Glossary index

Filter by topic

A

Access Control

Penetration testing

Access control is a security technique that helps organisations to control individual access to business data by authenticating users and sharing information on a ‘need to know’ basis. Organisations can use access control to differentiate types of users within a network based on their level of access, such as view only, edit, manage, and administrator privileges.

AD FS - Active Directory Federation Service

Penetration testing

Active Directory Federation Services (AD FS) is a software component developed by Microsoft which provides users with single sign-on access to systems and applications located across your organisation. AD FS can help streamline user management and improve your security posture by consolidating identity information from multiple sources into a single, central repository.

Administrative interface

Penetration testing

The administrative interface is the area of a system that allows administrators to manage your system. This interface enables admins to perform privileged activities such as managing users, groups, and permissions, as well as for configuring hardware and software. By definition, administration interfaces need robust security to prevent threat actors gaining control of the application and other parts of the network.

Adware

Cyber attacks social engineering

Adware is software is designed to display various pop-up advertisements on your computer or mobile device. It has the potential to become malicious and harm your device by slowing it down, hijacking your browser and installing viruses and/or spyware.

AEP - Advanced Endpoint Protection

Endpoint SOC/SIEM Scanning

Advanced Endpoint Protection (AEP) is a cyber security counter measure that uses machine learning and other threat intelligence to deploy anti-virus, anti-malware, and anti-spyware software. Threats are detected and blocked based on anomalous behaviour by the machine learning algorithm, which is trained to detect patterns in the log files and monitor the system for unusual activity.

AES - Advanced Encryption Standard

Penetration testing

Advanced Encryption Standard (AES) is a symmetric-key encryption standard developed by the U.S. National Institute of Standards and Technology (NIST), adopted by the U.S. government in 2001, and since then by commercial and private organisations around the world. AES is used in a wide variety of applications, including file and email encryption, as well as in the secure transport of data over networks.

AI - Artificial Intelligence

Cyber attacks Scanning SOC/SIEM

Artificial Intelligence (AI) is a field of study that deals with the theory and development of artificial intelligence and its application in the creation of machines and software that can exhibit intelligent behaviour. AI in cyber security will be an advanced form of machine learning that can train itself to act autonomously to identify and stop cyber threats resulting into a low-touch, high-impact security system.

Angler Phishing

Angler phishing is where fake social media accounts are set up which act under the pretense of customer support to extract personal information. Victims are lured in by being prompted to click a suspicious link that installs malware to your device.

Anti-malware software

Cyber attacks Scanning SOC/SIEM

Anti-malware software identifies, prevents and removes malicious software using a scanner. It can detect known malware by comparing suspicious files against a database of previously identified malware signatures. Additionally, behaviour based anti-malware software will check if a programme looks suspicious and flag it to the user even if it doesn't match a known virus. People are often confused about the terms anti-virus and anti-malware, but generally, the products are the same and anti-malware is simply a more recent term.

Anti-Virus

Endpoint Scanning

Originally produced to protect PCs from malicious software, anti-virus has evolved from using one dimensional signature virus recognition to a multifaceted approach seen today in sophisticated scanning software, which uses predictive analytics, machine learning and AI capabilities.

Anti-Virus software

Endpoint Scanning

Anti-virus software, also known as anti-malware, is a type of computer programme which was initially designed to identify, prevent and remove computer viruses. Modern anti-virus protects against a variety of malicious tools such as keyloggers, ransomware, rootkits, browser helper objects (BHOs) and trojans.

API - Application Programming Interface

Penetration testing

An Application Programming Interface (API) is the bridge between different software programmes which allows one piece of software to communicate and exchange data and functionality securely with other programmes. An API can take different forms, but generally it is a set of rules and procedures that provides access to specific functions within the software.

APT - Advanced Persistent Threat

Penetration testing

An advanced persistent threat (APT) is a targeted stealth attack where an attacker infiltrates a network slowly and methodically. Once hackers are inside the network, they can remain undetected for extended periods of time by mimicking the behaviour of authorised users to avoid detection. This is in contrast to other attacks where the perpetrators tend to get in and out as quickly as possible. APT is typically targeted at large enterprise or government organisations. However, smaller businesses with less robust security are often used as a stepping stone to gain access to higher-level targets.

Asset

Endpoint

An asset is any data, device or other component of an organisation's systems that contains sensitive data or can be used to access such information. Tangible assets include smartphones, laptops, tablets and PCs, which are often connected to company networks, making them a target for cyber criminals. Virtual assets include databases, fileservers, email servers and third party cloud storage systems.

Asset Profile

Endpoint

Assets define your attack surface, therefore it’s essential to understand how they could become targets. An Asset Profile is a tool which maps threats directly to your unique list of hardware and operating systems, making it simple to gather, prioritise and action threat intelligence data.

ATO - Account Takeover

Cyber attacks Social engineering

Account takeover attacks are a type of cybercrime where the attacker gains control of an account by stealing login credentials, guessing passwords, or using social engineering to persuade the victim into revealing their sign in information.

Attack surface

Cyber attacks

The attack surface refers to the various points of entry where an unauthorised user may enter or extract data from an environment. Keeping the attack surface as small as possible is a security best practice that can help protect your data and systems from a cyber attack.

B

Backdoor

Penetration testing

A backdoor is a weakness in a software programme usually as a result of poor coding practices. This creates a way in to a server or system that can be exploited by a threat actor. Backdoors can also be the result of poor configuration by the end user inadvertently creating an access point for hackers.

