AES (Advanced Encryption Standard)

A widely used method to securely encrypt and protect data. Think of it as a digital lock that protects your information from prying eyes.

AP (Access Point)

A device that allows wireless devices, like smartphones and laptops, to connect to a wired network using Wi-Fi.

APT

See “Advanced Persistent Threat”.

Access Cross Domain Solution

A tool that allows secure access across various online platforms or systems.

Access control

Deciding who can use specific systems or information in your business.

Account Harvesting

When someone unlawfully collects email addresses, often to send spam or scam messages later.

Active defence

Proactive measures taken to safeguard your business’s digital assets and information from cyber threats.

Ad blockers

Software that stops unwanted ads from showing up when you’re online.

Advanced Persistent Threat (APT)

A prolonged and targeted cyberattack where hackers gain access to a network and remain undetected for a long time, often intending to steal information or monitor activities.

Adware

Software that displays unwanted ads on your computer, typically within a web browser. It can slow down your computer and can sometimes come bundled with other software.

After-market devices

Equipment like external hard drives or printers are added to a product after its original purchase. These devices, if not properly secured, can sometimes introduce security risks.

Aggregation (of data)

Collecting and summarising data from different sources into one place. It’s like gathering all your financial receipts to see your total expenses.

Air gap

A security measure where a computer or network is completely isolated from other networks, especially the internet. Imagine a computer that’s kept in a safe environment and never connected to the outside world.

Android

A popular operating system mainly used on smartphones and tablets. If you’ve heard of the Galaxy or Pixel phones, they run on Android.

Antivirus

Software designed to detect and remove harmful computer viruses. It’s like having a security guard for your computer.

App

Short for “application”. It’s a software program you can install and use, like the ones on your smartphone.

Application

Another term for software or program. It’s like a tool on your computer that performs specific tasks, such as word processing or browsing the internet.

Application control

A security practice where only approved software or applications can run on a computer or network. It’s like having a bouncer at a club, only letting in guests on the list.

Artificial Intelligence (AI)

Computer systems designed to perform tasks that usually require human intelligence, like understanding speech or making decisions.

Asset

Any valuable item or data in your business, such as computers, customer information, or even software.

Attack surface

All the points where an attacker could potentially enter or extract data from your system. Think of it as all the doors and windows of your house that a burglar could try to enter.

Attribution

Determining who is responsible for a cyberattack. It’s like trying to figure out who committed a crime.

Audit log

A record of all activities or changes in a system. Imagine a diary that notes down everything happening on your computer.

Audit trail

A detailed and chronological record of events showing who has accessed an IT system and what operations they performed. It’s like having security camera footage of who came in and what they did.

Authentication

The process of verifying the identity of a user, system, or application. Like asking for a password before letting someone access their email.

Authentication header

A part of internet data packets used to ensure data integrity and authenticity. It’s a bit like a digital seal on a letter, ensuring it hasn’t been tampered with.

Authorising officer

A person with the official power to approve certain actions or decisions, especially in IT systems. Think of them as a manager who gives the final say.

Availability

Ensuring that IT systems, data, and services are up and running when needed. It’s about making sure your business tools are always ready for use.

Back to top

BYOD

See “Bring Your Own Device”.

Back door

A secret or hidden way to access a computer system, often left by the software’s creator or introduced by hackers.

Backup

A copy of your data stored in another location, like a second hard drive or cloud storage, so you can recover it if something goes wrong.

Big data

Large amounts of data collected from various sources that businesses analyse to discover patterns, trends, and insights.

Biometric Security

Using unique physical or behavioural characteristics (like fingerprints) for identification.

Biometrics

Using physical or behavioural characteristics, like fingerprints or facial recognition, to identify and verify someone.

Bitcoin

A digital or virtual currency not governed by any central bank, often used in online transactions.

Black hat

A hacker who breaks into computer systems or networks with malicious intent.

Blackmail

Threatening to reveal sensitive information unless a demand (usually for money) is met.

Blockchain

A secure digital ledger that records transactions across many computers, ensuring data can’t be changed without altering all subsequent blocks.

Blocklist

A list of unwanted entities, such as email addresses or websites, that are denied access or blocked.

BlueBorne

A vulnerability affecting Bluetooth-enabled devices, allowing hackers to spread malware or take control of devices.

BlueKeep

A known vulnerability in some Windows operating systems, which, if exploited, can allow a hacker to take control of a system.

Bluetooth

A wireless technology for transferring data between devices over short distances.

Bogus request

A fake or deceptive request often used in scams to trick people into giving away sensitive information or money.

