Acceptable Use Policy (AUP)

A policy that communicates to users what specific uses of computer resources are permitted.

Access Control List (ACL)

A list associated with an object, such as a file, that identifies what level of access each subject, such as a user, has as well as what they can do to the object, for example, read, write, or execute.

Access Point (AP)

A device designed to interconnct wireless network nodes with wired networks.

Accessible Rich Internet Applications (ARIA)

A specification by the World Wide Web Consortium (W3C) for adding semantics and other metadata to HTML to aid those who use assistive technology.

Active Directory (AD)

The directory service portion of the Windows operating system that stores information about network-based entities, such as applications, files, printers, and people, and provides a structured, consistent way to name, describe, locate, access, and manage these resources.

Active Server Pages (ASP)

An older server-side scripting framework for web servers introduced by Microsoft, which has since been replaced by ASP.NET in 2002.

Address Resolution Protocol (ARP)

A TCP/IP protocol, used with the command line tool of the same name, to determine the MAC address that corresponds to a particular IP address.

Address Space Layout Randomisation (ASLR)

A memory-protection process employed by operating systems where the memory space is block randomised to guard against targeted injections from buffer-overflow attacks.

Advanced Configuration Power Interface (ACPI)

Provides an open standard that operating systems can use to discover and configure computer hardware components, for example, to perform power management tasks such as, putting unused components to sleep, or, provide status monitoring. ACPI brings the power management under the control of the operating system, rather than it being BIOS centric, as with Advanced Power Management (APM).

Advanced Encryption Standard (AES)

An encryption standard created in the late 1990s, which utilises a symmetric block cipher, that uses a 128-bit block size and either a 128, 192 or 256-bit key size.

Advanced Encryption Standard 256-bit (AES-256)

An implementation of AES using a 256-bit key.

Advanced Host Controller Interface (AHCI)

An efficient way for motherboards to work with SATA host bus adapters. Using AHCI unlocks some of the advanced features of SATA, such as hot-swapping and native command queuing (NCQ)

Advanced Persistent Threat (APT)

A threat vector whose main objective is to remain on the system stealthily, with data exfiltration as a secondary task.

Advanced RISC [Reduced Instruction Set Computer] Machine (ARM)

A family of central processing units (CPUs) based on a reduced instruction set computer (RISC) architecture.

Advanced Technology Attachment (ATA)

A series of hard drive standards defining both the older parallel ATA (PATA) and modern Serial ATA (SATA) drives.

Advanced Technology eXtended (ATX)

Popular motherboard form factor that generally replaced the AT form factor.

Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)

A framework developed by MITRE for describing the methods used by attackers.

Alternating Current (AC)

Type of electricity in which the flow of electrons alternates direction, back and forth, in a circuit.

American Standard Code for Information Interchange (ASCII)

A character encoding that uses numeric codes in binary to represent characters. These include upper and lowercase English letters, numbers, and punctuation symbols.

Android Package (APK)

A file format for applications used on the Android operating system.

Angled Physical Contact (APC)

Fibre-optic connector that makes physical contact between two fibre-optic cables. It specifies an 8-degree angle to the curved end, lowering signal loss. APC connectors have less connection degradation from multiple insertions compared to other connectors

Annualised Loss Expectancy (ALE)

How much an event is expected to cost the business per year.

Annualised Rate of Occurrence (ARO)

The frequency with which an event is expected to occur on an annualised basis.

Antivirus (AV)

A software program designed to detect, mitigate, or remove malware and viruses from a system or network.

Anything as a Service (XaaS)

A term to describe the wide array of services that can be delivered to users from the cloud.

Apple File System (APFS)

The file system used by the macOS operating system from version 10.13 onwards. It replaced the Mac OS Extended file system used in earlier versions of macOS.

Apple Filing Protocol (AFP)

A protocol developed by Apple for sharing files over a network. It was used in Apple's Macintosh operating systems up to macOS 10, however, it has mostly now been replaced by the standard Server Message Block (SMB) protocol.

Application Programming Interface (API)

A set of instructions as to how to interface with a computer program so that developers can access defined interfaces in a program.

Application Service Provider (ASP)

A company that offers applications and services over the internet.

Artificial Intelligence (AI)

The use of complex models to simulate functions of the brain.

Asymmetric Digital Subscriber Line (ADSL)

A data communications technology that enables faster data transmission over copper telephone lines than a conventional voiceband modem can provide. Bandwidth and bit rate are said to be asymmetric because they are greater downstream to the customer, than upstream.

Asynchronous Transfer Mode (ATM)

A network technology that runs at speeds between 25 and 622 Mbps using fibre-optic cabling or Cat 5 or better UTP.

Attribute-based Access Control (ABAC)

An access control mechanism that grants access based on attributes of a user.

Authentication Header (AH)

A portion of the IPSec security protocol that provides authentication services and replay-detection ability. It can be used either by itself or with Encapsulating Security Payload (ESP).

Authentication, Authorisation, Accounting (AAA)

A security philosophy where a user trying to connect to a network must first present some form of credential to be authenticated and then must have limitable permissions within the network. The authenticating server should also record session information about the client.

Authentication, Authorisation, Accounting, Auditing (AAAA)

This adds auditing to the AAA security philosophy.

Automated Indicator Sharing (AIS)

The use of STIX and TAXII to share threat information between systems.

Automatic Document Feeder (ADF)

A tray, usually on top of a scanner, or multifunction device, that holds a document and enables the device to grab and scan each page automatically for easier scanning, copying, or faxing of long documents.

Automatic Private Internet Protocol Addressing (APIPA)

A networking feature in operating systems that enables clients to self-configure an IP address and subnet mask automatically when a DHCP server isn’t available.

Basic Input/Output System (BIOS)

A firmware element of a computer system that provides the interface between hardware and system software with respect to devices and peripherals. BIOS has been replaced by Unified Extensible Firmware Interface (UEFI), a more complex and capable system.

Basic Service Set Identifier (BSSID)

ID of an access point in a wireless LAN, that is typically the access point’s MAC address.

Blu-ray Disc (BD)

Optical disc format that stores up to 100 GB of data, designed as a replacement media for DVD.

Blu-ray Disc Recordable (BD-R)

A Blu-ray Disc that can be written to once.

Blu-ray Disc Rewritable (BD-RE)

A Blu-ray Disc that can be rewritten to several times.

Blue Screen of Death (BSOD)

Error screen that appears when Windows encounters an unrecoverable error.

Border Gateway Protocol (BGP)

An exterior gateway routing protocol that enables groups of routers to share routing information so that efficient, loop-free routes can be established. BGP connects Autonomous Systems on the Internet. The current version is BGP-4.


A network of computers, or bots, as they are sometimes referred to, which are infected with malware and can be controlled remotely to, for example, carry out a distributed denial of service (DDoS) attack.

Bourne Again Shell (BASH)

A command language for Linux systems.

Bridge Protocol Data Unit (BPDU)

A type of data message exchanged across switches within an extended LAN that uses a Spanning Tree Protocol topology.

Bring Your Own Device (BYOD)

Mobile deployment model wherein users bring their own network-enabled devices to the work environment. These mobile phones, tablets, notebooks, and other mobile devices must be easily and securely integrated and released from corporate network environments using onboarding and offboarding technologies.

British Naval Connector/Bayonet Neill-Concelman (BNC)

A connector used with 10-BASE-2 coaxial cable. All BNC connectors must be locked into place by turning the connector clockwise 90 degrees.

Business Continuity (BC)

The level of readiness of a business to maintain critical functions after an emergency or discruption.

Business Continuity Planning (BCP)

A plan a business develops to continue critical operations in the event of a major disruption.

Business Impact Analysis (BIA)

An analysis of the impact to the business of a specific event.

Business Partners Agreement (BPA)

A written agreement defining the terms and conditions of a business partnership.

Campus Area Network (CAN)

A network installed in a medium-sized space spanning multiple buildings.

Canonical Name (CNAME)

A DNS record that stores a fully qualified domain name. A common use is to provide an alias for another hostname.

Cardholder Data (CHD)

Any personally identifiable information (PII), which is associated with a person who possesses a credit or debit card.

Carrier-Sense Multiple Access with Collision Avoidance (CSMA/CA)

Access method used only on wireless networks. Before hosts transmit, they first listen for traffic. If the transmitting host does not hear any traffic, it will transmit its frame. It will then listen for an acknowledgement frame from the receiving host. If the transmitting host does not hear the acknowledgement, it will wait for a randomly determined period of time and try again.

Carrier-Sense Multiple Access with Collision Detection (CSMA/CD)

Obsolete access method that Ethernet systems used in LAN technologies, enabling frames of data to flow through the network and ultimately reach address locations. Hosts on CSMA/CD networks first listened to hear if there was any data on the wire. If there was none, the hosts sent out data. If a collision occurred, then both hosts waited a randomly determined period before retransmitting the data. Full-duplex Ethernet made CSMA/CD obsolete.

Cascading Style Sheet (CSS)

A language that is used to provide the look and feel to the structure of a web page, for example, the colour and font used for paragraph text.

