographic protocol designed to provide comms security over a network. Websites use TLS to secure all communications between servers and web browsers.

 

Trojan horse: A type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network. See: What is trojan horse malware?

 

Typosquatting: A form of cybersquatting, and possibly brandjacking, which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. For more, check out: Typosquatting: What it is and why it’s a danger to charities.

 

 

Top of Form

U

 

Unified threat management (UTM): A solution engineered to perform various security functions within one single system: firewall, antivirus, intrusion detection and prevention, and content filtering.

 

Uniform resource locator (URL) filtering: The practice of blocking access to certain websites or web pages based on the URL. URL filtering is used to prevent access to sites that contain malicious, objectionable, or inappropriate content.

 

User and entity behaviour analytics (UEBA): A cybersecurity process that uses machine learning, algorithms, and statistical analyses to detect anomalies in the behaviour of users and entities within an IT environment that could indicate threats or vulnerabilities.

 

User interface (UI) spoofing: A technique used by attackers to create a malicious interface or webpage that mimics a legitimate one, tricking users into entering sensitive information or downloading malware. UI spoofing can be a component of phishing attacks and other schemes to deceive users.

 

 

V

Validation: The process of checking data to ensure that it is accurate and fulfils the intended purpose. In cybersecurity, validation is crucial for ensuring that inputs or data comply with predetermined standards and are not malicious.

 

Value at risk (VaR): A statistical technique used in finance to quantify the level of financial risk within a firm or investment portfolio over a specific time frame. In cybersecurity, VaR can be adapted to estimate the potential loss from security breaches over a given period.

 

Verification: The process of establishing the truth, accuracy, or validity of something. In cybersecurity, this often refers to the process of confirming the identity of a user or device, typically as a part of authentication procedures.

 

Vendor risk management: Ensuring that the use of external vendors, suppliers, and service providers does not create unacceptable potential for business disruption or negative impact on business performance. This includes managing the cybersecurity risks associated with third-party vendors.

 

Virtual private network (VPN): A technology that creates a safe and encrypted connection over a less secure network, such as the internet. VPNs are used to secure web traffic against snooping, interference, and censorship.

 

Virus: A type of malicious software program (“malware”) that, when executed, replicates by reproducing itself or infecting other computer programs by modifying them. Infected computer programs can include, as well, data files, or the “boot” sector of the hard drive.

 

Vishing (voice phishing): The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

 

 

W

 

Wardriving: The act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop or smartphone. The purpose can range from merely mapping the presence of networks to exploiting security vulnerabilities.

 

Watering hole attack: A cyber attack strategy in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user’s computer and gain access to the network at the target’s workplace. For more information, check out the NCSC’s Supply chain security guidance.

 

Web shell: A script that can be uploaded to a web server to enable remote administration of the machine. Web shells can be used maliciously to execute arbitrary commands on a server, typically for the purpose of web-based exploitation.

 

White hat: Describes a hacker who uses their skills for ethical purposes to help individuals and organisations improve their security and protect against attacks.

 

 

X

 

XAE (XML Authentication and Encryption): Refers to the processes and standards for securing and authenticating XML (Extensible Markup Language) documents. XML encryption enables secure sharing of data in a readable format for the intended recipients while keeping it unreadable for others.

 

XFS (eXtensible File System): While primarily a file system used in Linux and UNIX systems, in cybersecurity, it’s relevant due to its support for advanced features like journaling, which can help in the recovery of corrupted data, and its implications for secure data storage and integrity.

 

 

Y

 

YARA: A tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA, you can create descriptions of malware families based on textual or binary patterns. It’s widely used in cybersecurity for malware detection and classification.

 

 

Z

 

Zero-day exploit: An attack that targets an unknown vulnerability in an application or operating system, before the developer has released a patch to fix it. Called “zero-day” because the developer has zero days to fix the issue before it becomes known and potentially exploited.