Bot

A software program that performs automated tasks over the internet.

Botnet

A group of hacked computers controlled by a hacker to perform tasks, often malicious, without the owner’s knowledge.

Breach (data)

An incident where unauthorised individuals access and possibly steal data.

Breach (security)

An incident where a system’s defences are compromised, allowing unauthorised access.

Bring Your Own Device (BYOD)

A policy allowing employees to use their personal devices, like smartphones or laptops, for work-related activities.

Browser

Software used to access the internet and view websites.

Browser hijacking

When unwanted software changes your browser settings without permission, often redirecting you to malicious websites.

Browser history

A record of all the websites you’ve visited using a particular browser.

Brute force

A trial-and-error method used by hackers to decode encrypted data, like passwords, by trying many combinations rapidly.

Bug

An error or flaw in a software program causing it not to work as intended.

Business continuity

Planning and preparations made to ensure a company can operate and recover from unexpected events, like natural disasters or cyber-attacks.

Business email compromise

A scam where a hacker impersonates a business representative, usually via email, to deceive employees or partners into transferring money or sharing sensitive data.

Business scams

Deceptive practices targeting businesses, often to steal money or sensitive data.

Back to top

CDN (Content Delivery Network)

A system that uses multiple servers to deliver web content quickly based on user’s location.

CDS (Cross Domain Solution)

Technology allowing data to be transferred securely between different security domains.

CMS (Content Management System)

Software that helps users create and manage digital content.

Car hacking

Unauthorised access and control of a vehicle’s electronic systems.

Cascaded connections

Linking multiple systems or networks together in a sequence.

Catfish

Someone who pretends to be someone else online, often to deceive others.

Caveat

A warning or condition to consider.

Central Processing Unit (CPU)

The “brain” of a computer that processes instructions.

Certificates

Digital documents that prove the identity of a person, device, or website.

Checkpoint

A point in a process where data can be saved or verified.

Classification

Assigning levels of sensitivity to information.

Classified information

Data that is restricted and only accessible to those with the appropriate clearance.

Click farm

A group of people hired to click on online content to boost its popularity artificially.

Click fraud

Fake clicks on online ads intended to generate illegitimate revenue.

Clickbait

Sensationalised online content designed to attract clicks.

Cloud

Remote servers on the internet used to store, manage, and process data.

Cloud Computing

Storing and accessing data over the internet instead of on a local computer.

Commercial Grade Cryptographic Equipment (CGCE)

Standard encryption tools used for protecting data.

Common Criteria

International standards for evaluating the security of IT products.

Communications

Sharing of information between people or systems.

Communications security (COMSEC)

Measures taken to protect communications from unauthorised interception.

Compromise

A breach in security where unauthorised access occurs.

Computer

An electronic device for storing and processing data.

Computer network

A group of computers connected together for sharing information.

Connection forwarding

Redirecting a network connection from one point to another.

Content Security Policy

A security feature preventing certain web page behaviours to stop attacks.

Content Filter

A tool that blocks or allows specific content on the internet.

Cookie

Small files that websites store on your computer to remember your preferences.

Copyright

Legal protection given to creators of original content against unauthorised use.

Corporate espionage

Spying on companies to gain a competitive advantage.

Credential theft

Stealing login details like usernames and passwords.

Critical infrastructure

Vital systems and assets whose incapacitation would have a debilitating effect on security, economy, or health.

Cross-domain solution

See “CDS”.

Cryptocurrency

Digital or virtual currency secured by cryptography, like Bitcoin.

Cryptographic algorithm

A cryptography method used for encrypting and decrypting data.

Cryptographic equipment

Hardware used for encryption processes.

Cryptographic hash

A function that turns data into a fixed-size string, ensuring data integrity.

Cryptographic protocol

A set of rules ensuring secure data transfer.

Cryptographic software

Software used for encryption processes.

Cryptographic system

Combination of cryptographic methods and protocols.

Cryptography

The practice of securing information by converting it into unreadable code.

Cryptomining

Using computer resources to validate and record cryptocurrency transactions.

Cyber Espionage

Using digital methods to gather secret or sensitive information.

Cyber Extortion

Demanding money to prevent or stop a cyberattack.

Cyber Forensics

Investigating digital data to gather evidence for cybercrimes.

Cyber Resilience

The ability to prepare for, respond to, and recover from cyber threats.

Cyber Security Incident Responder

A person trained to address and manage the aftermath of a security breach.

Cyber Security Incident Response Plan

A plan outlining the actions to take post-security breach.