Baiting

Cyber attacks Social engineering

Baiting is a type of social engineering attack where scammers use a false pretence to lure a victim into a trap to either steal personal or business data, obtain financial information or introduce malware in your system.

Barrel phishing

Usually involves two emails where the first email is sent to gain the user’s trust that the email is from a reliable source. The follow up email contains a malicious link or attachment, with the goal of tricking the user into clicking the link or downloading the attachment as a result of trust gained from the initial email.

Barriers to entry

Cyber attacks Scanning

Barriers to entry in cyber security are the obstacles or hindrances put in place by a company that make it difficult to secure your business data and resources. Solving barriers to entry involves investing in cyber security training, ensuring that your organisation follows best practice for password security, and regularly updating your operating systems and software.

BCM - Business Continuity Management

Compliance

Business Continuity Management (BCM) is a proactive risk management technique that addresses threats that may disrupt your daily business activities. In case of a security threat or other unforeseen circumstances, business continuity management gives your organisation assurance that business activities and processes can continue with minimal disruption.

BCP - Business Continuity Planning

Compliance

Business continuity planning maintains operations, services and supply chain delivery during periods of disruption, such as downtime resulting from a data breach. A BCP allows companies to continue working, and should be updated periodically following any changes in the company’s infrastructure, technology, location or personnel.

BEC - Business Email Compromise

Cyber attacks Social engineering

Business Email Compromise (BEC) is a type of phishing scam where hackers use legitimate business email addresses, or close copies, to send fake emails to an internal finance department, requesting the transfer of funds to a fake account. This common attack is also used to steal data as part of a more in depth cyber attack. Techniques used for BEC include spoofing, phishing and malware.

Big data

SOC/SIEM Scanning

Big data is a term to describe the increasingly large quantities of complex data that businesses generate on a daily basis. Managing, analysing and getting insight from large volumes of data requires data analytics software, which can help to inform your cyber security strategy. Unfortunately, data is valuable to hackers too and handling large volumes of sensitive data can also mean that your business is at increased risk of attack.

Black box testing

Penetration testing

Black box testing is a type of penetration test that most closely simulates a real world hacking attempt. The pen tester will know very little, if anything, about the target other than from publicly available information. Black box testing relies solely on the pen tester discovering vulnerabilities in outwardly facing components, which means that they are unlikely to uncover any vulnerabilities or misconfigurations that may be present internally.

Blockchain

A blockchain is a growing list of records, called blocks, which are linked using cryptography. The blockchain technology that powers cryptocurrency enables the exchange of value between two parties, without the need for a third party, such as a bank. The records in the blockchain are permanent, anonymous, and difficult to alter. Blockchains can be viewed publicly or privately, but both types are regulated by the same mechanism. Individual users can access a personal blockchain through the use of software, such as wallets.

Blocklist

Cyber attacks

A blocklist is an access control mechanism that denies a list of items, such as email addresses, passwords, URLs, IP addresses or websites from being accessed. An example of a blocklist would be an email blocklist, that restricts emails being received from unknown or fraudulent email addresses, especially those that are known to be malicious.

Brute-force attacks

Cyber attacks

A brute-force attack involves the hacker trying various combinations of username and password in an attempt to gain access to a user account. The speed of modern computing means that thousands of combinations can be tried every second. By far the best way to secure user accounts against brute force attacks is to use strong unique passwords for every login.

BYOD - Bring Your Own Device

Compliance

Bring Your Own Device (BYOD) is used by many businesses to allow employees to access their corporate systems and online work environments using their personal smartphone, tablet, or PC. Every organisation which allows employees to use their own devices for work related activities is required to have a BYOD policy in place to maintain business security regarding the use of personal IT equipment.

C

Caching

Caching is the storing of data in temporary or permanent storage. The data can be retrieved later using a unique identifier, which is known as a cache key. The goal of caching is to reduce repetitive queries and improves efficiencies so that the data can be accessed faster.

CAPTCHA

CAPTCHAs or reCAPTCHAs, are a type of challenge-response test that is used to determine whether or not the user is a human. They are often used to protect websites from bots, as well as to protect the privacy of users on sites. CAPTCHAs can be helpful for website owners and users by providing an extra layer of security against bots and spam, which can lead to more authentic interactions between humans and website owners.

CASB - Cloud access security broker

Cloud access security brokers (CASB or ‘cas-bee’) are a type of software designed to protect cloud-based applications and data by controlling access to them. CASBs act as an intermediary between cloud applications and service users by providing security management features in the cloud.

CERT - Computer Emergency Response Team

A Computer Emergency Response Team (CERT) is a computer security incident response team that provides technical assistance to victims of cyber-crime, identifies and mitigates vulnerabilities, and improves cyber security within organisations through education and awareness.

Ciphertext

Ciphertext is text that is rendered unreadable by encryption using a cipher. The cipher converts the plaintext into a secret message. After encryption, the message can only be read by the intended recipients using a decryption key.

CIS Controls

Compliance Penetration testing

The CIS Controls (formerly known as Critical Security Controls) are a recommended set of safeguards for cyber defence that provide specific and actionable ways to stop attacks against systems and networks. The current version, Release 8, contains 18 controls that can be implemented alone or in combination to protect your systems and data. The controls are organised by activities such as data protection, account management, penetration testing and malware defences.

