Cybersecurity Glossary

Jump to:       Cybersecurity Truths       Key Terms       Acronyms

Top 3 Cybersecurity Truths

Cybersecurity is not an IT responsibility.

Cybersecurity is a business responsibility.

There’s no silver bullet in cybersecurity.

There is no single product or solution that will prevent an organization from getting hacked.

100% prevention is impossible, making cybersecurity compromises inevitable.

Instead of relying solely on prevention, organizations must rely on timely detection through continuous security monitoring and other next-generation cybersecurity measures.

Key Terms

Advanced Persistent Threat 

An adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (cyber, physical, and deception).

Antivirus Software 

A program that monitors computers or networks to detect or identify major types of malicious code and to prevent or contain malware incidents, sometimes by removing or neutralizing the malicious code.

Attack Pattern 

Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

Attack Signature 

A characteristic or distinctive pattern that can be searched for, or used, to match incidents to previously identified attacks.

Attack Surface 

The set of ways in which an adversary can enter systems or networks and potentially cause damage.

Behavior Monitoring 

Observing activities of users, information systems, and processes, and measuring them against organizational policies, rules, baselines of normal activity, thresholds, and trends.

Critical Infrastructure 

The systems and assets, physical or virtual, so vital that their incapacitation or destruction may have a debilitating impact on the security, economy, public health, environment, and/or safety of society.

Data Breach 

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Data Integrity 

A property that defines data as complete, intact, and trusted, and that data has not been modified or destroyed in an unauthorized or accidental manner.

Data Loss 

The result of unintentionally deleting data, forgetting where it’s stored, or exposing it to an unauthorized party.

Data Loss Prevention (DLP)

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Denial of Service 

An attack that prevents or impairs the authorized use of information system resources or services.

Distributed Denial of Service 

A denial of service technique (see above) that uses numerous systems to perform attacks simultaneously.


The condition of being unprotected, thereby allowing access to information or capabilities that attackers can use to enter a system or network.

Identity and Access Management 

The methods and processes used to manage subjects and their authentication, and authorizations to access specific objects.


An occurrence that poses an immediate or potential threat to an information system or the information itself, and that may require a response to mitigate the consequences.

Incident Response 

The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Incident response relies on mitigation, preparedness, and a recovery approach, as needed, to maximize the survival of life, preservation of property, and security of information. 

Incident Response Plan 

A set of predetermined and documented procedures to detect and respond to cyber incidents.

Insider Threat

A person or group of persons within an organization who pose a potential risk through violating security policies; one or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.

Intrusion Detection 

The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.


Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously, to monitor actions by the user of an information system.

Malicious Code 

Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Malware (Malicious Software)

Software that compromises the operation of a system by performing an unauthorized function or process.

Penetration Testing 

An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.


A digital form of social engineering to deceive individuals into providing sensitive information, typically conducted over email.


The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.


A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

Security Automation 

The use of information technology in place of manual processes for cyber incident response and management.


A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact organizational operations, assets (including information and information systems), individuals, other organizations, or society.

Unauthorized Access 

Any access that violates the stated security policy.


A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.


A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard; characteristic of location or security posture or of design, procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur.


A list of entities that are considered trustworthy and are granted access or privileges.



Advanced Persistent Threat A cyberattack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies.


Certified Information Systems Auditor A certification for professionals who monitor, audit, control, and assess information systems.


Certified Information Systems Security Manager An ISACA (see below) certification.


Chief Information Security Officer A senior-level executive designated to lead an organization’s cybersecurity program, including establishing best practices, strategies, and an incident response plan to protect sensitive information and data.


Certified Information Systems Security Professional A management certification for CISOs and other information security leaders.


Data Loss Prevention An information security strategy and related software for ensuring that sensitive corporate data is not sent outside the company without authorization.


Federal Information Security Management Act (2002) & Federal Information Security Modernization Act (2014) Laws that assign responsibilities within the U.S. federal government for setting and complying with policies to secure agencies’ information systems.


Health Insurance Portability and Accountability Act A 1996 law that includes provisions to protect the privacy of patient data.


Intrusion Detection/Intrusion Detection & Prevention Devices or software designed to find and prevent malicious activity on corporate networks.


Information Systems Audit and Control Association Known today by its acronym, this organization provides certifications for IT security, audit, and risk management professionals.


International Organization for Standardization An independent group that develops voluntary industry standards, including two major information security management standards: ISO 27001 and ISO 27002.


Information Systems Security Association An association of information security leaders and professionals that offers education, training, and networking opportunities.


National Institute of Standards and Technology The U.S. federal agency responsible for developing and maintaining the “Framework for Improving Critical Infrastructure Cybersecurity,” a collection of voluntary guidelines to help organizations manage their information security risks.


Payment Card Industry Data Security Standard A set of information security practices by the global payment card industry. Merchants and service providers that accept debit and credit cards are required to comply with the standards.


Security Information and Event Management Software used to monitor, log, provide alerts, and analyze security events to support threat detection and incident response.


Security Operations Center A central unit within an organization that is responsible for monitoring, assessing, and defending security issues.


Single Sign-On A software process that enables computer users to access more than one application using a single set of credentials, such as a username and password.