Cybersecurity Glossary
A
Adaptive AI
Adaptive AI is the latest type of Artificial Intelligence that improves its performance when it encounters changes in data or the environment.
Aerospace
The term Aerospace refers to the Earth's atmosphere and space beyond it. Aerospace activity encompasses a wide range of commercial, military, and industrial applications, with Aerospace Engineering consisting of Aeronautics and Astronautics.
Artificial Intelligence (AI)
Artificial Intelligence involves the development of computer systems that can perform tasks requiring human-like intelligence, such as speech recognition, decision-making, visual perception, and translating between languages.
Application Security
Application security refers to security strategies employed at the application level to prevent theft and hijacking of app data or code.
Applied Intelligence
Applied Intelligence applies scientific principles and knowledge to enhance knowledge and performance. In practice, it is the practical application of general intelligence concepts.
A Security Operations Center Analyst (SOC Analyst)
A Security Operations Center Analyst plays a critical role in modern security teams. By detecting and responding to cyber-attacks in real-time, SOC Analysts are at the forefront of cyber defence.
B
Black Hat
The term "Black Hat" is commonly used to differentiate malicious hackers from their ethical counterparts, so-called "White Hat" or "Grey Hat" hackers. The comparison draws inspiration from Western movies, where heroes wore white hats and villains wore black hats.
Black Hat Conference
The Black Hat Conference is an annual global Cybersecurity Conference providing security talks, consulting, training and briefings to corporations, government agencies and hackers.
Black Hat Hacker
A black hat hacker uses their hacking skills to breach computer security or steal sensitive information, typically accessing customer data, credit cards or other identifiable information.
Black Hat Hacking Course
A Black Hat Hacking Course is a professional training course that teaches ethical hacking basics and countermeasures to protect against hacking attempts.
Black Hat Review
A Black Hat Review aims to predict competitors' likely strategies and solutions to update their own win strategy and solution.
Black Teaming
Black Teaming is a security testing approach aimed at identifying gaps in safety measures.
Blind XSS
Blind XSS is a special form of Stored XSS, in which the attacker cannot reach the data retrieval point due to lack of privileges or other factors.
C
Certified Ethical Hacker (CEH)
CEH certification, or Certified Ethical Hacker certification, validates expertise in Ethical Hacking, a network security discipline, from a vendor-neutral perspective.
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional status is an international qualification for an IT security professional. This highly valued award recognises technical skills and hands-on experience in implementing and managing a security program.
Chief Information Officer (CIO)
Chief Information Officer, Chief Digital Information Officer or Information Technology Director, is a title given to the topmost executive in an enterprise wo has responsibilities for computer systems and information technology. The CIO also supports business goals with effective IT systems.
Chief Information Security Officer (CISO)
A Chief Information Security Officer, or CISO, leads key initiatives for an organization to ensure adequate protection of technology and information assets. They determine the enterprise vision, strategy and program to guarantee security.
Chief Privacy Officer (CPO)
A growing number of global corporations, public agencies, and other organizations have created senior roles to manage risks related to privacy laws and regulations. The Chief Privacy Officer is a senior-level executive responsible for these risks.
Chief Security Officer (CSO)
The CSO or Chief Security Officer is the executive who is responsible for ensuring the safety and security of a company's personnel, data and assets.
Certified Information Security Manager (CISM)
A Certified Information Security Manager has achieved advanced certification indicating the holder's knowledge and experience in developing and managing an enterprise information security (infosec) program.
CISO
The Chief Information Security Officer is a senior-level executive responsible for creating and implementing an enterprise-wide information security program. The program includes procedures and policies intended to safeguard enterprise communications, systems and assets from potential internal and external threats.
CISSP Certification
CISSP certification (Certified Information Systems Security Professional) is an independent award recognizing individual expertise in information security. It is awarded by the International Information System Security Certification Consortium, also referred to as (ISC)².
Cloud Enterprise
Cloud Enterprise is a business model in which a company obtains and uses valuable data from customers or users through cloud-based applications to improve its products and services.
Computer Science
Computer Science is the scientific study of computing and computational technologies, including both practical and theoretical aspects.
Cookie Hijacking
Session hijacking, also known as cookie hijacking, is a method that hackers use to obtain personal data and occasionally to restrict authorised users from access.
Critical Infrastructure
Critical Infrastructure refers to the assets, systems, and networks required for maintaining the essential functions of life.
Crypto Exchanges
A cryptocurrency exchange, or a digital currency exchange, is a business where customers can trade digital currencies such as cryptocurrencies or other assets, for example fiat money or other digital currencies.
Cryptography
Cryptography is the use of coding techniques for securing information that involves both encoding and decoding information.
Cyber Risk Management
Cybersecurity Risk Management refers to the process of identifying, analysing, assessing and mitigating cybersecurity threats that may occur in an organization.
Cyber Risk
Cyber Risk entails the possibility of monetary loss, disruption, or injury to an organization's reputation arising from its information systems' malfunction, unauthorized use or error.
Cyber Security Services
Cybersecurity Services refer to a comprehensive set of measures intended to safeguard an organization, its personnel, and its assets from cyber threats.
