Skip to content



Software that generates online advertisements. Adware can be a form of malware if the advertisements are unwanted or appear as a window or pop-up that can’t be closed.

anti-malware signature

See malware signature


Software designed to detect and remove computer viruses. Modern antivirus software also provides protection against other types of malware, including adware, ransomware, spyware, and other threats.


A process by which a product, process, or implementation is verified by a third-party auditor and/or by testing to ensure that a stated policy is being met.

asymmetric-key cryptography

See public-key cryptography.

attack surface

The set of points (aka attack vectors) in a computing environment where an attacker might try to breach security.

attack vector

The manner in which an attacker attempts to violate security. Examples include exploiting zero-day vulnerabilities, tricking users into revealing credentials, and exploiting weak passwords.

Attack vectors are typically characterized in two dimensions: level of risk – how much damage could it cause – and ease of attack – how vulnerable the system is to this type of attack. Understanding these dimensions can help business professionals and cybersecurity specialists determine what preventative measures need to be taken.


A method for bypassing normal security authentication to gain access to a system. Backdoors can be created for legitimate means, such as helping users retrieve lost passwords or for debugging, but some are created to enable surreptitious access. Backdoors can also be created through malware attached to plugins for software, such as WordPress or Joomla, that supports extensions using plugins.


Data copied to an archive so it can be accessed at a later time if a system has a failure that causes it to lose data.


A digital currency (also known as cryptocurrency) that is independent of a bank or other administrator. Bitcoin uses blockchain technology to encrypt a chain of transactions in such a way that those transactions are secure and valid.

black hat
by Taylor Stafford

Hackers who operate with malicious intent, generally conducting their activities to seek personal gain.

by Christopher Carfi

A shared ledger technology, based on open protocols, that is the foundation for Bitcoin, Ethereum smart contracts, and a number of cryptocurrencies. Blockchain is a new fundamental technology that may end up being as far-reaching as the internet itself. Blockchain is a new way of sharing and storing information that can be used as a store of value as well. In addition to being the basis for cryptocurrencies, blockchains can be used to implement smart contracts and have other novel uses as well.


Certification can mean different things in cybersecurity. Cybersecurity experts can study, pass an exam, and acquire a certification that assesses their background and qualifications. The cybersecurity industry has dozens of certifications issued by several different organizations. Also referred to as credentials. Products can be certified after going through a process that evaluates certain qualities of that product. For example, Common Criteria??? is an international certification that evaluates the security functions of a product.


See confidentiality, integrity, and availability (CIA) triad


In the US military, data is classified into categories such as Top Secret, Secret, and Confidential. Corporations also classify data into categories based on value and importance.


The portion of the internet accessible through normal browsers. Distinct from the dark web, which is accessible only using specialized software.

click fraud

A type of fraud perpetrated on advertisers who use a pay-per-click model to pay for advertising. Perpetrators repeatedly click on an ad, sometimes using a computer program to automate the procedure, emulating a user. The practice fraudulently increases the revenue generated by the ad. Sometimes click fraud comes from sites that want to increase their ad revenue dishonestly. Other instances include malicious attacks against an advertiser by competitors or people who have motives such as a personal or political grievance.

confidentiality, integrity, and availability (CIA)
by Michael Moorman

The confidentiality, integrity, and availability (CIA) security triad is the foundation of secure information in cybersecurity. These three qualities help ensure that information is kept secure from access by unauthorized individuals (confidentiality), has not been modified in storage or in transit (integrity), and is accessible to authorized individuals when required (availability). None of these three stands alone, but together they form a strong foundation for ensuring information security.

Common Criteria (CC)

The ISO 15408 standard???. Common Criteria (CC) defines a set of cybersecurity criteria for product certification. A group of member nations has agreed to accept CC certifications performed by any one of a group of authorizing nations. If your product is certified under CC in one of the authorizing nations, then all of the other member nations will recognize and accept that certification. The National Information Assurance Partnership (NIAP) is responsible for implementation of Common Criteria in the US.


