Terms often used in discussions of cyber security are briefly defined. Your corrections, suggestions, and recommendations for additional entries are welcome:

Access controlControlling who has access to a computer or online service and the information it stores.
AssetSomething of value to a person, business or organization.
AuthenticationThe process to verify that someone is who they claim to be when they try to access a computer or online service.
Backing upTo make a copy of data stored on a computer or server to lessen the potential impact of failure or loss.
Bring your own device (BYOD)The authorised use of personally owned mobile devices such as smartphones or tablets in the workplace.
BroadbandHigh-speed data transmission system where the communications circuit is shared between multiple users.
Business continuity managementPreparing for and maintaining continued business operations following disruption or crisis.
CertificationDeclaration that specified requirements have been met.
Certification bodyAn independent organization that provides certification services.
ChargebackA payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier’s account is then debited with the disputed amount.
Cloud computingDelivery of storage or computing services from remote servers online (ie via the internet).
Common textA structure and series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised.
Data serverA computer or program that provides other computers with access to shared files over a network.
Declaration of conformityConfirmation issued by the supplier of a product that specified requirements have been met.
DMZSegment of a network where servers accessed by less trusted users are isolated. The name is derived from the term “demilitarised zone”.
EncryptionThe transformation of data to hide its information content.
EthernetCommunications architecture for wired local area networks based uponIEEE 802.3 standards.
FirewallHardware or software designed to prevent unauthorised access to a computer or network from another computer or network.
Gap analysisThe comparison of actual performance against expected or required performance.
HackerSomeone who violates computer security for malicious reasons, kudos or personal gain.
Hard diskThe permanent storage medium within a computer used to store programs and data. 
IdentificationThe process of recognising a particular user of a computer or online service.
Infrastructure-as-a-service (IaaS)Provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (ie via the internet).
Inspection certificateA declaration issued by an interested party that specified requirements have been met.
Instant messagingChat conversations between two or more people via typing on computers or portable devices.
Internet service provider (ISP)Company that provides access to the internet and related services.
Intrusion detection system (IDS)Program or device used to detect that an attacker is or has attempted unauthorised access to computer resources.
Intrusion prevention system (IPS)Intrusion detection system that also blocks unauthorized access when detected.
‘Just in time’ manufacturingManufacturing to meet an immediate requirement, not in surplus or in advance of need.
Keyboard loggerA virus or physical device that logs keystrokes to secretly capture private information such as passwords or credit card details.
Leased circuitCommunications link between two locations used exclusively by one organization. In modern communications, dedicated bandwidth on a shared link is reserved for that user.
Local area network (LAN)Communications network linking multiple computers within a defined location such as an office building.
Macro virusMalware (ie malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data.
MalwareSoftware intended to infiltrate and damage or disable computers. Shortened form of malicious software.
Management systemA set of processes used by an organization to meet policies and objectives for that organization.
Network firewallDevice that controls traffic to and from a network.
OutsourcingObtaining services by using someone else’s resources.
Passing offMaking false representations that goods or services are those of another business.
PasswordA secret series of characters used to authenticate a person’s identity.
Personal firewallSoftware running on a PC that controls network traffic to and from that computer.
Personal informationPersonal data relating to an identifiable living individual.
PhishingMethod used by criminals to try to obtain financial or other confidential information (including user names and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization (often a bank). The email usually contains a link to a fake website that looks authentic.
Platform-as-a-service (PaaS)The provision of remote infrastructure allows the development and deployment of new software applications over the Internet.
Portable deviceA small, easily transportable computing device such as a smartphone, laptop, or tablet computer.
Proxy serverServer that acts as an intermediary between users and other servers, validating user requests.
RestoreThe recovery of data following computer failure or loss.
RiskSomething that could cause an organization not to meet one of its objectives.
Risk assessmentThe process of identifying, analyzing, and evaluating risk.
RouterDevice that directs messages within or between networks.
Screen scraperA virus or physical device that logs information sent to a visual display to capture private or personal information.
Security controlSomething that modifies or reduces one or more security risks.
Security information and event management (SIEM) Process in which network information is aggregated, sorted, and correlated to detect suspicious activities.
Security perimeterA well-defined boundary within which security controls are enforced.
ServerA computer that provides data or services to other computers over a network.
SmartphoneA mobile phone built on a mobile computing platform that offers more advanced computing ability and connectivity than a standard mobile phone.
Software-as-a-service (SaaS)The delivery of software applications remotely by a provider over the internet; perhaps through a web interface.
SpywareMalware that passes information about a computer user’s activities to an external party.
Supply chainA set of organizations with linked resources and processes involved in the production of a product.
TabletAn ultra-portable, touchscreen computer that shares much of the functionality and operating system of smartphones, but generally has greater computing power.
ThreatSomething that could cause harm to a system or organization.
Threat actorA person who performs a cyber attack or causes an accident.
Two-factor authenticationObtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.
UsernameThe short name, usually meaningful in some way, is associated with a particular computer user.
User accountThe record of a user is kept by a computer to control their access to files and programs.
Virtual private network (VPN) Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.
VirusMalware is loaded onto a computer and then run without the user’s knowledge or knowledge of its full effects.
Vulnerability A flaw or weakness that can be used to attack a system or organization.
Wide area network (WAN)Communications network linking computers or local area networks across different locations.
Wi-FiWireless local area network based upon IEEE 802.11 standards.
WormMalware that replicates itself so it can spread to infiltrate other computers.

By Satish Venkannagari

Satish Reddy V is a Cyber Security Engineer at a reputed MNC and blogs at CyberSecurityO.com. I am passionate about Cyber Security, Blogging, and Digital Marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *