A Cyber Library of 300+ Cybersecurity Terms.
A Hardware Security Module (HSM) is a physical security device that safeguards and manages digital keys, performs encryption and decryption services, strong authentication, and often have tamper detection and prevention built …
A Mantrap is a small room with an entry door on one wall and an exit door on the opposite wall. One door of a mantrap cannot be unlocked and opened …
An Out-Of-Band (OOB) Patch is a security update released outside of the normal frequency. Typically, Microsoft releases patches on the second Tuesday of each month, called Patch Tuesday. When there …
A Managed Service Provider (MSP) is a third-party business that provides network, application, and system management services to companies. MSPs allow businesses without IT expertise to improve their cybersecurity framework …
Starlink is a satellite Internet constellation constructed by SpaceX to provide satellite Internet access. The constellation will consist of thousands of mass-produced small satellites in low Earth orbit, which communicate …
Full-Disk Encryption (FDE) is the encryption of all data on a disk drive. It’s often done by disk encryption software installed on the hard drive during manufacturing. Users who operate …
On-Access Scanning refers to a security tool configured to deliver real-time scans of each file for malware as the file is downloaded, opened, or executed. Many different vendors offer on-access …
Quarantine in the cybersecurity world happens when files containing malware are placed into isolation for future disinfection or examination. This strategy puts the malware in a specific area of the …
A Transaction Lock refers to the step taken by mobile payment app users to secure their accounts and help prevent fraudulent activity. A form of Transaction Lock is commonly seen when …
Knowledge-Based Verification (KBV) is a strategy used to verify identities based on knowledge of private information associated with the claimed identity. This is often referred to as knowledge-based authentication (KBA) or …
Tactics, Techniques, and Procedures (TTP) is the method used by IT and military professionals to determine the behavior of a threat actor (hacker). These three elements help you understand your …
Stalkerware refers to tools, apps, software programs, and devices that let another person (a stalker) secretly watch and record information on another person’s device. Parents use this type of tool …
A Cryptocurrency Wallet, also known as a Crypto Coin Wallet, is an application that allows cryptocurrency users to store and retrieve their digital assets. With traditional currency, you don’t need a wallet …
A Service Set Identifier (SSID) is a series of characters that uniquely names a Wireless Local Area Network (WLAN). An SSID is often referred to as a “network name.” This name …
Input Validation, also known as data validation, is the testing of any input (or data) provided by a user or application against expected criteria. Input validation prevents malicious or poorly …
The Cybersecurity Maturity Model Certification (CMMC) is a new universal standard set by the Department of Defense (DoD). The model was developed due to slow adoption of its predecessor, the Defense …
5G is the fifth generation of cellular data technology. It lives alongside 4G and related technologies, such as LTE. The first 5G cellular network was constructed in 2018, while 5G …
Business Email Compromise (BEC) is when an email account, often in a company’s finance department, is broken into and controlled by a hacker. This is often accomplished through a phishing …
A Quick Response (QR) Code is a type of barcode that contains a pattern of dots and lines. It can be scanned using a QR scanner or on a smartphone camera. …
Zero Trust is a security strategy focused on the belief that organizations shouldn’t automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to …
Clickjacking, also known as a “UI Redress Attack”, is when an attacker uses multiple transparent or vague layers to trick a user into clicking on a button or link on …
The Ransomware Task Force (RTF) is a group of high-profile security vendors who teamed up with the Institute for Security and Technology (IST) in December of 2020 to combat ransomware. Members …
Bluejacking is the unauthorized sending of messages from one Bluetooth device to another. Bluetooth is a high-speed, short-range wireless technology for exchanging data between laptops, smartphones, smartwatches, etc. This sort …
A Rootkit is a hacking program or collection of programs that give a threat actor remote access to and control over a computing device. While there have been legitimate uses …
Threat Intelligence (TI) is information about current attack tactics and techniques (T&T) used by hackers to breach companies, their networks, and their data. Threat Intelligence collects, compares, and summarizes T&T …
