1/8/25, 11:39 AM about:blank

Welcome! This alphabetized glossary contains many of the terms you’ll find within this course. This
comprehensive glossary also includes additional industry-recognized terms not used in course videos. These
terms are important for you to recognize when working in the industry, participating in user groups,
and participating in other certificate programs.

Terms Definitions

Access control prevents unauthorized viewing, modification, or copying of data. IT

Access control staff use access control to restrict what users can do, which resources they have
access to, and what functions they are allowed to perform. (See RBAC and ROLP.)

Bits of code that signify a user has successfully authenticated their identity. Hackers
get access tokens by sniffing network traffic between trusted entities. Once they find
Access tokens an access token, they can hijack the session and use the token to impersonate the
trusted entities. After that, the hacker can intercept and modify any information sent
or access private accounts as if they were the account holder. (See Replay attack.)

ActiveX Old online browser technology for downloading and embedding content on websites.

Small bits of code or software applied to browsers to enhance functionality and user
Add-ons experience. Add-ons have evolved over the years. Toolbars, plug-ins, and extensions
are all examples of browser add-ons.

Software coded into online ads that records your personal data, website visits, and
keystrokes to send you personalized ads. Adware can be legitimate or malicious.
Adware is often bundled with apps, it activates on install. Adware can collect data,
track online activity, or link out to malicious websites with viruses. It can also cause
Adware
sluggish system performance, crashes, changes to your browser’s home page, the
appearance of new extensions, toolbars, or software, and web pages not displaying
properly. Popup ads and the sudden appearance of unfamiliar apps are the most
common way to recognize adware.

Anti-replay
Network standards that stop hackers from re-using data (See IPsec.)
protection

Uses a public key and a private key. It takes longer than symmetric encryption
because it is more complex. It is used for smaller amounts of data. It is safe to widely
share the public key for encryption or decryption because only the secret key can
Asymmetric
undo the public key’s action. It’s used in Authentication, digital certificates, digital
encryption
signatures, and key exchange – where a symmetric encryption key is shared only to
specific recipients. Also called “Public Key Cryptography”. (See Symmetric
encryption.)

The act of confirming the identity of a user. Authentication involves two steps:
Authentication
entering the correct login information and confirming that it is really you.

about:blank 1/16
1/8/25, 11:39 AM about:blank

Ways to confirm a user’s identity. These include something you know, something you
Authentication
have, and something you are. Examples include the answer to a security question, a
factors
2FA security card, and a fingerprint scan.

Authentication
header protocol Protocol that authenticates the sender and both IP addresses (See IPsec.)
(AH protocol)

Authentication
Ways to log in to a system. These include SSO, 2FA, and MFA.
methods

Permission to access a location or do an action. Access control must be set up before

Authorization
authorization can be granted.

Computer feature that allows inserted drives and disks to run or play automatically.
Autorun Disabling autorun is recommended since it would allow an infected drive to install
malware automatically the moment it is inserted.

In social engineering, the use of a lure just like the bait or lure you'd use to catch a
Baiting
fish. Lures can be physical or logical. (See Social engineering.)

Basic Input Output Firmware that boots up Windows and Linux PCs, runs hardware checks, and starts the
System (BIOS) OS. (See Firmware.)

Basic Input Output

A security feature that requires a correct password in order to start a system’s OS.
System password
Also called ‘firmware password.” (See Firmware and BIOS.)
(BIOS password)

Body scan that can confirm whether a person physically accessed a device, network,
Biometrics
or area. (See Non-repudiation.)

Unwanted trial software, usually pre-loaded on new devices. Aging bloatware is soon
Bloatware
outdated and may have vulnerabilities.

A list of every page you've visited and for how long. Browser histories help you find
Browser history sites you visited, but they can also be used against you by family, hackers, or law
enforcement. Use browser settings to clear history.

List of recently visited web sites. Anyone with access to your device can see what
sites you visited. Attackers use browsing history to learn where they might
Browsing history
impersonate their victims, and companies use it to see which sites you go to on your
work computer. (See Digital accounting.)

A type of password cracking attack where hackers submit as many passwords as

Brute force attacks
possible, hoping one will work.

Common type of DoS attack that sends a website more Internet traffic than it can
Buffer overflow
handle.

Storage area that holds downloaded web pages you’ve visited. Cached pages load
immediately. If a page has changed since the last cache, it is downloaded, displayed,
Cache
and cached again. Over time, very large caches cause sluggish performance. Use
browser settings to clear the cache, set disk space limits, and set expiration dates.

about:blank 2/16
1/8/25, 11:39 AM about:blank

A trusted organization that issues digital certificates. The major CAs are Apple,
Certificate Microsoft, Mozilla, and Google. Which CA your device uses depends on the
authority (CA) operating system it’s running. Also called ‘Root certificate store’. (See Digital
certificate, SSL certificates, and HTTPS websites.)