CISO - Chief Information Security Officer

Compliance

The Chief Information Security Officer (or CISO) is responsible for company information and data security. The CISO ensures that an information security plan is developed and implemented, and that security policies are being followed by employees and clients to protect company data from cyber threats and maintain security compliance across all systems and processes.

Clickjacking

Cyber attacks

Clickjacking is when a user clicks on an invisible or disguised button or page element on a website that results in a malicious software download or other cyber attack designed by the hacker. Clickjacking sometimes involves placing an image over the top of a hidden element and then disguising the image as a page link that doesn't open.

Clone phishing

Social engineering

Cloning is a type of phishing attack where the hacker creates a copy of a legitimate, previously delivered email which is sent from a fake address. It will appear to be from the original user, but the sender address will contains typos and other slight variations which give it away as being fake.

Cloud computing

Cloud computing is a model for delivering on-demand and remote access to computing services, including networks, servers, storage, software and applications. By hosting files and services over the internet, rather than on local hardware devices, cloud computing allows greater flexibility, scalability, speed and efficiency for users and businesses.

Cloud penetration testing

Penetration testing

Cloud penetration testing is an effective method for assessing security within cloud infrastructure. With many organisations migrating to cloud technology, hackers have new opportunities to carry out cyber attacks in this remote environment, such as exploiting insecure APIs. Cloud pen testing addresses known vulnerabilities and available information from cloud service providers to understand how to implement secure cloud configurations for individual businesses.

Cloud security

Penetration testing

Cloud security is all the technology and processes put in place to protect cloud computing environments, applications and data hosted in the cloud. Understanding the full scope of your cloud infrastructure and potential weaknesses, including weak credentials, insecure APIs, and outdated software, is key to keeping your cloud environment secured.

CME - CrackMapExec

Penetration testing

CrackMapExec (CME) is an open-source, post-exploitation tool designed to help penetration testers assess the security of large active directory networks. Because of the nature of the tool, CrackMapExec could be used for nefarious purposes or lead to accidental data loss if not used correctly.

CoC - Code of Conduct

Compliance

A code of conduct is a set of principles, standards, and moral and ethical expectations that employees and third parties are held to as they interact with the organisation. Codes of conduct help ensure that all of your employees are working in a safe and healthy environment. In addition to being a legal requirement in many countries, codes of conduct are also important for retaining and attracting top talent.

Container security

Compliance

Container security is the implementation of security tools, procedures and best practices put in place to ensure all containers are running as expected and remain protected from cyber threats and vulnerabilities.

Continuous monitoring

Scanning

Continuous monitoring is a software-based approach to cyber security providing continuous protection against new and emerging threats, and faster detection of threats in the network. Continuous monitoring scans your network for any vulnerabilities, identifies changes in your environment, and then takes action based on those findings.

CORS - Cross-Origin Resource Sharing

Cyber attacks

Cross-Origin Resource Sharing (CORS) is a mechanism that allows resources to be requested from another domain outside of the one where the resource originated. CORS is a browser API that allows for cross-domain requests to be made. It has two parts: an API for making cross-domain requests and an API for handling responses from those requests.

Credential stuffing

Cyber attacks

Credential stuffing is a cyber attack where hackers will use stolen credentials, often obtained from a data breach or on the dark web, in an attempt to gain authorised access to user accounts. Credential stuffing is a common attack vector used by cybercriminals as many users reuse their passwords across multiple accounts. It differs from a brute-force attack as hackers will use compromised credentials to distinguish which users are using the same login usernames and passwords across multiple accounts.

CSRF - Cross-Site Request Forgery

Cyber attacks

Cross-site request forgery is a type of security vulnerability that allows attackers to send unauthorised requests to web applications. CSRF attacks are typically conducted through malicious links, advertisements, or JavaScript code that sends automated requests to the victim's web browser.

CVSS - Common Vulnerability Scoring System

Scanning

CVSS or Common Vulnerability Scoring System is a standardised way of uniquely defining, comparing and tracking cyber security threats and the associated risks. CVSS leverages automated processes to collect data from public resources such as security websites and active threat intelligence feeds in order to provide a clear picture of the threat landscape.

Cyber security incident

Cyber attacks

A cyber security incident is when a person or party breaches a system's security policy to affect the integrity or availability of data. The unauthorised access or attempted access to a system, can open up the possibility of sensitive data being stolen, systems being taken over, or ransomware being installed on a machine.

Cyber espionage

Cyber attacks

Cyber espionage is one of the most dangerous threats that organisations face. Cyber espionage can result in financial loss, reputational damage and loss of business through data and IP theft, stolen trade secrets, or other confidential business information, such as financial records from within company computer systems.

Cyber Essentials Plus

Compliance

Cyber Essentials Plus is an independently verified on-site assessment of the five Cyber Essentials technical controls. Assessors will seek to understand whether your current security controls are in scope and working correctly. Cyber Essentials Plus can only be obtained within 3 months of your last Cyber Essentials assessment but will hold greater significance with customers and partners, than simply having a Cyber Essentials certification.

Cyber kill chain

Penetration testing

The cyber kill chain is a 7-step process that forms the basis of a cyber attack. By understanding the aims, strategies and technologies used at each stage of an attack, security defences and penetration testers can use the same principles as threat actors to counteract and manage the cyber kill chain.

Cyber security

Cyber attacks

Cyber security, computer security or IT security is the protection of computers, servers, applications, mobile devices, networks, cloud and other online resources, from malicious attacks. Cyber security works to prevent unauthorised access, disclosure, theft or damage to information, hardware, or software, or the services that these help provide.