Cybersecurity
Cybersecurity is the set of techniques employed to protect electronic devices, computer systems, mobile devices, networks, and data from malicious intrusion.
Cybersecurity Lab
A Cybersecurity Laboratory assists in training an organization's IT personnel to detect and deter cybercrime incidents, particularly when they have direct access to computers and networked devices.
D
Data Innovation
Data Innovation refers to the use of new or non-traditional data sources and techniques to gain a more nuanced understanding of developmental challenges.
Data Localization
Data Localization is the process of storing and processing data within a specific geographic location.
Data Policy
A Data Governance Policy is a documented set of protocols designed to ensure that an organization manages its data and information assets consistently and uses them appropriately.
Data Protection Laws
Data Protection Laws exist to ensure that individuals can trust that their data is being used in a fair and responsible manner.
Developer Security Operations (DevSecOps)
DevSecOps entails incorporating security testing during each step of the software development lifecycle.
Digital Assets
Digital Assets are anything that exist only in digital form and come with distinct usage rights.
Dubai Financial Services Authority (DFSA)
The Dubai Financial Services Authority (DFSA) oversees a regulatory mandate that covers asset management, banking and credit services, securities, collective investment funds, custody and trust services, commodities futures trading, Islamic finance, insurance, an international equities exchange, and an international commodities derivatives exchange.
E
Encryption
Encryption is the process of converting plain text or readable data into an obscure form which can only be understood by authorized persons or entities that possess a decryption key to convert the obscured data back to its original form.
Exploit Development
Exploit Development refers to the practice of identifying and testing weaknesses in software and applications with the aim of gaining unauthorized access to a targeted computer system or network.
F
Federal Information Security Modernization Act (FISMA)
The Federal Information Security Modernization Act (FISMA) sets a standardised approach for managing Information Security on Information Systems operated by the US Federal Government.
G
General Data Protection Legislation (GDPR)
GDPR, or General Data Protection Legislation, is a European Union law that controls how personal data (information about an identifiable person) is used, processed, and stored.
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act requires institutions that offer financial products or services like loans, financial or investment advice, or insurance, to inform customers about their information-sharing practices and safeguard sensitive data.
Global Supply Chain Management (GSCM)
Global Supply Chain Management is the science of planning the distribution of goods and services, from manufacturer to consumer.
H
Hacking Courses
Hacking courses teach methods for investigating and analysing target systems from a security viewpoint to identify any system vulnerabilities and suggest remedies.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act is a regulatory framework that defines the permissible use and disclosure of protected health information in the United States. HIPAA compliance is overseen by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
I
Information Officer
An Information Officer is an administrative professional responsible for maintaining the confidentiality of sensitive information for corporations and organizations. Policies for protection of information are implemented and enforced by the Information Officer.
Information Security (Infosec)
Protection of Information Systems from theft or unauthorised access defines Information Security. Information Security is designed to preserve the confidentiality, integrity, and availability of data.
Information Security Engineering
Information Security Engineering is a technique to develop and implement security methods used to monitor sensitive systems and data to protect against cyber-attacks and penetration.
Information Security Management
Information Security Management is the process of defining and maintaining controls to ensure that an organisation's confidentiality, availability, and integrity of assets are protected from threats and vulnerabilities.
Information Security Officer
Corporate computer network and data are safeguarded from multiple forms of security breaches by an Information Security Officer who implements policies to protect them.
Information Systems Audit and Control Association (ISACA)
The global association ISACA facilitates IT professionals with training, certifications, knowledge, and community in areas such as audit, governance, risk, cybersecurity, emerging technologies, and privacy.
Insurance Regulatory and Development Authority of India (IRDAI)
The Insurance sector Regulatory and Developmental Authority of India is IRDAI. This statutory body was established under an Act of Parliament to oversee and augment this industry.
Intelligence Gathering
In private security, Intelligence Gathering is the process of collecting information on threats to people, buildings, or organizations to protect them. The intelligence gathered drives risk assessment and security strategy.
Intellectual Property Management
Intellectual Property Management includes organization, management and control of all patents, trademarks, and copyright files including tracking of all upcoming action dates.
International Organization for Standardization (ISO)
The International Organization for Standardization is an independent, non-governmental international organization comprising a membership of 168 national standard-setting bodies that publishes standards that organizations adhere to for certification purposes.
IT Security Consultant
IT Security Consultants, who are sometimes referred to as Security Analysts, evaluate computer systems, networks, and software programs for vulnerabilities and work towards developing solutions to secure them from cyber-attacks.
M
Malware Analysis Course
Advanced topics on combatting different complex malware and defence mechanisms are covered in Malware Analysis Courses.
Malware Analysis Training
Malware Analysis Training focuses on malware dissection for extracting insights on its operations and how a system is attacked. These insights are then useful for designing stronger defence mechanisms.
Memory Forensics
Memory Forensics is a component of Cyber Investigation that allows investigators to identify anomalous or unauthorized activity on a device such as a computer or server.
Memory Forensics Training
Memory Forensics Training involves learning the process of capturing a device's running memory and then analysing the collected data for forensic evidence of malicious software.