Confidentiality, integrity, and availability. Confidentiality means that data is protected

from unauthorized access. Integrity means that data is protected from unauthorized
CIA Triad
changes. And availability means that you have access to your data whenever you need
it.

Cipher An algorithm that is used to scramble plain text, so it is secure.

Ciphertext Plain text that is encrypted, which makes it unreadable.

Company Any information that is used to run a company, like intellectual property, product
Confidential designs, procedures, plans, employee records, and financial data. (See Confidential
Information information.)

Information that must be kept secret. Employees are trained to recognize and deal
with confidential information so that it remains secure. Companies rank information
Confidential and files by how sensitive each one is. Each company ranks their information
information differently, but there are four main types of confidential information that should be
universally protected: PII, Company Confidential information, Customer Confidential
Information, and PHI.

Text files with small pieces of data. When you visit a site, the server creates a cookie
and saves it on your browser to track you. Cookies let websites remember your
logins, shopping carts, and more. This creates an easier, more personalized online
Cookies experience. Cookies can also be used to ban you from a website if you've violated any
of its conditions for use. Most cookies are safe, but some are designed to track
without consent. Even legitimate cookies can be harmful if you get hacked. (See
Digital accounting.)

Cookies, Authentication cookies save logins, usernames, and passwords, so you don’t have to
authentication remember them.

Session cookies are used only for one session. They are stored in RAM and are
Cookies, session
automatically deleted when the browsing session ends.

Cookies, third- Third-party cookies are from sites you are not on. These track you across the web.
party Ads can generate cookies, even if you never click on them.

Zombie cookies are third-party cookies that don’t follow normal cookie protocols.
They can store their code directly on your device to recreate themselves even after
Cookies, zombie
deletion. They are extremely difficult to remove. Websites may also use zombie
cookies to ban specific users.

A short string of numbers and letters created by running a password or file through an
algorithm. A single password and a full library will have different cryptographic
hashes, but each hash will have the same number of characters. If any data is altered
Cryptographic hash or removed from a password or file, its cryptographic hash will be different. When
you create a password, it’s converted into a cryptographic hash. On your next log in,
it’s converted again. If the stored hash and the new hash match, the system lets you in.
Cryptographic hashes save space, authenticate data, and keep information secure.
about:blank 3/16
1/8/25, 11:39 AM about:blank

Customer Information customers or partners provide to companies, which includes PII and also
Confidential things like purchase histories, and credit card information. (See Confidential
Information information.)

Raw values and facts are usually collected by automated systems. For example, page
Data
visits, link clicks, and monthly sales. (See Information, Insights, and Data analytics.)

The processing of raw data, like values or facts to create meaningful information.
Data analytics
(See Information, Insights, and Data.)

Data that resides on a storage device. The files aren't open or being transmitted
anywhere. Data at rest can be encrypted at the file level, storage device level, and
Data at rest cloud level. Encryption at the file level lets you encrypt all your files on a storage
device or just a select few. Data at rest is less vulnerable than data in motion, but it’s
not immune from attacks.

Data availability means that authorized users have immediate and reliable access to
their data. This includes granting access to authorized users with passwords and
security questions. Data availability can be compromised by hardware failures,
unscheduled software downtime, network bandwidth issues, cyberattacks and
Data availability
sabotage. To protect against these threats, systems that require high availability
(99.999% uptime) have network monitoring, redundant systems, and backup servers
ready to take over. If the primary system is compromised, business continuity and
customer access can be maintained.

Data breaches are when a data leak is caused intentionally by a cybercriminal. These
Data breaches occur when social engineering or phishing attacks trick employees into leaking
sensitive credentials or information.

The collection of data from multiple sources and the secure storage of it in relational
databases, or more commonly, semi-structured data warehouses. Data may be
Data capture captured by server logs showing where customers browse, IoT sensors in home
appliances and business technology, or customer and employee surveys or rating
systems. (See Data correlation and Meaningful reporting.)

The control of data access and the use of security tools like encryption and
multifactor authentication (MFA) to keep data secure. Data confidentiality prevents
identity theft, compromised accounts and systems, legal concerns, damage to
Data confidentiality reputation, and other severe consequences. To determine if data should be
confidential, ask: Who is authorized? Do confidentiality regulations apply? Are there
conditions for when data can be accessed? What would the impact of disclosure be? Is
the data valuable?

When raw data points are analyzed to find connections or links. For example, Netflix
uses tools that compare searches, views, and ratings so they can predict which movies
Data correlation
and shows will be successful on their platform. AI and machine learning algorithms
automate parts of the analysis. (See Data capture and Meaningful reporting.)

Data dumps are when cybercriminals dump stolen data onto the dark web for
monetary gain. A data dump might include PII, PHI, bank account numbers, PINs,
Data dumps
social security numbers, and more. Other cybercriminals buy and use data dumps for
things like identity theft and password attacks.

about:blank 4/16
1/8/25, 11:39 AM about:blank

Data that is actively moving between two devices – meaning two computers, a mobile
device and a mail server, or your computer and your bank's online website. Data in
Data in motion
motion is especially at risk for interception attacks like man-in-the-middle. Also
called data in transit.