Cyber security threats

Cyber attacks

A cyber threat, or cyber security threat, is a malicious act that threatens to steal, share or compromise sensitive data, or to breach a computer network and disrupt its services or technology. Cyber security threats can occur as a result of an attempted cyber attack or data breach, and consist of a variety of attack vectors, including phishing, malware, and denial of service (DoS) attacks.

C-SCRM - Cyber Supply Chain Risk Management

Compliance Cyber attacks

Cyber supply chain risk management (C-SCRM) is an organised approach to proactively address potential cyber security threats that can impact your supply chain and IT operations. This helps you to lower the potential impact of supply chain disruptions, while also maintaining product availability and protecting your brand reputation.

D

Dark web monitoring

Scanning

Dark web monitoring is the process of searching for, and tracking, your organisation's information on the dark web. These tools allow you to search across dark web marketplaces and Tor hidden services. If your organisation's information is found on these sites, dark web monitoring tools can provide intelligence on who is using the information, how it is being used, and the best way to take action.

Data breach

Cyber attacks

A data breach occurs when data is exposed, altered or destroyed, typically by threat actors, as the result of a successful hacking attempt. Sometimes data might be compromised accidentally from within a business or as a consequence of poor security, without the knowledge or unauthorisation from the systems owner.

Data integrity

Compliance

Data integrity refers to the accuracy, completeness, consistency and validity of data. By ensuring that your data is free of errors and uncorrupted by unauthorised users, organisations can guarantee that data in their database is reliable and accurate. Data integrity is also essential to comply with the GDPR.

Data mining 

Data mining is a process that extracts useful information from large amounts of data in a wide range of application used for predictive modelling and decision making. Data mining analyses and extracts patterns from data, and used in cyber security as an early-warning system for fraud detection and to find security holes in networks.

Digital forensics

Scanning

Digital forensics is a branch of forensic science that analyses digital media to detect, prevent, and responded to cyber attacks. It encompasses the legal process of gathering and examining evidence in a cyber investigation. By providing a well-defined process for analysing data, digital forensics can be used to ensure that traceability, integrity, and credibility of evidence is maintained throughout the analytical process. Digital forensics can also be used to detect malware and viruses on devices, uncover deleted files, and search for crucial pieces of evidence as part of an investigation.

DMZ - Demilitarized zone

Penetration testing

In cyber security, a demilitarized zone (DMZ), also known as a network perimeter, is a security barrier that restricts untrusted traffic from entering your private network. The goal of a DMZ is to allow businesses to access untrusted networks, such as the internet, while safeguarding their private and local area networks. If a hacker were to successfully breach an organisation’s network, they would only compromise the DMZ perimeter, and not the main network it is shielding. A DMZ is considered more secure than a firewall.

DNS - Domain Name System

The Domain Name System (DNS) is a directory of IP addresses that connect computers and other networked devices to the websites they want to reach. Considered the internet’s telephone directory, a DNS server will help users connect to websites by mapping hostnames, such as www.defense.com, to its correct IP addresses. Without a DNS or search engines, users would need to manually type in an IP address to access a website. DNS servers are a fundamental part of the internet, and this globally distributed system of servers is responsible for connecting millions of users across the world.

DPO - Data protection officer

Data Protection Officers (DPOs) are responsible for the protection of personal data. And are usually found in multinational companies and organisations that handle large amounts of personal data. The role of a DPO is to ensure that the company complies with all data protection laws. They do this by monitoring compliance, advising on data protection, carrying out audits and investigations, and providing training to staff. DPO responsibilities includes monitoring compliance, advising on privacy, carrying out audits and investigations, and providing training to staff.

E

EAP - Extensible Authentication Protocol

EAP is a protocol that allows an authenticator to verify the credentials of a supplicant in an automated fashion by using multiple authentication methods. It is used to permit the mutual authentication of the client and the server, while dynamically selecting and using one of many possible authentication mechanisms. EAP differs from other authentication protocols in that it requires its own round trip, as both sides must agree on the authentication mechanism being used, so no unauthorized person can hijack the connection.

EDR - Endpoint Detection & Response

Endpoint detection and response (EDR) is a security technology that manages risk by providing visibility on activity through monitoring all traffic in and out of endpoint devices. The goal of endpoint detection and response is to identify potential threats as soon as possible, react quickly, and stop the attack before it can cause any damage by sending alerts to administrators to control malware, ransomware, or other cyber threats.

Email phishing

The most common form of phishing is via email. Threat actors will pose as an authority figure, like a senior-level employee, and trick their targets into revealing sensitive information by clicking on a suspicious link or downloading a malicious attachment.

Endpoint Protection

Endpoint protection, previously known as anti-virus software, is a fundamental cyber security control for endpoints such as laptops, desktops and BYOD devices used in businesses. Modern endpoint protection systems often go beyond simple anti-virus and include advanced security features, as well as integrating with other solutions such as SIEM.

EPP - Endpoint protection platforms

An endpoint protection platform (EPP) is a comprehensive security solution deployed on endpoint devices to protect against threats. An EPP solution combines the power of next-generation protection technologies with deep visibility into endpoints and the threat landscape.

Error log

SOC/SIEM

An error log is a record of all critical errors a server or operating system has detected when active. Error logs can be very helpful when troubleshooting issues, because they provide specific details about the nature of the problem and the exact location where it occurred.