N
National Defense University
The National Defense University is an organization of higher learning mainly for training and professional development of security leaders, funded by the United States Department of Defense.
National Intelligence University
The National Intelligence University is a federally chartered research university situated in Bethesda, Maryland. It is the US Intelligence Community's staff college of higher learning, focusing on fields of study critical to the profession of intelligence and national security.
National Security Agency
The National Security Agency is a US Department of Defense intelligence agency that deals in national-level intelligence under the authority of the Director of National Intelligence.
O
Offensive Security
Offensive Security is a proactive and adversarial approach to safeguarding computer systems, networks and individuals from attacks.
Offensive Security Certification
Offensive Security Certification is a rigorous certification process designed to produce expert penetration testers responsible for securing computer systems, networks and individuals from attacks.
Offensive Security Certified Professional
This Certification is awarded to skilled and experienced penetration testers who have passed intense training scenarios and worked with exceptional course material developed by industry experts.
OffSec
Offensive Security is an international American firm that specializes in information security, penetration testing and digital forensics.
Offensive Security Certified Professional Courses (OSCP)
The Offensive Security Certified Professional (OSCP) Certification focuses on white-hat hacking and penetration testing, making it the entry-level certification awarded by Offensive Security.
P
PEN-200
A foundational Penetration Testing course, PEN-200 (2023), is a self-study, hands-on learning experience that teaches a pentetration tester the necessary mindset, skills, and tools for success in InfoSec.
Penetration Testing
Using a variety of automated and manual technologies, penetration testing, also known as pentesting, strategically penetrates endpoints, servers, mobile devices, web apps, network devices, wireless networks and other potential security breaches.
Pentester Toolkit
Designed for Offensive Security testing, the Pentester Toolkit is an essential set of tools used for network and web application penetration testing.
Practical Malware Analysis
Practical Malware Analysis techniques frequently used include virus scanning, file fingerprinting, packer detection, debugging, and memory dumping.
Privacy Engineering
Protecting personal data requires building tools and processes that apply privacy protections, which is the overarching practice of Privacy Engineering.
Product Security
Developers and manufacturers take precautions and engage in security efforts that aim to build secure and protected products. Product Security is the umbrella term for this range of activities.
Q
Quantum Computing
Quantum Computing is an emerging technology that leverages the principles of quantum mechanics to solve problems too complex for classical computers.
R
Ransomware
Ransomware is a type of malware that holds your data hostage by locking or encrypting your files, rendering them unusable. Attackers usually demand a payment, often in the form of cryptocurrency, to restore access to the files.
S
Securities and Exchange Board of India (SEBI)
SEBI stands for Securities and Exchange Board of India. This statutory body was established in 1992, and the Securities and Exchange Board of India Act, 1992 (15 of 1992) came into force on January 30, 1992.
Security Performance Awards (OSPAs)
The security sector's Outstanding Security Performance Awards (OSPAs) distinguish themselves by recognizing companies, individuals, and innovative ideas.
Security Risks
The IT industry faces a wide range of Security Risks that could lead to data breaches, regulatory enforcement actions, financial losses and reputational damage.
SOC Class
Sign up for the SOC Class to learn how to develop and run a Cyber Security Operations Centre on a small or global-scale budget. This class is ideal for SOC managers.
Syzkaller
Syzkaller is a software fuzzing framework widely used for testing the Linux kernel.
T
Technology
Technology refers to the practical application of scientific knowledge, especially in industry settings.
Telecommunications
Telecommunications is the branch of technology that concerns communication over long distances by using cables, telegraphs, telephones or broadcasting.
The Blackhat
The movie 'The Blackhat' was directed by Michael Mann, who was said to have been inspired by the events surrounding Stuxnet. This computer worm successfully targeted and allegedly ruined almost a fifth of Iran's nuclear centrifuges.
Threat Hunting Tools
This service offers threat detection, investigation, and response by a team of expert Threat Hunters, highly trained professionals who specialize in identifying and responding to potential threats, 24/7.
V
Vulnerability Analysis
A Vulnerability Analysis is a comprehensive review that identifies security-related issues which can moderately or severely impact the security of a given product or system.
Vulnerability Management
Vulnerability Management entails an ongoing, regular process of identifying, assessing, highlighting, monitoring, and resolving cyber vulnerabilities across workloads, endpoints, and computer systems.
Vuls
Vuls is a highly supported software package that focuses on vulnerability scanning.
W
What is a Black Hat Hacker
Black Hat Hackers engage in cybercrime operations by using their hacking skills for financial gain, cyber espionage, or other malicious intentions, such as implanting malware into computer systems.
What Are Black Hat Hackers
Criminals who break into computer networks with malicious intentions are commonly known as Black Hat Hackers. They may also release malware that destroys files, holds computers hostage, or steals confidential data such as passwords and credit card numbers.
Z
Zero Trust Framework
The Zero Trust Framework is a modern security strategy that is based on the principle of "never trust, always verify." Instead of assuming that everything behind the corporate firewall is safe, the Zero Trust model assumes that a breach is always possible and verifies each request as though it originates from an open network.