A certification or document, typically backed up by some authority, that identifies the holder as having certain qualities. In cybersecurity, credentials can also refer to various means, such as passwords or biometrics, used to gain access to a system.

by Dennis Charlebois

A method for converting (encrypting) plaintext into private ciphertext and back into plaintext (decrypting). See also public-key encryption and private-key encryption

cyclic redundancy check (CRC)

An error-detecting code that can be used to detect changes in a block of data as it is transmitted. A CRC works by performing a mathematical calculation on a block of data and generating a fixed length code, which is attached to the end of the block. When the block is received, the receiver runs the same calculation and compares the result with the attached code. If they don’t match, then there was a change to the data during transmission.


A part of the addressable internet that has no active hosts. This term is frequently used as a synonym for the dark web, though some experts continue to make a distinction.

deep web

Parts of the internet that are not accessible to search engines. The deep web includes content behind paywalls as well as content that is intentionally hidden, such as sites in the dark web. In practice, the distinctions between deep web, dark web, and darknet are mostly of interest to specialists.

detection controls

Logging, monitoring, and intrusion detection systems to discover unauthorized system modifications.

digital certificate

A public-key cryptography-based method used to prove ownership, typically ownership of a website or domain. Digital certificates can be generated by anyone, but to be useful for proving ownership, they are usually issued through a certificate authority, a company that uses various means to ensure that the party they issue a certificate to is who it says it is. When you use HTTPS to access a web site, a modern browser will check the certificate offered by the website, and if that certificate is valid, the browser will display a lock icon, the word secure, or some other indication that it has validated the identity of the website.

digital signature

A means for electronically associating a signer with a document in a transaction using public-key cryptography. The broader term electronic signature includes a wide variety of methods with varying levels of assurance and varying levels of acceptance by governments and organizations.

disaster recovery plan

A documented process to recover after a disaster. A disaster recovery plan needs to encompass both man-made and natural disasters, and damage to physical and computing infrastructure, staff, and other resources. A disaster recovery plan is typically part of an organization’s business continuity plan.

distributed denial-of-service (DDoS) attack

An attack where multiple computers – sometimes thousands spread across the world – target a system or network with a flood of requests. The intent is to shutdown or severely hamper the operation of the target. Attackers often use botnets to carry out such attacks.


In cybersecurity, the extraction of data from a computer system without permission.


An attempt to take advantage of a computer flaw in order to gain unauthorized access to a computer’s data.


A computer expert who solves a problem using technical skills. This includes people who use their skills for either good or bad ends, although in popular culture, the term is most often associated with someone who is trying to break into a computer system without the permission of the owner. Hackers who use their skills for legitimate ends are called white-hat hackers, and those who use their skill for malicious purposes are called black-hat hackers.

hash function
by Luis Brown

A one-way encryption algorithm used to create a single unique value based on a given data item such as a password or document. Hash functions are used to create a small numerical value from a larger data item. That value has a high probability of being unique for that data item, which means you can compare hash values to see if data items are identical.


The Health Insurance Portability and Accountability Act. A US law that protects medical information. It applies to health care providers, health insurance companies, and others who have to deal with personal health information.


A protocol for secure data transmission used on the internet. HTTPS provides an encrypted path for data between a web service and a user (typically a web browser). Initially, HTTPS was used primarily for payments and other sensitive transactions. However, it is now becoming more common and is likely to soon surpass the original HTTP protocol in terms of usage.


The Invisible Internet Project. I2P is a network layer that supports anonymous communication. It runs on a network of 55,000 computers (run by volunteers) that routes messages in such a way that it is hard for a third party to trace a connection. I2P is used for private communication and also to connect to the dark web. See also Tor.


