Glossary of Cyber Security Terms

802.11x - 802.11x refers to a group of evolving wireless local area network (WLAN) standards that are under development as elements of the IEEE 802.

Acoustical Infection - Acoustic infection is a type of malware that uses a compromised computer’s sound card and speakers to send data using a covert ultrasonic acoustical mesh network.

Active Attack - An active attack is a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.

Active Defense - An active defense is the use of offensive actions to outmaneuver an adversary and make an attack more difficult and to carry out.

Active Reconnaissance - Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.

Ad Fraud Botnet - An ad fraud botnet is a distributed network of computers controlled by a botmaster to defraud advertisers.

Adaptive Security - Adaptive security is an approach to safeguarding systems and data by recognizing threat-related behaviors rather than the files and code used by virus definitions.

Advanced Persistent Threat (APT) - A sophisticated, systematic cyber-attacks program that continues for an extended period, often orchestrated by a group of skilled hackers. The hacker group, or the APT, designs the attack with a motive that can range from sabotage to corporate espionage.

Advanced Evasion Technique (AET) - A method of delivering an exploit or malicious content into a vulnerable target so that the traffic looks normal and security devices will pass it through. By combining attacks using several protocol layers, these advanced evasions bypass most existing security solutions.

Anonymous - Anonymous is a loosely organized hacktivist collective created to promote free speech, unimpeded access to information, and transparency in government and corporate activities.

Antispoofing - A technique for countering spoofing attacks on a computer network.

Antivirus Software (Antivirus Program) - Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

Application Blacklisting - Sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.

Application Whitelisting - The practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.

Attack Surface - The entire network and software environment that is exposed to remote or local attacks. This includes all the exploitable vulnerabilities in an ecosystem’s hardware, software, connections, data location and even its employees, in the form of social engineering.

Attack Vector - The path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.

Audit Trail - A security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event accounting, an audit trail is the sequence of paperwork that validates or invalidates accounting entries.

Authentication - The process of determining whether someone or something is, in fact, who or what it declares itself to be.

Authentication Ticket or Ticket-Granting Ticket (TGT) - An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process.

Authentication, Authorization, and Accounting (AAA) - Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Authorization - Authorization is the process of giving someone permission to do or have something.

Backdoor - A means to access a computer system or encrypted data that bypasses the system's customary security mechanisms.

Barnacle – An unwanted programming, such as adware or spyware, that is downloaded and installed along with a user-requested program.

Bastion Host - The only host computer that a company allows to be addressed directly from the public network and that is designed to screen the rest of its network from security exposure

Bayesian Filter - A program that uses Bayesian logic, also called Bayesian analysis, to evaluate the header and content of an incoming e-mail message and determine the probability that it constitutes spam.

Behavior Blacklisting - A security method based on detecting specified suspicious actions on the part of software or human agents and blocking access accordingly.

Behavior Whitelisting - A security method in which permissible actions within a given system are specified and all others are blocked.

Bifurcation - In the biometric process of finger scanning, a bifurcation is a point in a finger image at which two ridges meet.

Biometric Verification - Any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.

BIOS Attack - A BIOS attack is an exploit that infects the BIOS with malicious code and is persistent through reboots and attempts to reflash the firmware.

BIOS Rootkit - A BIOS-level rootkit is programming that exists in a system's memory hardware to enable remote administration.

BIOS Rootkit Attack - A BIOS-level rootkit attack, also known as a persistent BIOS attack, is an exploit in which the BIOS is flashed (updated) with malicious code.

BitLocker - BitLocker is an operating system-level extension that combines on-disk encryption and special key management techniques.

Black Hat - Black hat refers to a hacker who breaks into a computer system or network with malicious intent.

Blended Threat - A blended threat is an exploit that combines elements of multiple types of malware and perhaps takes multiple attack vectors to increase the severity of damage and the speed of contagion.

Block Cipher - A block cipher is a method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time.

Blockchain Economy - The blockchain economy is a scenario and potential future environment in which the technology replaces current monetary systems, potentially on a global basis.

Blowfish - Blowfish is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms.

Blue Bomb (WinNuke) - A "blue bomb" (also known as "WinNuke") is a technique for causing the Windows operating system of someone you're communicating with to crash or suddenly terminate.

Blue Pill Rootkit - The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources


BlueKeep (CVE-2019-0708) - BlueKeep (CVE-2019-0708) is a vulnerability in the Remote Desktop (RDP) protocol that affects Windows 7, Windows XP, Server 2003 and 2008.