Data in transit (See data in motion.)

The collection of actions and fail safes that protect data. Data integrity guarantees that
data is accurate, complete, and consistent. It covers data in storage, during processing,
Data integrity and in transit. The two main types of data integrity are physical and logical. Without
data integrity, loss, corruption, or compromise can cause significant damage and
financial loss for both businesses and customers.

Logical data integrity are the checks and protocols that protect data from human error
Data integrity
and hackers. These confirm that data is correct and accurate as it’s used in different
(logical)
ways within an organization.

Data integrity Physical data integrity is the collection of actions and fail safes that protect the
(physical) physical systems that store and process the data.

The accidental exposure of confidential or sensitive data through a security

Data leaks
vulnerability.

Data-driven
Business decisions based on data capture, data correlation, and meaningful reporting.
business decisions

DoS attack made with a large collection of compromised, malware-infected

Distributed denial
computers known as a botnet. It's harder to identify a DDoS attack’s origin, which
of service attack
makes it harder to shut down. And DDoS attacks are far more devastating than DoS
(DDoS attack)
attacks since hundreds or thousands of computers are used instead of just one.

Decryption key (See Encryption key.)

The default login information that comes with new hardware or software. These are
essential to tech support, software installation, and device configuration. They have
Default usernames
admin-level privileges and hide who’s using them, as they aren’t associated with any
and passwords
registered users. Hackers use them to break into apps, devices, OSes, databases, and
BIOS since they are easily found online in help guides or user manuals.

Denial of Service Cyberattack, where a website or server is targeted with so much traffic that it
(DoS) overwhelms that system, degrading performance until the server is unable to respond.

Cyberattack that floods a network with so much traffic that it crashes. DoS attack
Denial of service victims are typically high-profile, like government sites, banks, or social media sites.
attack (DoS attack) Sometimes, DoS attacks are used to distract from other attacks happening at the same
time.

The literal locking of a device—either physically, behind a locked door, or with a

Device lock
steel cable and padlock; or digitally with passwords or PINs.

A type of password cracking attack where hackers use words pulled from dictionaries
Dictionary attacks
or newspapers to crack passwords.

about:blank 5/16
1/8/25, 11:39 AM about:blank

Investigating online and network activity to discover the reasons behind a certain
Digital accounting outcome. Digital accounting is used in troubleshooting, security analysis, forensics,
and hacking.

A security approval that includes a public encryption key that encrypts data. If the
data recipient trusts the CA that issued the digital certificate, they use a private key to
Digital certificate
decrypt the data. Digital certificates are also used in smart card authentication. (See
CA and PKI.)

Digital Millennium
Law that makes it illegal to bypass copy protections or to develop technology that
Copyright Act
helps bypass copy protections. (See DRM and Digital products.)
(DMCA)

Non-tangible assets a company owns, like software, online music, online courses, e-
Digital products books, audiobooks, and web elements like WordPress templates or Shopify themes.
(See DRM and DMCA.)

Encryption and authentication method used to prove that a message was sent from
Digital receipt
one party to another. (See Non-repudiation.)

Digital Rights Code added directly to files that helps prevent digital assets from being copied or
Management pirated, but there are tools that can remove DRM code. (See Digital products and
(DRM) DMCA.)

A regular signature used in conjunction with a hardware or software token. This

authenticates the signer. The sender sends an encrypted signature and a public
Digital signatures decryption key to a recipient. If the recipient can decrypt the signature with the public
key, that proves the sender signed it because they must have performed the encryption
with the private key. (See PKI and Non-repudiation.)

Drive encryption The scrambling of a drive’s data so it’s unreadable. (See Firmware.)

Dumpster diving is the act of physically searching through a literal dumpster to find
something valuable. A company’s trash might contain lists of customer names, phone
numbers, contact information, business plans, product designs, or an access code
Dumpster diving written on a post-it note. Tech companies require document shredding and device
destruction as a normal part of business because these can be stolen from the trash to
harvest data that can be used for identity theft and data breaches. Or the data could be
sold to hackers or a company's competitors.

When hackers use a packet sniffer to read unencrypted network traffic so they can
intercept, alter, or delete data transmitted between devices. Eavesdropping (or packet
sniffing) attacks occur on wireless, wired, and phone connections. Staying off public
Eavesdropping
wifi or using encryption with a VPN or cellular connection helps prevent
eavesdropping attacks. Eavesdropping is also called “packet sniffing”. (See Packet
sniffer.)

Classifying email messages and deciding whether they should be saved or deleted. It
helps prioritize emails, saves time, and increases productivity. It includes using
Email management
folders and subfolders, using rules or filters, unsubscribing from email lists, and
configuring settings to block spam.