Integrated Development Environment. A programming environment that typically provides a graphical user interface (GUI) for programmers, with tools such as editors, debuggers, and testing software.

indicators of compromise (IOC)

IOCs are characteristics of malware that can be used to develop anti-malware signatures, patches to address the vulnerabilities being exploited, and threat intelligence to determine where a particular piece of malware fits in a broader cybersecurity attack.

information asset
by Steve Gibson

Any hard copy, digital information, or knowledge that can be classified with a level of importance. Information assets are more than just IT infrastructure; they include personnel, premises, secure working areas, integrated management systems, software systems, and the information itself. These assets should all have defined owners who understand their security implications, the controls needed to protect them, and security risks identified as part of information security risk management.

internet hygiene

A set of practices that help keep you safe on the internet. They include, keeping software up to date, running antivirus software, using strong passwords, using two-factor or multi-factor authentication, backing up systems, and running a firewall.

least privilege

An approach to cybersecurity that follows the principle that a program or person should have the minimum amount of access required to perform their assigned tasks and no more.


A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise
annoying or disrupting the victim. Malware includes viruses, spyware, ransomware, and other harmful programs.

malware signature

A pattern of data that can be used to detect and identify a particular piece of malware. Analogous to a fingerprint, malware signatures, also known as virus signatures or anti-malware signatures, are used by antivirus programs to find malware. When antivirus software operates, it scans data looking for blocks of data that match a malware signature. When a match is found, the antivirus software can send an alert or isolate and remove the program that contains the signature.

man-in-the-middle attack

An attack that inserts itself into a data connection and watches traffic. Such an attack can remain undetected by both sides in a communication, collecting information or fooling one party in the connection into revealing sensitive information.

onion routing

A method for routing information on a network that encrypts address information so that each node in the transmission only knows about the immediately preceding and following nodes, but does not know the ultimate destination of the transmission. Onion routing uses public-key encryption to create layers of addresses, each of which can be read only by certain nodes. Thus, no node can determine the complete route.


The process of applying updates to software to fix or improve it. Software vendors use patches to keep customer systems up to date and as secure as possible. End users should apply the latest available patches to their software.


A set of properties that define the scope of who may access a resource (file, network connection, etc.) and what actions can be taken on the resource (read, write, create, delete, etc.).

personally identifiable information (PII)
by Kathy Stershic

Data that on its own or in combination with other data can identify a specific person. PII is a legal term that carries specific implications and obligations, and the handling (or mishandling) of personal information can have a profound impact on a company’s brand and reputation. Also known as sensitive personal information (SPI).


A variety of encrypting ransomware malware that was first encountered in 2016. It was propagated through email attachments. Petya targets Microsoft Windows systems, encrypting the system’s hard drive, preventing the system from booting until the victim pays a ransom and receives a decryption key.


Unencrypted information. Typically includes human-readable text, but can also include binary files that can be viewed without using decryption software.

potentially unwanted program (PUP)

Software that users may not want to have on their system. This can include programs that inject ads, hijack browsers, or track user activities. PUPs often come inside other, legitimate, software packages or as part of downloads.

private-key cryptography
by Michael Melone

An encryption method that uses a single private key, password, or passphrase to encrypt and decrypt messages. This message requires both parties to a communication to hold the same key and keep it private. Because the algorithms that implement private-key encryption are typically faster than those that implement public-key encryption, systems often will use public-key encryption to initiate a conversation, then share a one-time-use private key for the rest of the communication. Also known as symmetric-key cryptography.

protected health information
by Frank DiPiazza

Under US Law, this is any information about health status, provision of healthcare, or payment of healthcare provided to a patient from a healthcare provider.

public-key cryptography
by Chris Gida

An encryption method that uses a key pair (one public key and one corresponding private key) for encrypting data. The two keys have a mathematical relationship that ensures that messages encrypted using one key can only be decrypted using the other key. To use public-key cryptography, you generate two keys, a private key that you keep secure and don’t share and a public key that can be distributed freely.