Bluesnarfing - Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection.

Boot Sector Virus - A boot sector virus is malware that infects the computer storage sector where startup files are found.

Bot Herder - A bot herder is a hacker that seeks out vulnerable computers and infects them so that they can be controlled as a botnet.

Bot Worm - A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers.

BotHunter - BotHunter is a type of bot application that looks for other bots by tracking two-way communication flows between active software inside a private network and external entities.

Botnet - A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices, that are infected and controlled by a common type of malware.

Botnet Sinkhole - A botnet sinkhole is a target machine used by researchers to gather information about a botnet.

Botnet Topology - A botnet topology is the network structure by which botnet interconnections are organized.

Brain Fingerprinting - Brain fingerprinting is a controversial technique that is advocated as a way to identify a terrorist or other dangerous person by measuring the "brainprint" of that person when shown a particular body of writing or an image that was previously familiar (such as of a training camp or manual).

Breach - The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

Browser Hijacker (Browser Hijacking) - A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit.

Brushing Scam - A brushing scam is an exploit in which a vendor ships a package to an unwitting receiver who hadn’t ordered it and then submits positive reviews that are supposedly from the verified owner.

Brute Force Attack - Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Buffer Overflow - A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold.

Buffer Underflow - Buffer underflow, also known as buffer underrun or buffer underwrite, is a threat to data that typically occurs when the temporary holding space during information transfer, the buffer, is fed at a lower rate than it is being read from.

Bug Bounty Program - A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding errors in software.

Bugbear - Bugbear is a computer virus that spread in early October 2002, infecting thousands of home and business computers.

Burner Phone - A burner is an inexpensive mobile phone that is designed for temporary use, after which it may be discarded.

Business Email Compromise (BEC, Man-in-the-Email Attack) - A business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity to defraud the company or its employees, customers or partners of money.

Business Logic Attack - A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database.

Bypass - Bypass, in general, means either to go around something by an external route rather than going through it, or the means of accomplishing that feat.

Cache ramming - Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run.

Cache Poisoning (DNS poisoning, web cache poisoning)- Cache poisoning is an attack vector that exploits the way domain name system (DNS) clients and web servers improve performance by saving old responses for a specified period in a temporary storage area called cache.

Caller ID Spoofing - Caller ID spoofing is a service that allows a caller to masquerade as someone else by falsifying the number that appears on the recipient's caller ID display.

Can You Hear Me? (telephone voice signature scam) - "Can you hear me?" is a telephone scam in which a perpetrator creates an audio recording of the victim saying the word "yes" by asking a question that will most likely be answered affirmatively.

Capacitive Scanner - A capacitive scanner is a finger scanning device that uses an array of capacitive proximity sensors, along with a microcomputer and associated electronic signal processing circuits, to create and store a digital image of a human fingerprint.

Capture - Capture is the process or means of obtaining and storing external data, particularly images or sounds, for use later.

Car Hacking - Car hacking is the manipulation of the code in a car's electronic control unit (ECU) to exploit a vulnerability and gain control of other ECU units in the vehicle.

Card Skimming - Card skimming is the theft of credit and debit card data and PIN numbers when the user is at an automated teller machine (ATM) or point of sale (POS).

Card Verification Value (CVV) - Card verification value (CVV) is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner's identity and minimizing the risk of fraud.

Card-Not-Present Fraud (card-not-present transaction)- Card-not-present (CNP) fraud is the unauthorized use of a payment card to conduct a card-not-present transaction when the cardholder cannot or does not physically present the card at the time of the transaction.

Carnivore - Carnivore was an Internet surveillance system developed for the U.

Certificate Authority (CA) - A certificate authority (CA) is a trusted entity that issues digital certificates, which are data files used to cryptographically link an entity with a public key.

Certificate Revocation List (CRL) - A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority and should not be trusted.

Certification - In information technology as in other fields such as teaching, accounting, and acupuncture, certification is a formal process of making certain that an individual is qualified in terms of knowledge or skills.

Certified Information Systems Security Professional (CISSP) - Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)².

Chaffing and Winnowing - Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption.

Chernobyl Virus - The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.

Cipher - In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data.

Cipher Block Chaining (CBC) - Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block).

Ciphertext - Ciphertext is encrypted text.