Ethical hacking

Penetration testing

Ethical hacking also known as white hat hacking, is a cyber security practice which consists of authorising a certified security specialist to investigate IT systems to find weaknesses and security flaws before they are exploited. Additionally, ethical hacking also entails finding previously disclosed security vulnerabilities and identifying looming threats.

F

Fileless malware attack

A fileless malware attack does not require a file to be downloaded, as the threat is signature-less and leaves no digital footprint, it can't be detected by traditional antivirus. It works by taking advantage of known software vulnerabilities and is written directly into the RAM or system's memory.

FIM - File integrity monitoring

File integrity monitoring detects changes in files and compares them against the original file to check for unauthorised changes. File integrity monitoring helps enterprises protect their data from accidental or malicious modifications. It also helps enterprises maintain the integrity of their data by preventing loss or corruption due to file changes.

H

Hacktivism

Hacktivism (hacking + activism) or cyber-campaigning is where online activists, or hacktivists, use technology to expose, challenge and fix problems related to human rights, freedom of information, animal rights or the environment. The motive of hacktivism is not always for financial gain but rather to support a social, political, or religious cause. The term is often used interchangeably with digital activism or cyber-campaigning.

Hash

Cyber attacks

A ‘hash’ is a unique string of letters and numbers generated by a computer programme and is used to protect sensitive data such as passwords online.

Honeypots

Cyber attacks

Honeypots are a decoy computer system or server that are set up to snare hackers into believing they are a legitimate target. Honeypots are built deliberately with vulnerabilities to lure hackers into attacking them, so security teams can collate intelligence on how cybercriminals operate, from their methods of attack to the type of attacks they deploy.

I

ICO - Information Commissioner's Office

Compliance

The Information Commissioner's Office (ICO) is the UK's independent data protection regulator, responsible for upholding the information rights in the public interest. The ICO is tasked with investigating data breaches and complaints, ensuring businesses comply with data protection principles, and guiding individuals and organisations by promoting good information governance.

Incident response

Cyber attacks

A cyber incident response is how a business detects, analyses, responds and recovers from a cyber attack. The details of each of these steps will depend on the nature of the attack and of the affected systems. Effective cyber incident response relies on pre-prepared and tested plans that set out what needs to be done in a variety of situations in order to limit damage and expedite recovery.

Information security

Information security, or infosec, protects information by discovering, quantifying, assessing and mitigating risks to corporate data. It differs from cyber security in that the primary concern is protecting the confidentiality, integrity and availability of data. In cyber security, the primary concern is protecting unauthorised (electronic) access to the data.

ISMS - Information Security Management System

Compliance

ISMS stands for Information Security Management System and is the core component of ISO 27001. It’s the framework that outlines all security risks and your controls for them. It covers people, processes and technology and typically encompasses your entire organisation, securing your corporate information asset's confidentiality, integrity, and availability (CIA).

ISO 27001

Compliance

ISO 27001 is the leading international standard on how to manage information security and outlines the requirements for implementing an information security management system (ISMS). By achieving ISO 27001 certification, your organisation demonstrates a commitment to information security, enriches your security culture, and helps to reduce the impact of a data breach.

K

Keylogger

Cyber attacks

Keyloggers are software programmes that capture and send information about a person’s keystrokes to third parties. They can be used to steal passwords, credit card numbers, and other personal data. Key logging software is installed without the user knowing through email attachments or malware downloads.

L

Log files

SOC/SIEM

Log files contain information about the requests made to your website including the IP address of the visitor, the URL they requested, the status code, and how long it took for the server to respond. You can use log files to debug code and to analyse and uncover cyber attacks. In the event of a breach, log files provide an important source of information on the number and types of requests made.

Log monitoring

SOC/SIEM

Log monitoring is the process by which an organisation can collect and observe log data from various sources in order to detect malicious activity and take remedial action.

Log4J

SOC/SIEM

Apache Log4J is an open-source logging library in Java, developed by Apache Software Foundation, that allows developers to monitor activity in their software and applications. Log4J is ubiquitous and is used in many systems and tools every day. It will generate logs for system administrators and DevOps that exposes errors or faults that would not otherwise be detected by an application.

Logic bomb

Cyber attacks

A logic bomb is a string of malicious code that is preinserted into a network, operating system or application. The logic bomb is activated when certain conditions are met and can harm systems by deleting files, corrupting data, or erasing hard drives. The string of malicious code may be time/date sensitive (a time bomb) or deploy as a payload within a malware programme under a particular set of circumstances.

M

Malware

Cyber attacks

Malware (malicious software) is a catch-all term to describe software that has been designed for harming or destroying computer systems. Malware by definition includes a wide range of programmes with a variety of functions, all of which have the ability to compromise IT infrastructure. Preventing hackers from planting malware on your machine is the primary goal of many security technologies.

Managed SIEM/Outsourced SIEM

SOC/SIEM

Managed SIEM (Security Information and Event Management) is an outsourced alternative to setting up and deploying a SIEM solution within a company infrastructure. Managed SIEM is hosted by the provider on their servers, which are configured with the organisation's network activity and log data to create and manage alerts using an external team of security professionals.

MDR - Managed Detection & Response

Endpoint Scanning

Managed detection and response (MDR) is an outsourced solution that combines endpoint and extended detection and response to detect, analyse and respond to threats in real time. MDR provides an advanced layer of protection by analysing security events, correlating data from multiple sources, and detecting new threats.

