Cyber Security Glossary of Terms

Cyber Security Glossary

Written March 2020

Charlie Gould

Sales & Marketing Apprentice

Share via:

The Complete Glossary of Cyber Security Terms Made Easy

Cyber security plays a key part of everybody’s day-to-day life. Whether a person is using a laptop, desktop computer, smart phone or tablet, information is being shared between people all the time. It is within our responsibility as avid consumers to understand the risks that come with sharing information online and understanding best practice in how to protect ourselves from cyber threats.

While the amount of information about cyber security terminology can be overwhelming, we have put together a complete glossary of the most popular cyber security terms to help you gain a better knowledge and understanding without getting lost in ‘tech jargon’.

Our guide defines and explains the key terms and phrases used in the world of cyber security. We understand how hard it is to keep up with all terms and definition, and for those who want to keep an accessible list with them, you can download our Cyber Security Glossary in PDF form.

Access Control
Access control is the authentication and authorisation of individuals to access certain folders and information. Organisations use access control to keep their data secured and ensuring only the correct users can see the correct information, preventing unauthorised users accessing data or information that they should not have access to. It is a fundamental concept in security that minimises risk to the business or organisation.
Advanced Persistent Threat (APT)
An advanced persistent threat (also known as an ‘APT’) is a long running process where an unauthorised individual or organisation gains access to a network and remains undetected for an extended period of time in order to steal, spy or disrupt an organisation. APT attacks are often synonymous with ‘nation state’ attacks, having malicious activity funded by a nation state for political gain.
Adware, otherwise known as advertisement software, is the term used for malware that pops up on computer screens in the form of advertisements. Files or programs downloaded online, which seem perfectly legitimate, can be bundled with adware without the user knowing.
Antivirus Software
Antivirus software is a computer program designed to detect and remove viruses, and other malicious software such as malware, adware and trojans.


Behavioural Based Analysis
Behavioural based analysis is a technique utilised by many types of security tools. Baselines of a system are created to generate a known image of ‘normal behaviour’. This baseline is then monitored against real time activity and scrutinised by the security tools’ AI engine to attempt to discover malicious activitys.
Blacklisting is a form of access control. Users, usernames or entities on a blacklist will be denied access to a specific system or network.
A bot (or robot) is an automated machine or software application used to carry out tasks. A bot can be used for malicious purposes by a hacker to gather financial data, passwords, log keystrokes or launch DDoS attacks.
Brute Force Attack
A brute force attack is a time-consuming cyberattack that involves mass guessing possible account details and passwords, often through using a bot. Depending on the strength, length and complexity of the password, this dictates how long the process will take to crack.
CISO (Chief Information Security Officer)
A Chief Information Security Officer, or CISO for short, is the individual responsible for an organisation’s information and cyber security. A CISO directs a team of cyber professionals to identify develop and maintain security and prevent the loss of crucial data or information.

Read more about Littlefish’s CISO-as-a-Service offering.

CISO-as-a-Service (CISOaaS)
CISO-as-a-Service, or CISOaaS, stands for Chief Information Security Officer as-a-Service. This is an outsourced service which offers the expert guidance and benefits of a dedicated in-house Chief Information Security Officer to an organisation without the financial cost of attracting and retaining a senior full-time employee.

Read more about Littlefish’s CISO-as-a-Service offering.

Critical Hour/ Golden Hour
The first hour following the detection of a successful cyberattack is known as the critical hour or the golden hour. These 60 minutes are crucial to rapidly containing and limiting the impact and damage of an attack.

Read more about Littlefish’s Critical Hour Framework service

Critical Hour Framework
In the first hour following a cyberattack, Littlefish employ an established cyber response process known as the Critical Hour Framework. This acts as the operational plan for incident response, clearly establishing responsibilities, processes and a chain of command. The Critical Hour Framework is tailored to an organisation’s security technologies and controls, acting as a crucial second line of defence. Having this framework in place enables an organisation to be completely prepared should their technical countermeasures be breached, so they can respond rapidly, in an effective and controlled manner – improving the containment timescale and reducing the impact and damage caused by a successful attack.