Cyber attack

An attempt by hackers to damage or steal data from a system.

Cyberbullying

Using digital platforms to harass, threaten, or embarrass someone.

Cyber defence

Measures and strategies to defend against cyber threats.

Cyber operations

Actions taken in cyberspace to achieve a specific objective.

Cyber safety

Practices and precautions taken to stay safe online.

Cyber security

Protecting computer systems and networks from theft, damage, or unauthorised access.

Cyber security event

Any occurrence indicating a potential compromise of information security.

Cyber security incident

A confirmed breach or compromise of information security.

Cyberstalking

Pursuing or harassing someone persistently online.

Cyber supply chain

All processes and entities involved in creating and delivering cyber products or services.

Cyber threat

Potential malicious actions that aim to harm or exploit computer systems or networks.

Cyber warfare

Conflict waged in cyberspace between nation-states or large organisations.

Cyber weapon

Malicious software or hardware designed for cyber warfare or cyber espionage.

Cybercrime

Criminal activities carried out through computers or the internet.

Cybersecurity Audit

A review of an organisation’s adherence to regulatory guidelines.

Cybersecurity Framework

Guidelines to manage and reduce cybersecurity risks.

Cybersecurity Policy

A set of guidelines to protect an organisation from cyber threats.

Cyberspace

The virtual environment of computer networks.

Back to top

DDoS (Distributed Denial-of-Service)

A cyber attack where multiple systems flood a targeted system causing it to crash.

DDoS Attack (Distributed Denial of Service)

When multiple systems flood a targeted system to make it unavailable to users.

DEA (Data Encryption Algorithm)

A standard for encrypting electronic data.

DKIM (DomainKeys Identified Mail)

A method to validate the authenticity of email messages.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

An email validation system to detect and prevent email phishing.

DMZ (Demilitarised Zone)

A subnetwork that exposes an organisation’s external services to an untrusted network, typically the internet.

DNS (Domain Name System)

A system that translates domain names to IP addresses.

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption)

An attack that exploits servers supporting old protocols to compromise secure websites.

DSA (Digital Signature Algorithm)

A standard for digital signatures.

Dark Web

A hidden part of the internet where illegal activities often occur.

Data

Information stored or used by computers.

Data Backup

Creating a copy of data to restore in case of loss.

Data Encryption

Turning data into code to prevent unauthorised access.

Data Loss Prevention

Strategies to prevent unauthorised data transfers.

Data at rest

Data that is not actively being transmitted but stored on devices like hard drives.

Data breach

An incident where unauthorised persons gain access to confidential data.

Data dump

Releasing a large amount of data, typically unauthorised.

Data in transit

Data that is being transferred between devices or over the internet.

Data protection

Measures taken to ensure data remains confidential and available.

Data spill

Accidental transfer of sensitive data to a less secure environment.

Declassification

Process of removing the classified status from information.

Decryption

Process of converting encrypted data back to its original form.

Deep web

Part of the internet that isn’t indexed by search engines; not all of it is illicit.

Default passwords

The pre-set passwords on devices or software which should be changed for security.

Defence in depth

A multi-layered approach to cybersecurity.

Degausser

A device that erases data on magnetic storage tapes or hard drives using strong magnetic fields.

Degaussing

The process of erasing data using a degausser.

Denial of service (DoS)

An attack aimed at making a machine or network resource unavailable.

Denial-of-service attack

See “Denial of service”.

Device access control software

Software that restricts unauthorised devices from connecting to a network.

Dictionary attack

A hacking method using a pre-determined list of words to crack passwords.

Digital Footprint

The trace or record left by activities in the digital environment.

Digital certificate

An electronic document that proves the identity of a person or system online.

Digital preservation

Keeping digital information safe and accessible over time.

Digital signature

Electronic proof of a person’s intent to agree to an online document.

Diode

A device allowing current to move through it in one direction, often used in cybersecurity to ensure data can only flow one way.

Disaster recovery

Plans and processes to recover data and tech infrastructure after significant outages.

Distributed denial-of-service (DDoS) attack

See “DDoS”.

DoS (Denial of Service)

See “Denial of service”.

DoS attacks

Multiple attempts to block a service.

Domain

A web address or a realm in a network.

Domain Name System (DNS)

See “DNS”.

Downloader

Malware designed to download and install additional malicious software.

Doxing

Publishing private information about someone on the internet without their consent.

Drive-by download attacks

Unintended download of malicious software when visiting a compromised website.

Driver

Software that allows a computer to communicate with hardware.