Cathode Ray Tube (CRT)

Tube of a monitor in which rays of electrons are beamed onto a phosphorescent screen to produce images. Also, a shorthand way to describe a monitor that uses CRT rather than LCD technologies.

Central Processing Unit (CPU)

A microprocessor that acts as the brain of a computer, containing the circuitry necessary to interpret and execute program instructions such as arithmetic, logic, controlling and input/output operations.

Centre for Internet Security (CIS)

A US based non-profit organization, formed in October 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.

Certificate Authority (CA)

An entity responsible for the issuing and revoking of certificates.

Certificate Revocation List (CRL)

A digitally signed object that lists all the current but revoked certificates issued by a given certification authority.

Certificate Signing Request (CSR)

A message sent from an applicant to a certificate authority to apply for a digital identity certificate.

Challenge-Handshake Authentication Protocol (CHAP)

Used to provide authentication across point-to-point links using the Point-to-Point Protocol (PPP).

Channel Service Unit (CSU)

A piece of equipment that connects a T-carrier leased line from the telephone company to a customer’s equipment, such as a router.

Chief Information Officer (CIO)

A company executive responsible for the management, implementation, and usability of information and computer technologies. Also sometimes called Chief Digital Information Officer (CDIO) or Information Technology (IT) Director.

Chief Security Officer (CSO)

The person appointed to oversee security functions in an enterprise.

Chief Technology Officer (CTO)

The person appointed to oversee scientific technology functions in an enterprise.

Choose Your Own Device (CYOD)

A mobile device deployment methodology where each person chooses their own device type.

Cipher Block Chaining (CBC)

A method of adding randomisation to blocks, where each block of plaintext is XORed with the previous ciphertext block before being encrypted.

Cipher Feedback (CFB)

A method to make a block cipher into a self-synchronising stream cipher.


Ciphertext is the result of plaintext being encrypted using an algorithm, known as a cipher.

Classless Inter-Domain Routing (CIDR)

The basis of allocating and routing classless IP addresses, not restricting subnet masks to /8, /16, or /24, which classful addressing did. Based on variable-length subnet masking (VLSM), where subnets can be allocated according to the needs of an organisation, such as /26 for a network with 254 or fewer nodes, or /30 for a network with only two nodes.

Closed-Circuit Television (CCTV)

A private television system usually hardwired into security applications to record visual information.

Cloud Access Security Broker (CASB)

A security policy enforcement mechanism between cloud users and providers.

Cloud Security Alliance (CSA)

A US based not-for-profit organization with a mission to ‘promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing’.

Cloud Service Provider (CSP)

An organisation that offers cloud-based network services, infrastructure, or business applications.

Coarse Wavelength Division Multiplexing (CWDM)

An optical multiplexing technology in which a few signals of different optical wavelength could be combined to travel a short distance.

Code Division Multiple Access (CDMA)

Early cellular telephone technology that used spread-spectrum transmission.

Command and Control (C2)

Servers used by hackers to control malware that has been launched against targets. Multiple machines are often infected with malware and then these machines are used for some malicious purpose, such as stealing sensitive data or launching a distributed denial of service attack.

Command Prompt (CMD)

A text based user interface, within the Microsoft Windows operating system, that allows the entry of commands to perform operations on a computer system and receive text based output.

Command-Line Interface (CLI)

Allows a user to issue commands in the form of lines of text.

Common Internet File System (CIFS)

A version of SMB. A communication protocol for providing shared access to files, printers, and serial ports between nodes on a network.

Common Name (CN)

A characteristic field within a Distinguished Name (DN).

Common Vulnerabilities and Exposures (CVE [1])

A database hosted by the MITRE corporation, which incorporates a list of known vulnerabilities in publicly released software.

Common Vulnerability Enumeration (CVE [2])

A specification that provides a common language of discourse for discussing, finding, and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture.

Common Vulnerability Scoring System (CVSS)

A framework for scoring the severity of a vulnerability.

Communications and Networking Riser (CNR)

Proprietary slot used on some motherboards to provide a connection for modems, sound cards, and NICs that is free from sound interference.

Compact Disc (CD)

Optical disc format that stores up to 700MB of data or 80 minutes of music.

Compact Disc File System (CDFS)

A file structure, rules, and conventions used when organising and storing files and data on a CD. A generic name for ISO-9660.

Compact Disc Re-Writable (CD-RW)

A Compact Disc (CD) that can be rewritten to several times.

Compact Disc Read-Only Memory (CD-ROM)

A read only Compact Disc (CD).

Compact Disc Recordable (CD-R)

A Compact Disc (CD) that can be recorded to once.

Complementary Metal Oxide Semiconductor (CMOS)

Originally, computer systems had a standalone CMOS chip, which was a tiny bit of RAM hooked up to a small battery that enabled it to hold system settings for the BIOS firmware even with the computer turned off. This has long since been incorporated into the chipset. CMOS is often informally used to refer to the CMOS setup program or system setup utility.

Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)

Software designed to pose tests that require human ability to resolve, preventing robots from filling in and submitting web pages.

Computer Emergency Response Team (CERT)

A group responsible for investigating and responding to security breaches, viruses, and other potential catastrophic incidents. Also known as a Computer Incident Response Team (CIRT).

Computer Incident Response Team (CIRT)

A group responsible for investigating and responding to security breaches, viruses, and other potential catastrophic incidents. Also known as a Computer Emergency Response Team (CERT).

Computer Security Incident Response Team (CSIRT)

An expert group that handles computer security incidents. Alternative names for such groups include Computer Emergency Readiness Team and Computer Security Incident Response Team. A more modern representation of the CSIRT acronym is Cyber Security Incident Response Team.

Computer-Aided Design (CAD)

The use of computers to aid in the creation, modification, analysis, or optimisation of a design.

Computer-based Training (CBT)

Training undertaken via a computer, rather than in person.

Confidentiality, Integrity, and Availability (CIA)

The CIA triad is widely considered to be the foundation of IT security. It is put into practice through various security methods and controls. Every security technique, practice, and mechanism put into place to protect systems and data relates in some fashion to ensuring confidentiality, integrity, and availability.

Confidentiality, Integrity, Availability (CIA)

Confidentiality, integrity, and availability are the three basic functions of any security system. This is sometimes referred to as the CIA of security.

Content Addressable Memory (table) (CAM)

Content Addressable Memory (CAM) table is a system memory construct used by Ethernet switch logic which stores information such as MAC addresses available on physical ports with their associated VLAN Parameters. The CAM table, or content addressable memory table, is present in all switches for layer 2 switching. This allows switches to facilitate communications between connected stations at high speed and in full duplex regardless of how many devices are connected to the switch. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol (ARP) response packets.

Content Delivery Network (CDN)

A group of geographically distributed servers that speed up the delivery of web content by bringing it closer to where users are. CDNs cache content such as web pages, images, and video in proxy servers near to a user’s physical location.

Content Management System (CMS)

A web based application that allows non-technical users to manage the content of a website. These applications are built using web technologies such as PHP or the .NET Framework and utilise a database, for example, MySQL, PostgreSQL, Oracle or SQL Server, to store the website information.

Contingency Planning (CP)

The act of creating processes and procedures that are used under special conditions.

Continuity of Operations Planning (COOP)

The creation of plans related to continuing essential business operations after any major disruption.

Continuous Integration and Continuous Delivery (CI/CD)

The combined practices of continuous integration and continuous delivery to allow software development teams to deliver code changes more frequently and reliably. Continuous integration is the practice of regularly committing code changes to a version control system that can test and deploy code automatically. Continuous delivery is a practice where code changes are automatically prepared for a release to production.

Control Objectives for Information and Related Technologies (COBIT)

An IT governance framework created by ISACA (Information Systems Audit and Control Association) for businesses wanting to implement, monitor and improve IT management best practices. It was designed to bridge the gap between technical issues, business risks and control requirements.

Corporate Owned, Personally Enabled (COPE)

A form of mobile device ownership, or management, where a company provides employees with a mobile device and allows them to use it as if they owned it.

Corrective Action Report (CAR)

A report used to document the corrective actions taken on a system.

Counter-Mode (CTM)

Turns a block cipher into a stream cipher.

Counter-Mode/CBC-MAC Protocol (CCMP)

Also known as Counter Mode with Cipher Block Chaining-Message Authentication Code Protocol. An enhanced data cryptographic encapsulation mechanism based on the Counter Mode with CBC-MAC for AES, designed for use with wireless LANs.

Create, Read, Update and Delete (CRUD)

Refers to the possible ways to operate on stored data, such as in a database.


A tool used by a number of Linux distributions for automatically running tasks at a scheduled time.

Cross-Site Request Forgery (CSRF or XSRF)

A method of attacking a system by sending malicious input to the system and relying on the parsers and execution elements to perform the requested actions, thus instantiating the attack. CSRF exploits the trust a site has in the user’s browser.

Cross-site Scripting (XSS)

A method of attacking a system by sending script commands to the system input and relying on the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.

