📖 Cybersecurity terminology glossary

Foundational concepts

CIA triad

The three pillars of security: Confidentiality (keeping secrets), Integrity (accurate data), Availability (systems accessible when needed).

Attack surface

All the points where an attacker could try to enter or extract data from your environment.

Threat

A potential cause of an unwanted incident. Could be a person, event, or circumstance.

Vulnerability

A weakness that can be exploited by a threat. A bug in software, a misconfiguration, a gap in training.

Risk

The potential for loss when a threat exploits a vulnerability. Typically measured as likelihood × impact.

Control

A safeguard or countermeasure that reduces risk. Can be preventive, detective, or corrective.

Zero Trust

Security model that assumes no user or system is trusted by default, requiring verification for every access request.

Attack types

Phishing

Social engineering attack using deceptive emails, texts, or calls to trick people into revealing credentials or clicking malicious links.

Ransomware

Malware that encrypts data and demands payment for the decryption key. Modern variants also steal data.

Malware

Umbrella term for malicious software: viruses, worms, trojans, ransomware, spyware, etc.

DDoS (Distributed Denial of Service)

Attack that floods a system with traffic from multiple sources, making it unavailable.

SQL injection

Attack that inserts malicious SQL code into application queries to access or manipulate databases.

XSS (Cross-Site Scripting)

Attack that injects malicious scripts into web pages viewed by other users.

APT (Advanced Persistent Threat)

Sophisticated, long-term attack campaign, typically by nation-states, targeting specific organisations.

Supply chain attack

Attack targeting a supplier or vendor to reach the ultimate target through trusted relationships.

Defence terms

MFA (Multi-Factor Authentication)

Requiring multiple forms of verification (password + phone, for example) before granting access.

Encryption

Converting data into coded form that only authorised parties can read. At rest (stored) or in transit (moving).

Firewall

Network security device that monitors and controls incoming and outgoing traffic based on rules.

EDR (Endpoint Detection and Response)

Security software that monitors endpoints for threats and provides investigation and response capabilities.

SIEM (Security Information and Event Management)

Platform that collects and analyses security logs from across the environment to detect threats.

SOC (Security Operations Centre)

Team (and facility) responsible for monitoring, detecting, and responding to security incidents 24/7.

Patch

Software update that fixes vulnerabilities or bugs. Patching is a critical security practice.

Least privilege

Principle of giving users only the minimum access necessary for their job function.

Frameworks and standards

NIST CSF

NIST Cybersecurity Framework. Voluntary guidance organised around Identify, Protect, Detect, Respond, Recover.

ISO 27001

International standard for information security management systems. Certifiable.

CIS Controls

Prioritised set of security actions from the Centre for Internet Security. Practical and actionable.

MITRE ATT&CK

Knowledge base of adversary tactics and techniques based on real-world observations. Used for threat modelling.

CVE (Common Vulnerabilities and Exposures)

Standard identifier for publicly known vulnerabilities. “CVE-2024-12345” refers to a specific vuln.

CVSS (Common Vulnerability Scoring System)

Standardised method for rating the severity of vulnerabilities. Scores from 0.0 to 10.0.