Dropper

A type of Trojan that installs other malware files onto a device.

Dual-stack network device

A device that supports both IPv4 and IPv6 internet communication protocols.

Back to top

EAP (Extensible Authentication Protocol)

A framework for wireless network authentication.

EAP-TLS (EAP-Transport Layer Security)

A secure method of wireless authentication using certificates.

ESP

See “Encapsulating Security Payload”.

Easter egg

Hidden features or messages in software or websites usually added for fun.

Emotet

A type of malware that started as a banking trojan but evolved to deliver other types of malware.

Encapsulating Security Payload (ESP)

A protocol that provides encryption and authentication for data packets.

Encrypt

To convert data into a code to prevent unauthorised access.

Encrypting files

The process of converting files into a secure format to prevent unauthorised viewing.

Encryption

The process of converting information into a code to hide its actual content.

Encryption software

Software that encrypts data for security.

End of support

When software no longer receives updates or support from its creators.

End-user device

A device like a computer or smartphone that the final consumer uses.

End-to-end encryption

Data encryption where only the sender and the intended recipient can decrypt and read the data.

Endpoint Security

Protection for devices like computers and mobile phones that connect to your network.

Enterprise mobility

Business activities conducted through mobile devices.

Essential Eight (E8)

A set of cybersecurity strategies to improve security posture. Specific to some regions.

Essential services

Services that are critical to daily life and safety.

Evaluated Products List (EPL)

A list of products that have been tested and approved for security.

Event

Any observable occurrence in a system or network.

Event forwarding

Sending event data from one system or application to another.

Event logging

Recording system or network events for analysis or audit.

Executable

A type of file that can run as a program.

Exploit

A software tool or technique used to take advantage of a flaw.

Back to top

Facility

A place often referring to a location with specific equipment or systems.

Fake email

An email designed to deceive, often for malicious purposes.

Fake website

A deceptive website mimicking a legitimate one, often to steal data.

Firewall

A digital barrier that keeps out unwanted traffic from your computer or network.

Firmware

Software that is permanently programmed into a hardware device.

Five-Eyes

An intelligence alliance comprising the US, UK, Canada, Australia, and New Zealand.

Flaw

A weakness or vulnerability in software or hardware.

Fly lead

A short cable used to make connections.

Foreign national

A person who is not a citizen of the country in question.

Foreign system

A system or network that’s outside the ownership or control of a specific organisation.

Fraud

Deception for financial or personal gain.

Fuzzing

A technique to discover security vulnerabilities by providing unexpected inputs to software.

Back to top

Gateway

A device or software that connects two different networks, enabling data to flow between them.

General Data Protection Regulation (GDPR)

A European regulation designed to protect individuals’ personal data and privacy rights.

Global Positioning System (GPS)

A satellite-based system that provides location and time information.

Greenfield

A project that lacks constraints imposed by prior work, starting from scratch.

Grey hat

A person who hacks for fun or to expose vulnerabilities often sitting between ethical (“white hat”) and malicious (“black hat”) hacking.

Back to top

HIPS (Host-based Intrusion Prevention System)

A system that monitors a single host for suspicious activity and prevents intrusions.

HTML (Hypertext Markup Language)

The standard language used to create web pages.

HTTP (Hypertext Transfer Protocol)

The protocol used to transfer data over the web.

HTTP Strict Transport Security

A security feature ensuring that websites are accessed using a secure connection.

HTTPS (Hypertext Transfer Protocol Secure)

A secure version of HTTP, using encryption.

Hack

Unauthorised access or modifications to computer systems or data.

Hacker

An individual who exploits computer systems, either for malicious intent, for fun or to highlight vulnerabilities.

Hacktivist

A hacker who is motivated by political or social causes.

Handling requirements

Protocols for managing and protecting sensitive information.

Hardware

Physical components of a computer or device.

Hardware vulnerabilities

Weaknesses in physical devices that can be exploited.

Hardware-based security (hardsec)

Security measures implemented at the hardware level.

Hash-based Message Authentication Code Algorithms (HMAC)

A type of algorithm used to verify data integrity and authenticity.

High Assurance Cryptographic Equipment (HACE)

Secure equipment that meets high standards for encrypting sensitive information.

High Assurance evaluation

A rigorous assessment of a product or system’s security capabilities.

High-risk vendor

A supplier that poses a potential threat or vulnerability to an organisation’s security.

Highly classified information

Information that, if disclosed, would cause significant harm.

Hoax

A false warning or claim.

Hoax emails

Emails that spread false information or misleading claims.

Honeypot

A security mechanism set up as a decoy to attract and trap cyber attackers.

Host-based Intrusion Detection System

A system that monitors a single host for malicious activity.

Hotspot

A location where internet access is available, typically using Wi-Fi.

HummingBad

Malware targeting Android devices.

Hybrid hard drive

A storage device combining traditional hard drive and solid-state drive technology.

Back to top

ICT (Information and Communications Technology)

Technology used to handle telecommunications, broadcast media, and other forms of information.

IP

Stands for “Internet Protocol”. It refers to the set of rules governing internet data transmission.

IP address

A unique string of numbers identifying each device connected to the internet.

Identity Theft

Stealing personal information to commit fraud.

Impersonation attack

An attack where the attacker pretends to be someone else to gain unauthorised access.

In the wild

Refers to malware or viruses that are actively attacking computer systems.

Incident Management

The process to handle and respond to security incidents.

Industrial Control Systems

Systems used to control industrial processes.

Information security (INFOSEC)

The practice of protecting information from unauthorised access or damage.

Infrared device

A device that uses infrared radiation for communication or functionality.

Insider Threat

A threat from someone within the organisation.

Install updates

The act of applying the latest software patches or upgrades.

Integrity

Ensuring data remains accurate and unchanged from its original form.

Intellectual property

Creations of the mind, such as inventions, literary works, and designs that have commercial value.

Interactive

Involving user interaction, typically with software or digital platforms.

International SEO

Search engine optimisation strategies tailored for international audiences.

Internet

The global system of interconnected computer networks.

Internet Protocol Security (IPsec)

A protocol suite for secure internet communication.

Internet of Things (IoT)

Network of physical devices connected to the internet, collecting and exchanging data.

Intrusion Detection System

Monitors networks for signs of malicious activity.

Back to top

JSON (JavaScript Object Notation)

A lightweight data-interchange format that is easy to read and write.

Java

A widely-used programming language for building applications.

Joint Cyber Security Centre (JCSC)

An initiative to strengthen collaboration between government, industry, and businesses on cybersecurity.

Jump server

A server that acts as a bridge to access other networks or servers, enhancing security.

Back to top

Key

A piece of information used for encryption or decryption.

Key management

The process of handling and managing cryptographic keys.

Keying material

Data used to derive cryptographic keys.

Keylogger

Malicious software that records keystrokes to steal information.

Back to top

LAN (Local Area Network)

A network of connected devices within a specific location, like an office.

LastPass

A popular password manager tool.

Legitimate email

An email that is genuine and not a scam or phishing attempt.

Libraries

Collections of pre-written code used in software development.

Licence

A permit that allows the use of a product or service.

Like farming

The act of tricking users into liking or sharing content online, often for malicious purposes.

Links

URLs or web addresses that lead to other web pages.

Linux

An open-source operating system.

Logging

The process of recording events or actions in a system.

Logging facility

A system or application feature that records log entries.

Logical access controls

Digital measures to restrict who can access data or systems.

Login

The process of entering a username and password to access a system.

Back to top

MAC (Media Access Control)

A unique address for devices on a network.

MFA (Multi-factor authentication)

A security measure requiring multiple forms of verification to access an account.

Machine learning

A subset of artificial intelligence where computers learn from data.

Macro

A set of instructions that automate tasks in software applications.

Malicious

Intending to cause harm.

Malicious actors

Individuals or groups attempting to breach or harm digital systems.

Malicious advertising

Online advertising containing malware.

Malicious code

Software or script aimed at harming a system or data.

Malicious code infection

The introduction and execution of harmful code in a system.

Malicious email

An email designed to deceive or harm the recipient.

Malicious insider

A person within an organisation who intentionally harms the organisation’s digital assets.

Malicious links

URLs that lead to harmful content or actions.

Malicious software (malware)

Software designed to infiltrate or damage systems.

Malware

Harmful software designed to damage or exploit any device, network, or service.

Managed Service Provider (MSP)

A company that remotely manages a customer’s IT infrastructure.

Management traffic

Network traffic related to administrative tasks.

Maturity model

A tool that assesses the level of development in specific business processes.

Media

Physical devices or locations for storing data, like USB drives.

Media Destruction

Physically destroying storage devices to ensure data cannot be retrieved.

Media Disposal

Discarding storage devices safely.

Media sanitisation

The process of removing or destroying data stored on media.

Metadata

Data about other data, like the date a file was created.

Migration

The process of moving data or software from one location or format to another.

Mobile Device Management

Securing and managing company-owned mobile devices.

Multi-factor Authentication

Using multiple methods to verify a user’s identity.

Back to top

NDA (Non-disclosure agreement)

A legal contract that keeps sensitive information confidential between parties.

NIDS (Network Intrusion Detection System)

A system that monitors network traffic for malicious activities.

NIPS (Network Intrusion Prevention System)

A system that stops detected malicious activities on a network.

Need-to-know

Principle limiting access to information only to those who require it.

Network

A collection of computers and devices connected together to share resources.

Network access control

Methods to prevent unauthorised users from accessing the network.

Network device

Any device that connects to a network, like routers and switches.

Network Infrastructure

The underlying hardware and software resources of a network.

Network segmentation

Dividing a network into smaller parts for security and performance reasons.

Network segregation

Keeping different parts of a network separate to prevent data crossover.

Networking

The act of connecting computers and devices together.

Non-repudiation

Assurance that a person cannot deny an action they took in a system.

Non-shared government facility

A facility not shared with commercial entities.

Non-volatile media

Storage media that retains data even when powered off, like USBs.

Not for Profit

Organisations that don’t operate for profit often charitable.

Back to top

Offensive cyber operations

Proactive cyber actions targeting adversaries.

Online

Connected to the internet.

Online banking

Using the internet to manage and access bank accounts.

Online gambling

Betting or playing casino games on the internet.

Online information

Data available on the internet.

Online Security

Protecting data and privacy while using the internet.

Online services

Services provided over the internet.

Online shopping

Buying goods or services over the Internet.

Open data

Data that’s publicly available for anyone to use.

Operating system (OS)

Software that manages computer hardware and provides services for computer programs.

Outsourcing

Hiring another company to handle certain business functions.

Back to top

P2P (Peer-to-peer)

A network where devices connect directly without a central server.

PUS (Potentially Unwanted Software)

See “Potentially unwanted software”.

Padlock (HTTPS//):

Symbol in a browser showing a secure connection to a website.

Passive defence

Defensive measures that don’t involve active responses, like firewalls.

Passphrase

A long password often composed of multiple words.

Passphrase complexity

Ensuring passphrases are complex enough to resist attacks.

Password

A secret word or phrase used to gain access to an account or system.

Password Manager

Software that stores and manages passwords securely.

Password attack

Attempting to guess or crack passwords.

Password spray

An attack where common passwords are tried against multiple accounts.

Patch

A software update designed to fix or improve it, often addressing security issues.

Patching

The act of applying software patches.

Payload

The harmful part of malware or a cyber-attack.

Peer-to-peer file-sharing network

A network where users share files directly without a central server.

Penetration Testing

Ethical hacking to find vulnerabilities in a system.

Penetration test (pen test)

A simulated cyber-attack to test vulnerabilities.

Perfect forward secrecy (PFS)

Encryption that ensures past sessions remain secure even if keys are compromised.

Peripheral switch

A device allowing multiple computers to connect to one peripheral device.

Person-in-the-middle (PITM)

An attacker who intercepts communication between two parties.

Personal computer (PC)

A computer intended for individual use.

Personal data

Information relating to an individual.

Personal identification number (PIN)

A numerical code used for authentication.

Personally identifiable information (PII)

Data that can identify a specific individual.

Pharming

Redirecting users from legitimate websites to fake ones.

Phishing

Scam emails trying to get personal or financial information.

Polymorphic

Malware that changes its appearance to avoid detection.

Pop-up

A small window appearing over a webpage, often an ad.

Portable devices

Small, mobile electronic devices like smartphones.

Position of trust

A role where a person has access to sensitive information.

Potentially unwanted software

Software that may not be desired, often bundled with other software.

PowerShell

A Microsoft scripting language and command-line tool.

Privacy

The right of individuals to keep their personal information secret.

Privacy settings

Options in software or services that control who can see your information.

Privileged Access Workstation

A secure computer used for sensitive tasks.

Privileged user

A user with higher-than-normal access rights.

Product

An item or service created through a process.

Protection Profile

A document detailing security requirements for specific IT products.

Public Key Infrastructure (PKI)

A system of digital certificates and keys ensuring secure communication.

Public Wi-Fi

Wireless internet access available in public places.

Public computers

Computers in public places, like libraries.

Public information

Openly available information.

Public network infrastructure

Hardware and software resources available to the public.

Back to top

Quality of Service (QoS)

A system that prioritises different types of data on a network to ensure good performance.