Cyclic Redundancy Check (CRC)

An error detection technique that uses a series of two 8-bit block check characters to represent an entire block of data. These block check characters are incorporated into the transmission frame and then checked at the receiving end.


An area of the internet that cannot be indexed by search engines such as Google and are not normally accessible via a standard web browser, but instead through specialist software. A Darknet can be used for harmless means, such as for a corporate website, as well as illegal means, such as hacking and file sharing forums where users wish to stay anonymous.

Data Encryption Standard (DES)

A private key encryption algorithm adopted by the U.S. government as a standard for the protection of sensitive but unclassified information. Commonly used in 3DES, where three rounds are applied to provide greater security.

Data Execution Prevention (DEP)

A security feature of an operating system that can be driven by software, hardware, or both, designed to prevent the execution of code from blocks of data in memory.

Data Loss Prevention (DLP)

Technology, processes, and procedures designed to detect when unauthorised removal of data from a system occurs. DLP is typically active, preventing the loss either by blocking the transfer or dropping the connection.

Data Privacy Officer (DPO)

The person in charge of privacy/data protection in the EU under GDPR.

Data Service Unit (DSU)

A device used in digital transmission for connecting a CSU (Channel Service Unit) to Data Terminal Equipment (a terminal or computer), in the same way that a modem is used for connection to an analogue medium.

Database Administrator (DBA)

A person who is responsible for directing and performing all activities related to maintaining a successful database environment. A DBA makes sure an organisation's databases and related applications operate functionally and efficiently.

Database as a Service (DBaaS)

A cloud computing managed service offering that provides access to a database without requiring the setup of physical hardware, the installation of software or the need to configure the database.

Database Management System (DBMS)

Software designed to define, manipulate, retrieve and manage data in a database.

Decibel (dB)

A measurement of the quality of a signal.

Demilitarized Zone (DMZ)

A physical or logical subnetwork that contains and exposes an organisation’s external-facing services to an untrusted network, such as the Internet. Its purpose is to add an additional layer of security to an organisation’s local area network (LAN). The untrusted network can only access what is in the DMZ, whilst the rest of the network is secured behind a firewall. Also sometimes known as a perimeter network.

Denial-of-Service (DoS)

An attack that floods a networked resource with so many requests that it becomes overwhelmed and ceases functioning. DoS prevents users from gaining normal use of a resource.

Dense Wavelength Division Multiplexing (DWDM)

An optical multiplexing technology which a large number of optical signals of different optical wavelengths could be combined to travel over relatively long fibre cables.

Desktop as a Service (DaaS)

A cloud computing service that enables a user or organisation to virtualise user workstations and manage them as flexibly as other cloud resources.

Destination Network Address Translation (DNAT)

A one-to-one static translation from a public destination address to a private address.

Diffie-Hellman Ephemeral (DHE)

A cryptographic method of establishing a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.

Digital Rights Management (DRM)

Access controls for restricting the use of proprietary hardware and copyrighted works.

Digital Signature Algorithm (DSA)

A U.S. government standard for implementing digital signatures.

Digital Subscriber Line (DSL)

A high-speed Internet connection technology that uses a regular telephone line for connectivity. DSL comes in several varieties, including asymmetric (ADSL) and symmetric (SDSL), and many speeds. Typical home-user DSL connections are ADSL with a download speed of up to 9 Mbps and an upload speed of up to 1 Kbps.

Digital Versatile Disc (DVD)

Optical disc format that provides for 4 – 17 GB of video or data storage.

Digital Versatile Disc Random Access Memory (DVD-RAM)

A rewritable disc endorsed by the DVD Forum. Using phase change technology, DVD-RAMs are like removeable hard disks, and the media can be rewritten 100,000 times, and have a capacity between 2.6GB and 9.4GB.

Digital Versatile Disc Recordable (DVD-R)

A DVD that can be written to once.

Digital Versatile Disc-Read Only Memory (DVD-ROM)

A read only DVD.

Digital Versatile Disk Rewritable (DVD-RW)

A DVD that can be rewritten to 1000 times.

Digital Visual Interface (DVI)

Special video connector designed for digital-to-digital connections; most commonly seen on PC video cards and LCD monitors. Some versions also support analogue signals with a special adapter.

Digital Visual Interface-Digital (DVI-D)

Digital specific DVI interface.

Direct Current (DC)

Type of electricity in which the flow of electrons is in a complete circle in one direction.

Direct Memory Access (DMA)

Technique that some PC hardware devices use to transfer data to and from the memory without using the CPU.

Disaster Recovery (DR)

An organisation’s ability to regain access and functionality to its IT infrastructure after a natural or human disaster.

Disaster Recovery Plan (DRP)

A written plan developed to address how an organisation will react to a natural or manmade disaster in order to ensure business continuity. Related to the concept of a Business Continuity Plan (BCP).

Discretionary Access Control (DAC)

An access control mechanism in which the owner of an object (such as a file) can decide which other subjects (such as other users) may have access to the object as well as what access (read, write, execute) these subjects can have.

Distinguished Encoding Rules (DER)

A method of providing exactly one way to represent any ASN.1 value as an octet string.

Distributed Denial of Service (DDoS)

A multicomputer assault on a network resource that attempts, with sheer overwhelming quantity of requests, to prevent regular users from receiving services from the resource. Can also be used to crash systems. DDoS attacks are usually executed using botnets consisting of compromised systems referred to as zombies.

Distributed File System (DFS)

A set of client and server services that allow an organisation using Microsoft Windows servers to organise many distributed SMB file shares into a distributed file system. DFS has two components to its services, location, via the namespace component, and redundancy, via the file replication component. Together, these components improve data availability in the case of failure or heavy load by allowing shares in multiple different locations to be logically grouped together under one folder, the 'DFS root'.

Document Object Mode (DOM)

The DOM is an API, or interface, which is loaded in a web browser, that allows for interaction with HTML and XML documents. It represents these documents in a tree structure, where each node is an object representing a part of the document.

Domain Keys Identified Mail (DKIM)

An email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claiming to have come from a specific domain was indeed authorised by the owner of that domain.

Domain Name System (DNS)

A TCP/IP name resolution system that resolves hostnames to IP addresses, IP addresses to hostname, and other bindings, like DNS servers and mail servers for a domain.

Domain Name System Security Extensions (DNSSEC)

The extension to DNS using cryptographically signed requests and answers.

Domain-based Message Authentication Reporting and Conformance (DMARC)

An e-mail authentication, policy, and reporting protocol.

Double Data Rate (DDR)

A type of computer memory, which is an advanced version of SDRAM, that can transfer data twice as fast as regular SDRAM chips. This is because DDR memory can send and receive signals twice per clock cycle.

Double Data Rate 2 (DDR2)

An improved version of DDR memory that is faster and more efficient.

Double Data Rate 3 (DDR3)

A type of memory that is similar to DDR2 RAM, but uses roughly 30% less power and can transfer data twice as fast.

Double Data Rate 4 (DDR4)

A type of memory that has faster data transfer rates and larger capacities than DDR3. It can also operate at a lower voltage, making it more power efficient.


The practice of researching and publishing private or identifiable information on the internet, regarding an individual or organisation.

Drive-by Download

A drive-by download is where something is downloaded from the internet to a computer without the prior knowledge of the user, or where a download is authorised by the user but the full consequences of the download are not understood.

Dual In-Line Memory Module (DIMM)

A 32 or 64-bit type of DRAM packaging with the distinction that each side of each tab inserted into the system performs a separate function. DIMMs come in a variety of sizes, with 184, 240 and 288 pins being the most common on desktop computers.

Dynamic Host Configuration Protocol (DHCP)

An Internet Engineering Task Force (IETF) Internet Protocol (IP) specification for automatically allocating IP addresses and other configuration information based on network adapter address.

Dynamic Link Library (DLL)

A type of file which contains a library of functions and other information that can be accessed by a Microsoft Windows based piece of software.

Dynamic Random Access Memory (DRAM)

Memory used to store data in most personal computers. DRAM stores each bit in a 'cell' composed of a transistor and a capacitor. Because the capacitor in a DRAM cell can only hold a charge for a few milliseconds, DRAM must be continually refreshed, or rewritten, to retain its data.

Effective Isotropic Radiated Power (EIRP)

The measured radiated power of an antenna in a specific direction.

Electromagnetic Interference (EMI)

Electrical interference from one device to another, resulting in poor performance of the device being interfered with.

Electromagnetic Pulse (EMP)

Potentially damaging burst of electromagnetic energy caused by events such as electrostatic discharge (ESD), lightning, nuclear detonations, and so on.

Electronic Code Book (ECB)

A block cipher mode where the message is divided into blocks, and each block is encrypted separately.

Electronic Industries Alliance (EIA)

Standards organisation specialising in the electrical and functional characteristics of interface equipment, which ceased operation in 2011.

Electronic Serial Number (ESN)

A unique identification number embedded by manufacturers on a microchip in wireless phones.