Ciphertext Feedback (CFB) - Ciphertext feedback (CFB) is a mode of operation for a block cipher.

CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard) - CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.

Class C2 - Class C2 is a security rating established by the U.

Clickjacking (user-interface or UI redressing and IFRAME overlay) - Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website.

Clipboard Hijack Attack - A clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site.

cloud cartography - Cloud cartography is a scheme for pinpointing the physical locations of Web servers hosted on a third-party cloud computing service.

CloudAV - CloudAV is a program that combines multiple antivirus applications and scans user files over a network of servers.

COBIT - COBIT is a framework for developing, implementing, monitoring and improving information technology (IT) governance and management practices.

Cocooning - Cocooning is the act of insulating or hiding oneself from the normal social environment, which may be perceived as distracting, unfriendly, dangerous, or otherwise unwelcome, at least for the present.

Cognitive Hacking - Cognitive hacking is a cyberattack that seeks to manipulate the perception of people by exploiting their psychological vulnerabilities.

Cognitive Security - Cognitive security is the application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems.

Cold Boot Attack - A cold boot attack is a process for obtaining unauthorized access to encryption keys stored in the dynamic random access memory (DRAM) chips of a computer system.


COMINT (Communications Intelligence) - Communications intelligence (COMINT) is information gathered from the communications of individuals, including telephone conversations, text messages and various types of online interactions.

Command Injection - Command injection is the insertion of HTML code into dynamically generated output by a malevolent hacker (also known as a cracker) seeking unauthorized access to data or network resources.

Command-and-Control server (C&C server) - A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware.

Common Vulnerabilities and Exposures (CVE) - Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.

Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.

Computer Exploit - A computer exploit, or exploit, is an attack on a computer system, especially one that takes advantage of a vulnerability the system offers to intruders.

Computer Security Incident Response Team (CSIRT)- A Computer Security Incident Response Team (CSIRT) is a group of IT professionals that provides an organization with services and support surrounding the prevention, management and coordination of potential cybersecurity-related emergencies.

Computer Worm - A computer worm is a type of malicious software program whose primary function is to infect other computers while remaining active on infected systems.

Conduit Browser Hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.

Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.

Confidentiality, Integrity, and Availability (CIA Triad) - Confidentiality, integrity, and availability, known as the CIA triad, is a model designed to guide information security practices and policies within an organization.

Consumer Privacy (Customer Privacy) - Consumer privacy, also known as customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday transactions.

Content Protection for Removable Media (CPRM)- Content Protection for Removable Media (CPRM) is a hardware-based technology designed to enforce copy protection restrictions through built-in mechanisms in storage media that would prevent unauthorized file copying.

Cookie Poisoning - On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft.

Corporate Area Network (CAN) - A corporate area network (CAN) is a separate, protected portion of a corporation's intranet.

Counterintelligence - Counterintelligence (CI) is the information gathered and actions taken to identify and protect against an adversary’s knowledge collection activities or attempts to cause harm through sabotage or other actions.

Covert Redirect - Covert redirect is a security flaw that allows attackers to exploit an open redirect vulnerability.

Cracker - A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

CRAM (Challenge-Response Authentication Mechanism)- CRAM (challenge-response authentication mechanism) is the two-level scheme for authenticating network users that is used as part of the Web's Hypertext Transfer Protocol (HTTP).

Credential Stuffing - Credential stuffing is the practice of using stolen login information from one account to gain access to accounts on several sites through automated login.

Credential Theft - Credential theft is a type of cybercrime that involves stealing the proof of identity of the victim, which can be either an individual or a business.

Critical Infrastructure Security - Critical infrastructure security is the area of concern surrounding the protection of systems, networks and assets whose continuous operation is deemed necessary to ensure the security of a given nation, its economy, and the public’s health and/or safety.

Cryptographic Checksum - A cryptographic checksum is a mathematical value (called a checksum) that is assigned to a file and used to "test" the file later to verify that the data contained in the file has not been maliciously changed.

Cryptographic Nonce - A nonce is a random or semi-random number that is generated for a specific use, typically related to cryptographic communication or information technology.

Cryptography - Cryptography is a method of protecting information and communications using codes so that only those for whom the information is intended can read and process it.

Cryptojacking - Cryptojacking is the surreptitious and unauthorized use of a computer for the resource and power-demanding requirements of cryptocurrency mining.

Cryptology - Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis.