MFA - Multi Factor Authentication

Compliance Penetration testing Social engineering

Multi-factor authentication (MFA) is a login process by which the user establishes their identity via multiple sources using passwords, physical devices, and biometric data to confirm their credentials. MFA uses various login methods such as one time passwords, PIN numbers, biometrics, security questions and authentication apps following the principles of something which is known (a password), something which the user has (for example, a mobile phone), and something which the user is (like a fingerprint).

MITM - Man in the middle attacks

Cyber attacks

A man-in-the-middle attack (MITM) occurs when a threat actor positions themselves between a user and an application, to eavesdrop or intercept communication, or to impersonate a legitimate participant. The result of a MITM attack includes stealing personal information, such as login credentials and/or payment card details.

N

Network security

Penetration testing Scanning

Network security ensures that no unauthorised users have access to the network, using cutting-edge machine learning systems such as IDS to detect unusual traffic and send alerts about threats in real-time. Typical network security measures include using strong up-to-date encryption standards, firewalls (including web application firewalls), and ensuring patching on network firmware and devices such as switches and routers is up to date.

NIDS - Network Intrusion Detection Systems

Penetration testing Scanning

A Network-Based Intrusion Detection System (NIDS) monitors network traffic patterns to detect suspicious activity. Sensors are placed at strategic check points, such as the DMZ or behind a firewall analysing each individual packet (inbound and outbound) for malicious activity. It is crucial to consider where the sensors are placed to optimize visibility. A single sensor can monitor several hosts, but multiple NIDS might be required depending on the amount of traffic travelling to and from network devices. If abnormal traffic is found, the NIDS will send an alert to the administrator to investigate. Abnormal behaviour could include network-level Denial of Service attacks, port scanning, or a sharp increase in network traffic.

NIST framework

Compliance

The National Institute of Standards and Technology (NIST) cyber security Framework is a set of voluntary but critical practices for reducing cyber risks that can be implemented by both public and private sector organisations. It provides a common language for Cyber security and outlines an approach to help protect the confidentiality, integrity, and availability of information systems.

NOC - Network Operations Centre

SOC/SIEM

Network Operations Centres (NOC) are facilities that monitor, control, and manage computer networks. They serve as your first line of defence against network disruptions and failures. A NOC is the central point of contact for network operators, who can use them to remotely diagnose and troubleshoot network problems. In cases of emergency or disaster recovery, a NOC provides round-the-clock remote monitoring and maintenance for data networks.

O

OSINT - Open Source Intelligence

Penetration testing

Open Source Intelligence (OSINT) is the process of gathering information from publicly available sources such as the surface web or deep web to build profiles of individuals or companies for the purposes of penetration testing. It can however, also be used by threat actors due to the accessibility of the information.

P

Packet sniffing

Cyber attacks

Packet sniffing is the process of capturing and analysing data packets that are transmitted over a network. Packet sniffers are used for a variety of purposes, including network troubleshooting, intrusion detection, and data extraction. Packet sniffing can also be used by hackers to take advantage of missing security protocols in web page headers.

PCI DSS compliance

Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a global standard which was created to guide organisations that are storing, processing or transmitting credit card payments on how to protect payment card data. The standard mandates businesses that wish to accept card payments to undertake an annual PCI DSS audit of the security measures in place protecting sensitive data.

Penetration testing tools

Penetration testing

Penetration testers use a combination of open source tools and licenced software to support security testing. These include, port scanners to analyse traffic sources, web app and network scanners for automated vulnerability scanning, packet sniffers used to track web traffic, and proxy tools that can intercept requests flowing between the client side browser and the internet.

Penetration testing

Penetration testing

A penetration test, also known as a pen test or ethical hacking, is an agreed upon security exercise whereby certified security professionals assume the role of a hacker and attempt to methodically breach systems in-line with an agreed scope. At the end of the exercise, a full report outlines every security weakness uncovered so you know what to fix to strengthen your security posture. Penetration tests should be conducted at least annually.

Phishing

Cyber attacks Social engineering

Phishing is a type of social engineering attack where a threat actor uses deception in an attempt to manipulate the target via email. Their goal is usually to get them to click a link, open an attachment, or provide personal information under a pretence. Phishing is the most common cyber attack, usually targeting employees working within the finance and HR departments of an organisation.

PTaaS - Penetration Testing as a Service

Penetration testing

Penetration Testing as a Service (PTaaS) is a regular outsourced penetration test that provides a continuous cycle of testing and remediation for organisations to assess their security, and uncover any risks and security loopholes that could be exploited by hackers. PTaaS include a range of pen test types, such as infrastructure, network, cloud, and physical penetration testing.

R

RaaS - Ransomware as a Service

Cyber attacks

Ransomware as a Service (RaaS) is where cyber criminals lease out ransomware programmes on a subscription-based model to anyone looking for a way to make money online by extortion. Most RaaS programmes use crypto malware which encrypts data on a target's device.

Ransomware

Cyber attacks

Ransomware is a specific type of malware that encrypts system files so that authorised owners may not access them. Victims are blackmailed into paying a ransom to retrieve the decryption key. However, there is no guarantee that hackers will return lost files even if a ransom is paid. The prevalence of ransomware attacks highlights the importance of strong frontline security, and regular, offline backups.

Reconnaissance

Penetration testing

Reconnaissance (or recon) is the first stage in the ‘cyber kill chain’ for both hackers and penetration testers, where publicly available information is gathered to build a profile of the target. Defense.com's threat recon scan shows you this information, letting you know what your business looks like to a hacker, and helping you secure it against attacks.