Electrostatic Discharge (ESD)

Uncontrolled rush of electrons from one object to another, which can cause permanent damage to semiconductors.

Elliptic Curve Cryptography (ECC)

A method of public key cryptography based on the algebraic structure of elliptic curves over finite fields.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

A cryptographic method using ECC to establish a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.

Elliptic Curve Digital Signature Algorithm (ECDSA)

A cryptographic method using ECC to create a digital signature.

Encapsulated Security Payload (ESP)

A portion of the IPSec implementation that provides for data confidentiality with optional authentication and replay-detection services. ESP completely encapsulates user data in the datagram and can be used either by itself or in conjunction with Authentication Headers for varying degrees of IPSec services.

Encrypted File System (EFS)

A feature on Microsoft Windows introduced in version 3.0 of NTFS, that provides filesystem level encryption. This technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer. It is available on all versions of Windows, except the Home edition, from Windows 2000 onwards. By default, no files are encrypted, but encryption can be enabled by users on a per-file, directory or drive basis.


The process of converting plain text into ciphertext to prevent unauthorised access.

End of Life (EOL)

A term used to denote that something has reached the end of its ‘useful life’.

End of Service (EOS)

A term used to denote when the manufacturer stops selling an item. In most cases, the manufacturer no longer provides maintenance services or updates.

End-User License Agreement (EULA)

An agreement that comes with a piece of software, which a user must agree to before using the it. The agreement outlines the terms of use for the software, together with a list of any actions that violate the agreement.

Endpoint Detection and Response (EDR)

A cybersecurity technology that continually monitors an endpoint to mitigate malicious cyber threats. Also known as endpoint threat detection and response.

Enhanced Interior Gateway Routing Protocvol (EIGRP)

Cisco's proprietary hybrid protocol that has elements of both distance vector and link state routing.

Enterprise Resource Planning (ERP)

The integrated management of main business processes, often in real time and mediated by software and technology.

Error Correction Code (ECC)

Special software, embedded on hard drives, that constantly scans the drives for bad blocks.

Exclusive OR (XOR)

An operation commonly used in cryptography.

Extended Detection Response (XDR)

Collects, correlates, and contextualises alerts from different solutions across endpoints, servers, networks, applications, and cloud workloads, into a unified incident detection and response platform.

Extended File System (ext)

A file system used by Linux distrubtions, with ext4, or the Fourth Extended File System, being the latest version.

Extended Instruction Pointer (EIP)

Used to track the address of the current instruction running inside an application.

Extended Service Set Identifier (ESSID)

The collection of all the BSSIDs on a WLAN; practically the same as the SSID.

Extended Unique Identifier (EUI)

The term used by the IEEE to refer to the 48-bit MAC address assigned to a network interface, which is sometimes referred to as EUI-48. The first 24-bits of the EUI-48 are assigned by the IEEE as the organisationally unique identifier (OUI).

Extensible Application Markup Language (XAML)

A markup language developed by Microsoft, that is used for creating application interfaces.

Extensible Authentication Protocol (EAP)

Authentication wrapper that EAP-compliant applications can use to accept one of many types of authentication. While EAP is a general-purpose authentication wrapper, its only substantial use is in wireless networks.

Extensible File Allocation Table (exFAT)

A proprietary file system developed by Microsoft, that supports files up to 16 exabytes in size, together with a theoretical partition limit of 64 zettabytes.

Extensible Markup Language (XML)

A text-based, human-readable data markup language.

External Serial Advanced Technology Attachment (eSATA)

A serial ATA-based connector for external hard drives and optical drives.

False Rejection Rate (FRR)

The acceptable level of legitimate users rejected by the system.

Fibre Channel over Ethernet (FCoE)

A computer network technology that encapsulates Fibre Channel frames over Ethernet networks. This allows Fibre Channel to use 10 Gigabit Ethernet networks (or higher speeds) while preserving the Fibre Channel protocol.

Field Programmable Gate Array (FPGA)

A programmable logic circuit instantiation in hardware.

File Allocation Table (FAT)

Hidden table that records how files on a hard disk are stored in distinct clusters; the only way DOS knows where to access files. The address of the first cluster of a file is stored in the directory file. The FAT entry for the first cluster is the address of the second cluster used to store that file. In the entry for the second cluster for that file is the address of the third cluster, and so on until the final cluster, which gets a special end of file marker. There are two FATs, mirror images of each other, in case one is destroyed or damaged.

File Allocation Table 12-bit (FAT12)

A file allocation table that uses 12 bits to address and index clusters.

File Allocation Table 16-bit (FAT16)

A file allocation table that uses 16 bits to address and index clusters.

File Allocation Table 32-bit (FAT32)

A file allocation table that uses 32 bits to address and index clusters.

File Integrity Monitoring (FIM)

An internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and a known, good baseline.

File System Access Control List (FACL)

The implementation of access controls as part of a file system.

File Transfer Protocol (FTP)

A protocol that works at the application layer, which is used to transfer files over a network connection. FTP utilises TCP ports 20 and 21.

File Transfer Protocol Secure (FTPS)

A protocol that works at the application layer, which is used to transfer files over a network connection, using FTP over an SSL or TLS connection.


A network security system, which monitors traffic to and from a computer network. It has the ability to allow or block traffic depending on a set of predefined rules. Firewalls can be implemented using software, hardware or a combination of the two.

First Hop Redundancy Protocol (FHRP)

A method of ensuring high data availability by taking multiple routers and grouping them into a virtual router with a single virtual IP address that clients use as a default gateway. Common FHRP protocols are the open standard Virtual Router Redundancy Protocol (VRRP), Cisco’s proprietary Hot Standby Router Protocol (HSRP) and Gateway Load Balancing Protocol (GLBP).

First In, First Out (FIFO)

A method of processing and retrieving data. In a FIFO system, the first items entered are the first ones to be removed.

Front-Side Bus (FSB)

Computer communication interface often used by Intel chips in 1990s and 2000s, that carried data between the CPU and memory controller hub.

Full Disk Encryption (FDE)

The application of encryption to an entire disk, protecting all the contents in one container.

Galois Counter Mode (GCM)

A mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because it can be parallelised to increase efficiency and performance.

General Data Protection Regulations (GDPR)

European Union law that specifies a broad set of rights and protections for personal information of EU citizens.

Generic Routing Encapsulation (GRE)

A tunnelling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network.

Gibabit Interface Converter (GBIC)

Modular port that supports a standardised, wide variety of gigabit interface modules.

Global Positioning System (GPS)

A satellite-based form of location services and time standardisation.

Global System for Mobile Communication (GSM)

Early cellular telephone networking stardard that is now obsolete.

Globally Unique Identifier (GUID)

A 128-bit number used to uniquely identify information in computer systems.

GNU Debugger (GDB)

A powerful source-level debugging package that lets you see what is going on inside your program. It runs on many Unix-like systems and works with programming languages including Ada, Assembly, C, C++, D, Fortran, Go, Objective-C, OpenCL C, Modula-2, Pascal, Rust.

GNU Privacy Guard (GPG)

An application program that follows the OpenPGP standard for encryption.

Grandfather-Father-Son (GFS)

A method of storing previous generations of master file data that are continuously updated. The son is the current file, the father is a copy of the file from the previous cycle, and the grandfather is a copy of the file from the cycle before that.

Graphical User Interface (GUI)

An interface that allows a user to interact with a computer graphically, through the use of a mouse or other pointing device to manipulate applications running on it.

Graphics Processing Unit (GPU)

A chip designed to manage graphics functions in a system.

Group Policy Object (GPO)

A method used by Windows for the application of OS settings enterprise-wide.

GUID [Globally Unique Identifier] Partition Table (GPT)

A partitioning system which facilitates the creation of more than four primary partitions without the use of dynamic disks.

Hard Disk Drive (HDD)

A mechanical device used for the storing of digital data in magnetic form.

Hardware Abstraction Layer (HAL)

Set of routines in software that provide programs with access to hardware resources through programming interfaces.

Hardware Assisted Virtualisation (HAV)

A platform virtualisation approach that enables efficient full virtualisation using help from hardware capabilities, primarily from the host processors. Hardware assisted virtualisation was added to x86 processors (Intel VT-x and AMD-V) in 2005 and 2006 respectively.

Hardware Compatibility List (HCL)

List of computer hardware that is compatible with a particular OS.

Hardware Security Module (HSM)

A physical device used to protect but still allow the use of cryptographic keys. It is separate from the host machine.

Hardware Security Module as a Service (HSMaaS)

A subscription-based offering where customers can use a hardware security module in the cloud to generate, access, and protect their cryptographic key material, separately from sensitive data.

Hashed Message Authentication Code (HMAC)

The use of a cryptographic hash function and a message authentication code to ensure the integrity and authenticity of a message.

Heating, Ventilation, and Air Conditioning (HVAC)

All the equipment involved in heating and cooling the environment within a facility. This includes boilers, furnaces, air conditioning units and ducts, plenums, and air passages.

High Availability (HA)

A collection of technologies and procedures that work together to keep an application available at all times.

