Glossary of Cyber Security Terms
Essential Vocabulary for Navigating the World of Cyber Security
A
Access Control
An essential security protocol that enforces the rule: resources should be accessible exclusively by authorized entities. This procedure preserves integrity, confidentiality, and availability in digital spaces.
Access Control List (ACL)
The ACL is a cybersecurity tool responsible for implementing access control on system resources. It's a curated roster of identities that have been granted the right to access certain resources.
Access Control Service
A robust barrier against unauthorized access to resources. This protective service uses ACLs and tickets as its principal mechanisms, ensuring secure user-resource interactions.
Access Management
A comprehensive approach towards managing account data through strategic administration, diligent maintenance, astute monitoring, and effective termination. Essential to maintaining cybersecurity hygiene.
Access Matrix
A strategic model for effective access control, with subjects arranged in rows, objects in columns, and privileges meticulously listed in the intersecting cells.
Account Harvesting
A methodical process of gathering valid account usernames within a system, a technique frequently used by malicious actors.
ACK Piggybacking
A savvy networking method wherein an ACK (Acknowledgement) is dispatched within another packet that shares the same destination, optimizing communication efficiency.
Active Content
Active Content refers to embedded code within the contents of a webpage that, upon access, is automatically downloaded and executed on the user's device, enhancing user experience and interactivity.
Activity Monitors
A potent suite of tools that focus on defending against virus infections by keenly observing and countering malicious system activities.
Address Resolution Protocol (ARP)
A fundamental protocol responsible for correlating an Internet Protocol address with a physical address acknowledged within a local network.
Adware
Adware is a class of software that, while a user is online, automatically displays or downloads advertising material, sometimes posing security risks.
Advanced Encryption Standard (AES)
A robust encryption standard endorsed by NIST, which outlines a public, symmetric encryption algorithm, employed for protecting data integrity and confidentiality.
Advanced Persistent Threat (APT)
APT refers to a covert threat agent, often a state or state-sponsored group, which gains unauthorized network access and operates undetected for a significant duration.
Algorithm
A finite, well-ordered set of instructions engineered for solving computational problems or conducting specific procedures.
Anti-Malware
A category of protective software purposed to prevent, detect, and eliminate harmful software on IT systems, as well as individual computing devices.
Anonymization
A privacy-centric process that eliminates personally identifiable data from datasets, ensuring the individuals described by the data remain unknown.
Antivirus Software
Programs engineered to prevent, search for, detect, and eradicate software viruses and malicious software such as worms, trojans, adware, and more.
API Security
API Security comprises protective measures for APIs against threats and attacks. This domain includes the technologies, policies, and procedures designed to fortify API ecosystems.
Applet
Miniature Java applications that leverage a client's web browser to present a user-friendly interface, augmenting user engagement and experience.
ARPANET
A pioneering packet-switched network and the predecessor to the contemporary Internet, instrumental in shaping the digital world.
Asymmetric Cryptography
A cryptographic method that employs a key pair - one public, one private - for separate algorithmic phases, often used in secure communication protocols.
Asymmetric Warfare
A strategic warfare tactic wherein a minimal investment, when strategically applied, can yield significant results, often used metaphorically in cybersecurity contexts.
Attack Surface
The sum total of all vulnerabilities in a given system or network that are exploitable by hackers, a key consideration in cybersecurity risk management.
Attack Vector
The method or pathway a hacker employs to gain unauthorized access to a computer or network server to deliver a malicious payload or effect.
Auditing
A systematic process of gathering information and analyzing assets for ensuring regulatory compliance and managing security risks effectively.
Authentication
A critical process involved in verifying the truthfulness of a claimed identity, a cornerstone of secure user interactions.
Authenticity
The genuineness and validity of the original information, a key consideration in preserving data integrity in cybersecurity.
Authorization
The formal process of granting approval or empowering an individual or system to perform a task, vital in maintaining secure operations.
Autonomous System
An interconnected network or a series of networks under consolidated administrative control, often termed a routing domain, identified by a globally unique number or ASN.
Availability
The assurance that the system remains accessible for business operations and users, a critical aspect of the triad of information security: Confidentiality, Integrity, and Availability (CIA).