Red Teaming

Penetration testing

Red team testing is a mix of penetration testing, social engineering and physical intrusion. Testers will follow the same process as a standard penetration test in order to compromise data, but will also see if they can exploit physical technological flaws to gain access to buildings and data centres. Red team testing will often involve attempting to gain entry to the target premises, requiring pen testers to impersonate authorised employees, site staff or official visitors. As a result, red team testing can provide businesses with key insights into site security and employee awareness to inform staff training and the implementation of further security measures.

Risk assessment

Scanning

Risk assessment is the process of identifying, quantifying, and prioritising cyber security risks, to understand the most significant vulnerabilities in an organisation's IT infrastructure, and rank them based on their likelihood of exploitation. A cyber security risk assessment helps an organisation understand potential threats to its information technology infrastructure and can be carried out internally or by a third party.

Risk management

Scanning

Risk management in cyber security involves identifying and analysing potential threats and vulnerabilities, the likely consequences of these threats occurring, and their potential impact. Once these factors have been determined, a threat can be prioritised based on its severity and likelihood of occurrence. An organisation can then develop action plans for how to respond to potential threats, as well as implement preventative measures to mitigate these risks.

Rootkits

Cyber attacks

A Rootkit is a malware programme that allows attackers to gain administrative access to computers, giving them the ability to change or steal data. A Rootkit is a type of IoT device that allows an attacker to control another device remotely. Rootkits can be installed on almost any device with a hard drive including laptops, desktops, and even servers.

Runbooks

SOC/SIEM

Runbooks determine what happens in any given security situation. In the case of an MDR service, your security partner will have established proven runbooks that outline prudent and effective steps to isolate, contain, eradicate and recover from any potential security incident.

S

SaaS - Software as a Service

Endpoint Penetration testing SOC/SIEM Scanning

Software as a Service (SaaS) is used to describe a software product that is hosted by a third party provider over a remote server. SaaS can significantly reduce IT costs and increase flexibility and scalability without any downtime or interruption of services. Software as a Service can also minimise the risk of data loss, although it is both the responsibility of the company and the vendor to ensure that data is kept secure.

Scareware

Cyber attacks

Scareware or scamware aims to scare you into downloading or buying fake anti-virus software, or visiting websites that try and force you to download/buy malware.

Security Awareness Training

Security awareness training programmes are a crucial part of an organisation’s security strategy, as they provide employees with the know-how to identify and avoid cyber threats. The goal of these programmes is to make sure that employees are aware of potential security risks and how they can protect themselves from them, typically covering how to identify phishing emails and spot malware, and what actions to take if they suspect a security breach.

Security posture

Cyber attacks

Security posture refers to an organisation's overall cyber security resilience against attacks. A business’s ability to detect and react to security events, and the controls and processes it has in place to protect it from threats will determine the strength of its security posture. Security posture includes information security, penetration testing, vulnerability scanning, endpoint protection, network security, cyber security awareness training, vendor risk management and compliance.

SIEM - Security Information and Event Management

SOC/SIEM

SIEM stands for Security Information and Event Management, and uses logs from your IT systems to detect suspicious behaviour and vulnerabilities. Once a security threat or event is spotted, an alert is raised to signal that remediation is required. SIEM is a powerful cyber defence tool when implemented correctly, but it can be costly to procure, configure and manage to get value from your initial investment, without expert support.

Smishing

Cyber attacks Social engineering

Smishing (SMS + phishing) is when a hacker sends a phishing message via text to the target’s smartphone to trick them into giving away valuable information such as bank details and login credentials. Like phishing, smishing uses a sense of urgency to encourage users to take action when they are likely to be distracted by other notifications on their phone and in their environment.

SOC

SOC/SIEM

A SOC (Security Operations Centre) is a centralised hub that deals with all security-related activity within an organisation, either staffed internally or outsourced to an external security provider (see also, SOCaaS). SOCs provide businesses with a centralised point to monitor and respond to any potential cyber incidents, responding to security alerts collected by SIEM security software.

SOCaaS - SOC as a Service

SOC/SIEM

SOC as a Service (SOCaaS) is a security operations centre that is outsourced and run by an external team on behalf of an organisation to monitor security, provide specific security services tailored to the needs of the business, provide 24/7 security monitoring and contain threats. It is also sometimes referred to as ‘outsourced’ or ‘managed’ SOC.

Social engineering

Cyber attacks Social engineering

Social engineering is a cyber attack which involves manipulating people into performing actions or revealing confidential information which can compromise security and lead to a data breach. Social engineering can be carried out by email, phone or in person and works by creating a sense of urgency or obligation which the target mistakes for genuine communication.

Spam

Cyber attacks Social engineering

Spam email is a type of unsolicited email that is typically sent in bulk and is usually unwanted, uninteresting, or deceptive. Spam email can also be used to steal personal information or infect computers with malware, which can happen when people open malicious attachments or click on links in spam emails without knowing what they lead to. They may also contain links, hidden images, and scripts that can be used to steal personal information from the recipient's computer such as passwords and credit card numbers.

Spear phishing

Cyber attacks Social engineering

Spear phishing is a type of phishing attack that involves the use of highly targeted email to try and trick an individual into revealing personal details or clicking on a link that takes them to a fake website.