Encapsulating Protocol that encrypts data and authenticates data and senders. (See IPsec.)
security payload
about:blank 6/16
1/8/25, 11:39 AM about:blank

protocol (ESP
protocol)

Encryption is the act of taking readable plain text and scrambling it into unreadable
ciphertext with an algorithm, so it can only be read by a recipient that has the
decryption key. Encryption is used at the network layer for data traveling across
networks. It can also be done locally to hard drives, phones, and even thumb drives so
Encryption
that lost device data remains unreadable. In some industries, data encryption is a
mandatory requirement. This includes student records, medical records, and consumer
data. Many OSes have encryption built in. For those that don't, third-party encryption
software is available.

Encryption and
Algorithms that scramble data. (See IPsec.)
hashing algorithms

A series of random, unique numbers combined with very powerful algorithms that are
used to encrypt (or scramble) data before it is sent. The person on the receiving end
Encryption key
has a decryption key that's used to decrypt (or unscramble) the data, so it's in a
readable or usable format.

Pieces of code that use vulnerabilities in hardware or software to get into a system.
Exploits Malware-infected websites use exploits to automatically download malware to a
system. This is called a drive-by download.

Small piece of source code that adds a function or feature to a browser. Ad-blockers
and in-browser PDF readers are extensions. Since extensions are given special
Extension
authorizations within the browser, they are attractive targets for attackers. (See Add-
ons.)

File integrity
Software that audits sensitive files and folders to ensure all activity is authorized.
monitoring (FIM)

Software or hardware that monitors connections and blocks harmful traffic based on
Firewall preset rules. For example, schools and businesses use firewalls to block social media
sites, age-inappropriate content, and certain types of downloads.

Firmware is software that tells hardware how to behave. Security firmware protects
Firmware devices and data from malware and tampering. Outdated firmware leaves devices
vulnerable.

A security feature that requires a correct password in order to start a system’s OS.
Firmware password
Also called ‘firmware password.” (See Firmware and BIOS.)

General Data
Set of regulations that mandate digital privacy for all countries in the European
Protection
Union.
Regulation (GDPR)

The process of securing a device to minimize vulnerabilities. This includes disabling

Hardening unneeded device features, regularly updating a device’s firmware, OS, and software,
and using firewalls, VPNs, and antimalware. (See Patches.)

Hashing Hashing is when an algorithm transforms an input string (like your password) into a
smaller, fixed-length output string (or hash) that's saved to a file. A hash is like a
digital fingerprint. Passwords are hashed with a scrambling algorithm. If a password
hash is determined, attackers can use it to determine other passwords that were
about:blank 7/16
1/8/25, 11:39 AM about:blank

scrambled in the same way—that can be over 90% of unknown passwords in some
cases. (See Password hash.)

Health Insurance
Portability and Set of regulations that mandate the use and disclosure of protected health information
Accountability Act in America.
(HIPAA)

Hypertext Transfer
Protocol Script
A protocol that governs the flow of online traffic.
protocol (HTTP
protocol)

Websites relying on the HTTP protocol are not secure, especially when visited over
HTTP websites public wifi. Everything that you send and receive is in plain text. It makes you an
easy target for cybercriminals. (See HTTPS websites.)

Hypertext Transfer
Protocol Script
A protocol that governs the flow of online traffic and provides encryption for security.
Secure protocol
(HTTPS protocol)

Secure HTTP, or HTTPS, protocol provides an encrypted connection between you

and the sites that use it. Most commercial websites, social networking sites, or sites
that offer a customer login use HTTPS. The easiest way to tell is to see if a website is
HTTPS is if the URL starts with HTTPS. Or you can look for a lock icon in your
HTTPS websites
browser’s URL window to confirm that site’s digital certificate and other security
information. HTTPS websites only provides a secure connection between you and the
web server. A site can use HTTPS and still try to scam users or be compromised in
some way. (See HTTP websites and SSL certificates.)

Common type of DoS attack where diagnostic pings are sent to every computer on a
ICMP flood network. Each computer pings every other computer, and so on, until the network
crashes.

The act of using the personal, private, or financial information stolen from victims to
Identity fraud
commit fraud. (See Identity theft.)

The act of stealing personal, private, or financial information from a person with the
Identity theft intent of using it to assume the victim’s identity and to commit fraud. (See Identity
fraud.)

When a hacker sets up a public wifi network that seems legitimate. Once a user
connects, login credentials, session information, and PII can be intercepted. Or when
a hacker sets up a fake website that looks and feels exactly like a real website, such as
a well-known bank or other high-profile site. They may send fake email or text links
Impersonation (known as phishing) to trick you into visiting the fake site so they can steal your
credentials to the real site and install malware on your device. A third type of
impersonation is when a hacker pretends to be someone else so they can steal data or
take over systems. This is also called social engineering. Impersonation attacks can be
used individually or in combination with each other.

Incognito mode (See Private browsing.)

about:blank 8/16
1/8/25, 11:39 AM about:blank

A summary of raw data. For example, positive or negative results that happen after
Information
some specific change. (See Data, Insights, and Data analytics.)