Threat Hunting is proactive hunting or searching through networks, endpoints, and datasets to find malicious, suspicious, or risky activity, patterns, or files that evaded existing detection tools. This is different …
The International Traffic in Arms Regulations (ITAR) is United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services as defined in the United …
Third-Party Risk Management (TPRM) is the process of identifying, assessing, and controlling risks presented throughout the lifecycle of your relationships with third parties. This oftentimes starts during procurement and extends …
BYOD, also known as Bring Your Own Device, is a common practice of allowing employee-owned devices to connect to business networks. Smartphones are the most common example, but employees also …
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s main government privacy law. Compliance with PIPEDA is essential for private sector businesses operating in Canada. Violation of PIPEDA can …
The General Data Protection Regulation (GDPR) was passed in the European Union (EU) in 2016 and requires all businesses to protect an updated definition of personal and private data of EU …
Data Sanitization is the process of permanently and irreversibly destroying data on a storage device in a deliberate manner, often for compliance or cybersecurity purposes. After data sanitization, a storage …
Deep Learning is a type of Machine Learning and Artificial Intelligence (AI) that mimics the way people gain certain forms of knowledge. It’s extremely beneficial to data scientists who are tasked …
Artificial Intelligence (AI) refers to human-like intelligence presented by a computer, robot, or other machines. AI mimics human learning by building iterative learning capabilities into a computer. AI machines learn …
Hadoop is a software platform that makes it possible for users to manage large amounts of data. Hadoop processes extensive amounts of structured, semi-structured, and unstructured data. Some examples of data …
User Behavior Analytics (UBA) is the tracking, collecting, and assessment of user data and activities using monitoring systems. UBA examine archived data from network and authentication logs collected and stored …
Blockchain is a digital record of transactions. The name comes from its structure where specific records called blocks are linked together in a single list, called a chain. Blockchains are used …
RFC 1918, also known as Request for Comment 1918, is the Internet Engineering Task Force (IETF) record on methods of assigning private IP addresses on TCP/IP networks. RFC 1918 outlines the usable private …
A Bogon is an IP address (IPv4 or IPv6) that has yet to be officially assigned for use by the Internet Assigned Number Authority (IANA). As such they are unassigned …
Non-Fungible Tokens (NFTs) are unique, easily verifiable digital assets that can represent items such as GIFs, images, videos, music albums, and more. Anything that exists online can be purchased as an …
Geotagging adds geographical information to media through the use of metadata. Geotagging data often includes latitude and longitude coordinates, but may also include altitude, distance, and physical location names. Geotagging …
Jailbreaking is the exploiting of manufacturer or carrier operating systems, often by removing restrictions from a device like an iPhone. The exploit usually involves running a privilege escalation attack on …
Mean Time to Failure (MTTF) and sometimes references as Mean Time For Failure (MTFF) is the length of time a device or software is expected to last in operation. MTTF …
Role-Based Access Control (RBAC) is a strategy of limiting network access based on the roles of individual users within a business. RBAC lets employees have access rights only to the …
Leakware, also known as Doxware, is a new more potent, and dangerous form of ransomware. When a ransomware Attack containing Leakware occurs, the attacker threatens to publicize personal data (confidentiality …
A Packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. TCP packets, passed over TCP/IP networks …
A Ping of Death (PoD) is a type of Denial of Service (DoS) attack that deliberately sends IP packets larger than the 65,536 bytes allowed by the IP protocol. One of …
Synthetic Transaction Monitoring (STM), also known as Synthetic Monitoring, is a web monitoring tool similar to Real User Monitoring (RUM), but Instead of collecting real user data, it simulates it. …
Common Vulnerabilities and Exposures (CVE) is a list of computer security flaws ranked on critical measures to aid individuals and companies with assessing the risk posed by the vulnerability or exposure …
Real User Monitoring (RUM) is a form of performance monitoring that captures and analyzes user activity and transacations on a website or application. It’s also known as real user measurement, …
