Cybersecurity: Terms and Definitions Made Simple

Look, cybersecurity is hard—there’s really no way to sugar coat it. In addition to cybersecurity being inherently complex in nature, the industry is filled with buzzwords, acronyms, and ever-changing terminology. ContraForce is on a mission to simplify and democratize cybersecurity, from access to affordable tools to understanding the nuances that go along with it.

The following glossary breaks down some of the most-used words in cybersecurity into digestible, easy-to-understand definitions. Know of some other cybersecurity terms that should be added to the list? Let us know with the contact form, here.  

1. Advanced Persistent Threat (APT): A targeted, prolonged, and sophisticated cyberattack in which an intruder gains access to a network, then remains undetected for an extended length of time. In most cases, an Advanced Persistent Threat has three stages: network infiltration, expansion of the attacker’s presence, and the extraction of data.
2. Advanced Threat Protection (ATP): A category of security solutions designed to defend against advanced threats, like sophisticated malware or hacking-based attacks, that target sensitive data. ATP is available as software or from a Managed (Security) Service Provider.
3. Asset Management: The practice of ensuring a business’ assets is secured and accounted for, especially the software, hardware, and data that supports operational function.
4. Automated Response: An enhanced and structured way to identify, detect, protect against, respond to and recover from security threats while reducing human dependency.
5. Baseline Security: Outlined goals, objectives, and policies outlined by an organization to sufficiently protect itself from vulnerabilities and threats. Often considered the “bare minimum” security practices to ensure cyber safety.
6. Brute Force Attack: A hacking method that uses trial and error to crack passwords, login credentials, and encryption keys. A hacker will often use algorithms to quicken the process.
7. Business Continuity Plan: A strategic plan outlining the ways in which companies can maintain daily business operations despite disruptions, like security breaches.
8. Business Impact Analysis Assessment (BIA): The process of determining and analyzing the necessary activities and resources to maintain regular business operation after a disruption. This often requires the development of recovery strategies.
9. Cloud Access Security Broker (CASB): An on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.
10. Cybersecurity Compliance: While compliance requirements vary by industry or sector, compliance involves meeting specific criteria to protect the confidentiality, integrity, and availability of data.
11. Cyber Security: Cyber security is the use of technology, processes, and policies to prevent cyber assaults on systems, networks, programs, devices, and data. Its goal is to limit the risk of cyber assaults and secure systems, networks, and technology from unauthorized use
12. Computer Emergency Response Team (CERT): A group of security experts responsible for incidents and reporting.
13. Chief Information Officer (CIO): A senior-level title given to someone in charge of information technology and computer systems management and implementation.
14. Certified Information Systems Auditor (CISA): A certified individual responsible for implementing an audit strategy for information systems.
15. Cybersecurity and Infrastructure Security Agency (CISA): CISA is the United States’ risk advisor and a sector of the federal government. They work with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.
16. Chief Information Security Officer (CISO): Senior-level executive responsible for an organization’s data and information security.
17. Cloud Security Posture Management  (CPSM): A market category for cloud-based IT security technologies that detect misconfiguration issues and compliance threats. One of the main goals of CSPM programming is to constantly analyze cloud architecture for security policy gaps.
18. Common Attack Pattern Enumeration and Classification (CAPEC): A publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities. It’s used to help educate the community on threat detection and response.
19. Chief Operating Officer (COO): A high-ranking, senior-level executive, usually second in command. COOs are usually responsible for overseeing day-to-day operations.
20. Data Loss Prevention (DLP): The practice of identifying and preventing data breaches, exfiltration, or unauthorized deletion of sensitive data. DLP is used by businesses to protect and secure their data while still adhering to rules.
21. Encryption: Encryption is a technique for scrambling data so that only authorized parties may decipher it. It is the process of transforming human-readable data and alters it so it appears random and incomprehensible.
22. Endpoint: Any device that physically connects to a computer network, like laptops, desktops, mobile devices, tablets, or servers. If you think of software, like antivirus, it would be installed on an endpoint.
23. Endpoint Protection: Endpoint security is the technique of preventing hostile actors and campaigns from exploiting endpoints or entry points of end-user devices such as PCs, laptops, and mobile devices. Cybersecurity risks are protected by endpoint security solutions on a network or in the cloud.
24. Endpoint Detection and Response (EDR): A cybersecurity solution that constantly monitors an “endpoint” to protect it from dangerous cyber threats. It leverages various data analytics techniques to detect suspicious system behavior, provide contextual information, stop malicious activities, and offer remedial ideas to restore impacted systems.
25. Extended Detection and Response (XDR): A SaaS-based tool that detects security threats and incident responses, and natively integrates multiple security products into a cohesive security operations system (SOC).