Cryptoperiod (Key Lifetime or a Validity Period)- A cryptoperiod (sometimes called a key lifetime or a validity period) is a specific time span during which a cryptographic key setting remains in effect.

CVSS (Common Vulnerability Scoring System) - The CVSS (Common Vulnerability Scoring System) rates the severity of software vulnerabilities so organizations can prioritize mitigation.

Cyber Attribution - the process of tracking, identifying and laying blame on the perpetrator of a cyberattack or hacking exploit.

Cyber Extortion - The act of cyber-criminals demanding payment through the use of or threat of some form of malicious activity against a victim, such as data compromise or denial of service attack.

Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) - The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies.

Cyber Resilience - Cyber resilience is a concept that refers to the security that goes beyond defense and prevention to focus on response and resilience in moments of crisis.

Cyber Security Challenge UK - Cyber Security Challenge UK is a not-for-profit British company that runs IT security-related competitions with the aim of attracting talented people to the IT security industry.

Cyber Storm - Cyber Storm is the name of a simulated attack exercise conducted by the U.

Cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.

Cyberheist - A cyberheist is the online version of the classic bank heist, in which a criminal or criminals hold up or break into a bank to get away with a large sum of money quickly.

Cybersecurity - The practice of ensuring the confidentiality, integrity and availability (CIA) of information. 

Cybersecurity is comprised of an evolving set of tools, risk management approaches, technologies, training, and best practices designed to protect networks, devices, programs, and data from attacks or unauthorized access.

Cybersecurity Insurance (Cybersecurity Liability Insurance) - Cybersecurity insurance is a contract that an individual or entity can purchase to help reduce the financial risks associated with doing business online.

Cyberwarfare - Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state.

Daisy chain - A daisy chain is an interconnection of computer devices, peripherals, or network nodes in series, one after another.

DAT USB drive - A DAT USB drive is a tape drive with digital audio tape (DAT) that can be plugged into a Universal Serial Bus (USB) connection as a simple and relatively low-cost way to back up data routinely, especially on servers


Data Availability - Data availability is a term used by some computer storage manufacturers and storage service providers (SSPs) to describe products and services that ensure that data continues to be available at a required level of performance in situations ranging from normal through "disastrous.

Data Breach - A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

Data Breach Response Plan - A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur.

Data Encryption Standard (DES) - The Data Encryption Standard (DES) is an outdated symmetric-key method of data encryption.

Data Encryption/Decryption IC - A data encryption/decryption IC is a specialized integrated circuit (IC) that can encrypt outgoing data and decrypt incoming data.

Data Integrity - Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.

Data Key - In cryptography, a data key is a key (a variable value that is applied to a string or block of text to encrypt or decrypt it) that is used to encrypt or decrypt data only and is not used to encrypt or decrypt other keys, as some encryption formulas call for.

Data Security Council of India (DSCI) - The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing.

Data Splitting - Data splitting is an approach to protecting sensitive data from unauthorized access by encrypting the data and storing different portions of a file on different servers.

Database Activity Monitoring (DAM) - Database activity monitoring (DAM) systems monitor and record activity in a database and then generate alerts for anything unusual.

Deception Technology - Deception technology is a class of security tools and techniques designed to prevent an attacker who has already entered the network from doing damage.

Decipher - All three terms - decipher, decrypt, and decode - mean to convert ciphertext into the original, unencrypted plaintext.

Defense in Depth (DiD) - Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise.

Defense Message System (DMS) - The Defense Message System (DMS) is a secure X.


Demilitarized Zone (DMZ) - In computer networks, a DMZ, also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that separates an internal local area network (LAN) from other untrusted networks, usually the internet.

Deniable Encryption - Deniable encryption is a type of cryptography that allows an encrypted text to be decrypted in two or more ways, depending on which decryption key is used.

Deperimeterization - In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication.

Depository - A depository is a file or set of files in which data is stored for the purpose of safekeeping or identity authentication.

Device Attack - A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access.

Dictionary Attack - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.

Device Attack - A device attack is an exploit in which the attacker takes advantage of a vulnerable device to gain network access.

Dictionary Attack - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.

Differential Power Analysis (DPA) - A differential power analysis (DPA) attack is an exploit based on analyzing the correlation between the electricity usage of a chip in a smart card and the encryption key it contains.