High-bandwidth Digital Content Protection (HDCP)

Form of digital copy protection developed by Intel to prevent copying of digital content as it travels across connections.

High-Definition Multimedia Interface (HDMI)

A single multimedia connection that includes both high-definition audio and video. Used to connect computers, LCD displays, projectors and VR headsets, as well as various other devices in the home such as digital TV, DVD player, Blu-ray player, Xbox, Playstation and AppleTV with the television.

HMAC-based One-time Password (HOTP)

A method of producing one-time passwords using HMAC functions.


A computer system or portion of a network that has been set up purely for the purposes of attracting intruders. As there are no legitimate users in a system such as this, unauthorised activity is easy to spot.

Host-based Intrusion Detection System (HIDS)

A system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers.

Host-based Intrusion Prevention System (HIPS)

A system that automatically responds to computer intrusions by monitoring activity on one or more individual PCs or servers and responding based on a rule set.


An electronic device that sits at the centre of a star bus topology network, providing a common point for the connection of network devices. Hubs repeat all information it receives to all connected devices and have been replaced by switches.

Hypertext Markup Language (HTML)

A language that is used to provide the structure of web pages, using tags to define different parts of the page structure, for example, <h1> tags to denote the largest headings, or <p> tags for paragraphs of text.

Hypertext Preprocessor (PHP)

An open-source, general-purpose scripting language that is well suited to web development.

Hypertext Transfer Protocol (HTTP)

A network protocol that facilitates the transfer of documents, such as web pages, on the web, typically between a web browser and a server.

Hypertext Transfer Protocol Secure (HTTPS)

A secure version of HTTP in which hypertext is encrypted by Transport Layer Security (TLS) before being sent over the network. Prior to TLS, this was accomplished using Secure Sockets Layer (SSL).

Identity and Access Management (IAM)

The policies and procedures used to manage access control.

Identity Provider (IdP)

A system that creates, maintains, and manages identity information, including authentication services.

Immutable Object

A computer programming term used to describe an object whose state cannot be changed after it has been defined.

In-plane Switching (IPS [2])

A screen technology for liquid crystal displays, where a layer of crystals is sandwiched between two glass surfaces. The liquid crystal molecules are aligned parallel to those surfaces in predetermined directions. It replaces the older twisted nematic (TN) panels, providing more accurate colours and a wider viewing angle.

Incident Response (IR)

The process of responding to, containing, analysing, and recovering from a computer-related incident.

Incident Response Plan (IRP)

The plan used in responding to, containing, analysing, and recovering from a computer related incident.

Indicators of Compromise (IoC)

A set of values that, if found in memory or file storage, indicate a specific compromise event.

Industrial Control System (ICS)

System that monitors and controls machines such as those in a factory or chemical plant, or even just a large HVAC system in an office building.

Information Systems Security Officer (ISSO)

An individual with assigned responsibility for maintaining the appropriate operational security posture for an information system or program.

Information Technology (IT)

The use of any computers, storage, networking and other physical devices, infrastructure and processes to create, process, store, secure and exchange all forms of electronic data.

Information Technology eXtended (ITX)

A family of motherboard form factors, of which the Mini-ITX is the largest and most popular.

Information Technology Infrastructure Library (ITIL)

A framework containing a library of best practices for the management of IT services and improving IT support and service levels.

Infrared Data Association (IrDA)

A group of device manufacturers that developed a standard for infrared data transmission up to 4 Mbps.

Infrastructure as a Service (IaaS)

Cloud Service model that provides on-demand access to infrastructure such as servers, switches, and routers at rates based on resource use. Large-scale, global IaaS providers use virtualisation to minimise idle hardware, protect against data loss and downtime, and respond to spikes in demand.

Infrastructure as Code (IaC)

The use of machine-readable definition files as well as code to manage and provision computer systems.


In Object-Oriented Programming, Inheritance refers to the ability of an object to take on, or inherit, the properties of another object.

Initialisation Vector (IV)

A data value used to seed a cryptographic algorithm, providing for a measure of randomness.

Input/Output (I/O)

Input/Output from a computer system to the outside world e.g., a person or another system.

Input/Output Operations Per Second (IOPS)

A measure of how many read and write operations a storage device can perform in a second.

Instant Messaging (IM)

A text-based method of communicating over the Internet.

Institute of Electrical and Electronic Engineers (IEEE)

A non-profit, technical, professional institute associated with computer research, standards, and conferences.

Integrated Development Environment (IDE)

A piece of software that provides a means to create software and web applications. They generally include a source code editor, for programming purposes, a compiler where needed, for building an application and debugging tools, to aid in the resolution of bugs or problems with an application.

Integration Platform as a Service (iPaaS)

A subscription based service, which provides tools to enable the integration of data, applications and processes hosted on different physical and cloud services.

Intelligent Character Recognition (ICR)

Advanced OCR (Optical Character Recognition) that works on handwriting.

Interconnection Security Agreement (ISA)

An agreement between parties to establish procedures for mutual cooperation and coordination between them with respect to security requirements associated with their joint project.

Intermediate Distribution Frame (IDF)

The room where all the horizontal runs from all the work areas on a given floor in a building come together.

Internal Segmentation Firewall (ISFW)

A firewall positioned in the network to provide segmentation of sections of a network.

International Data Encryption Algorithm (IDEA)

A symmetric encryption algorithm used in a variety of systems for bulk encryption services.

International Standards Organisation (ISO)

An international standard development organisation composed of representatives from the national standards organisations of member countries.

Internet Control Message Protocol (ICMP)

A TCP/IP protocol used to handle many low-level functions such as error or informational reporting. ICMP messages are usually request and response pairs such as echo requests and responses or router solicitations and responses. There are also unsolicited 'responses' (advertisements) that consist of single packets. ICMP messages are connectionless.

Internet Group Management Protocol (IGMP)

Protocol that routers use to communicate with hosts to determine a 'group' membership to determine which computers want to receive a multicast. Once a multicast has started, IGMP is responsible for maintaining the multicast as well as terminating at completion.

Internet Information Services (IIS)

Web server software, that is provided by Microsoft and available on various versions of Microsoft Windows, including Windows 10 and Windows 11, as well as Windows Server.

Internet Key Exchange (IKE)

A standard key exchange protocol used on the Internet, which is an implementation of the Diffie-Hellmann algorithm.

Internet Message Access Protocol (IMAP)

Protocol for retrieving e-mail from an SMTP server.

Internet of Things (IoT)

The everyday objects that can communicate with each other over the Internet, such as smart home appliances, automobiles, video surveillance systems, and more.

Internet Protocol (IP)

Layer 3 protocol responsible for logical addressing and routing packets across networks, including the Internet. It doesn’t guarantee reliable delivery of packets across the network, leaving that task to higher-level protocols.

Internet Protocol Security (IPSec)

A protocol used to secure IP packets during transmission across a network. IPSec offers authentication, integrity, and confidentiality services. It uses Authentication Header (AH) and Encapsulating Security Payload (ESP) to accomplish this.

Internet Protocol version 4 (IPv4)

First version of the Internet Protocol introduced in 1980. IPv4 consists of a protocol, header, and address specification. Its 32-bit addresses are written as four sets of numbers between 0 and 255 separated by a period (often called dotted decimal notation).

Internet Protocol version 6 (IPv6)

Second version of the Internet Protocol developed as the address-space limitations of IPv4 became clear. While standardisation started in the 1990s, the transition from IPv4 to IPv6 is still ongoing. Its 128-bit addresses consist of eight sets of four hexadecimal numbers, with each number between 0000 and ffff, using a colon to separate the numbers.

Internet Relay Chat (IRC)

An application layer protocol that facilitates communication in the form of text across the Internet.

Internet Service Provider (ISP)

An organisation that provides access to the Internet in some form, usually for a fee.

Internet Small Computer Systems Interface (iSCSI)

A protocol that enables the SCSI command set to be transported over a TCP/IP network from a client to an iSCSI-based storage system. iSCSI is popular with storage area network (SAN) systems.

Intrusion Detection System (IDS)

A system that monitors network traffic for suspicious activity and alerts when such activity is discovered.

Intrusion Prevention System (IPS [1])

A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine.

IT Contingency Plan (ITCP)

The plan used to manage contingency operations in an IT environment.

JavaScript Object Notation (JSON)

A text-based data interchange format designed for transmitting structured data. It is most commonly used for transferring data between web applications and web servers.


A network authentication protocol developed by MIT to enable multiple brands of servers to authenticate multiple brands of clients.

Key Distribution Centre (KDC)

A component of the Kerberos system for authentication that manages the secure distribution of keys.

Key Encryption Key (KEK)

An encryption key whose function it is to encrypt and decrypt the data encryption key (DEK).

Key Performance Indicator (KPI)

A quantifiable measure of performance over time for a specific objective, providing targets to be achieved, milestones to gauge progress, or insights that allow for better decision making.

Keyboard-Video-Mouse (KVM)

A switching device that allows for the sharing of a single keyboard, video monitor and mouse, between multiple machines.