Read more about Littlefish’s Critical Hour Framework service.

Cross Site Scripting (XSS)
XSS (Cross-site scripting) is a cyberattack technique which takes advantage of insecurely coded web applications, allowing the execution of code within the website. Malicious actors can use this functionality to bypass access controls, giving them access to information.
A cyberattack is an attempt to gain unauthorised access to system services, resources, information, or an attempt to compromise system integrity.
Cyber Security Incident
A cyber security incident is a breach of security, for example unauthorised access to data or networks.


Cyber Security
Cyber security (also known as computer security, or IT security) is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data.

Read more about Littlefish’s Cyber Security services

Cyber Security Operations Centre (CSOC)
A Cyber Security Operations Centre (CSOC) is a specialised team of cyber security engineers employed to protect, detect and respond to cyber security threats and intruders facing an organisation 24/7/365.

Protect: Proactive intelligence gathering detects emerging threats earlier in the cyber-attack lifecycle, providing protection to an organisation before breaches occur.

Detect: Continuous monitoring & analysis in the context of an organisation’s specific risk profile and requirements, including emerging and future threats.

Respond: End-to-end investigation, incident ownership & stakeholder communications, using tried and tested processes in order to reduce breach impact and risk of attack proliferation.

Read more about Cyber Security Operations Centre service.

Data Security
Data security is the protection of digital data from destructive forces and the unwanted actions of unauthorised users.
Distributed Denial-of-Service (DDoS) Attack
A Distributed Denial-of-Service (DDoS) attack is a malicious attempt by hackers to shut down or disable a server, website or network resource. Hackers carry this out by overwhelming the bandwidth or resource of a targeted system(s) with a flood of internet traffic. These attacks often involve bots and can lead to the targeted resource or website crashing, making it unavailable for users.
Dumpster Diving
The act of physically accessing waste or garbage to attempt to discover valuable company information, such as log-in information left on waste paper or information that can be leveraged against a company. Organisations can deter against this by destroying or shredding all documents the contain personal or business information.
Exploit Kit
An exploit kit is an automated threat used by cyber criminals to attack vulnerabilities in systems and are often included within popular software packages. Exploit kits infect the computer with malware and are often received through an email or downloadable link. Exploit kits are silent and work stealthily in the background, leaving users unaware that an attack is taking place.
Form Grabber
A form grabber is a type of malware that captures log-in credentials, including usernames, email addresses and passwords, directly from a data form on a website.