26. Host-Based Intrusion Detection System (HIDS): A specific type of intrusion detection system (IDS) that monitors the computer infrastructure on which it is placed while analyzing traffic and logging harmful behavior.
27. Intrusion Detection System (IDS): A monitoring system that identifies suspicious activity and generates alerts to notify an organization.
28. Incident Response: A collection of information security policies and processes for detecting, containing, and eliminating cyberattacks.
29. Information Systems Audit and Control Association (ISACA): An international professional association focused on IT governance. ISACA provides practical guidance, benchmarks, and tools for enterprises that use information systems. Through its comprehensive publications and services, ISACA defines roles for information system governance, security, audit, and assurance professionals worldwide.
30. Intrusion Prevention System (IPS): A network security instrument (which can be hardware or software) that continuously monitors a network for harmful behavior and takes action to prevent it, such as reporting, blocking, or dropping it.
31. Information Systems Security Officer (ISSO): An individual responsible for an organization’s information security, protecting information and preventing unauthorized access.
32. Managed Detection and Response (MDR): A cybersecurity service that uses both technology and human expertise to perform threat hunting, monitoring, and response.  
33. MITRE ATT&CK™ Framework: A globally available knowledge repository based on real-world observations of enemy tactics and procedures. In the business sector, government, and the cybersecurity product and service community, the ATT&CK knowledge base is utilized as a foundation for the creation of specialized threat models and approaches.
34. MITRE D3FEND: A framework built by MITRE that establishes a common language to help cyber defenders share strategies and methods among one another. It is commissioned and funded by the NSA.
35. Managed Service Provider (MSP): A company or organization that is outsourced to remotely manage, monitor, and maintain their customer’s IT department and infrastructure.
36. Managed Security Service Provider (MSSP): Similar to an MSP, an MSSP is outsourced to manage an organization’s security needs.  
37. Multi-Factor Authentication (MFA): Also known as two-step verification, MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. Having these additional authentication factors decreases the likelihood of a successful cyber-attack.
38. National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (also called NIST Cybersecurity Framework): A framework that organizes basic cybersecurity activities to help manage cybersecurity risk by organizing information, enabling risk management decisions, addressing threats, and learning from previous activities.
39. Posture: An organization’s overall cybersecurity strength and how well it can predict, prevent, and respond to ever-changing cyber threats. Also referred to as security posture.
40. Response Playbook: A set of rules or procedures put in place by an organization that outlines how to respond and resolve security incidents in real time. They often include training drills and best practices to ensure an organization is prepared to resolve incidents should they occur. Also referred to as an Incident Response Playbook.
41. Security Architecture: A system of security principles, methods and models that align to predefined objectives and business models and are designed to keep an organization safe from cyber threats.
42. Security Operations Center (SOC): A centralized facility where a cybersecurity team monitors, identifies, analyzes, and responds to cybersecurity issues, often 24 hours a day, 7 days a week.
43. SIEM (Security Information and Event Management): A security solution that assists organizations in identifying potential security threats and vulnerabilities before they impair company operations. It detects anomalous user behavior and uses artificial intelligence to automate many of the manual processes associated with threat detection and incident response. It has become standard in modern-day security operations centers (SOCs) for security and compliance management use cases.
44. SOAR (Security Orchestration, Automation and Response): A set of software solutions and tools that allow businesses to automate security operations in three major areas: threat and vulnerability monitoring, incident response, and security operations automation.
45. SaaS – Software as a Service: A service allowing users to connect and use cloud-based apps via the Internet. (Think Zoom, Shopify, and ContraForce).
46. Small to Medium Business: Sometimes referred to as Small to Midsize Business, SMBs are organizations with less employees and revenue than their enterprise counterparts. A small business typically has less than 100 employees, while a medium-size business has more than 100 but less than 1,000.  
47. Software Bill of Materials (SBOM): A nested list or inventory of all components used in a project. An SBOM also includes the licenses that govern those components, as well as the versions and patch status of the components utilized in the codebase, allowing security teams to immediately discover any security or license problems.
48. Threat Assessment: The process of evaluating and validating threats, as well as determining their risk. A threat assessment is frequently undertaken by security risk management before preparations for mitigating risks against the company in cybersecurity.
49. Threat Hunting: The process of proactively searching for cyber hazards that are hiding within a network.
50. Vulnerability Management: The process of finding, analyzing, treating, and reporting on security vulnerabilities in operating systems (OS), applications (both cloud-based or on-premises), browsers, and end-user applications.

Wanna keep things simple? Click here for start using ContraForce for free.