Information or data that has value. Like patient records, customer information, and
Information asset intellectual property. Information assets can exist physically, on paper, on disks or
other media, or they can exist electronically in databases and files.

Conclusions based on the results of information analysis. Meaningful business

decisions are based on insights. For example, if a positive trend occurs after store
Insights
hours are changed, the right business decision would be to maintain those new hours.
(See Information, Data, and Data analytics.)

Creations of the mind that are generally are not tangible. Often protected by
copyright, trademark, and patent law. Examples of IP include industrial designs, trade
Intellectual
secrets, research discoveries, and even some employee knowledge. Companies use a
property (IP)
legally binding document called a Non-Disclosure Agreement (NDA) to prevent the
sharing of IP and other sensitive information.

Internet key
Secure exchange of cryptographic keys. (See IPsec.)
exchange (IKE)

A suite of network standards and protocols that use cryptography to protect data
traveling over the Internet. The core protocols for the IPsec suite are the AH and ESP
Internet Protocol
protocols. To support data security, the IPsec suite uses security associations (SA),
Security (IPsec)
Internet key exchange (IKE), encryption and hashing algorithms, and anti-replay
protection. IPsec has two modes: tunnel mode and transport mode.

In IPsec transport mode, the IP header of the original data packet is left unencrypted.
IPsec transport
Only the content of the data packet is encrypted. Transport mode is common in host-
mode
to-site VPN. (See IPsec.)

In IPsec tunnel mode, the entire data packet is wrapped in a new packet, encrypted,
IPsec tunnel mode
and given a new header. Tunnel mode is common in site-to-site VPN. (See IPsec.)

When users remove device restrictions on Apple iPhones so they can make changes
and install non-approved apps. This adds functionality but also adds vulnerability. It is
Jailbreaking
harder to jailbreak newer model phones, and there is less reason for it with updated
features and app selections. (See Rooting.)

Java Programming language used to enhance website interactivity.

An online ad or social media platform that looks too good to be true so users will
click the ad to find out more. It’s a set up so an attacker can infect their computer with
Logical lure
malware to gain access to login credentials, financial information, and other valuable
data. (See Social engineering and Baiting.)

that capture access, changes, error messages, and other basic information. Most
LogsFiles software and systems generate audit logs. Audit logs capture log file events which can
show who did what and how the system behaved. (See Digital accounting.)

Bits of code that affect Microsoft Office files via the macros they use to automate
Macro viruses
tasks.

about:blank 9/16
1/8/25, 11:39 AM about:blank

Websites that mimic real websites to trick users into entering login or payment data or
to install malware that gathers personal information or takes over a device. Malicious
Malicious websites website pages often have typos or designs that don’t match the legitimate site they are
mimicking. Their URLs might use a zero instead of an “O” or a capital “i” instead of
a lower case “L”.

A general term for software designed to compromise computer systems. Malware can
cause system slowdowns, odd requests, browser misdirection, and popup ads. It can
also steal data, record everything you do with or near your device, spam your contacts
with infected links, and connect your computer to a network of hijacked computers
Malware
that are remotely controlled (known as a botnet). Malware can come from
attachments, sketchy websites, file downloads, infected USB drives, or links in
emails, ads, social media, torrents, and even text messages. Malware types include
viruses, worms, trojans, exploits, spyware, adware, and ransomware.

A man-in-the-middle attack is a form of eavesdropping. It has a victim, a receipt

point, and an attacker. The victim and receipt point are unaware the attacker is
Man-in-the-middle
listening in. Man-in-the-middle attacks can be physical or logical. Other man-in-the-
attack
middle attacks include spoofing, hijacking, and theft of browser cookies. (See
Eavesdropping.)

In a logical man-in-the-middle attack, the attacker sends emails or texts with fake
links that direct victims to sites that steal their data and install malware. If a fake
Man-in-the-middle
email warned about a bank account problem, the victim might click the link and try to
attack (logical)
login. This gives the attacker control of their bank account and installs malware on
the victim’s computer.

In a physical man-in-the-middle attack, the attacker is physically near the victim, like
Man-in-the-middle the same public wifi network or a network they set up themselves as a trap. The
attack (physical) attacker sniffs the unencrypted network traffic to gain access to everything the victim
is doing online so they can steal information.

The presentation of analyzed information in ways that help people further analyze and
Meaningful interpret. Reporting tools use captured and correlated data to provide charts, keyword
reporting searches, and graphs that help companies achieve business insights. (See Data
correlation and Data capture.)

Multi-factor Authentication method that requires multiple authentication factors before

authentication authentication is granted. Usually, MFA requires that you fill in a code sent to your
(MFA) email or phone to prove that a login attempt came from you.

Near field Wireless technology that transfers data across devices with a tap or a bump. It’s
communication usually used for payments or sharing contacts. It has a much shorter range than
(NFC) Bluetooth and has zero security protections aside from its limited range.

When you can't deny being in a specific location. It guarantees that a message sent
Non-repudiation between two parties is genuine. Non-repudiation examples include video, biometrics,
digital signature, and digital receipt. (See Non-repudiation.)

Open network Free, unencrypted networks that do not require a password to log on. Airports, coffee
shops, hotels and even fast-food restaurants offer their guests access to open
networks. Open network providers may track what you do and sell your data to
advertisers. Open networks also invite eavesdroppers to view everything sent and

about:blank 10/16
1/8/25, 11:39 AM about:blank

received on that network. On unprotected devices, they can install malware or hijack
user sessions. Also called ‘unsecure network’ and ‘public wifi’.

Original equipment
The original maker of a hardware device. OEMs provide drivers and firmware
manufacturer
updates on their websites.
(OEM)

A packet sniffer is a tool that intercepts everything transmitted on a network.

Anything your device sends on an unencrypted network can be viewed with a packet
Packet sniffer
sniffer. If a network is encrypted, packet sniffers will only be able to see things like
the origin and destination of a packet but not the data inside it. (See Eavesdropping.)

Packet sniffing (See Eavesdropping.)

Password cracking Getting a correct password in an unauthorized way.

The string of letters and numbers that result after a password is processed by a
Password hash
scrambling algorithm. (See Hashing.)

Patches are updates to apps and OSes that fix security weaknesses. Companies
regularly release patches alongside system improvement updates to make sure that
Patches
their customers are safe from new threats. But patches are a response to KNOWN
threats—meaning the threat has already happened to someone. (See Hardening.)

Personally
Any information that can be used to identify someone, like government ID numbers,
Identifiable
birthdates, addresses, and phone numbers. (See Confidential information.)
Information (PII)

Email or text-based social engineering attacks that hackers use to steal usernames and
passwords, bank account information, Social Security numbers, and more. Phishing
attacks make it look like the email or message came from a friend or family member,
or someone official like a bank, the government, or a large company. They use fear,
Phishing greed, or a sense of urgency, so users are more likely to make a rush decision and
click a malware-infected link or attachment. For example, a data breach alert from
your bank that includes a password reset link. The email message and website were
fake, and your password was never reset. Phishing emails usually have typos and
grammatical errors. (See Social engineering.)

A physical object, such as a malware-infected USB flash drive that's been deliberately
left somewhere in the hope that someone will take the drive and plug it into their
Physical lure
computer. It’s a set up so an attacker can gain access to login credentials, financial
information, and other valuable data. (See Social engineering and Baiting.)

Plain text Data that has not been encrypted.

Site-specific browser add-ons that you click on to install. They are not supported in
Plug-ins
today’s modern browsers, in favor of extensions. (See Add-ons.)

Polymorphic Bits of code that change their characteristics to get around cybersecurity defenses.
viruses 97% of all malware uses polymorphic viruses.

Pretexting When an attacker poses or impersonates someone with authority – such as a police
officer, someone from your bank, a tax official, or one of your co-workers. They can
use a sense of fear, intimidation, friendliness, sympathy, or urgency to try to trick or
pressure you into confirming your identity under the pretense that they need
about:blank 11/16
1/8/25, 11:39 AM about:blank

something from you or need you to perform some critical or urgent task for them.
(See Social engineering.)

Browser setting that doesn’t save browsing history, cookies, site data, or form data.
Also called ‘incognito mode’. Private browsing users appear as a new or unknown
user on sites, and other people who use the device won't see private browsing history,
Private browsing and cookies and site data are remembered while browsing but deleted when the
browser is closed. But private browsing activity isn’t hidden from employers, schools,
or ISPs. Also, any bookmarks or downloads created during private browsing will be
kept.

Program viruses Bits of code that insert themselves into another program.

Any information added to a person’s medical record during diagnosis or treatment

Protected Health
that can be used to identify them, like PII, medical history, prescription lists, photos,
Information (PHI)
and more. (See Confidential information.)

Public key
When a user is validated with a digital certificate by a Certificate Authority. (See
infrastructure
Smart card authentication, Digital certificate, and Digital signatures.)
(PKI)

Public wifi (See Open network.)

A type of password cracking attack where hackers use words from an original
Rainbow attacks
password hash to generate all other possible passwords.

Software that locks a system, encrypts its files, and displays a ransom demand. To get
Ransomware the encryption key, you must pay the ransom. Or you can regain access by doing a
full system restore from a backup.

Relational database
A database that records user access and data changes. RDBMS is safer than a
management
spreadsheet program.
system (RDBMS)

A type of man-in-the-middle attack which intercepts and retransmits data. Replay

Replay attack attacks involve “trusted entities” and require an “access token”. Replay attacks are
also known as repeat or playback attacks.

Access control method that follows a company’s org chart. Different customer and
employee roles are set up as groups on a network, and then those groups are granted
Role-based access
certain permissions. When a new user joins the network, they are assigned to the
control (RBAC)
group that fits their role. They will have the lowest level of permissions they need to
do their job. (See Access control and ROLP.)