Government Communications Headquarters (GCHQ)
Government Communications Headquarters, commonly known as GCHQ, is the UK’s intelligence, security and cyber agency. GCHQ is responsible for providing signals intelligence and information assurance to the government and armed forces, to keep the UK safe.
A hacker is an individual or group who aim to circumvent security and gain unauthorised access to computer systems or networks in order to access, steal, change or destroy data or information.
Hashing is a process carried out by cyber professionals to ensure a piece of data has not been tampered with. Hashing is done by creating a mathematical number algorithm to represent a piece of data. Hashing is often done twice to make sure the data is identical and keeps its integrity.
A honeypot is a security mechanism set up as a decoy to lure cyber criminals into a trap. The individual(s) or organisation can then study the hacker’s actions and behaviour using this evidence to prevent future attacks.
Intrusion Detection and Prevention System (IDPS)
An Intrusion Detection and Prevention System (IDPS) is term used to relate to a protective system attempting to detect malicious activity from both a behavioural and signature-based view. Most commonly, IDPS systems are used in line with network resources to analyse network traffic and discover malicious activity before reaching endpoints. Host based IDPS systems however are also available focusing on detecting behavioural anomalies on an endpoint.
Information Security
Information security is a set of practices companies or individuals use to protect data and information from being accessed, stolen, destroyed or deleted by unwanted parties.
Insider Threat
An insider threat is a security risk that originates from inside of the targeted organisation. This could be employees, contractors and former employees that know information about a company or still have access to company files and intend to harm the business.
Keylogging is a software program that logs and records the keystrokes made by a computer user. Cyber criminals use these logs to gain access to sensitive and confidential data such as log-in credentials, passwords and financial information. This data is often then sold to third parties for fraudulent use.
Kill Chain
The cyber kill chain is concept used by cyber security professionals in relation to incident response. Although multiple forms exist, this concept is regarded as a standard for the stages of a cyberattack.
Lateral Movement
A term used to describe the movement of a malicious actor. An example of this could be an person or entity looking to compromise additional accounts, allowing ‘lateral movement’ between accounts to gain further access to data or information.
Logic Bomb
A logic bomb is a scheduled attack that puts malicious code into a network or single computer at a specific time or date, or when an action is completed. For example, logic bombs may wait until a certain date to delete a certain document or wait for specific information to be inputted before acting.
National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) acts as the UK’s computer security incident response team and provides advice and support for public and private sector organisations in how to avoid computer security threats.
Network Security
Network security is the protection against a variety of cyber threats and company assets stored in the network against hacking, data misuse or unauthorised changes.
Passive attack
Passive attacks are stealthy cyber hacks, which allow the penetrator to eavesdrop or monitor a system in order to intercept messages or information without modification to the network. Passive attacks often take place without the organisation knowing an attack is taking place.
Password sniffing
Password sniffing is when a hostile piece of software is installed onto a host network in order to monitor traffic and pull out information. The program will detect passwords or log-in details passing through the system and add them to a database.
Penetration Testing
Penetration testing (often referred to as simply ‘pen testing’) involves a simulated real-world attack on a network, device, individual or organisation in order to see how far the ‘hacker’ can get before being detected or stopped. The test will highlight vulnerabilities which are discovered within the security infrastructure. Security professionals can then make recommendations on what the best steps are in order to strengthen these detected weaknesses.
Pharming is a form of online fraud which involves cyber criminals installing malicious code onto your computer or server. The code automatically re-directs a user to a fake website without their knowledge or consent in order steal personal information, such as payment card details or login credentials with the aim to complete identity fraud.
Phishing is a type of social engineering attack often used to steal user data and commonly takes place in emails and text messages. Phishing involves fraudsters sending users emails or texts that appear legitimate. A typical phishing email or text will contain malicious links for the user to click, which contain malware which is installed onto the user’s computer. The malware may penetrate the network and perform malicious attacks, often with the user unaware.

Read more about Littlefish’s User Education and Awareness services.

Probing refers to a group of techniques with the goal of discovering information that can be exploited at a later date through malicious activity. An example of this could be the scanning of open ports on a network device to discover a potential entry point.


Ransomware is a type of malicious software which hackers use to encrypt and block a device or network in order to extort a user or organisation. Normally the hacker(s) will provide a deadline for the user or organisation to settle the demanded sum of money or they will perform a malicious and unrecoverable action. A notable example of a ransomware attack would be the ‘WannaCry’ incident, highly publicised for the effect on the NHS ‘system one’.
Rainbow Table Attack
The aim of a Rainbow Table attack is to attempt to guess passwords stored in a hashed format by using a Rainbow Table lookup to match hash patterns to characters. Once reversed the malicious actor will be left with the unhashed user password, allowing unauthorised access to assets.
A sandbox is a malware analysis tool used by security professionals. These tools allow for the detonation of potentially malicious content within a ‘safe’ environment, allowing protective measures to be creating from the information procured.


Security Monitoring
Security monitoring is a real-time method used to monitor people and devices over a network. This is done through collecting and analysing data from a range of security systems to detect vulnerabilities and stay one step ahead of cyber threats.
Shoulder Surfing
A social engineering technique defined as physically monitoring user actions over their shoulder to attempt to retrieve confidential information.


SIEM (Security Information and Event Management)
Security Information and Event Management (SIEM) is software technology which supports threat detection, security incident management and compliance. The tool will analyse, log and event data in real-time to provide an organisation with threat monitoring, event correlation and incident response. This tool is the string to the bow for the Cyber Security Operation Centre (CSOC).

Read more about Littlefish’s Cyber Security Operations Centre service.

Signature Based Analysis
A detection method utilised by many security tools, most commonly antivirus software. Data is scanned and matched against a database of known malicious signatures, the security tool then alerts if a match is discovered.
Smishing is a form of phishing scam which involves SMS or text messages to a mobile phone or smart phone device, often containing a malicious URL or phone number.

Read more about Littlefish’s User Education and Awareness services.

Spear phishing
Spear phishing is a social engineering attack. A more direct version of phishing carried out by cyber criminals where they send out targeted and well-researched phishing emails to vulnerable users within an organisation to acquire data or money by infecting the computer with malware. This will often involve the perpetrator disguising themselves as a trusted individual in order to successfully trick the targeted user to perform a specific action or set of actions.

Read more about Littlefish’s User Education and Awareness services.

SQL Injection
An SQL Injection attack takes advantage of the use of SQL language used within databases on web applications. Malicious actors are able to execute SQL code from within the website to dump private information such as usernames, passwords and email addresses.
Threat Management
Cyber threat management (or CTM) is a process carried out by trained cyber professionals to identify early threats. They will then be able to respond to threats with speed and accuracy to eliminate them. This is done through both manually and automated.
Threat Hunting
Cyber threat hunting is an advanced system used by trained cyber professionals to identify threats that haven’t been found through the automated defence systems or tools. This consists of searching through networks and endpoints to find stealth attackers.
Trojan Horse
A form of malware. A Trojan Horse entices its victim into downloading a file or software package that is seemingly legitimate and of a high a value. Upon opening this file will then release malware to infect the victim’s machine. A Trojan Horse cannot be executed without manual input from the victim.
Vishing (voice phishing) is a type of phishing attack that is conducted by scam phone calls, where the caller fraudulently claims they are from a trusted source. The calls are used to acquire confidential data such as credit cards information, addresses and birth dates.

Read more about Littlefish’s User Education and Awareness services.

Vulnerability Management
Vulnerability management is a cyber security process carried out within an organisation to identify, analyse and assess vulnerabilities across the entire network. This is done by testing, reporting and responding to vulnerabilities in order to have them fixed or patched, and helps to develop a long-term risk mitigation strategy.

Read more about Littlefish’s Vulnerability Management service.

Water Holing
An attack technique utilising known user patterns to infect a commonly visited website. The malicious actor observes the behaviour of the victim over time to establish a target site to compromise, this site is then compromised as a means to compromise the victim.
Whaling is a higher targeted spear phishing attack aimed at senior level directors and executives of a company, rather than lower level employees. The malicious actor often knows a lot of information about the individual and how best to target them, leading to a much more sophisticated and targeted attack.

Read more about Littlefish’s User Education and Awareness services.

A list of known ‘good’ values. A whitelist can be implemented on multiple device types of which take varying information such as signatures, domains, IP’s and users.
White Hat Hacker
White hat hackers are often referred to as the ‘good guys’, using their hacking skills for ethical reasons.  As computer security experts, they will often specialise in penetration testing to test vulnerabilities and ensure the security of organisation’s information and security systems.
A computer worm is a type of malware that spreads copies of itself from computer to computer through a network, often deleting data and information as it spreads. A worm can replicate itself without any human interaction. Worms can make their way onto a computer or network through a malicious email and website.

Protect your business

Business-critical operations rely on IT, so the availability, integrity and security of these systems is vital to any organisation. Littlefish cyber security services empower you with the strategy, tools and resources to combat ever-evolving cyber threats.

You May Also Like: