Top Cybersecurity Terms Everyone Should Know

Author: Craig Pollack Date: Jan 16, 2020 Topics: General Business Owner Blogs, Cybersecurity

Cybersecurity is the buzzword of the day and rightfully so. With all the ransomware, CEO fraud, and other vulnerabilities, it's a critical concept we as IT professionals need to stay ahead of. This means, now more than ever, there are more cyber security terms than we’d care to count. Unfortunately, most are what IT professionals and other business professionals, across every industry, should really take the time to learn. These cybersecurity terms refer to hardware, software, documentation, systems, processes, controls, and other related concepts.

However, since most people don’t have the hours, days, weeks, or even months of free time to spend finding them all, I thought it would be helpful to pick the most relevant keywords to know and provide definitions for each of them. So, here you go...

52 Cybersecurity related Terms to Know

  1. Access Control. A selective restriction that controls what data users and user groups can access, see, share, and edit.
  2. Adware. A form of malicious software that displays advertising content while containing a code to either obtain someone’s personal information or track their actions.
  3. Authentication. A verification process that confirms the identity of a user based on specific information.
  4. Blacklisting. A process that filters harmful email addresses, users, or websites based on a list or set of specific parameters.
  5. Bring Your Own Device (BYOD). A company policy that authorizes users to operate personally owned devices on the company network.
  6. CEO Fraud. A way for cybercriminals who research and gather the necessary information to spoof a company’s domain and impersonate its CEO (or other executives) for financial gain.
  7. Clear Screen Policy. A company policy that directs users to protect sensitive information by not leaving it accessible to opportunistic hackers or thieves.
  8. Cloud. Data storage or computing services that are available through remote servers.
  9. Cyber Attack. An attempt by a malicious user to damage, destroy, or gain access to a computer system, device, or network.
  10. Cyber Bullying. A virtual form of bullying that includes the posting or sending of crude, harmful, rude, or threatening content, information or images on the internet. Cyberbullying is frequently conducted via social networks.
  11. The Dark Web. The Dark Web is a series of encrypted networks that is not searchable by conventional search engines and anonymizes the internet users who access it. It is a location on the internet where compromised passwords can be accessed.
  12. Defense in Depth. A series of defensive mechanisms that aim to thwart attacks on computer networks and related systems.
  13. Distributed Denial of Service (DDoS). Also known as a Brute Force Attack or a Dictionary Attack, this form of cyber attack uses a multitude of systems to attack a single target. The goal is to overwhelm or bog down a system to the point that it shuts down.  
  14. Domain Hijacking. A hacker blocks access to a website and replaces it with another (malicious) website.
  15. Domain Name System (DNS). A process the internet uses to locate websites that is more user-friendly and simple to remember than internet protocol (IP) addresses.
  16. Dumpster Diving. A means of recovering account statements, checks, credit card offers, files, hard drives, letters, memos, photographs, and other personally identifiable information (PII) from garbage cans and recycling bins to commit identity theft.
  17. Encryption. A transformation of data to secure/hide its content and information.  
  18. Firewall. Hardware or software which monitors ingoing and outgoing network traffic that is designed to prevent unauthorized access to a network.
  19. Gap Analysis. A method of assessing actual performance in comparison to expected or required performance, such as compliance.
  20. Hacker. An unauthorized individual who attempts to access a network or computer.
  21. Internet of Things (IoT). A way for non-computer objects to connect to the internet.
  22. Internet Service Provider (ISP). A service provider company that enables access to the internet.
  23. Intrusion Detection System (IDS). A device or program that is used to identify unauthorized attempts to access a network or other computer-related resources.
  24. Intrusion Prevention System (IPS). A device or program that is used to block unauthorized access.
  25. IP (Internet Protocol) Address. A unique inter-network numerical address for every individual device that is written in a series of four segments that are separated by a period. For example, 123.45.678.901
  26. IP Sniffing. A process involving the use of bots to search the internet for gaps in network defenses. Hackers use this method to place malware on a vulnerable device.
  27. Keyboard Logger. A software, virus, or physical device that reports keystrokes. Hackers are known to use this to capture personal and sensitive information, including logins and passwords.
  28. Malware. A malicious software that is used to access, control, damage, or disable computers using harmful code.
  29. Man-in-the-Middle (MITM) Attack. This attack enables a malicious actor to infiltrate and potentially alter communications between two parties to gain access to sensitive information.
  30. Password Sniffing. A form of passive wiretapping that is used to obtain passwords.
  31. Patch. A security update that is released by a software manufacturer to fix known bugs and vulnerabilities in existing programs.
  32. Penetration Test. A test that simulates a cyber attack that aims to exploit critical systems and serves as a way to assess your network for gaps in your cyber defenses
  33. Phishing. A spoofed email that is sent to high-risk targets and is geared to look like an authentic email that drives recipients to provide confidential account information or click on links that lead to fake websites that downloads and installs malware.
  34. Pre-Shared Key (PSK). A security authentication method that is a variation of a WPA security protocol. It is used to validate users on wireless connections.
  35. Risk Assessment. A process of identifying, analyzing, and evaluating a network’s risk.
  36. Router. A piece of hardware that moves computer networking “traffic”  between or within networks.
  37. Screen Scraper. A device or virus that captures private or personal data by logging information that is sent to a visual display.
  38. Security Information and Event Monitoring (SIEM). A security monitoring system used to identify suspicious activities (like hacks, penetrations, unauthorized access, etc.) by aggregating, sorting, and correlating network data.
  39. Social Engineering. An attack that manipulates users into performing specific actions or divulging personal or account information. This threat frequently results in significant data breaches and fraudulent wire transfers.
  40. Software-as-a-Service (SaaS). A software distribution model that provides access to software applications remotely via the internet on a pay-as-you-need basis.
  41. Spear Phishing. A phishing technique that spoofs an email to look like it is sent from someone the recipient knows and trusts.
  42. Spyware. A form of malware that shares information about a user’s computer activities with a hacker who deploys the software.
  43. Secure Socket Layer (SSL). An encryption system that protects the private data that is exchanged between a website and the user accessing it.
  44. Two-Factor Authentication (2FA)/Dual Factor Authentication (DFA). A user access protocol that applies a secondary authentication factor to a login process—such as biometric authentication, physical tokens, or single-use codes via a cell phone.
  45. Virtual Private Network (VPN). A secure channel between specific computers and networks that cannot be accessed by others of the same wide area network.
  46. Virus. A malicious software that is loaded onto a computer that can control the device without the user’s knowledge.
  47. Vulnerability Assessment. This assessment, typically performed with testing, measures and prioritizes exposure points and evaluates how these exposures can affect other resources when exploited.
  48. Whitelisting. A form of filtration that only enables connections to a pre-approved list of users, software, or other items.
  49. Worm. A standalone malicious software that replicates itself to infiltrate and spread to other computers via a variety of means, including email.
  50. Wi-Fi Protected Access (WPA). An encrypted security protocol designed to enable secure access to a wireless network.
  51. Zero Day/Hour Vulnerability. A recently discovered vulnerability or virus that hackers can exploit before the data, network, or software can be secured.
  52. Zombie Computer. A device containing a virus that gives external users access to control it. An infected computer can be used to team up with other infected devices to conduct large-scale DDoS attacks or to deceive authorities regarding the hacker’s location.

Well, there you have it.  Like a deck of playing cards, each one is a critical component to the overall picture.

Before reading this blog, how familiar were you with these terms? What other terms or concepts would you like to see added to our cybersecurity terms list? Share your thoughts and experiences in the comments section below or send me an email to chat about this topic in more detail.


Subscribe here to get our "2 Minute Tuesday" email for valuable tips & tricks!


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.