Root certificate
(See CA and SSL certificates.)
store

When users remove device restrictions on Android phones so they can make changes
and install non-approved apps. This adds functionality but also adds vulnerability. It is
Rooting
harder to root newer model phones, and there is less reason for it with updated
features and app selections. (See Jailbreaking.)

Rule of least Access control method where access is only granted to resources that a user needs to
privilege (ROLP) fulfill their role. (See RBAC and Access control.)

about:blank 12/16
1/8/25, 11:39 AM about:blank

Algorithms used by search engines that detect harmful sites. Browsers use those
Search engine results to warn users that a site may contain malware, malicious code, phishing
algorithms scams, or be hacked in some other way. If your browser tells you a site is unsafe,
avoid that site.

A feature of UEFI. It confirms an OS manufacturer’s digital signature, which prevents

Secure boot
malware from taking control during boot-up. (See Firmware and UFEI.)

Certificate that authenticates a website’s identity and enables an encrypted connection

between a web server and a browser. SSL certificates come from CAs. When you
browse a website using HTTPS, you’re trusting the CA to validate the information
submitted by the business who has requested an SSL certificate. Businesses need SSL
Secure sockets layer
security certificates for their websites so they can keep user data secure, verify their
certificates (SSL
ownership of the site, prevent attackers from creating fake versions of their site, and
certificates)
to convey trust to users. They also need them if they want to have an HTTPS web
address. When you see a lock icon in the address bar of a URL you visited, then you
know that website is using HTTPS. Also called ‘security certificate’ and ‘trust seal’.
(See CA and HTTPS websites.)

Security
Defines which types of hashing and encryption are used (See IPsec.)
associations (SA)

Security certificate (See SSL certificate.)

A feature of older browsers. They block or allow websites and confine them to
different zones such as the local network, Internet, or intranet. For each zone you
could apply different security levels. For example, medium, high, or custom. Security
Security zones
zones can also be configured to allow ActiveX and Java for added website
interactivity or functionality, but this introduces risk. Modern browsers do not use
Zones. Older web apps may require you to enable ActiveX in order to run properly.

When an attacker intercepts and hijacks your connection. For example, they can take
Session hijacking over a connection while you’re logged in to your bank and transfer funds to an
outside account.

When an attacker sits strategically in public areas to try to see usernames and
passwords, bank account pins, and other essential information. They literally watch
Shoulder surfing
what you enter on your screen and look at your finger's keystrokes, too. Shoulder
surfing is common in busy public places.

User authentication using a card that has a security chip. The smart card has a
public/private key pair. It presents a digital certificate (including the public key) to the
Smart card server it’s trying to access. If the server trusts the CA that issued the digital certificate,
authentication it will use the public key to send an encrypted request. Only the smart card’s private
key can decrypt the request, which means only the smart card owner can send the
correct response. (See PKI and digital certificate.)

Cyberattack that intercepts data between devices. Snooping can reveal logins, credit
card numbers, intellectual property, and more. Snooping attack types include:
Snooping eavesdropping, man-in-the-middle, and replay. Some hackers can even use a
computer monitor’s electromagnetic fields to reconstruct what it displays. Snooping is
common on open, unsecured networks and can be difficult to trace.

about:blank 13/16
1/8/25, 11:39 AM about:blank

The use of psychological manipulation to trick people into giving away sensitive
information or getting them to make security-related mistakes. Attackers try to gain a
victim's trust and then try to manipulate that person into doing what the attackers
Social engineering
want them to do. Often times, the sense of fear or urgency is used to further the
process along. Social engineering is a trap. It relies on human error. (See Pretexting,
Baiting, and Phishing.)

Software or license The unauthorized copy or use of copyright-protected software. This includes pirating
theft software and counterfeiting activation codes.

Unwanted, unsolicited digital communication sent out in bulk to multiple recipients at

once. Much of the time, it is sent from unknown senders. It comes in the forms of
email, text messages, instant messages, robocalls and social media. It is junk,
typically used for advertising products, goods, or services, but it can also be used to
Spam
distribute malware. Your company and web-based email services filter out most spam
at the email server level and block domains known for sending spam. But some still
gets through. Some spam is harmless, but it can be dangerous when scammers use it
to commit phishing attacks or fraud against you.

Software collects personal data, login credentials, credit card information, online
Spyware activity, and can record using a device’s camera or microphone. Spyware can be
legitimate or malicious.

Single sign-on Authentication method that lets you log in to multiple applications and platforms with
(SSO) one login.

Stealth viruses Bits of code that copy themselves to different locations to avoid antivirus scans.

Passwords that are long, difficult to guess, and have a mix of numbers, letters,
symbols, and capitalizations. For example: the phrase, “Johnny Appleseed loves
Strong password
apples” would be a very strong password, especially if it included a mix of numbers
and symbols.

