Cyber Security Glossary

It’s easy to lose track of what means what with so many terms, acronyms, organisations and more in the world of cyber security. That’s why we provide this accessible list to help define key terms for you. If you can't find a term or acronym on this list, please make a suggestion for us to define. Furthermore, if you have any queries regarding a term we've defined in this compiled list, or want to know more, please do not hesitate to contact us.


Access enabler – Anything that may provide potential attacker(s) any access to your data or systems, for example passwords, key cards, keys, login credentials.

Adware – Or advertising-supported software, is any software package that automatically renders advertisements in order to generate revenue for its author(s).

Application – Computer Programs that are designed to provide a solution to end users. Applications include websites, software and computer-based systems. The term 'application' and 'applications' are often abbreviated to ‘app’ and 'apps' respectively.

Attachment – Electronic/digital files that can be attached to emails, such as spreadsheets, presentations, images, documents and folders.

Backup – The copying and archiving of computer data to an external drive or cloud system so that it can be restored should the data get lost or damaged.

Black hat – A type of hacking means of those who use unethical means to expose and exploit vulnerabilities of a system for personal gain. Black hat methods are often used to find Zero Day exploits.

Browser – Or a ‘web browser’, is a software system for accessing information on the Internet, or the World Wide Web. Common browsers include Mozilla Firefox, Internet Explorer, and Google Chrome.

Brute Force – A trial and error method of attack, used by automated applications which physically attempt to break encryption codes, rather than using manual methods.

BYOD – Acronym: Bring Your Own Device. This is a company scheme whereby employees are allowed to use hardware belonging to them, such as smartphones, laptops and tablets, to conduct work processes and to access company data and information.

CCIE - Acronym: The Cisco Certified Internetwork Expert (CCIE) certification is accepted worldwide as the most prestigious networking certification in the industry. Network Engineers holding an active Cisco CCIE certification are recognized for their expert network engineering skills and mastery of Cisco products and solutions. For further details, please see our page of information on CCIE.

CE – Acronym: Cyber Essentials, the UK government-backed, industry-supported cyber security certification which can be required for business deals with government contracts, and for proving a minimum level of cyber hygiene.

CE+ – Acronym: Cyber Essentials Plus, a more in-depth certification of the government-backed, industry-supported Cyber Essentials scheme for cyber hygiene which offers a more rigorous analysis of your workplace(s) state of security, which can mitigate your cyber risk and demonstrate your cyber security to a demonstrable level.

CEH – Acronym: Certified Ethical Hacker. This is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker. A certified ethical hacker will apply ‘white hat’ techniques to penetrate networks and applications to highlight vulnerabilities which could potentially lead to harmful threats, looking to patch them up and improve security for the business. For further details, please see our page of information on CEHs.

CiSP – Acronym: Cyber-security Information Sharing Partnership; this is an initiative between industry and government, for real-time secure exchanges of cyber threat information.

CISSP – Acronym: Certified Information Systems Security Professional, an accreditation which endorses the skills of an individual who has demonstrated a superior knowledge of information system security. CISSP is an internationally recognised standard of achievement, crediting the user with evidence of improving the security of business environments. For more information on the CISSP standard, please see our page of information here.

Cloud computing – The practice of using a network of remote servers hosted on the Internet to store, manage and process data, rather than on a physical local server or on a personal computer.

Cloud storage – A model of data storage in which the digital data is stored on multiple servers and in multiple locations whereby the cloud providers are responsible for keeping the data available, accessible and secure. Common service providers include Amazon, Apple, Box and Google Drive.

CPNI – Acronym: Campaign for the Protection of National Infrastructure; a national authority for safer cyberspace from the UK Government providing physical and personal advice. The CPNI works alongside the NCSC, and more information can be found on the CPNI's official site at:

Cryptography – Translating from the Latin of Crypto (secret) and graphy (writing) as ‘secret code’, this is the protection of information by transforming it into an unreadable format. Only those whom possess the secret key can decipher or ‘decrypt’ the message into plain text, readable and understandable by people.

Data Protection Bill – The UK Government's legislation, repealing the Data Protection Act 1998, in May 2018. This legislation incorporates the European Union's GDPR.

Decrypt – Deciphering, or decoding an encrypted piece of communication. To decrypt something, the user will require a key or program to safely decrypt the email, message or file.

DoS – Acronym: Denial of Service. An attack whose intention is to make the resource (website, network, application, or an entire system) unavailable to its users, often resulting in the loss of business.

DDoS – Acronym: Distributed Denial of Service. A type of Denial of Service (DoS) attack where multiple compromised systems (usually infected with a Trojan) are used to target a single system causing a DoS attack.

