| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |


A set of straightforward definitions of common cyber security terms​


Adware (advertisement-supported software)

Malware that hides on your device and shows you advertisements. Some adware also monitors your behaviour online so it can target you with specific ads.


Software that is designed to detect, stop and remove viruses and other kinds of malicious software.


Short for Application, typically refers to a software program for a smartphone or tablet.


Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome.


The process of verifying the identity or other attributes of a user, process, or device.



A list of entities (users, devices) that are either blocked, denied privileges, or access.


A computer connected to the Internet that has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.


A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.


An incident in which data, computer systems, or networks are accessed or affected in a non-authorised way.

bring your own device (BYOD)

An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.



A software application that presents information and services from the web.

Brute force attack

Using a computational power to automatically enter a huge number of combinations of values, usually in order to discover passwords and gain access.


A relatively minor defect or flaw in an information system or device.



A form of digital identity for a computer, user, or organisation to allow the authentication and secure exchange of information.


Where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform, or software services.



A user's authentication information used to verify identity - typically one, or more, of passwords, tokens, certificates.


Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is a software vulnerability usually found in Web applications that allows online criminals to inject client-side script into pages that other users view.


A form of malware that hides on your device and steals its computing resources in order to mine for valuable online currencies like Bitcoin.


Cyber attack

Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.


Cyber essentials

A UK Government-backed self-assessment certification that helps you protect against cyber-attacks while also demonstrating to others that your organisation is taking measures against cybercrime.


Cyber incident

A breach of the security rules for a system or service - most commonly;

  • Attempts to gain unauthorised access to a system and/or to data.

  • Unauthorised use of systems for the processing or storing of data.

  • Changes to a systems firmware, software, or hardware without the system owner's consent.

  • Malicious disruption and/or denial of service.


Cyber security

The protection of devices, services, and networks — and the information on them — from theft or damage.


Data at rest

Describes data in persistent storage such as hard disks, removable media, or backups.

Data breach

Describes a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Denial of service (DoS)

When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

Deny list

An access control mechanism that blocks named entities from communicating with a computer, site, or network. Can also be known as 'blacklisting' across the industry.

Dictionary attack

A type of brute force attack in which the attacker uses known dictionary words, phrases, or common passwords as their guesses.

Digital footprint

A 'footprint' of digital information that a user's online activity leaves behind.

Download attack

The unintentional installation of malicious software or virus onto a device without the users knowledge or consent. May also be known as a drive-by download.



A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

End-user device (EUD)

Collective term to describe modern smartphones, laptops, and tablets that connect to an organisation's network.

Ethical hacking

The use of hacking techniques for legitimate purposes – i.e. to identify and test cyber security vulnerabilities. The actors in this instance are sometimes referred to as ‘white hat hackers'.


The transfer of information from a system without consent.


May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences.



Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network.




General Data Protection Regulations. European legislation designed to prevent the misuse of data by giving individuals greater control over how their personal information is used online.



In mainstream use as being someone with some computer skills who uses them to break into computers, systems, and networks.

Honeypot (honeynet)

Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.




A breach of the security rules for a system or service, such as:

  • attempts to gain unauthorised access to a system and/or data

  • unauthorised use of systems for the processing or storing of data

  • changes to a systems firmware, software, or hardware without the system owners consent

  • malicious disruption and/or denial of service

Incident response plan

A predetermined plan of action to be undertaken in the event of a cyber incident.

Insider threats

The potential for damage to be done maliciously or inadvertently by a legitimate user with privileged access to systems, networks or data.

Internet of things (IoT)

Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges, and televisions.



The removal of a device’s security restrictions, with the intention of installing unofficial apps and making modifications to the system. Typically applied to a mobile phone.



A type of software or hardware that tracks keystrokes and keyboard events to monitor user activity.


Logic bomb

A piece of code that carries a set of secret instructions. It is inserted into a system and triggered by a particular action. The code typically performs a malicious action, such as deleting files.




A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

Macro virus

A type of malicious code that uses the macro programming capabilities of a document’s application to carry out misdeeds, replicate itself, and spread throughout a system.

Malicious code

Program code designed for evil. Intended to hurt the confidentiality, integrity, or availability of an information system.


Using online advertising as a delivery method for malware.


Malicious software - a term that includes viruses, trojans, worms, or any code or content that could have an adverse impact on organisations or individuals.

Man-in-the-middle Attack (MitM)

Cyber criminals interpose themselves between the victim and the website the victim is trying to reach, either to harvest the information being transmitted or alter it. Sometimes abbreviated as MITM, MIM, MiM, or MITMA.


Steps that organisations and individuals can take to minimise and address risks.


National Cyber Security Centre (NCSC)

Part of GCHQ. A UK government organisation set up to help protect critical services from cyber attacks.



Two or more computers linked in order to share resources.



Software that has its code listed as free to use, share, and modify.


Patching/Patch management

Applying updates to firmware or software to improve security and/or enhance functionality.



The element of the malware that performs the malicious action – the cyber security equivalent of the explosive charge of a missile. Usually spoken of in terms of the damage wreaked.



Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.



An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.



A cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.



The basic hardware (device) and software (operating system) on which applications can be run.


Proxy server

A go-between a computer and the internet used to enhance cyber security by preventing attackers from accessing a computer or private network directly.




Malicious software that makes data or systems unusable until the victim makes a payment.


Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

Remote Access Trojan (RAT)

Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.


A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.


A network device that sends data packets from one network to another based on the destination address. May also be called a gateway.



Using electronic or physical destruction methods to securely erase or remove data from memory.

Security policy

A rule or set of rules that govern the acceptable use of an organisation’s information and services to a level of acceptable risk and
the means for protecting the organisation’s information assets.


Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.

Social engineering

Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker.

Software as a service (SaaS)

Describes a business model where consumers access centrally hosted software applications over the Internet.


A more targeted form of phishing, where the email is designed to look like it's from a person the recipient knows and/or trusts.


Faking the sending address of a transmission to gain unauthorised entry into a secure system.


Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware, and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information, and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyber attacks.

SQL injection

This is a tactic that uses code injection to attack applications that are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.



Threat assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.



A type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer.


Two-factor authentication (2FA)

The use of two different components to verify a user's claimed identity. Also known as multi-factor authentication.



Unauthorised access

Any access that violates the stated security policy


Virtual Private Network (VPN)

An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.



Programs that can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.



A weakness, or flaw, in software, a system, or a process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.


Water-holing (watering hole attack)

Setting up a fake website (or compromising a real one) in order to exploit visiting users.



Highly targeted phishing attacks (masquerading as a legitimate email) are aimed at senior executives.



A list of entities that are considered trustworthy and are granted access or privileges.



A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.





Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.