When a single key is used between parties to encrypt and decrypt data. With only one
key, it uses less memory, which is great for quickly and securely processing larger
amounts of data. That’s why it is often used to protect the main data exchange in a
Symmetric session. But it’s harder to keep a single key secret, especially if it needs to be broadly
encryption distributed. If this key is intercepted by a hacker, then they can decrypt messages,
hack accounts, and steal or tamper with data. 3DES and CAST are examples of
symmetric encryption technologies. Also called “single-key” or “private key”
encryption. (See Asymmetric encryption.)

Common type of DoS attack that sends a rapid series of incomplete connection
SYN flood
requests which flood a website until the server crashes.

Toolbars were designed to add functionality to the browser, like spell check, auto fill,
yellow pages, and dictionaries. But most toolbars were considered nuisance-ware.
Some would show sponsored results instead of what you originally searched for, or
Toolbars they’d impede system performance. Some even installed malware, tracked browsing
habits, and collected user data. Toolbars used to be forcibly installed on user devices
during software installation processes. Fortunately, toolbars are a thing of the past.
(See Add-ons.)

about:blank 14/16
1/8/25, 11:39 AM about:blank

Following a person to see where they go and what they do. Websites can track your
OS, browser version, installed extensions, screen resolution, installed fonts, time
Tracking
zone, language, and how long you spent on a site and what you did there. (See Digital
accounting.)

Bits of code that trick you into installing legitimate-seeming software that includes
Trojans
harmful malware.

Trust seal (See SSL certificate.)

Users or websites that get an access token (or security key) after verifying that they
Trusted entities are who they say they are. For example, connecting to your bank or your work
network on a network-registered device. (See Replay attack.)

Trusted Platform A chip that stores and manages encryption keys. TPM chips won’t start a device or
Module (TPM) unencrypt data if tampering is detected. (See Firmware.)

Two-factor
Authentication method that requires an authentication device before authentication is
authentication
granted.
(2FA)

Unified Extensible
Firmware Interface Newer and more advanced boot firmware. (See Firmware.)
(UEFI)

Unsecure network (See Open network.)

Programs designed to spread from host to host, just like real viruses. An infected app
Viruses or file has to be started by a user for a virus to activate. Viruses can turn on a webcam,
record keystrokes and site visits, steal data, corrupt files, and hijack email accounts.

Technology that encrypts the traffic coming out of your device or site. Even if a
hacker captures your data, they won't be able to read it or decrypt it. A VPN is an
encrypted tunnel set up between two or more sites. All traffic in the tunnel is
Virtual Private unreadable and useless to anyone who might try to intercept the traffic. VPN traffic is
Network (VPN) encrypted at the originating site and decrypted at the receiving site. VPNs make it
much more difficult for hackers to make eavesdropping attacks, man-in-the-middle
attacks, and replay attacks. This is especially useful if public wifi is your only
connection option. VPNs can be hardware based or software based.

VPN hardware Device specifically designed to create VPNs or network devices with added VPN
device functionality. They include VPN concentrators, routers, and firewalls.

Host-to-host VPN is when two remote users need to connect securely to each other.
This user-to-user or device-to-device interaction doesn’t require a complex encryption
VPN, host-to-host solution. Both host devices use VPN software. Traffic that needs to traverse the
internet is encrypted by the sender’s VPN and then decrypted by the receiver’s VPN.
(See VPN, or virtual private network.)

VPN, host-to-site Host-to-site VPN is when a remote user needs to connect securely to a site. The host
device uses VPN software while the site uses a VPN device or software to protect its
internal network. Traffic that needs to traverse the internet is encrypted by the
sender’s VPN and then decrypted by the receiver’s VPN, which then receives the

about:blank 15/16
1/8/25, 11:39 AM about:blank

traffic if the host is the receiver, or routes it to its intended recipient if the site is the
receiver. (See VPN.)

Site-to-site VPN is when two sites connect across an existing internet connection with
a VPN device. Each site’s internal network traffic is unencrypted. Traffic that needs to
VPN, site-to-site traverse the internet is encrypted by the origination site’s VPN and then decrypted by
the receiving site’s VPN device, which then routes the traffic to its intended recipient.
(See VPN.)

Whois Lookup tool Online tool that shows who owns a site.

Pre-loaded anti-malware software from Microsoft. Windows Defender protects your

computer against viruses and malware for free. It also integrates with the built-in
Windows Defender
firewall that comes with the Windows operating system and is enabled by default.
However, Windows Defender does not perform VPN functions.

Covertly intercepting phone-based and internet-based telecommunications. Any type

of traffic is a target: computer transmissions, phone calls, texts, social media updates,
Wiretapping and fax transmissions. This can be done legally with a warrant, or it can be used
illegally in cyberattacks. Wiretapping only involves listening. It cannot alter or stop
data. Wiretapping is also known as lawful interception.

Viruses that start themselves after identifying system weaknesses. They don’t rely on
Worms
apps or files. Unlike viruses, worms can be controlled remotely.

about:blank 16/16