Device – Items of computerised technology used by an individual. Common devices are smartphones, tablets, laptops personal digital assistants (PDAs), personal computers, and personal computers (PCs).

Dictionary word – A common, or obvious word found in the regular dictionary. Encouraged not to be used when creating strong password as they can be easily guessed or broken. Examples – hello, sunshine, shadow, password.

DPA – Acronym: Data Protection Act 1998. For the UK, this defines laws and processes for the sharing and protection of data of living persons. This act works alongside PECR, as the two overlap.

DPLED – Acronym: Data Protection Law Enforcement Directive. Part of the enforcement of the Data Protection Bill, the UK's Data Protection legislation which incorporates GDPR, as of May 2018.

Emoticon – A portrayal of an object or expression in an icon format available on smartphone operating systems, often used within text messages and social media posts.

Encryption – A way to enhance the security of a message or file by scrambling the contents so its contents can only be accessed by those with the right encryption key (or decryption method) to unscramble it.

FOI – Acronym: Freedom of Information; this is the UK’s system for requesting information which belongs in the public domain. Freedom of Information requests are made to the ICO.

GCHQ – Acronym: Government Communications Headquarters; this is the UK Government’s intelligence and security organisation tasked to protect the nation from national and international threats, including cybercrime.

GDPR – Acronym: General Data Protection Regulation, of the European Union, which adds further regulation of information shared, stored, handled and saved from May 25th 2018.

Grey hat hacking – A simulated attack/breach that combines white hat and black hat methods: using unethical methodology but not for personal gain – either revealing findings to the owners of the system in question, or to the public to increase cyber security awareness.

Hacking – Gaining unauthorised access to data in a system, network or computer.

HTTPS – A protocol for secure communication over the Internet. HTTPS should be found at the beginning of any address in your browser’s address/URL bar when using websites where security is expected. Locations which should have a web address/URL beginning with https:// include online banking, e-commerce sites, secure login areas and any services handling confidential information. Acronym: HTTPS stands for Hypertext Transfer Protocol Secure.

Human Error – Unintentional behaviour involving mistakes, carried out by humans, which often cause issues. This term is often used when describing cyber breaches that have come about due to a mistake made by an employee/employees.

Information Classification – The process of assigning an appropriate level of classification to an information asset (media containing information such as email, paper document, electronic file, folder) to ensure it receives an adequate level of protection when transmitting, receiving, handling or storing.

Information Security – The practice of defending information from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The term is generic regardless of the form the data or information may take.

ISO -  Acronym: International Organization for Standardization, the body associated with international management standards.

Jailbreaking – The process of removing software restrictions imposed by operating systems such as Apple’s iOS and Google’s Android, to allow the user to access a wider range of applications and/or system functionalities that are regulated under usual configurations. This is considered to be a minor hacking technique, and can create security vulnerabilities on ‘Jailbroken’ devices.

Key logging - Using a type of surveillance software to record the keystrokes made by a computer user. The software can be installed through a piece of hardware plugged into a computer or downloaded via a phishing link. The software has the capability to record instant messages, e-mail and any other information typed using a keyboard.

Link – The address/URL of a website. They can be copied and inserted into emails, documents, webpages and other digital media. Providing the user has internet access, entering a link into a web browser, or clicking a link (clickable links, which are often highlighted in another colour and/or bold, are referred to as hyperlinks) will load the website that the user has requested to access.

Malicious software – Also known as Malware, is any software designed to give partial-to-full control of a device, to allow the sender(s) or creator(s) of this software to exploit and control your device. Malware comes in the form of viruses, worms, Trojans, adware, spyware, ransomware and rootkits.

Mapped drive – A shortcut to a shared folder on a computer or network which the user can access without searching for it or typing its network address each time.

MoD – Acronym: Ministry of Defence – the government’s department for national and international defence issues.

NCSC – Acronym: National Cyber Security Centre, one of the UK Government’s two cyber security centres making up GCHQ.

Patch – A piece of software designed to update a computer program or its supporting data. Patches include updates to fix security vulnerabilities, glitches and bugs, along with improving the usability/ performance of the application.

PC – Acronym: Personal Computer. A typically home-use and/or not-for-work use device capable of computing.

PDA – Acronym:Personal Digital Assistant. A mobile device which can be used for the processing of information.

PECR – Acronym: Privacy and Electronic Communications Regulations define some of the privacy rights belonging to persons, working alongside the DPA, but for electronic communications.

