Cyber security Definitions | IT Security Terms in Simple English

Share on facebook
Share on twitter
Share on linkedin
Share on email
Cyber Security Glossary

We have prepared a cyber security glossary listing IT security terms and related computer security definitions, which are often confusing to individuals from a non-security background. It is hard to keep up with all times; you may find this glossary helpful to better understand without tech jargon. 


access control

access controls authenticate and authorise to access the information they are allowed to view 

admin privilege

‘generally’ the highest level of privileges on any given system

Advanced Persistent Threat (APT)

A stealth threat actor that gains unauthorised access to a computer network and remains undetected for an extended period


a software that automatically displays  or downloads advertising banners or pop-ups


a software application that functions on a laptop or device to identify, block or remove malicious code (i.e. virus, spyware, ransomware, malware)

attack surface analysis

Our Attack Surface Analysis provides a snapshot of potential threats that can be used against your assets (people, process and technology). This exercise comprises information analysis based on advanced survey and analysis work. Our methodology involves utilising multiple information channels and toolsets to identify and analyse specific information.

IT security terms

attack vector

an attacker’s technique to gain unauthorised access to a computer or network 


A threat actor who seeks to intrude into computer systems with malicious intent to delete, steal or disable sensitive information and exploit the outcomes for his gains (financial or otherwise)


behavioural based analysis

Since anti-virus software came into widespread use, behaviour based analysis has gained popularity in the security domain. The behavioural analysis uses software tools and analysis techniques to detect out of norm data transmission patterns. This may be data transmission, malware actions or other security-related events. 


See deny list below

black hat hacking

hacking into a computer system or network with malicious intent


An automated program, application or machine is used to carry out tasks. This could be a chatting bot as you observe on certain websites, a security bot carrying out instructions to find and exploit vulnerable websites to gather financial data, passwords or other objectives


A network of compromised systems connected to the Internet, controlled by an attacker to commit coordinated attacks 


A security incident occurs when unauthorised access takes place on computer systems, devices or networks 

brute force attack

A popular password cracking process using combinations (automated) and probabilities (manual) to identify passwords

bring your device (BYOD)

a policy that allows staff to get their personal devices to be connected at the workplace for work purposes


A weakness, failure or fault in a computer program that causes unintended code interaction



utilising social media (including dating sites) fake identity to target a specific person for deception


Digital identity for a device, user or system to allow authentication and secure exchange of data

CISO (Chief Information Security Officer)

CISO or vCISO (virtual), known as Chief Information Security Officer, is an executive tasked with the responsibility for an organisation’s information and data security.  

cloud computing

it means storing, processing and transmitting data over the Internet instead of your computer. there are multiple models of how cloud computing is used in today’s world; this includes paying for the usage of infrastructure, platform or software resources. Relevant assets based cloud security risks


single or various pieces of sensitive information (password, token, certificate) used to authenticate and verify the user’s identity

critical hour (or golden hour)

As used by police and emergency services, a popular concept relates to the time immediately after the security incident. It is a vital timing that could drastically change the approach toward containing and limiting the impact of a cyber-attack

Cross-site Scripting (XSS)

A standard attack vector that injects malicious code into a vulnerable web application. Cross-site Scripting is also known as XSS vulnerability.

cyber essentials

A UK Govt backed self-assessment certification to help protect businesses against the most common cyber-attacks while demonstrating cyber security commitment 

cyber attack

an assault launched by cybercriminals using single or multiple computers against single or multiple computers or networks to gain unauthorised access to steal, access or modifying the underlying data

cyber security 

It is a collective of methods, technologies and processes designed to help protect the confidentiality, integrity and availability (CIA triad) of systems, networks and underlying data against unauthorised access. See principles of information here.

cyber security incident

a breach event where security policies have been violated with single or multiple actions, namely:

  • attack attempts
  • successful unauthorised access gained to single or multiple systems or data 
  • stealing or modifying data
  • changes to the system state without the owner’s consent
  • disruption 

cyber security operations centre (CSOC)

An organisational function is responsible for continuous monitoring, identification, analysis and response to cyber security threats faced by an organisation. Based on protecting, detecting and responding concepts, it is a 24x7x365 activity that varies from intelligence gathering to data breach containment and recovery processes.


use the Internet or electronic means to stalk or harass any individual, group or organisation.




a set of facts such as numbers, words, observations, descriptions

data at rest

data stored in storage such as tape drives, disk drives, USB drives or backups

data security

Data security refers to the protection of data from unauthorised use, theft or deletion 

deny list

A way of access control that blocks data transmission also cited as ‘blacklisting’ in the past

dictionary attack

A brute force attack that utilises dictionary words, phrases or common passwords 

digital footprint

all the data marks you leave behind as you use the Internet

denial of service (DoS)

an activity that uses one computer system or network to flood the target systems or service with a huge amount of requests to deny access to legitimate users

distributed denial of service (DDoS)

a denial of service (DoS) attack that utilises multiple systems and networks to target a specific network with vast amounts of traffic


drive-by download attack

a user clicking on an attachment or a link that initiates malicious software or virus installation on the user’s device without the user’s knowledge

dumpster diving

The act of physically checking through waste to attempt to discover valuable information that can be leveraged to gain access to an organisation’s resources. This could be usernames and passwords, sensitive information related to the company’s IP or other documents that were not securely shredded.



a way of scrambling data that only authorised parties can understand with possession of a secret key


it could be any device that is physically an endpoint on a network. This could be a laptop, mobile, workstation, server or virtual environments


malicious code that takes advantage of a weakness or a flaw in target systems (computers, mobile, devices) to cause intended consequences

exploit kit

Exploits kits are individual or a collection of scripts/programs that work in an automated fashion to exploit vulnerabilities on a victim’s computer. Such incidents relate to data theft, misuse, unauthorised access, traffic redirection, or other malicious activities to maintain or further access the connected networks.

ethical hacking

A cyber security attack simulation to identify weaknesses in the computer systems that may otherwise result in reputation, regulatory or financial implications for a business. The simulation actors, also known as security consultants, are often terms like ‘white hat hackers’. In contrast, black hat hackers are the ones who engage in illegal/cybercrime activities.


data transfer activity from within company systems towards  external (outside the organisation) systems 

Discuss your concerns today



a network security mechanism (software or hardware) that acts as a gatekeeper for incoming and outgoing traffic as per defined rules


a specific class of code that provides low-level control for a device’s hardware

fileless malware

a variant of malware that exclusively resides in a computer’s memory

form grabber

A form grabber is a malware that aims to target web pages to steal authorisation and log-in credentials before it is passed to the server for the intended function. This method was initially invented in 2003.



European legislation, General Data Protection Regulation, is designed to prevent the misuse of personal data.



An individual or group aims to bypass security restrictions or misuse the current controls to gain unauthorised access to computers. Hackers’ objectives may differ based on their motivation, varying from accessing information to data theft or deletion. 


activities aimed at compromised digital services or devices such as tablets, computer systems,  mobile devices and networks.


Hashing utilises a one-way function on a piece of data used primarily for authentication. It ensures that data has not been tampered with.  


a computer system or network intended to mimic the victims of hacking that helps limit access to actual systems by utilising the learnings from mimicking attack victims


identity theft 

deliberate use of someone’s identity for financial gains 

information security

Information security is a set of practices that organisations follow to prevent unauthorised use of their data and information

Infrastructure as a Service (IaaS)

a cloud computing shared responsibility model that involves provisioning of computing infrastructure as a service for cloud users

insider threats

legitimate users are abusing their privileges to gain unauthorised access to the systems or data. See this detailed blog post on insider threats

Internet of Things (IoT)

objects that fall into everyday life that are connected to the Internet in order to exchange data with other devices or systems over the Internet. Examples include security cameras, thermostats, electronic appliances

Intrusion Detection System (IDS)

An Intrusion Detection System is a device or an application that monitors network activity for malicious actions or security violations. Any such activity is recorded or reported securely at a central repository using a security information and event monitoring (SIEM) tool.

Intrusion Prevention System (IPS)

Intrusion Prevention System is a device or an application aimed at detecting and preventing vulnerabilities from being exploited within an organisation. For example, a bot trying to exploit security vulnerabilities in a WordPress website would be detected and prevented from utilising a securely configured IPS.

ISO 27001

A standard in information security management systems (ISMS) demonstrates the highest accreditation level.



a mobile security term that relates to the removal of security restrictions of a device, allowing modification and installation of new applications on the underlying system. Read more about mobile security 


A scripting or programming language that is used to create and control the content of a website, to program the behaviour of website pages to do specific actions

just-in-time (JIT) access

a computing concept that involves compilation during the execution of a program at run time rather than before implementation. Just in time, access provisions access for users to have privileged accounts and resources access when they need it (time-based), not otherwise (permanent). This concept is used in various domains of computing, for example, just in time azure access, just in time IAM.



a software or hardware that secretly records a user’s keystrokes on a computer system

kill chain

a cyber kill chain is a process or methodology showing different stages of an attack.

cyber kill chain


logic bomb

a piece of code that sets off a malicious function when specified conditions are met. For example, hackers hide logic bombs in viruses or malware that trigger upon finding themselves on a system within a target network.

macro malware

A malicious program that uses the macro capabilities of applications (usually Microsoft office) that helps attackers compromise the underlying program or system. Read computer viruses fun facts here.


Delivering malware programs using online advertising methods


a malicious code (includes virus, trojans, worms) intended to cause an adverse impact on an organisation or individuals computer system

man in the middle (MiTM) attack

a program successfully interposing itself between a client (usually user’s computer or browser) and the server (website, network servers) to oversee, steal or modify the transmitted information 

Mobile Device Management

a type of software solution deployed to monitor, manage and secure mobile devices allowing central remote administration and management


network firewall

An access control system that controls incoming and outgoing traffic to/from a network

network security

a broad term covers the design, configuration and implementation of certain principles to protect confidentiality, integrity and accessibility of computers, networks and underlying data.


open source

A type of software that is listed as free for the user, share or modification

Discuss your concerns today


A process that involves management of managing updates to firmware or software to improve functionality and address security flaws


Short for penetration test. An authorised test of a computer network or system is designed to look for security weaknesses so that they can be fixed. Read our pen testing guide here.


A malicious technique used to redirect users trying to access legit resources towards an attacker-controlled website 

Fraudulent emails are targeted to encourage recipients to visit a fake website, run malicious programs sent as an attachment or perform actions (filling in forms, calls, transactions).

cyber security risk

PII (personally identifiable information)

any data that could potentially be used to identify an individual. For example, full name, date of birth, NI, Social Security Number, license number, bank account, password, passport, and email address.

proxy server

A server between a computer and the Internet is used to enhance security controls and provide service to multiple users behind a perimeter.


Quality of Service (QoS)

A performance measure that assesses the performance of hardware and software services delivered by a program or service provider under the terms of a contract 

query string

part of the URL where data is passed to a web application (server) and/or back-end database


race condition

condition of a program, software or system where the unintended outcome is due to dependency on the sequence or timing of other uncontrollable events. 


malicious software renders underlying systems or networks unusable until a ransom is paid. See what to do if your business is attacked by ransomware and whether you should pay the ransom?


something that causes an organisation not to meet its objectives

cyber risk


stealth malware that masks its existence under the legitimate resources required by the computer system to prevent its detection



a technique that utilises process isolation to increase security 


electronic or physical destruction methods to securely erase or remove data from memory

Security Information and Event Management (SIEM)

An application used to monitor, log, and analyse security events to support threat detection and incident response activities.

Security Operations Center (SOC)

A central department is responsible for identifying, analysing and responding to security incidents.

security incident

an event that indicates a breach of the security policy of an organisation that may include:

  • unauthorised access attempts to a system and data
  • unauthorised use of systems
  • changes to the system state
  • disruption or denial of service attacks 

software as a service (SaaS)

Describes a business model where consumers access centrally-hosted software applications over the Internet.

social engineering

An act of manipulating people to carry out specific actions to gain access to their sensitive information 


Phishing using SMS/ text messages sent to users prompting them for submitting sensitive information in multiple ways (visiting a website through a link, calling or QR codes)


A targeted form of phishing that is designed to look legitimate in order to gain unauthorised access to their system or prompt them to divulge information they have

SQL Injection (SQLi)

An attack tactic is used by threat actors to attack applications to enumerate information stored in the database. This attack is carried out from an internet user (unauthenticated or authenticated) perspective to exploit the weaknesses in the application code. 

SSL/TLS Certificate

A digital identity (small file) that cryptographically establishes an encrypted link between a web server and a user’s browser


A technique to encrypt data, hiding it within text or images for malicious intent.


threat assessment

An assessment is performed to identify and evaluate the credibility and seriousness of a potential security threat to an organisation. See more on attack surface assessment  

two-factor authentication (2FA) 

Using two different components to verify a user’s identity. This term is used interchangeably with multi-factor authentication (MFA). See how 2FA usage helps against cyber attacks


unauthorised access

access that violates the security policy of an organisation


usually, the first piece of information that makes part of online identity (an account on an email service provider, grocery store or elsewhere)

URL injection

URL injection, more commonly known as Unvalidated Redirects and Forwards in the cyber security world, is a technique where a threat actor injects input, causing the web application to redirect the user to the attacker controller website, making it a viable opportunity to carry out phishing scams or steal user credentials 



computer programs are a form of malware that is designed to infect legitimate programs or systems. Read fun facts about viruses and myths around malware.

VPN (Virtual Private Network)

An encrypted network is often created to allow secure connections for remote users, for example, in an organisation with offices in multiple locations.


A weakness, or flaw, in software, a system or a process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system. A vulnerability assessment is an exercise performed to identify and analyse vulnerabilities in a system.


water-holing (watering hole attacks)

a fake setup (website or multiple websites) designed to lure legitimate website visitors into exploiting their identity or prompt them to divulge sensitive information 


Highly targeted phishing attacks (masquerading as a legitimate email) are aimed at senior executives.



newly discovered vulnerabilities that are not yet patched by vendors and are known to hackers that can be exploited to gain unauthorised access

to zombie

a computer connected to the Internet that has been compromised by a threat actor, virus, or trojan horse program. These systems are unaware of their participation in large attack campaigns such as DDoS attacks in coordination with botnets, similar to zombie attacks in horror films.

Should you come across any popular terms that are helpful for readers, please feel free to contribute to your cyber security glossary. You can contact us here