Cybersecurity Terms and Definitions

Cybersecurity Terms and Definitions

Administrative Safeguard

• Policies and procedures for managing security measures.

Availability

• Ensuring authorized users have reliable access to information and systems.

Competitive Edge

• Advantage over competitors, often gained through protected proprietary information.

Confidentiality

• Ensuring information is accessible only to authorized users.

Control

• A safeguard or countermeasure designed to reduce risk.

Cryptography

• Practice of secure communication through encoding messages.

Denial of Service (DoS) Attack

• Overwhelming a service to make it unavailable to users.

Distributed Denial of Service (DDoS) Attack

• A DoS attack using multiple systems to target a single system.

Exploit

• Code or technique that takes advantage of a vulnerability.

External Attacker

• An unauthorized person attacking from outside the organization.

Information

• Data processed into a meaningful form.

Information Security

• Protection of information from unauthorized access or alteration.

Integrity

• Ensuring data is accurate and unmodified.

Internal Attacker

• Insider who poses a threat to the organization.

Least Privilege

• Granting users the minimum access necessary for their role.

Malware

• Malicious software such as viruses, worms, and trojans.

Mantrap

• Small entryway that allows controlled access to secure areas.

Need to Know

• Access granted only if required for job duties.

Patch

• Software update to fix vulnerabilities or bugs.

Physical Safeguard

• Physical security measures (e.g., locks, guards).

Residual Risk

• Remaining risk after safeguards have been applied.

Risk

• Potential for loss or harm due to a threat exploiting a vulnerability.

Risk Acceptance

• Decision to accept a risk without mitigation.

Risk Avoidance

• Decision to avoid risky activities entirely.

Risk Mitigation

• Reducing risk through controls and safeguards.

Risk Transfer

• Shifting risk to another party (e.g., insurance).

Safeguard

• A measure used to protect against threats.

Separation of Duties

• Splitting tasks to prevent fraud or mistakes.

Shoulder Surfing

• Looking over someone's shoulder to steal info.

Single Point of Failure

• One component whose failure stops the whole system.

Social Engineering

• Manipulating people to divulge confidential info.

Technical Safeguard

• Technological methods to protect data (e.g., firewalls).

Threat

• A potential cause of an unwanted impact.

Vulnerability

• Weakness that can be exploited.

Window of Vulnerability

• Time between discovery of a flaw and its fix.

Zero-Day Vulnerability

• Unknown flaw with no patch available, actively exploited.