Phishing – The attempt to acquire sensitive information such as usernames, passwords, and payment card details (and sometimes, indirectly, money), often for malicious reasons. This can be done by masquerading as a trustworthy organisation or individual in an electronic communication such as an email or instant message.

Plain text – Characters that are not formatted, not written in code and/or without computational tags of any kind. This form of data can usually be read by any kind of device, and is therefore a universal sending method for communication. Sensitive information, such as passwords, should not be stored or shared in this form as it is insecure and could allow unauthorised access to sensitive data if intercepted or accessed.

PSD - Acronym: Portable Storage Device. This is a small, transportable drive designed to hold any kind of digital data. PSDs can come in the form of removable hard drives, USB sticks and memory cards.

Pretexting – A form of social engineering which involves creating an invented scenario to encourage a target victim to divulge personal/confidential information, or perform actions, that would be unlikely in ordinary circumstances.

Proprietary information – Data that an organisation wishes to keep confidential and therefore should be treated as such. This can include trade secrets, formulas, work processes and methodology.

Quid Pro Quo - Offering something to receive something back in return, such as offering a free pen in return for some personal details.

Ransomware - A type of malware that prevents or limits users from accessing their system by encrypting its data with a key or process only known to the creator(s)/distributor(s). This type of malware attempts to force its victims to pay a ransom through certain online payment methods, in order to grant access to their systems or to get their data back. Payments for the ransoms are often demanded in online cryptocurrencies, unregulated currencies which provide attackers with a greater chance that payments made to them will be successful and not monitored by governments or law enforcement.

Remote working – The practice of employees fulfilling their job role(s) at another location other than a traditional office, such as working from home. This location is often somewhere other than one of their organisation’s registered addresses. Please ee also our definition of Teleworking.

Rootkit – A type of malicious software (malware) that is activated each time your system boots up. They are designed to enable access to a computer or areas of installed software that would not otherwise be allowed. They are often undetected, and planted prior to an intruder using it, to enable use at a later date.

Sabotage – Deliberate seizure or destruction of information or systems with the intention to cause damage.

Social Engineering – A non-technical method of intrusion which hackers use that rely heavily on human interaction, and often involves tricking people into breaking normal security procedures. Those who perform these actions are known as Social Engineers.

Storage medium – Any technology used to store, handle and retrieve data. Types of storage mediums include CDs, DVDs, USBs, hard drives, and storage cards.

Spyware - Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Spyware is mostly used for the purposes of tracking and storing Internet users' behaviour on the Web and serving up pop-up ads based on this activity.

Tailgating – The process of an attacker attempting to gain entry to a secure, restricted area by seeking out unattended access. This can be done by them deviating from guided/supervised access, or following employees with access privilege into areas that the attacker would not normally have access to.

Teleworking - The practice of working from home, making use of telephony, along with the Internet and/or email.

Trojan Horse – A type of malware in which malicious or harmful code is contained inside seemingly harmless programming or data in such a way that it can get control/access and do its chosen form of damage, such as ruining the file allocation table on your hard disk. These are commonly referred to as “Trojans”.

URL – Acronym: Uniform Resource Locator. This is often more-commonly known as a web address. Most web browsers display the URL of the web page in their address bar.

USB – Acronym: Universal Serial Bus. A type of connection commonly used to connect electronic devices to a computer or computing device. This is often to facilitate transference of data to/from the computer, using the USB device. A USB flash drive is a type of data storage medium that can be transferred between machines that have a USB port that the device can be inserted into.

Virus – A computer program or piece of code that is loaded onto your computer without your knowledge and runs without your consent. A virus attaches itself to an existing program and can infect other machines. Viruses can be very dangerous, even causing irreparable damage to your computer or network, or entire system.

VPN – Acronym: Virtual Private Network. A technology that extends your company's secure network to your own computer so that all information you transfer to and from work follows a secured encrypted path, running from your device to your company.

White hat – a term used for hacking methods and individuals who use ethical means to improve the security of a system. One example of this is a Certified Ethical Hacker (please see the definition for CEH).

WiFi – A trademarked term of a popular wireless networking technology that uses radio waves to provide high-speed Internet and network connections. The name is often thought to be an abbreviation of "Wireless Fidelity", however, this is a misconception.

Worm – Malware that replicates itself in order to spread to other computers, often via a network, relying on security failures on the target computer to access it. Worms differ to viruses as they do not need to attach themselves to an existing program or file.

Zero Day – An attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of this vulnerability.





Suggestions - noticed something that's not defined or explained here?

If you have noticed any important terms, acronyms or phrases that aren't yet in this glossary, please let us know by emailing us or letting us know on Social Media via our Twitter, @XyoneSecurity.