Spoofing attacks

Cyber attacks Social engineering

Spoofing generally refers to hackers faking identities across the web through a variety of means such as using fake emails, phone numbers, and websites. Spoofing can also refer to IP address spoofing (to disguise location), address resolution protocol (ARP) spoofing (to intercept data) and DNS spoofing (to redirect users to a fake website).

Spyware

Cyber attacks

Spyware is a software that is installed on a device without the user's consent. It gathers information about the user and sends it to third parties without their knowledge. There are several types of spyware, but they usually fall into four categories: keyloggers, screen capturing tools, web beacons and cookies.

SQL injection attacks

Cyber attacks

SQL injection (SQLi) is a type of attack that exploits a security vulnerability in the database layer of an application. An SQL injection attack occurs when a bad actor injects malicious SQL code into an application in order to view, control or extract information from a database. They do this by inserting their own code into the affected web page, which is then interpreted by the web server as it passes through to be processed by the backend database.

T

Tailgating

Cyber attacks Social engineering

Tailgating is a type of social engineering attack with the goal of gaining access to a secured physical location. Threat actors may manipulate social conventions to achieve these aims, such as pretending to be someone waiting patiently for a door to open, pretending to have lost an RFID pass, or posing as maintenance staff or other visiting official to be let into the building.

Threat actor

Cyber attacks

Threat actor is a handy generic term for a hacker, cyber criminal or other person who tries to attack your business’ cyber defences.

Threat intelligence

Scanning

Threat intelligence is information that a company will use to identify and understand cyber risks that are currently affecting their organisation or pose future risk. Threat intelligence feeds are usually configured to present data from many different aspects of a business’ infrastructure, in order to detect and prevent cyber attacks before they happen.

Threat recon

Threat Recon is a scanning tool which will check your web domain(s) and instantly see areas of your external attack profile that could become threats. This hidden threat data enables you to act on any cyber risks before they are exploited.

Two-Factor Authentication - 2FA

Compliance Penetration testing Social engineering

Two-Factor Authentication (2FA) confirms login credentials using two verification methods. Most commonly these are the user password backed up by a PIN number sent to a personal device. As well as using a physical token, two-factor authentication methods can use a security question, authentication apps, such as Google authenticator, and biometric data to confirm user identity. (see also, MFA)

Typosquatting

Cyber attacks Social engineering

Typosquatting is where threat actors will register a domain name very similar to a legitimate website, in an attempt to trick people who accidentally misspell domain names when browsing the web. These trick websites can host malware, drive-by attacks, or emulate a legitimate website in order to gather people's login credentials, and are often used as a part of a wider phishing campaign.

V

VA scans - Vulnerability scanning 

Vulnerability assessments (commonly called VA scans) use automated security scanning software that provide visibility into security loopholes and technical security flaws. They work by methodically scanning applications and infrastructure for known weaknesses (the CVE database) and create alerts based on their findings. VA scans are a cost effective and efficient method of staying on top of your threat landscape in between scoped penetration tests.

vCISO - Virtual CISO

Compliance

A virtual Chief Information Security Officer, or vCISO, helps organisations develop, manage, and often implement an information security programme. A vCISO is an outsourced role and a popular option for SMEs that don’t have the budget to hire a full-time CISO internally.

W

WannaCry

Cyber attacks

WannaCry was a global ransomware attack that took place in May 2017 and targeted a security flaw, EternalBlue, in Windows machines. By leveraging EternalBlue, WannaCry was able to successfully attack any devices that were left unpatched against the vulnerability.

Whaling

Cyber attacks Social engineering

Whaling is when authoritative individuals such as a CEO or senior-level employees, are targeted with personalised messages based on data gathered from Facebook, LinkedIn, or other public websites. The purpose of whaling is to steal money or elicit sensitive information, such as credentials or personal information, that may give threat actors access to business accounts or access to unauthorised data.

Whitelisting

Whitelisting is a technique that identifies and allows only specific programmes to run on a system. This can be done by specifying the applications in a list, or by specifying the security zone in which they are allowed to operate. A whitelist tells the computer that any programme on the list is allowed to run, while a blacklist tells it that programmes listed are not allowed to run. (see also, Blacklist)

Wi-Fi

Wi-Fi uses wireless networks to connect internet enabled devices to the internet, and to each other, using radio waves. Devices within the hotspot area near the router can pick up Wi-Fi signals and connect to the internet without the use of cables. This is especially useful for accessing the internet in public places, although it does present its own set of security challenges, such as the risk of exposure to rogue Wi-Fi hotspots, or intercepted data.

Wireless penetration testing

Penetration Testing

A wireless network penetration test is a comprehensive security review where a qualified pen tester takes on the role of a hacker. They’ll attempt to uncover and exploit security vulnerabilities or misconfigurations specific to your wireless network. Wireless network penetration testing provides vital information on how to secure your app and, ultimately, helps keep your organisation secure online.

Z

Zero Day 

A zero-day (or 0-day) vulnerability is a technical security weakness in a product or service that is either undiscovered or as yet unfixed by the vendor. A zero day attack is where hackers exploit the vulnerability before the developer has patched the flaw, and a zero day exploit involves using the vulnerability to attack the whole system.

Zombies

A zombie is a computer that is connected to a network and that has been compromised by malware, such as a virus or Trojan so that it can infect multiple other machines linked to the same network. Zombie computers can be remote controlled by hackers making the origin of attacks by zombies difficult to trace. A zombie network is when multiple machines compromised by the same malware work together to bring down larger networks.