Knowledge Base (KB)

Technology used to store complex structured and unstructured information used by a computer system.

Last In, First Out (LIFO)

A method of processing data in which the last items entered are the first to be removed.

Layer 2 Tunnelling Protocol (L2TP)

A Cisco switching protocol that operates at the data link layer.

Letter of Intent (LOI)

A document written in a business letter format that outlines the understanding between two or more parties, which the parties intend to formalise in a legally binding agreement.

Light-Emitting Diode (LED)

Solid-state device that emits photons at luminous frequencies when current is applied.

Lightweight Directory Access Protocol (LDAP)

An application protocol used to access directory services across a TCP/IP network.

Lightweight Directory Access Protocol (over SSL) (LDAPS)

A secure version of LDAP.

Lightweight Extensible Authentication Protocol (LEAP)

A version of EAP developed by Cisco prior to 802.11i to push 802.1X and WEP adoption.

Link Aggregation Control Protocol (LACP)

IEEE specification of certain features and options to automate the negotiation, management, load balancing, and failure modes of aggregated ports.

Linux, Apache, MySQL, and PHP (LAMP)

The Linux operating system, Apache web server, MySQL database, and PHP web scripting language can be used together to create a fully functioning web server.

Liquid Crystal Display (LCD)

A backlit flat panel display that uses the light modulating properties of liquid crystals to produce images on a screen.

Local Area Network (LAN)

Network that generally (but not always) belongs to one household or organisation and covers a limited area (anything from two devices in an apartment up to thousands of devices on a multi-building school or business campus).

Local File Inclusion (LFI)

An attack technique in which an attacker tricks a web-based application into running or exposing sensitive information, and in severe cases, can lead to cross-site scripting (XSS), and remote code execution.

Local/Lucent Connector (LC)

A duplex type of small form factor (SFF) fibre connector, designed to accept two fibre cables. Also known as LC connector or Lucent connector.

Logical Block Addressing (LBA)

An addressing scheme that acts as an interface between the operating system and storage devices. It presents storage chunks on a storage device to the operating system as a sequence of blocks. This saves the operating system from having to deal with the detail of how the storage space is arranged on a hard disk or solid-state disk. Logical Block Addressing is inherant to all operating systems and mass storage devices.

Long-Term Evolution (LTE)

A wireless data standard with theoretical download speeds of 300 Mbps and upload speeds to 75 Mbps. LTE is marketed as a 4G (fourth generation) wireless technology.

Mac OS, Apache, MySQL, and PHP (MAMP)

The Mac OS operating system, Apache web server, MySQL database, and PHP web scripting language can be used together to create a fully functioning web server.

Machine Learning (ML)

A form of artificial intelligence where machine algorithms learn by examining test cases and solutions.

Mail Exchange (MX)

A DNS record that SMTP servers use to determine where to send mail for a given domain.

Main Distribution Frame (MDF)

The room in a building that stores the demarc, telephone cross-connects, and LAN cross-connects.


Malware is the collective name given to software that has been developed to disrupt or damage data, software or hardware, as well as gain unauthorised access to computer systems.

Managed Security Service Provider (MSSP)

A third party that manages the security aspects of a system under some form of service agreement.

Managed Service Provider (MSP)

A third party that manages aspects of a system under some form of service agreement.

Management Information Base (MIB)

A database used by the Simple Network Management Protocol (SNMP) to aid in the management of entities in a communication network.

Mandatory Access Control (MAC [1])

An authorisation method in which the system grants access to resources based on security labels and clearance levels. Used in organisations with very high security needs.

Master Boot Record (MBR)

A strip of data on a hard drive in Windows systems meant to result in specific initial functions or identification.

Master Service Agreement (MSA [2])

A contract between two or more parties that establishes what terms and conditions will govern all current and future activities and responsibilities. It creates a contract framework that provides the foundation for all future actions.

Material Safety Data Sheet (MSDS)

Documents that list information relating to occupational safety and health for the use of various substances and products.

Maximum Transmission Unit (MTU)

A measure of the largest payload that a particular protocol can carry in a single packet in a specific instance.

Mean Time Between Failure (MTBF)

A factor typically applied to a hardware component that represents the manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component.

Mean Time to Detect (MTTD)

The average time passed between the onset of an IT incident and its discovery, measured by dividing the sum of incident detection times by the number of incidents.

Mean Time to Failure (MTTF)

The statistically determined time to the next failure.

Mean Time to Repair/Recover (MTTR)

A common measure of how long it takes to repair a given failure. This is the average time and may or may not include the time needed to obtain parts.

Measurement Systems Analysis (MSA [1])

A thorough assessment of a measurement process, and typically includes a specially designed experiment that seeks to identify the components of variation in that measurement process.

Mechanical Transfer - Registered Jack (MT-RJ)

A type of small form factor (SFF) fibre connector.

Media Access Control (MAC [2])

A protocol used in the data link layer for local network addressing.

Medium Access Control (MAC [3])

A sublayer, along with the logical link control sublayer, that together form the Data Link Layer, in the OSI seven-layer model. It controls the hardware responsible for interacting with the wired, optical or wireless transmission medium.

Medium Dependent Interface Crossover (MDIX)

A version of the medium dependent interface (MDI) enabling a connection between corresponding devices. An MDI port or uplink port is a port on a switch, router or network hub connecting to another switch or hub using a straight-through cable rather than an Ethernet crossover cable. Generally, there are one to two ports on a switch or hub with an uplink switch, which can be used to alter between an MDI and MDIX interface.

Memorandum of Agreement (MOA)

A document executed between two parties that defines some form of agreement.

Memorandum of Understanding (MOU)

A document that defines an agreement between two parties in situations where a legal contract is not appropriate.

Message Authentication Code (MAC [4])

A short piece of data used to authenticate a message. This is often a hashed message authentication code (HMAC), where a hash function is used on the message authentication code to ensure the integrity and authenticity of a message.

Message Digest 5 (MD5)

A hashing algorithm and a specific method of producing a message digest.

Metasploit Framework (MSF)

A modular penetration testing framework, written in Ruby, that contains a suite of tools that can be used to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. It enables the user to write, test, and execute, exploit code.

Metropolitan Area Network (MAN)

Multiple computers connected via cabling, radio, leased phone lines, or infrared that are within the same city.

Microsoft Challenge Handshake Authentication Protocol (MSCHAP)

A Microsoft Developed variant of the Challenge Handshake Authentication Protocol (CHAP).

Microsoft Management Console (MMC)

A component of Windows 2000 and later that provides admins and advanced users an interface for configuring and monitoring the system.

Microsoft Remote Assistant (MSRA)

A feature of the Microsoft Windows operating system that enables users to give anyone control of their computer over the internet.

Mobile Application Management (MAM)

The software and services responsible for provisioning and controlling access to internally developed and commercially available mobile apps used in business settings, on both company-provided and 'bring your own' mobile operating systems as used on smartphones and tablet computers.

Mobile Device Management (MDM)

An application designed to bring enterprise-level functionality onto a mobile device, including security functionality and data segregation.

Model-View-Controller (MVC)

A design pattern utilised in software development, which is used to implement software interfaces, data and controlling logic, separating out the business logic from the display.

Monitoring as a Service (MaaS)

The use of a third party to provide security monitoring services.

Multifactor Authentication (MFA)

The use of more than one different factor for authenticating a user to a system.

Multifunction Device (MFD)

A single device that consolidates the functions of multiple document handling devices, such as printing, copying, scanning, and faxing.

Multifunction Printer (MFP)

An office machine which incorporates the functionality of multiple devices in one, so as to have a smaller footprint in a home or small business setting, or to provide centralised document management, distribution, or production in a large-office setting. Also known as an all-in-one device or multifunction device.

Multimedia Message Service (MMS)

A standard way to send multimedia messages to and from mobile phones over a cellular network.

Multiple Input, Multiple Output (MIMO)

Feature of 802.11n and later WAPs that enables them to make multiple simultaneous connections.

Multipoint Generic Routing Encapsulation (mGRE)

The Generic Routing Encapsulation (GRE) is a tunnelling protocol that can encapsulate several OSI layer 3 protocols. This protocol can be used by two endpoints to communicate with each other. It is developed by Cisco Systems, and can be used with IPSec to create a VPN. Multipoint GRE (mGRE) is a protocol that can be used to enable one node to communicate with many nodes.

Multiprotocol Label Switching (MPLS)

A routing technique in telecommunications networks that directs data from one node to the next based on labels rather than network addresses. Whereas network addresses identify endpoints the labels identify established paths between endpoints. MPLS can encapsulate packets of various network protocols, hence the multiprotocol component of the name.

Multiuser – Multiple Input, Multiple Output (MU-MIMO)

Feature of 802.11ac and later networking that enables a WAP to broadcast to multiple users simultaneously.

Mutable Object

A computer programming term used to describe an object whose state can change after it has been defined.

Name Server (NS)

DNS servers that hold the actual name and IP DNS records in a kind of database called a zone.