Diffie-Hellman Key Exchange (Exponential Key Exchange)- Diffie-Hellman key exchange, also called exponential key exchange, is a method of digital encryption that uses a number raised to specific powers to produce decryption keys that are never directly transmitted, making the task of a would-be code breaker mathematically overwhelming.

Digest Authentication - Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain controller.

Digital Footprint - A digital footprint, sometimes called a digital dossier, is the body of data that exists as a result of actions and communications online that can in some way be traced back to an individual.

Digital Profiling - Digital profiling is the process of gathering and analyzing information about an individual that exists online.


Digital Signature Standard (DSS) - Digital Signature Standard (DSS) is the digital signature algorithm(DSA) developed by the U.S. National Institute of Standards and Technology (NIST) in 1994.

Digital Silhouettes - Digital Silhouettes is the trademarked name that Predictive Networks has given to user profiles that are established through gathered click stream data and artificial intelligence (AI) processes.

Directory Harvest Attack (DHA) - A directory harvest attack (DHA) is an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database.

Directory Traversal - Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory.

Disaster Recovery Plan (DRP) - A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation work and testing.

Distributed Denial of Service (DDoS) Attack - A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource.

DNS Attack - A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system (DNS).

DNS Rebinding Attack - DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router.

DNS Security Extensions (DNSSEC) - DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force (IETF) standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.

DomainKeys - DomainKeys is an anti-spam software application in development at Yahoo that uses a form of public key cryptography to authenticate the sender's domain.

Dongle - A dongle (pronounced DONG-uhl) is a mechanism for ensuring that only authorized users can copy or use specific software applications, especially very expensive programs.

Double Blind Test - Double blind test is an experiment where both the subject and observer are unaware that the exercise in practice is a test.

Doxing - Doxing is the act of gathering information about a target individual or organization and making it public.

Doxware (Extortionware) - Doxware, also known as extortionware, is an exploit in which the attacker accesses the target's sensitive data and threatens to publish it if the victim does not meet his demands.

Drive-by Pharming - Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain access to user data.

Drive-by Spamming - Drive-by spamming is a variation of drive-by hacking in which the perpetrators gain access to a vulnerable wireless local area network (WLAN) and use that access to send huge volumes of spam.

DSO Exploit (Data Source Object Exploit) - A data source object (DSO) exploit is a form of spyware that takes advantage of data binding to gain access to the hard drive of a computer connected to the Internet.

Dumb Network - A dumb network is one that provides the physical interconnection between nodes but not much processing to support signaling.

Duqu (W32.Duqu) - Duqu is a remote access Trojan (RAT) that is designed to steal data from computers it infects.

Dynamic Packet Filter - A dynamic packet filter is a firewall facility that can monitor the state of active connections and use this information to determine which network packets to allow through the firewall.

Eavesdropping - Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission.

Echelon - Echelon is an officially unacknowledged U.

Egress Filtering - Egress filtering is a process in which outbound data is monitored or restricted, usually by means of a firewall that blocks packets that fail to meet certain security requirements.

Electrohippies Collective - The Electrohippies Collective is an international group of hacktivists based in Oxfordshire, England, whose purpose is to express its displeasure with the use of the Internet "as a tool for corporate communications and propaganda.


Electronic Code Book (ECB) - Electronic Code Book (ECB) is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa.

Electronic Discovery (e-discovery or ediscovery)- Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.

Electronic Privacy Information Center (EPIC) - The Electronic Privacy Information Center (EPIC) is a non-profit public interest research organization for the promotion of privacy and civil liberties, constitutional values and free speech in the information age.

ELINT (electronic intelligence) - Electronic intelligence (ELINT) is intelligence gathered using electronic sensors.

Elk Cloner - Elk Cloner was the first computer virus known to have spread in the wild.

Elliptical curve cryptography (ECC) - Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys.

Email Spoofing - Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source.

Embedded System Security - Embedded system security is a strategic approach to protecting software running on embedded systems from attack.

Emergency Management Plan - An emergency management plan should include measures that provide for the safety of personnel and, if possible, property and facilities.

Encoding and Decoding - Encoding is the process of putting a sequence of characters (letters, numbers, punctuation, and certain symbols) into a specialized digital format for efficient transmission or transfer.

Encrypting File System (EFS) - The Encrypting File System (EFS) is a feature of the Windows 2000 operating system that lets any file or folder be stored in encrypted form and decrypted only by an individual user and an authorized recovery agent.