Back to top

RAM (Random Access Memory)

Temporary computer memory that stores data for quick access.

RAT (Remote Access Tool)

Software that allows someone to control a computer from afar, often used maliciously.

RDP (Remote Desktop Protocol)

A protocol to remotely access and control another computer.

Random lottery

Fake notifications claiming you’ve won money or prizes, aiming to scam you.

Ransomware

Malicious software that locks your files or computer until you pay a ransom.

Recovery plan

A strategy for restoring normal operations after a cyber incident.

Remote Access

Accessing a computer or network from a remote location.

Remote access scam

A scam where fraudsters trick you into giving them access to your computer.

Romance scams

Scams, where someone feigns romantic intentions to defraud you.

Rootkit

Malicious software that hides deep in your computer to avoid detection.

Back to top

S/MIME (Secure/Multipurpose Internet Mail Extensions)

A technology that encrypts and digitally signs emails.

SCADA (Supervisory Control and Data Acquisition)

Systems used to monitor and control industrial processes.

SMS scam

Scam attempts via text messages.

SQL (Structured Query Language)

A language for managing and querying databases.

SQL injection

A cyber-attack that inserts malicious SQL code into a database query.

Sandbox

An isolated environment for testing suspicious software without risk.

Scam

A deceptive scheme to trick you out of money or personal details.

Scam emails

Emails that try to deceive you for malicious purposes.

Scammer

A person who carries out scams.

Script (malware)

Malicious software written as a script.

Script kiddie

An amateur hacker using existing tools without deep knowledge.

Search Engine Optimization (SEO)

Techniques to improve a website’s visibility in search engines.

Secure Code

Writing computer programs that are resistant to security threats.

Secure Socket Layer (SSL)

Technology ensuring data transfer between two systems is protected.

Secure shell

A protocol for securely accessing computers remotely.

Security Configuration Guide

A document detailing recommended security settings.

Security assessment

An evaluation of security measures in place.

Security breach

An incident where unauthorised access is gained to data or systems.

Security domain

A specific area of an IT environment with defined security measures.

Security flaws

Weaknesses that can be exploited for malicious purposes.

Security hardening

Strengthening a system’s defences against attacks.

Security posture

The overall security status of an organisation’s resources.

Security risk

The potential for cyber threats to harm an organisation.

Security risk appetite

The amount of risk an organisation is willing to accept.

Security risk management

Processes to identify, evaluate, and address security risks.

Security Target

A set of security requirements and specifications.

Security updates

Software updates focused on fixing security issues.

Selling online

The act of offering products or services over the internet.

Sender Policy Framework (SPF)

A method to prevent email spoofing.

Server

A powerful computer that provides data and services to other computers.

Service Set Identifier (SSID)

The name of a Wi-Fi network.

Service providers

Companies or individuals that offer services.

Sextortion

A scam where threats to reveal intimate images or information are made unless a ransom is paid.

Shell

A user interface for accessing an operating system’s features.

Signature

A unique set of characteristics identifying malicious software or verifying data integrity.

Skimming

Illegally collecting card information, often from ATMs or card readers.

Smart appliances

Household appliances with internet connectivity and advanced features.

Smart devices

Electronic devices that connect to the internet and have advanced functionalities.

Smart vehicles

Vehicles equipped with internet access and can automate some functions.

Smartphone

A mobile phone with advanced functionalities like internet browsing.

Social Engineering

Manipulating people into revealing confidential information or performing specific actions.

Social media scams

Deceptive schemes carried out on social media platforms.

Softphone

Software that allows voice calls through the internet.

Software

Programs and applications on a computer.

Software component

A part of software responsible for a specific function.

Software update

New versions or fixes for software to improve functionality or security.

Software vulnerabilities

Weak points in software that can be exploited.

Spam

Unsolicited messages, often in bulk.

Spear phishing

Targeted phishing attacks against a specific individual or organisation.

Split tunnelling

A process where only specific traffic goes through a secure VPN connection.

Splunk

Software used to search, monitor, and analyse large volumes of data.

Spoof

Imitating something with intent to deceive, like emails appearing to come from a trusted source.

Spyware

Malicious software that secretly gathers information about a user.

Standard Operating Environment (SOE)

A standardised technical blueprint across all computers in an organisation.

Standard Operating Procedure (SOP)

Set guidelines on how to carry out tasks.

Standard user

A user account with basic rights, restricted from making system-wide changes.

State-sponsored actor

A hacker or group backed by a government.

Strong passwords

Passwords that are hard to guess, typically containing a mix of characters.