National Institute of Standards & Technology (NIST)

A U.S. government agency responsible for standards and technology.

Near Field Communication (NFC)

A set of standards and protocols for establishing a communication link over very short distances, which are used with mobile devices.

NetBIOS over TCP/IP [Transmission Control Protocol] (NetBT)

A network protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.

Network Access Control (NAC)

An approach to endpoint security that involves monitoring and remediating end-point security issues before allowing an object to connect to a network.

Network Address Translation (NAT)

A way of converting a system's IP address into another IP address before sending it out to a larger network. A network using NAT provides the systems on the network with private IP addresses. The system running the NAT software has two interfaces, one connected to the network and the other connected to the larger network. The NAT program takes packets from the client systems bound for the larger network and translates their internal private IP address to its own public IP address, enabling many systems to share an IP address.

Network Attached Storage (NAS)

A dedicated file server that has its own file system and typically uses hardware and software designed for serving and storing files.

Network File System (NFS)

A distributed file system protocol, allowing a user on a client computer to access files over a network.

Network Function Virtualisation (NFV)

A network architecture that applies infrastructure as code (IaC) style automation and orchestration to network management.

Network Interface Card (NIC)

Traditionally, an expansion card that enables a PC to connect physically to a network. Modern computers now utilise built in NICs, without the need for a physical card, however, the term NIC is still very common.

Network Operations Centre (NOC)

A centralised location for technicians and administrators to manage all aspects of a network.

Network Time Protocol (NTP)

A protocol for the transmission of time synchronisation packets over a network.

Network-based Intrusion Detection System (NIDS)

A system for examining network traffic to identify suspicious, malicious, or undesirable behaviour.

Network-based Intrusion Prevention System (NIPS)

A system that examines network traffic and automatically responds to computer intrusions.

Networked Basic Input/Output System (NetBIOS)

A protocol that operates at the Session layer of the OSI seven-layer model. It creates and manages connections based on the names of the computers involved and utilises TCP ports 137 and 139, as well as UDP ports 137 and 138.

New Technology File System (NTFS)

A proprietary file system developed by Microsoft, introduced in 1993, that supports a wide variety of file operations on servers, PCs, and media.

New Technology LAN Manager (NTLM)

A deprecated security suite from Microsoft that provides authentication, integrity, and confidentiality for users. As it does not support current cryptographic methods, it is no longer recommended for use.

Next-Generation Firewall (NGFW)

Network protection device that functions at multiple layers of the OSI model to tackle traffic no traditional firewall can filter alone.

Next-generation Secure Web Gateway (NG-SWG)

A solution designed to filter unwanted web traffic from a user-initiated session to enforce policy compliance.

Non-Disclosure Agreement (NDA)

A legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to any others. An NDA may also be referred to as a confidentiality agreement.

Non-volatile Memory Express (NVMe)

A Solid-State Drive (SSD) technology that supports a communication connection between the operating system and the SSD directly through a PCIe bus lane,

Object Identifier (OID)

The Simple Network Management Protocol (SNMP) uses Management Information Bases (MIBs) to categorise data that can be queried, and subsequently analysed. Object Identifiers uniquely number data pieces within a MIB.

Object-Oriented Programming (OOP)

A programming paradigm based on the concept of “objects”, which may contain data, in the form of fields or attributes, and behaviours, in the form of procedures or methods. Computer programs created in this way are usually made up of multiple objects that interact with one another.

On-The-Go (OTG)

In relation to USB, it refers to a standardised specification that allows a device to read data from a USB device without requiring a PC.

Online Certificate Status Protocol (OCSP)

A protocol used to request the revocation status of a digital certificate. This is an alternative to certificate revocation lists.

Open Authorization (OAUTH)

An open protocol that allows secure, token-based authorisation on the Internet from web, mobile, and desktop applications via a simple and standard method. It can be used by an external partner site to allow access to protected data without having to re-authenticate the user. It was created to remove the need for users to share their passwords with third-party applications, by substituting it with a token.

Open Shortest Path First (OSPF)

An interior gateway routing protocol developed for IP networks based on the shortest path first or link state algorithm.

Open Source

Software that is said to be open source refers to the fact that the original source code used to create it is made freely available to view, modify, enhance and redistribute.

Open Source Security Testing Methodology Manual (OSSTMM)

A peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM).

Open Systems Interconnection (OSI)

An international standard suite of protocols defined by the International Organisation for Standardisation (ISO) that implements the OSI seven-layer model for network communications between computers.

Open Vulnerability Assessment Language (OVAL)

An XML-based standard for the communication of security information between tools and services.

Open Vulnerability Assessment Scanner (OpenVAS)

An open-source vulnerability scanner that can detect security issues in all manner of servers and network devices.

Open Web Application Security Project (OWASP)

A non-profit foundation dedicated to improving security in web applications.

Open-source Intelligence (OSINT)

Security information derived from sources available to the public.

Operating System (OS)

The basic software that handles input, output, display, memory management, and all the other highly detailed tasks required to support the user environment and associated applications.

Operational Technology (OT)

The name for an IT system used in an industrial setting to control physical processes.

Optical Character Recognition (OCR)

The identification of printed characters using photoelectric devices and computer software.

Optical Network Terminal (ONT)

A device that works like a modem, but for fibre networks and enables networked devices to communicate with an internet service provider (ISP).

Optical Time Domain Reflectometer (OTDR)

Tester for fibre-optic cable that determines continuity and reports the location of cable breaks.

Organic Light-emitting Diode (OLED)

A display technology where an organic compound provides the light for the screen, which eliminates the need for a backlight or inverter. OLED is used in high-end TVs and small devices such as smart watches, smartphones, and VR headsets.

Over The Air (OTA)

Refers to performing an action wirelessly.

Packet Capture (PCAP)

The methods and files associated with the capture of network traffic in the form of text files.

Pan-Tilt-Zoom (PTZ)

A term used to describe a video camera that supports remote directional and zoom control.

Password Authentication Protocol (PAP)

A simple protocol used to authenticate a user to a network access server.

Password-based Key Derivation Function 2 (PBKDF2)

A key derivation function that is part of the RSA Laboratories Public Key Cryptography Standards, published as IETF RFC 2898.

Payment Card Industry Data Security Standard (PCI DSS)

A contractual data security standard initiated by the credit card industry to cover cardholder data.

Peer to Peer (P2P)

A network connection methodology involving direct connection from peer to peer.

Perfect Forward Secrecy (PFS)

A property of a cryptographic system whereby the loss of one key does not compromise material encrypted before or after its use.

Peripheral Component Interconnect Express (PCIe)

High-speed serial computer expansion bus standard, designed to replace PCI, PCI-X and AGP bus standards.

Personal Area Network (PAN)

An interconnection of devices to facilitate the exchange of information in the vicinity of a person. This is over a short distance of less than 33 feet or 10 metres and typically utilises wireless technologies, such as Bluetooth.

Personal Computer (PC)

A general purpose computer designed to be used by a single end user at any one time.

Personal Health Information (PHI)

Information related to a person’s medical records, including financial, identification, and medical data.

Personal Identification Number (PIN)

A number that is secret, known only to the user to establish identity.

Personal Identity Verification (PIV)

Policies, procedures, hardware, and software used to securely identify federal workers.

Personally Identifiable Information (PII)

Information that can be used to identify a single person.


An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via an electronic communication, such as email, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.

PKCS #12 (P12)

A commonly used member of the family of standards called Public-Key Cryptographic Standards (PKCS), published by RSA Laboratories.

Plain Old Telephone Service (POTS)

The term used to describe the old analogue phone service and later the ‘land-line’ digital phone service.

Platform as a Service (PaaS)

A cloud service model which provides a managed environment of hardware and software. This type of service is popular with application developers as it removes the need to maintain the complex infrastructure required.

Pluggable Authentication Modules (PAM [2])

A mechanism used in Linux systems to integrate low-level authentication methods into an API.

Point-to-Point Protocol (PPP)

The Internet standard for transmission of IP packets over a serial line, as in a dial-up connection to an ISP.

Point-to-Point Tunnelling Protocol (PPTP)

The use of generic routing encapsulation over PPP to create a methodology used for virtual private networks.

Pointer Record (PTR)

A type of DNS record that points IP addresses to hostnames.


In Object-Oriented Programming, Polymorphism refers to the ability of a programming language to process objects differently depending on their data type or class.


In Computing there are two types of port, hardware ports and networking ports. A hardware port serves as an interface between a computer and peripheral devices, such as a monitor, printer, keyboard, and mouse. A port is a part of a computer that these devices connect to. A networking port is a communication endpoint. It is a logical construct that identifies a specific process or type of network service, at the software level, within an operating system. Ports have a port number associated with them and relate to specific transport protocols, for example, port 80 handles HTTP traffic.

Port Address Translation (PAT)

The most used form of network address translation, where the NAT uses the outgoing IP addresses and port numbers (collectively known as a socket) to map traffic from specific machines in the network.

