200+ cybersecurity terms defined — from zero-day exploits to zero trust architecture. The essential reference for security professionals.
A sophisticated, long-term cyberattack in which an intruder gains unauthorised access to a network and remains undetected for an extended period. APTs are typically nation-state or organised crime operations targeting high-value organisations.
The process of verifying the identity of a user, device, or system. Modern authentication methods include multi-factor authentication (MFA), biometrics, and hardware security keys.
The total sum of all potential entry points (vulnerabilities, interfaces, and data pathways) that an attacker could exploit to gain unauthorised access to a system or network.
The internal cybersecurity team responsible for defending an organisation's systems against attacks. Blue teams monitor for threats, implement security controls, and respond to incidents.
A network of internet-connected devices infected with malware and controlled remotely by a threat actor, typically used for DDoS attacks, spam campaigns, or credential stuffing.
A standardised list of publicly disclosed cybersecurity vulnerabilities. Each CVE entry has a unique identifier (e.g., CVE-2024-12345), description, and severity score (CVSS).
A model developed by Lockheed Martin describing the stages of a cyberattack: Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, C2 (Command and Control), and Actions on Objectives.
Tools and processes that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks across AWS, Azure, GCP, and multi-cloud environments.
An attack that overwhelms a target server, network, or service with traffic from multiple sources, rendering it unavailable to legitimate users. Mitigation solutions include CDNs, rate limiting, and traffic scrubbing.
Domain-based Message Authentication, Reporting and Conformance — an email authentication protocol that builds on SPF and DKIM to prevent email spoofing and phishing attacks.
Security technology that continuously monitors and records endpoint activities, using behavioural analysis and threat intelligence to detect, investigate, and respond to advanced threats in real time.
The process of converting data into an unreadable format using cryptographic algorithms. Only parties with the correct decryption key can access the original data. TLS, AES-256, and RSA are common encryption standards.
A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Modern next-generation firewalls (NGFW) include application awareness and intrusion prevention.
The process of collecting, analysing, and preserving digital evidence from computers, networks, and mobile devices for use in security investigations and legal proceedings.
A framework of policies and technologies ensuring that the right people have appropriate access to technology resources. IAM includes user provisioning, SSO, MFA, and privileged access management (PAM).
Security tools that monitor network and system activity for malicious behaviour. IDS alerts on suspicious activity; IPS actively blocks detected threats in real time.
An organised approach to addressing and managing the aftermath of a security breach or cyberattack. A formal IR plan minimises damage, reduces recovery time, and prevents recurrence.
Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems. Categories include viruses, trojans, ransomware, spyware, worms, and rootkits.
An authentication method requiring users to provide two or more verification factors — typically something they know (password), something they have (hardware token), and something they are (biometric).
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Used as a foundation for threat intelligence, detection, and response strategies.
A simulated cyberattack against a computer system, network, or application to identify exploitable vulnerabilities before malicious actors can find them. Conducted by ethical hackers (pen testers).
A social engineering attack that deceives victims into revealing sensitive information (credentials, financial data) or installing malware by impersonating a trusted entity via email, SMS, or voice.
Any information that can be used to identify a specific individual, including name, address, email, passport number, biometrics, or combinations of data that together identify a person.
Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Double-extortion variants also threaten to publish stolen data if ransom is not paid.
A group of security professionals who simulate real-world attacks against an organisation's defences to identify vulnerabilities that automated scanning and blue teams might miss.
The process of identifying, analysing, and evaluating cybersecurity risks to determine their potential impact and likelihood, enabling prioritised remediation and resource allocation.
A platform that aggregates, correlates, and analyses log data from across an IT environment to detect threats, support compliance reporting, and enable security investigations.
A dedicated facility and team responsible for 24/7 monitoring, detection, investigation, and response to cybersecurity incidents across an organisation's infrastructure.
An attack that targets less-secure elements in the supply chain (third-party vendors, software libraries, hardware components) to compromise the ultimate target organisation.
Evidence-based knowledge about existing or emerging threats — including context, mechanisms, indicators of compromise (IoCs), and actionable recommendations — used to inform security decisions.
A cryptographic protocol that provides encrypted communications over a computer network. TLS 1.3 is the current standard, superseding the deprecated SSL protocol.
The ongoing practice of identifying, classifying, prioritising, remediating, and mitigating security vulnerabilities in software, hardware, and network infrastructure.
A technology that creates an encrypted tunnel between a user's device and a network server, masking IP addresses and protecting data in transit. Enterprise VPNs are increasingly being replaced by zero trust network access (ZTNA).
A software security flaw unknown to the vendor and for which no patch exists. Zero-day exploits are highly valuable to threat actors as defences against them are not yet available.
A security model based on the principle 'never trust, always verify' — requiring continuous verification of every user, device, and network request, regardless of whether they are inside or outside the network perimeter.