When reading up on cybersecurity there is a lot of jargon that can slow you down. This page contains common words and phrases used in the infosec world, and what they actually mean.
If you have suggestions for new terms or improvements, let us know in the comments!
CISO | Chief information security officer: the executive responsible for information security in an organization. Is not necessarily a technical expert |
Firewall | A firewall is a security device that filters network traffic. There are many types of firewalls, but the two main types are “stateless” and “stateful”. Stateless is the traditional type that only looks at the protocol (or port number used), whereas a stateful firewall inspects the actual packets (contents) sent over the network. |
Next generation | Marketing speak for “new” or “modern”. Doesn’t actually have to be useful 🙂 |
Awareness training | Training given to employees or members of an organization to make them aware of cybersecurity threats and how to act to minimize the risk to themselves and the company they work for. |
DLP | Data loss protection: technologies meant to detect and stop unauthorized data exfiltration, such as upload of company files to a personal Dropbox folder. |
ML | Machine learning. A form of artificial intelligence where a statistical model is trained on a large data set to be able of performing estimation or classification. Reliability typically depends on the amount of data used to “train the model”. |
AV | Antivirus, typically used for traditional products for malware protection on PC’s. These products work by comparing files on the system to known “bad files”. More advanced products are often called “endpoint protection”. |
Endpoint protection | Endpoint protection is more advanced antivirus. Such solutions often include protection from connecting to known bad web pages, use of machine learning to recognize unusual behavior, blocking of dangerous system commands, etc. |
Threat intelligence | This is collection and analysis of information about threat actors (groups or people who try to attack others), their methods and who they target. This is useful for understanding the types of attacks one should be prepared for. |
Phisning | Phishing is when someone is “fishing for information”. They usually send emails wiht links leading to web pages designed to look like legitimate pages, or they contain attachments with malware. The goal is often to steal usernames and passwords, or other sensitive informaiton. |
BEC | Business email compromose: this is a form of phishing that does not involve links or dangerous attachments. The attacker will use email communication to build trust and try to get the victim to perform some action. One example is someone pretending to be the CEO asking and employee to transfer money to a foreign bank account. |
Ransomware | Ransomware is malware (a computer virus) that makes files inaccessible and demands a ransom to unlock the files. Typically the files are locked by encrypting them, and the criminals demand payment to decrypt the files again. If ransomware spreads throughout the network in an organization this can be a big problem even if the organizaiton has recent backups available due to the effort needed for restoring systems and the downtime casued by such incidents. |
Identity theft | Identity theft is when criminals abuse identity information to pretend to be someone else. Very often this is done to take out credit in someone else’s name. |
DPO | Data protection officer: this is a term from the European privacy regulation GDPR (General Data Protection Regulation). This is a lawyer who is responsible for privacy management in an organization. |
SOC | Security operations center: a center that is usually manned 24/7, monitoring alerts, logs, etc, and responding to them. |
DFIR | Digital forensics and incident response. Digital forensics is the analysis of digital evidence, such as looking at logs or memory dumps. Incident response is taking action against active threats. |
Incident Response | Process to handle cybersecurity incidents. Such a process requires planning and training and typically has 6 stages: preparation, detection and analysis, containment, eradication, recovery, lessons learned. If you do not have an incident response plan you should probably start working on getting one. |
RAT | Remote access trojan: a malware that allows hackers remote access to a computer without the computer owner knowing about it, like a backdoor. |
CERT | Computer emergency response team. Dedicated personnel performing DFIR. Also used to refer to a SOC in some cases. |
ICS | Industrial control systems, such as PLC’s, SCADA, MPC software, real-time optimizers for refineries, etc. |
IoT | Internet of things: typically non-traditional computers hooked into a network, such as smartwaches, toasters, thermometers, TV’s or vacuum cleaners. |