Cyber terminology and definitions

Cybersecurity Definitions and Terminology

Have you noticed the topic of cyber security keeps coming around the water cooler at work? Have you been ignoring the company memos because it’s using words like Phishing, Worms, IP Address, Firewall and you have no idea what those words even mean? 

If you read “Phishing” and “Worms” and immediately thought about laying back on the edge of a dock somewhere …. Well then maybe this article is for you. 

It’s no secret that the “Threat Landscape” of cyber security risks is expanding. Unlike that pristine mental image of casting a line into the lake, understanding all of the nuances involved in the cyber industry can be a little more complicated. The first place to start is to understand some of the main terms used in the industry. After reading this article, you should be able to understand all those company memos … and it might be a good idea to go back through and make sure you are following their instructions. 


Advanced Persistent Threat  (APT)

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).


An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Antivirus software

A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.

Attack Surface  

The set of ways in which an adversary can enter a system and potentially cause damage.


A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”


An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.

Bring Your Own Device (BYOD)

Refers to a company security policy that allows for employees’ personal devices to be used in business. A BYOD policy sets limitations and restrictions on whether or not a personal phone or laptop can be connected over the corporate network.


A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.

Continuity of Operations Plan

A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.

Critical Infrastructure  

The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.


Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.


The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

Data Breach or Leak

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.


An audio or video clip that has been edited and manipulated to seem real or believable

Denial of Service  

An attack that prevents or impairs the authorized use of information system resources or services.

Distributed Denial of Service (DDoS)  

Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously.


An unauthorized user who attempts to or gains access to an information system.


A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

Industrial Control System

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

IP Address

An internet version of a home address for your computer, which is identified when it communicates over a network; For example, connecting to the internet (a network of networks).

Machine Learning And Evolution  

A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.

Malicious Code  

Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.


Software that compromises the operation of a system by performing an unauthorized function or process.


A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

Penetration Testing

Penetration testing is the process of identifying security gaps and issues in your IT infrastructure by emulating the tactics, techniques and procedures of a real world attacker. 

Learn More: What is Penetration Testing?



A digital form of social engineering to deceive individuals into providing sensitive information.


A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered.

Red Team  

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Red Team exercise  

An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.


Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

Offensive Cyber Security

Offensive Cyber Security is a proactive measure of “ethical hacking” to determine where your digital vulnerabilities are before any real threats occur.

Learn more about Offensive Cyber Security here.


Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Supply Chain Risk Management  

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

System Administration  

In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.

Threat Agent / Threat Actor

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Trojan horse  

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Virtual Private Network (VPN)

A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.


A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.


A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

Zero-Day Vulnerability

A Zero Day Vulnerability is an unknown flaw in either software or hardware that can be exploited by those with malicious intent. Learn more about Zero-Day Vulnerabilities here.



Looking for a definition that did not appear on this list? The National Initiative for Cybersecurity Careers and Studies (NICCS) provides a more exhaustive list which you can access here.

Are you interested in understanding how your business might be vulnerable to cyber attacks?
Book a free assessment with one of our certified experts now! Book a Free Assessment