Cybersecurity glossary

When reading up on cybersecurity there is a lot of jargon that can slow you down. This page contains common words and phrases used in the infosec world, and what they actually mean.

If you have suggestions for new terms or improvements, let us know in the comments!

CISOChief information security officer: the executive responsible for information security in an organization. Is not necessarily a technical expert
FirewallA firewall is a security device that filters network traffic. There are many types of firewalls, but the two main types are “stateless” and “stateful”. Stateless is the traditional type that only looks at the protocol (or port number used), whereas a stateful firewall inspects the actual packets (contents) sent over the network.
Next generationMarketing speak for “new” or “modern”. Doesn’t actually have to be useful 🙂
Awareness trainingTraining given to employees or members of an organization to make them aware of cybersecurity threats and how to act to minimize the risk to themselves and the company they work for.
DLPData loss protection: technologies meant to detect and stop unauthorized data exfiltration, such as upload of company files to a personal Dropbox folder.
MLMachine learning. A form of artificial intelligence where a statistical model is trained on a large data set to be able of performing estimation or classification. Reliability typically depends on the amount of data used to “train the model”.
AVAntivirus, typically used for traditional products for malware protection on PC’s. These products work by comparing files on the system to known “bad files”. More advanced products are often called “endpoint protection”.
Endpoint protectionEndpoint protection is more advanced antivirus. Such solutions often include protection from connecting to known bad web pages, use of machine learning to recognize unusual behavior, blocking of dangerous system commands, etc.
Threat intelligenceThis is collection and analysis of information about threat actors (groups or people who try to attack others), their methods and who they target. This is useful for understanding the types of attacks one should be prepared for.
PhisningPhishing is when someone is “fishing for information”. They usually send emails wiht links leading to web pages designed to look like legitimate pages, or they contain attachments with malware. The goal is often to steal usernames and passwords, or other sensitive informaiton.
BECBusiness email compromose: this is a form of phishing that does not involve links or dangerous attachments. The attacker will use email communication to build trust and try to get the victim to perform some action. One example is someone pretending to be the CEO asking and employee to transfer money to a foreign bank account.
RansomwareRansomware is malware (a computer virus) that makes files inaccessible and demands a ransom to unlock the files. Typically the files are locked by encrypting them, and the criminals demand payment to decrypt the files again. If ransomware spreads throughout the network in an organization this can be a big problem even if the organizaiton has recent backups available due to the effort needed for restoring systems and the downtime casued by such incidents.
Identity theftIdentity theft is when criminals abuse identity information to pretend to be someone else. Very often this is done to take out credit in someone else’s name.
DPOData protection officer: this is a term from the European privacy regulation GDPR (General Data Protection Regulation). This is a lawyer who is responsible for privacy management in an organization.
SOCSecurity operations center: a center that is usually manned 24/7, monitoring alerts, logs, etc, and responding to them.
DFIRDigital forensics and incident response. Digital forensics is the analysis of digital evidence, such as looking at logs or memory dumps. Incident response is taking action against active threats.
Incident ResponseProcess to handle cybersecurity incidents. Such a process requires planning and training and typically has 6 stages: preparation, detection and analysis, containment, eradication, recovery, lessons learned. If you do not have an incident response plan you should probably start working on getting one.
RATRemote access trojan: a malware that allows hackers remote access to a computer without the computer owner knowing about it, like a backdoor.
CERTComputer emergency response team. Dedicated personnel performing DFIR. Also used to refer to a SOC in some cases.
ICSIndustrial control systems, such as PLC’s, SCADA, MPC software, real-time optimizers for refineries, etc.
IoTInternet of things: typically non-traditional computers hooked into a network, such as smartwaches, toasters, thermometers, TV’s or vacuum cleaners.