Encryption - Encryption is the method by which information is converted into secret code that hides the information's true meaning.

Endpoint Detection and Response (EDR) - Endpoint detection and response (EDR) is a category of tools and technology used for protecting computer hardware devices–called endpoints—from potential threats.

Endpoint Fingerprinting - Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks.

Endpoint Security (Endpoint Security Management)- Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted.

Equipment Destruction Attack - An equipment destruction attack, also known as a hardware destruction attack, is an exploit that destroys physical computer and electronic equipment.

Escrowed Encryption Standard (EES) - The Escrowed Encryption Standard (EES) is a standard for encrypted communications that was approved by the U.

Ethical Hacker - An ethical hacker, also referred to as a white hat hacker, is an information security expert who systematically attempts to penetrate a computer system, network, application or other computing resource on behalf of its owners -- and with their permission -- to find security vulnerabilities that a malicious hacker could potentially exploit.

Ethical Worm - An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities.

Evil Twin - An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate hot spot.

Executable File (EXE File) - An executable file (exe file) is a computer file that contains a sequence of instructions that the operating system can execute directly.

Exploit - malicious application or script that can be used to take advantage of a computer’s vulnerability.

Extrusion Prevention - Extrusion prevention, also called exfiltration prevention, is the practice of stopping data leaks by filtering outbound network traffic and preventing unauthorized packets from moving outside the network.

Facebook Cloning - Facebook cloning is a scam in which the attacker copies the profile picture of an authorized user, creates a new account using that person’s name and sends friend requests to people on the user’s list.

Facebook Scam - A Facebook scam is a post or page on the popular social networking site designed to deceive users and spread rapidly through their personal networks.

FACTA (Fair and Accurate Credit Transactions Act)- FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft.

False Acceptance (Type II Error) - False acceptance, also called a type II error, is a mistake occasionally made by biometric security systems.

False Rejection (Type I Error) - False rejection, also called a type I error, is a mistake occasionally made by biometric security systems.

Faraday Cage - A Faraday cage is a metallic enclosure that prevents the entry or escape of an electromagnetic field (EM field).

Fast Flux DNS - Fast flux DNS is a technique that a cybercriminal can use to prevent identification of his key host server's IP address.

FBI Alert Number I-091015-PSA - FBI Alert Number I-091015-PSA is a public service announcement from the United States Federal Bureau of Investigation to inform individuals and organizations about the importance of Internet of Things (IoT) security, including potential vulnerabilities and protective measures that should be taken to mitigate risk associated with them.

FCRA (Fair Credit Reporting Act) - FCRA (Fair Credit Reporting Act) is a United States Law that regulates how consumer credit information is collected, used and shared.

Federal Emergency Management Agency (FEMA) - Federal Emergency Management Agency (FEMA) is a United States government agency with the purpose to coordinate aid and respond to disasters around the nation when local resources are insufficient.

Federated Identity Management - Federated identity management (FIM) is an arrangement that can be made between multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all the enterprises in the group.

Federal Financial Institutions Examination Council (FFIEC) Compliance - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).

Fileless Malware Attack - A fileless malware attack is a type of malicious attack a hacker can use to leverage applications already installed in a computer.

Financial Crimes Enforcement Network (FinCEN)- Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury.

Fingernail Storage - Fingernail storage is a method of writing data onto a human fingernail using a pulsed laser.

Finger Scanning (Fingerprint Scanning) - Finger scanning, also called fingerprint scanning, is the process of electronically obtaining and storing human fingerprints.

Firefighting - Firefighting is an emergency allocation of resources, required to deal with an unforeseen problem.

Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.

Firestarter - Firestarter is an open source firewall program for personal computers and servers that support Linux kernels 2.

Firewall - A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a computer network.

Firewall Builder (Fwbuilder) - Firewall Builder, also called Fwbuilder, is a vendor-neutral configuration and management application for firewalls that is intended primarily for Linux and that supports the OpenBSD Packet Filter, Cisco PIX Series security devices, iptables, and ipfilter.

FirewallD - FirewallD, also known as Dynamic Firewall, replaces Fedora's old firewall tool, iptables, and allows for easier configuration and interface.

Flexible Mandatory Access Control (FMAC) - Flexible Mandatory Access Control (FMAC) is an ongoing project intended to enhance the Sun Microsystems OpenSolaris operating platform by adding two security technologies: Flux Advanced Security Kernel (Flask) and Type Enforcement (TE).

Footprinting - In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins.

Forensic Watermark (digital watermark) - A forensic watermark, also called a digital watermark, is a sequence of characters or code embedded in a digital document, image, video or computer program to uniquely identify its originator and authorized user.

Form Grabber - A form grabber is a type of malware that captures data such as IDs and passwords from browser forms.

Frequency-Hopping Spread Spectrum - Frequency hopping is one of two basic modulation techniques used in spread spectrum signal transmission.

Globbing - Globbing is the process of expanding a non-specific file name containing a wildcard character into a set of specific file names that exist in storage on a computer, server, or network.

Goat - In biometric verification, a goat is a system end-user who is refused access to the system because their biometric data pattern is outside the range recognized by the system.

Google dork query - Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries.

Google Project Zero - Google Project Zero is a security research unit within Google Inc.

Government Trojan - A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a criminal investigation.

Graphical Password or Graphical User Authentication (GUA) - A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI).

Gray Hat (or Grey Hat) - Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.

Great Firewall of China - The Great Firewall of China is a country wide firewall that restricts content that is censored by the Chinese Government, protecting infrastructure from cyber-attacks and Chinese corporate and state secrets.

Greynet (or Graynet) - Greynet is a term for the use of unauthorized applications on a corporate network.

Group Policy Object (GPO) - Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.


Gyroscope - A gyroscope is a device with a spinning disc or wheel mechanism that harnesses the principle of conservation of angular momentum: the tendency for the spin of a system to remain constant unless subjected to external torque.

Hacker - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.

Hackerazzi - Hackerazzi are cybercriminals who hack into the email accounts of celebrities to access and exploit their private information.

hacking as a service (HaaS) - Hacking as a service (HaaS) is the commercialization of hacking skills, in which the hacker serves as a contractor.

Hacktivism - Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.

Hand of Thief - Hand of Thief is banking crimeware that targets Linux operating systems.

Hard Drive Overwriter - In e-cycling, a hard drive overwriter is a program or utility that repeatedly overwrites the data on a computer's hard drive with gibberish.

Hard-Drive Encryption - Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions.

Hardware Vulnerability - A hardware vulnerability is an exploitable weakness in a computer system that enables attack through remote or physical access to system hardware.

Hashing - Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.

Have I Been Pwned (HIBP) - Have I Been Pwned (HIBP) is a website that allows users to search and find out if an email address’s password has been compromised.

Heartbleed - Heartbleed is a vulnerability in some implementations of OpenSSL.

HI-MEMS cyborg insects (Hybrid Insect Micro-Electro-Mechanical Systems) - The Hybrid Insect Micro-Electro-Mechanical Systems (HI-MEMS) program, also known as the cybug program, is a proposal from the Defense Advanced Research Projects Agency (DARPA) to encourage the development of cyborg insects that can be controlled by humans.


Hijacking - Hijacking is a type of network security attack in which the attacker takes control of a communication - just as an airplane hijacker takes control of a flight - between two entities and masquerades as one of them.

Honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.

Honeynet - A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security.

Honeynet Project - The Honeynet Project is a non-profit volunteer organization dedicated to computer security research and information sharing.

Honeypot (computing) - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to detect, deflect or study hacking attempts in order to gain unauthorized access to information systems.

Host Intrusion Prevention Systems (HIPS) - A host intrusion prevention system (HIPS) is a security method that relies on third-party software tools to monitor network traffic and system activities for anomalous code behavior to identify and prevent malicious activities.

Hot Site and Cold Site - A hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster.

HTTPS (HTTP over SSL or HTTP Secure) - HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering.

Human Attack Surface - Human attack surface is the totality of all security vulnerabilities within a given system or network that are created through human activities.

Hybrid Virus (multi-part or multipartite virus)- A hybrid virus (sometimes called a multi-part or multipartite virus) is one that combines characteristics of more than one type to infect both program files and system sectors.

iCrime (Apple picking) - iCrime, also known as "Apple picking," is the theft of Apple devices such as iPhones, iPods and iPads.

ICS Security (Industrial Control System Security)- ICS security is the area of concern involving the safeguarding of industrial control systems, the integrated hardware and software designed to monitor and control the operation of machinery and associated devices in industrial environments.

Identity Chaos (Password Chaos) - Identity chaos (sometimes called password chaos) is a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices.

Identity Theft - Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else.

IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.

IM worm - An IM worm is self-replicating malicious code that spreads in instant messaging networks.

Image Replay Attack - An image replay attack is the use of a picture to fool an authentication method.

In The Wild - According to noted computer virus expert Paul Ducklin, for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.

Incidence - Incidence, in statistics, is the rate of occurrence of something within a population, or the number of times it occurs.

Incident Response - A methodology an organization uses to respond to and manage a cyberattack. An attack or data breach can wreak havoc potentially affecting customers, intellectual property company time and resources, and brand value. An incident response aims to reduce this damage and recover as quickly as possible. Investigation is also a key component in order to learn from the attack and better prepare for the future. Because many companies today experience a breach at some point in time, a well-developed and repeatable incident response plan is the best way to protect your company.

Indicators of Compromise (IOC) - Evidence that a cyber-attack has taken place. IoCs give valuable information about what has happened but can also be used to prepare for the future and prevent against similar attacks. Anti-malware software and similar security technologies use known indicators of compromise, such as a virus signature, to proactively guard against evasive threats. Indicators of compromise can also be used in heuristic analysis.

Industrial Espionage - Industrial espionage is the covert and sometimes illegal practice of investigating competitors, usually to gain a business advantage.

Information Signature - To fight terrorism, the Information Awareness Office (IAO) of the U.

Infranet Initiative - The Infranet Initiative is a collaborative effort to develop a high-performance universal public network that would serve as a supplement to the Internet for businesses and other high-demand users.

Initialization Vector (IV) - An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.

Input Validation Attack - An input validation attack is any malicious action against a computer system that involves manually entering strange information into a normal user input field.

Insecure Deserialization - Insecure deserialization is a vulnerability in which an untrusted or unknown data is used to either inflict a denial of service attack (DoS attack), execute code, bypass authentication or further abuse the logic behind an application.

Insider Threat - Insider threat is a category of risk posed by humans who have access to an organization's physical or digital assets.

Integer Overflow - Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in each system.

Integrated Threat Management - Integrated threat management is a comprehensive approach to network security that addresses multiple types of malware, as well as blended threats and spam, and protects from intrusion at both the gateway and the endpoint levels.

Intelligent Video - Intelligent video is digital video technology integrated with analytical software.

International Data Encryption Algorithm (IDEA)- IDEA (International Data Encryption Algorithm) is an encryption algorithm developed at ETH in Zurich, Switzerland.

Internet Crime Complaint Center (IC3) - The Internet Crime Complaint Center (IC3) is a website and that offers users a standardized mechanism and interface to report suspected cybercrime or other illegal activity facilitated by the internet.

Internet Key Exchange (IKE) - The Internet Key Exchange (IKE) is an IPsec (Internet Protocol Security) standard protocol used to ensure security for virtual private network (VPN) negotiation and remote host or network access.

Internet Storm Center - The Internet Storm Center is a website provided by the SANS Institute that monitors current online security attacks and publishes information about them.

Intrusion Detection System (IDS) - An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered.

Intrusion Prevention - Intrusion prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly.

Inverse Mapping - Inverse mapping is a procedure used to create associations between real or virtual objects that involves some type of reversal of another process or concept.

IoT Botnet (Internet of Things botnet) - An IoT botnet (Internet of Things botnet) is a group of hacked computers, smart appliances and Internet-connected devices that have been co-opted for illicit purposes.

IoT security (internet of things security) - IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).

IP Spoofing - IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate another computer system, or to hide the identity of the sender, or both.

IP Surveillance - IP surveillance is a digitized and networked version of closed-circuit television (CCTV).

IPsec (Internet Protocol Security) - IPsec, also known as the Internet Protocol Security or IP Security protocol, defines the architecture for security services for IP network traffic.

ISA Server (Internet Security and Acceleration Server)- Microsoft's ISA Server (Internet Security and Acceleration Server) is the successor to Microsoft's Proxy Server 2.

ISO 27001 - ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS).

IT Systems Management - Systems management is the administration of the information technology systems in an enterprise data center.

IT-ISAC (Information Technology Information Sharing and Analysis Center) - IT-ISAC (Information Technology Information Sharing and Analysis Center) is a facility founded in January, 2001 by nineteen prominent IT industry companies (including Oracle, IBM, EDS, and Computer Sciences) to serve as a central repository for security-related information.

JavaScript hijacking - JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML).