Resources
Cybersecurity Dictionary
A
Access Control
Rules that determine who can access specific systems, data, or resources.
Active Directory (AD)
Microsoft’s identity and access management service for enterprise networks.
Adversary
Any person or group attempting to attack or compromise systems.
Advanced Persistent Threat (APT)
A long-running, targeted cyberattack usually carried out by skilled, well-funded actors.
Air Gap
A security measure where systems are kept physically isolated from external networks.
API Security
Protecting APIs from abuse, unauthorized access, and exploitation.
Application Security
Practices and tools that secure software throughout its lifecycle.
Asset
Any device, application, system, or data resource that must be protected.
Attack Surface
All possible points where an attacker can try to gain access.
Audit Log
A record of system or user activity used for monitoring and investigation.
B
Backdoor
A hidden method of bypassing normal authentication to access a system.
Behavioral Analytics
Detecting threats by spotting unusual user or system behavior patterns.
Botnet
A network of compromised devices controlled by an attacker.
Brute Force Attack
Guessing passwords or keys by systematically trying many combinations.
Business-Critical Asset
An asset essential to revenue, operations, or mission-critical processes.
Business Email Compromise (BEC)
Fraud that uses compromised or spoofed business email accounts.
Business Impact Intelligence
Insight into which assets and systems matter most to the business so security can prioritize accordingly.
C
Certificate Authority (CA)
A trusted entity that issues digital certificates to verify identity.
Cloud Security Posture Management (CSPM)
Tools that monitor and fix cloud configuration and security risks.
Command and Control (C2)
A communication channel attackers use to manage compromised systems.
Compromise
A security breach that results in unauthorized access to systems or data.
Configuration Drift
Unplanned changes in system configurations that can lead to security gaps.
Credential Stuffing
Using stolen username/password pairs to try to log into other services.
Critical Asset Identification
Finding which assets are most important to protect within an environment.
Cross-Site Scripting (XSS)
Injecting malicious scripts into trusted websites viewed by other users.
Cyber Hygiene
Routine practices and controls that maintain basic cybersecurity health.
Cyber Kill Chain
A model describing the stages of a cyberattack from recon to exfiltration.
D
Data Breach
Unauthorized access, theft, or exposure of sensitive data.
Data Exfiltration
Unauthorized transfer of data out of an organization.
Data Loss Prevention (DLP)
Tools that prevent sensitive data from being accessed or shared improperly.
Decryption
Turning encrypted data back into readable form.
Denial of Service (DoS)
An attack that overwhelms systems or networks to make them unavailable.
Distributed Denial of Service (DDoS)
A DoS attack launched from many distributed devices at once.
DNS Spoofing
Tampering with DNS responses to redirect users to malicious sites.
Domain Controller
A server that manages authentication and identity for a network domain.
Drift Detection
Identifying unexpected changes in configurations or security coverage over time.
E
EDR (Endpoint Detection and Response)
Tools that monitor endpoints for threats and support investigation and response.
Encryption
Protecting data by converting it into unreadable form without the proper key.
Endpoint
Any device that connects to a network, such as a laptop, server, or phone.
Evasion Technique
Methods attackers use to avoid detection by security tools.
Exploit
Code or techniques that take advantage of a vulnerability.
F
Firewall
A device or software that filters network traffic based on security rules.
Firmware Attack
An attack that targets device firmware to gain deep, persistent access.
H
Honeypot
A decoy system designed to attract and study attackers.
Hybrid Cloud
An environment that combines on-premises infrastructure with public or private cloud services.
I
IAM (Identity & Access Management)
Systems that manage user identities and define what they can access.
Incident Response (IR)
The process of detecting, analyzing, and resolving security incidents.
Indicator of Compromise (IOC)
Technical evidence that indicates malicious activity (e.g., IPs, hashes, domains).
Infrastructure-as-Code (IaC) Security
Securing cloud and infrastructure defined and deployed via code templates.
Insider Threat
A threat originating from within the organization, malicious or accidental.
Intrusion Detection System (IDS)
Monitors network or systems for signs of malicious activity.
Intrusion Prevention System (IPS)
Monitors and actively blocks detected malicious activity.
K
Keylogger
Malware or tools that capture keystrokes to steal credentials or data.
L
Least Privilege
Granting users only the minimum access needed to perform their job.
Log Aggregation
Collecting logs from multiple systems into a centralized location.
M
Malware
Malicious software designed to damage, disrupt, or steal information.
Man-in-the-Middle Attack (MITM)
Intercepting communication between two parties without their knowledge.
Misconfiguration
Incorrect or insecure settings that create vulnerabilities.
Multi-Factor Authentication (MFA)
Using two or more verification methods (e.g., password + code) to authenticate.
N
Network Segmentation
Dividing a network into smaller zones to limit the spread of attacks.
P
Patch
A software update that fixes bugs or security vulnerabilities.
Penetration Test (Pentest)
A controlled, simulated attack used to find and validate vulnerabilities.
Phishing
Fraudulent emails or messages that trick users into revealing information.
Phishing Attack
A cyberattack that uses phishing messages to steal credentials or data.
Privilege Escalation
Gaining higher access permissions than originally granted.
R
Ransomware
Malware that encrypts data and demands payment for decryption.
Red Team
Security experts who simulate real-world attacks to test defenses.
Risk Score
A numerical value representing the likelihood and impact of a potential threat.
Rootkit
Stealthy malware that hides its presence and maintains persistent access.
S
Security Coverage Analysis
Evaluating which assets are protected by which controls, and where gaps or overlaps exist.
Security Operations Center (SOC)
A team or facility that monitors and responds to security events.
Shadow IT
Systems, apps, or services used without official approval or visibility.
SIEM (Security Information and Event Management)
Aggregates and analyzes logs from multiple sources for threat detection and compliance.
Smishing
Phishing attacks delivered via SMS/text messages.
Social Engineering
Manipulating people into sharing confidential information or performing risky actions.
Software Supply Chain Attack
Compromising software at source or build level to infect downstream users.
Spam
Unsolicited, often irrelevant or malicious messages.
Spyware
Malware that secretly monitors and collects user or system data.
T
Telemetry
Data collected from systems and tools that describes events, status, and behavior.
Threat Actor
A person, group, or entity conducting or attempting cyberattacks.
Threat Intelligence
Information about threat actors, tactics, and indicators used to improve defenses.
Tool Rationalization
Identifying and removing redundant or low-value tools to reduce cost and complexity.
Trojan Horse
Malware disguised as legitimate software to trick users into running it.
U
Unauthorized Access
Access to systems or data without proper permission or credentials.
V
Virus
Malware that attaches to legitimate files and replicates when they’re executed.
Vulnerability
A weakness in hardware, software, or configuration that can be exploited.
Vulnerability Scanner
A tool that inspects systems and applications for known weaknesses.
W
Worm
Malware that can self-replicate and spread across networks without user action.
X
XDR (Extended Detection and Response)
A platform that correlates and responds to threats across endpoints, network, cloud, and identity.
Z
Zero Trust
A security model that assumes no user or device is trusted by default—every request must be verified.
Zero-Day Vulnerability
A previously unknown vulnerability with no vendor patch available.