Cybersecurity Glossary - Course 1

Vocabulary flashcards covering key cybersecurity terms from the lecture notes.

Adversarial artificial intelligence (AI)

A technique that manipulates AI/ML systems to conduct attacks more efficiently.

Antivirus software

Software that prevents, detects, and removes malware and viruses.

Asset

An item perceived as having value to an organization.

Authentication

Verifying who someone is.

Availability

Ensuring data is accessible to authorized users.

Business Email Compromise (BEC)

Phishing attack impersonating a known source to obtain financial gain.

Computer virus

Malicious code designed to interfere with operations and damage data and software.

Confidentiality

Only authorized users can access specific assets or data.

CIA triad

Confidentiality, Integrity, and Availability: a risk-management model for information security.

Cryptographic attack

An attack on cryptographic systems that targets secure communications.

Cybersecurity

The practice of protecting confidentiality, integrity, and availability of information across networks, devices, and users.

Database

An organized collection of information or data.

Data point

A specific piece of information.

Hacker

A person or group that uses computers to gain unauthorized access to data.

Hacktivist

A hacker who aims to achieve political goals.

HIPAA

U.S. federal law protecting patients’ health information.

Integrity

Data being correct, authentic, and reliable.

Internal threat

Current or former employee, external vendor, or trusted partner who poses a security risk.

Intrusion detection system (IDS)

An application that monitors activity and alerts on possible intrusions.

Linux

An open-source operating system.

Log

A record of events in an organization’s systems.

Malware

Software designed to harm devices or networks.

NIST CSF

A voluntary framework of standards, guidelines, and best practices to manage cybersecurity risk.

Network protocol analyzer (packet sniffer)

A tool that captures and analyzes data traffic within a network.

Network security

Practices to keep an organization's network infrastructure secure from unauthorized access.

Open Web Application Security Project (OWASP)

A nonprofit organization focused on improving software security.

Order of volatility

The sequence outlining the order of data that must be preserved from first to last.

Password attack

An attempt to access password-protected devices, systems, networks, or data.

Personally identifiable information (PII)

Any information used to infer an individual’s identity.

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software.

Physical attack

A security incident that affects both digital and physical environments where the incident is deployed.

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location.

Privacy protection

Safeguarding personal information from unauthorized use.

Programming

The process of writing code to create computer instructions.

Protected health information (PHI)

Health information related to an individual’s physical or mental health.

Protecting and preserving evidence

Handling digital evidence properly to preserve its integrity.

Security architecture

An overall security design with multiple components to protect an organization.

Security controls

Safeguards to reduce specific security risks.

Security ethics

Guidelines for ethical decision-making in security work.

Security frameworks

Guidelines for building risk-mitigating security plans.

Security governance

Practices that guide and direct an organization's security efforts.

Security information and event management (SIEM)

An application that collects and analyzes logs to monitor critical activities.

Sensitive personally identifiable information (SPII)

A strict subset of PII requiring stricter handling guidelines.

Social engineering

Manipulation exploiting human error to gain private information or access.

Social media phishing

Targeted collection of detailed information about a target on social media before an attack.

Spear phishing

A targeted phishing email appearing to come from a trusted source.

SQL (Structured Query Language)

A programming language used to interact with databases.

Supply-chain attack

An attack targeting weaknesses in the supply chain to deploy malware.

Technical skills

Knowledge of tools, procedures, and policies used in security.

Threat

Any circumstance or event that can negatively impact assets.

Threat actor

Any person or group who presents a security risk.

Transferable skills

Skills from other areas applicable to different careers.

USB baiting

Leaving a malware-infected USB stick for an employee to find and use.

Virus

Malicious software that replicates and can spread to other systems.

Vishing

The exploitation of voice calls to obtain sensitive information or impersonate a known source.

Watering hole attack

An attack where a threat actor compromises a website frequently visited by a specific group of users.