Submarine cables

Cables laid on the sea bed to carry telecommunication signals.

Supply chain

The sequence of processes involved in producing and distributing products.

Suspicious email

An email that seems unusual or potentially harmful.

Suspicious message

Messages that seem unusual or potentially malicious.

Suspicious video

Videos that seem unusual or potentially harmful.

System

A collection of parts working together, like computer hardware and software.

System Administration

Managing and maintaining computer systems.

Back to top

Tax scam

Fraudulent activities where scammers pose as tax agencies to get money or personal information.

TeamViewer

Software that allows users to access and control computers remotely.

Threat Intelligence

Information used to understand and protect against current or emerging threats.

Threat actor

An entity responsible for a cyber-attack or malicious activity.

Transport Layer Security (TLS)

A protocol for encrypting and securing data transmitted over the internet.

Transport mode

A mode in VPNs encrypting just the data packet, not the headers.

Trojan

Malicious software that disguises itself as legitimate software.

Trojan Horse

Malware disguised as legitimate software.

Trusted source

A known and reliable origin of information or software.

Tunnel mode

A mode in VPNs where both the header and the data packet are encrypted.

Two-factor authentication

A security method that requires two separate verification steps to log in.

Back to top

UI (User Interface)

The space where users interact with a software or system.

USB (Universal Serial Bus) stick

A portable device to store and transfer data.

Uniform Resource Locator (URL)

The address of a web page, typically starting with “HTTP://”.

Unpatched software

Software that hasn’t received the latest updates, making it vulnerable.

Unsecured network

A network without security measures, making it vulnerable to attacks.

Updates

New versions or fixes for software, often addressing vulnerabilities.

User

A person who uses or operates a computer or software.

User experience (UX)

How a user feels when interacting with a system or software.

Back to top

VPN (Virtual Private Network)

A secure connection to the internet that protects your data and privacy.

Validation

The process of ensuring data is accurate and meets specified criteria.

Vector

A path or method used by cybercriminals to deliver malicious software.

Verification

The process of confirming the authenticity or accuracy of something.

Virtual Local Area Network (VLAN)

A network grouping allowing devices to communicate as if they were on the same physical network.

Virtual Private Network (VPN)

A secure connection over the internet that provides privacy and data encryption.

Virtual reality (VR)

A simulated experience generated by computers, often immersive.

Virtualisation

The creation of virtual versions of devices or resources, like servers.

Virus

Malicious software that spreads to other programs or files.

Volatile media

Storage that loses its content when the power is turned off, like RAM.

Vulnerability

A weakness in software or systems that can be exploited.

Vulnerability assessment

Evaluation of risks associated with vulnerabilities in a system.

Vulnerability management

The process of identifying, evaluating, and addressing system vulnerabilities.

Back to top

WAN (Wide Area Network)

A network covering a broad area, like a city or country.

WPA (Wi-Fi Protected Access)

A security protocol for wireless networks.

WannaCry

A widespread ransomware attack that occurred in 2017.

Watering hole

A cyber-attack strategy where attackers target a specific group by infecting websites the group uses.

Web address

Another term for URL.

Web applications

Software programs that run-in web browsers.

Website defacement

An attack where an attacker alters the visual appearance of a website.

Whaling

A phishing attack specifically targeted at senior executives or influential individuals.

White hat

Ethical hackers who find security flaws to improve systems.

Whitelisting

Allowing only approved software or websites to be accessed.

Wi-Fi

Technology that allows devices to connect to the internet wirelessly.

Wi-Fi Protected Access 2 (WPA2)

A security protocol for wireless networks.

Wire fraud

Fraudulent activities using electronic communications.

Wireless

Communication without physical connections, typically using radio waves.

Wireless Access Point (WAP)

A device allowing wireless devices to connect to a wired network.

Wireless communications

Transmitting data without physical mediums like wires.

Wireless local area network (WLAN)

A network that connects devices wirelessly in a limited area.

Workstation

A powerful computer designed for technical tasks.

Worm

Malicious software that replicates itself across computers and networks.

Back to top

X11 Forwarding

A mechanism for transmitting X11 (graphical user interface) applications over remote connections.

XML (Extensible Markup Language)

A language for storing and transporting data.

Back to top

Zero-day exploit

An attack targeting a vulnerability before the software creator releases a fix.

Back to top

eSafety Commissioner

An official responsible for promoting online safety. Specific to some regions.

eXtensible Markup Language (XML)

A language used to store and transport data.

mSATA

A type of interface for connecting SSDs in computers.

Back to top