Public-key encryption is typically used in two ways. You can authenticate a message as coming from you by encrypting it (or its hash value) with your private key. Only your public key can decrypt the message, thus ensuring that if the message can be decrypted, it came from you. And someone can encrypt a message to you using the public key. In that case, only your private key can decrypt the message (or its hash value), making that message only accessible to you. Also known as asymmetric-key cryptography.

role-based access control (RBAC)

A form of access control based on an individual’s assigned role and the tasks someone with that role needs to perform. Users are given access based on what permissions are appropriate to complete the tasks the role requires.

safe harbor

Provisions in a regulation or law that protect people from prosecution for violating that law provided they follow certain rules. For example, current US copyright law protects internet service providers from liability for violations by their customers as long as they follow certain requirements.

script kiddie

An unskilled person who uses existing programs to try and hack into computer systems, but has little knowledge of how those programs work.

security triad

See confidentiality, integrity, and availability (CIA).

sensitive personal information (SPI)

See personally identifiable information (PII).


Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Spam typically contains ads or links to malware.

spear phishing

A phishing attack directed at a specific individual, based on that person’s job or personal interests. An organization chart or social media postings (notably Facebook and LinkedIn) can be used to create a spear phishing attack based on personal or professional interests.


Software that attempts to collect information on a computer system without the user being aware of it. Spyware sometimes gets installed as part of a legitimate software program, with or without the knowledge of the developer of that program. Information collected could include passwords, personal information, or information that can be used to target ads.


Cryptographic protocols used to encrypt data traversing a network. SSL is an acronym for Secure Sockets Layer, and TLS is an acronym for Transport Layer Security. SSL and TLS provide authentication, confidentiality, and integrity for communication on the internet.

symmetric-key cryptography

See private-key cryptography.

threat actor

A person who poses a threat that affects the security or safety of another person or system. The term is typically used to describe people or groups who act maliciously.


Software used for anonymous networking. Tor allow users to browse on the internet, send instant messages, and chat. It uses onion routing to preserve the anonymity of users. Tor is often used to access the dark web. See also I2P.

trojan horse

A type of malware that misleads a user. A trojan horse might be an email attachment that contains malware or a program that claims to do one thing but also contains malware hidden inside.

version control

A system that archives data so you can access that data as it existed at points in the past. Version control systems allow you to keep a history of the state of your data in case you need to access previous versions.

virtual private network (VPN)

A VPN creates a private, encrypted connection that allows someone to access a private network (for example, an internal corporate) from the public internet. Corporations use VPNs to allow employees to connect with the corporate network while working from home or other locations that are not directly connected to the corporate network. Pople also use VPN services to provide greater protection from threats such as a man-in-the-middle attack when they connect to the internet from a public wifi hotspot (e.g., an unencrypted wifi service in a coffee shop or other public place).


A type of malware that modifies the code of another program, inserting its own code and, thus, replicating itself. Viruses can carry ransomware, spyware, and other forms of malware. See also worm.

virus signature

See malware signature.


A ransomware worm that targets Windows systems. WannaCry was first encountered in May 2017 and quickly spread, infecting more than 230,000 systems across 150 countries???. See also Petya.

watering hole exploit

An attack strategy that targets a group by placing malware on a site commonly used by members of the group. The term derives from real-world predators, who often attack prey near a watering hole.


A phishing or spear phishing attack that targets high-level executives or other high-profile individuals.

white hat

A cybersecurity expert who uses techniques such as penetration testing to do a friendly test of a system for vulnerabilities. Also known as an ethical hacker, white hats are often employed by companies to discover weaknesses in their cybersecurity defenses.


Software that can replicate itself and spread to other computers via a network. A worm is similar to a virus, except that a virus must be carried by another program. A worm doesn’t need a host program.

zero-day exploit
by James McQuiggan

An exploit that takes advantage of a previously unknown vulnerability (i.e., a zero-day vulnerability) to gain access to a system.


A computer or device that has been infected by a virus that allows a hacker to control it remotely. Zombies are typically part of a botnet that can be used to carry out Distributed Denial of Service (DDoS) attacks, send spam, or store illegal data.