Portable Electronic Device (PED)

A term used to describe an electronic device, owned by the user, and brought into the enterprise, that uses enterprise data. This includes laptops, tablets, and mobile phones, to name a few.

Portable Executable (PE [1])

An executable that doesn’t need to be installed before it can be used.

Post Office Protocol (POP)

One of the two protocols that receive e-mail from SMTP servers.

Post Office Protocol version 3 (POP3)

One of the two protocols that receive e-mail from SMTP servers.

Potentially Unwanted Program (PUP)

A software program you likely didn’t want installed on your computer. PUPs are common in bundled systems.

Power Distribution Unit (PDU)

A rack-mounted set of outlets for devices installed in the rack. Connected to the rack’s uninterruptible power supply (UPS).

Power over Ethernet (PoE)

A standard that enables wireless access points (WAPs) to receive their power from the same Ethernet cables that transfer their data.

Power Supply Unit (PSU)

Converts mains AC to low-voltage DC power for the internal components of a computer.

Power-on Self-Test (POST)

A basic diagnostic routine completed by a system at the beginning of the boot process to make sure a display adapter and the system’s memory are installed. It then searches for an operating system and if one is found, control of the machine is handed over to it.

Pre-Shared Key (PSK)

A shared secret which was previously shared between two parties using some secure channel before it needs to be used.

Preboot Execution Environment (PXE)

Technology that enablers a PC to boot without any local storage by retrieving an operating system from a server over a network.

Preferred Roaming List (PRL)

A list that is occasionally and automatically updated to a phone’s firmware by the carrier so that the phone will be configured with a particular carrier’s networks and frequencies, in a priority order, that it should search for when it can’t locate its home carrier network.

Preinstallation Environment (PE [2])

Lightweight version of Microsoft Windows used for deployment of PCs, workstations and servers or troubleshooting an operating system while it is offline.

Pretty Good Privacy (PGP)

A popular encryption program that has the ability to encrypt and digitally sign e-mail and files.

Printer Command Language (PCL)

A page description language developed by Hewlett-Packard as a printer protocol and has become a de facto standard. Originally developed for inkjet printers but now works with thermal, matrix and page printers as well.

Privacy Enhanced Mail (PEM)

Internet standard that provides for secure exchange of e-mail using cryptographic functions.

Private Branch Exchange (PBX)

A telephone exchange that serves a specific business or entity.

Privileged Access Management (PAM [1])

A cybersecurity strategy to control, monitor, secure and audit all identities across an IT environment.

Process Identifier (PID)

A unique number used by operating system kernels within operating systems such as Windows, Unix, Linux and macOS, to identify an active process.

Programmable Logic Controller (PLC)

A programmable controller in an industrial control system (ICS) that has been adapted to control manufacturing processes such as machines on an assembly line.

Proof of Concept (PoC)

A realisation of a certain method or idea to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has practical potential. A proof of concept is usually small and may or may not be complete. Also known as proof of principle.

Protected Extensible Authentication Protocol (PEAP)

A protected version of EAP developed by Cisco, Microsoft, and RSA Security, that functions by encapsulating the EAP frames in a TLS tunnel.

Proxy Auto Configuration (PAC)

A method of automating the connection of web browsers to appropriate proxy services to retrieve a specific URL.

Public Key Cryptography Standards (PKCS)

A series of standards covering aspects of the implementation of public key cryptography.

Public Key Infrastructure (PKI)

Infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority.

Quad Small Form-factor Pluggable (QSFP)

Bidirectional (BiDi) fibre-optic connector used in 40GbE networks.

Quality Assurance (QA)

The term used in both manufacturing and service industries to describe the systematic efforts taken to ensure that the product delivered to a customer meets with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer.

Quality of Service (QoS)

The use of technology to manage data traffic, reduce packet loss, and control latency and jitter on a network.

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

An open-source hashing algorithm that creates a unique 160-bit, 256-bit, or 320-bit message digest for each file.

Radio Frequency (RF)

Oscillation rate of an alternating electric current or voltage or of a magnetic, electric, or electromagnetic field or mechanical system in the frequency range from around 20 KHz to 300 GHz.

Radio Frequency Identification (RFID)

A technology used for remote identification via radio waves.

Radio Guide (RG)

Ratings developed by the US Military to provide a quick reference for the different types of coaxial cable.

Radio-Frequency Interference (RFI [1])

Disturbance generated by an external source that affects an electrical circuit by electromagnetic induction, electrostatic coupling or conduction.

Random Access Memory (RAM)

Memory that can be accessed at random, enabling you to write to or read from without touching the preceding address, often used to mean a computer’s main memory.

Rapid Application Development (RAD)

A software development methodology that favours the use of rapid prototypes and changes as opposed to extensive advanced planning.

Read-Only Memory (ROM)

Memory that can be read from but to written to. Often described as non-volatile memory.

Real Time Streaming Protocol (RTSP)

An application-level network protocol designed for multiplexing and packetising multimedia transport streams (such as interactive media, video, and audio) over a suitable transport protocol. RTSP is used in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between endpoints. Clients of media servers issue commands such as play, record, and pause, to facilitate real-time control of the media streaming from the server to a client (video on demand) or from a client to the server (voice recording).

Real-time Operating System (RTOS)

An operating system designed to work in a real-time environment.

Real-time Transport Protocol (RTP)

A protocol for a standardised packet format used to carry audio and video traffic over IP networks.

Received Signal Strength Indication (RSSI)

A scale used by manufacturers to show the signal between a WAP and a receiver, usually depicted in a number of bars.

Recovery Point Objective (RPO)

The amount of data a business is willing to place at risk. It is determined by the amount of time a business has to restore a process before an unacceptable amount of data loss results from a disruption.

Recovery Time Objective (RTO)

The amount of time a business has to restore a process before unacceptable outcomes result from a disruption.

Redundant Array of Independent or Inexpensive Disks (RAID)

A method for creating a fault tolerant storage system. RAID uses multiple hard drives in various configurations to offer different levels of speed and data redundancy.

Reflected Cross-site Scripting (RXSS)

A vulnerability that arises when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Registered Jack (RJ)

Type of connector used on the end of telephone (RJ-11) and network cables (RJ-45).

Registered Jack Function 11 (RJ11)

Standardised telecommunication network interface for telephones.

Registered Jack Function 45 (RJ45)

Standardised telecommunication network interface for voice and data.

Registration Agent (RA [1])

Part of the PKI system responsible for establishing registration parameters during the creation of a certificate.

Remote Access Server (RAS)

A combination of hardware and software used to enable remote access to a network.

Remote Access Trojan (RAT)

A set of malware designed to exploit a system providing remote access.

Remote Authentication Dial-in User Service (RADIUS)

A standard protocol for providing authentication services that is commonly used in dial-up, wireless, and PPP environments.

Remote Code Execution (RCE)

A type of attack that allows an attacker to remotely execute malicious code on a computer resulting in, for example, malware execution or gaining full control over the compromised machine.

Remote Desktop Protocol (RDP)

Protocol used for Microsoft's Remote Desktop tool.

Remote File Inclusion (RFI [2])

A type of vulnerability that allows an attacker to include a file, usually exploiting a dynamic file inclusion mechanism implemented in the target application. This vulnerability exists where there isn’t appropriate user input validation.

Remote Monitoring and Management (RMM)

The process of supervising and controlling IT systems by means of locally installed agents that can be accessed by a management service provider.

Remotely Triggered Black Hole (RTBH)

A popular and effective filtering technique for the mitigation of denial-of-service attacks.

Representational State Transfer (REST)

An architectural style for providing standards between computer systems on the web, making it easier for systems to communicate with one another. REST compliant systems, often called RESTful systems, are characterised by how they are stateless and separate the concerns of client and server.

Request for Comment (RFC)

A document that describes the standards, protocols, and technologies of the Internet and TCP/IP. Since 1969, about 2400 Requests for Comments (RFCs) have been published on various networking protocols, procedures, applications, and concepts.

Research and Development in Advanced Communications Technologies in Europe (RACE)

A program launched in the 1980s by the Commission of European Communities to pave the way towards commercial use of Integrated Broadband Communication (IBC) in Europe in the late 1990s.

Return on Investment (ROI)

A measure of the effectiveness of the use of capital.

Rich Communication Services (RCS)

A communication protocol between mobile telephone carriers and between phone and carrier, aimed at replacing SMS messages with a text-message system that is richer, provides phonebook polling, and can transmit in-call multimedia. It is part of the broader IP Multimedia Subsystem.

Rivest Cipher version 4 (RC4)

A streaming symmetric-key algorithm. No longer secure due to the many vulnerabilities that have been discovered since its initial implementation.

Rivest, Shamir, & Adleman (RSA)

The names of the three men who developed a public key cryptographic system and the company they founded to commercialise the system.

Role-based Access Control (RBAC [1])

Roles within an organisation are assigned access permissions necessary to carry out those roles. These are in turn assigned to specific users that fulfil the roles within the organisation.

Router Advertisements (RA [2])

On multicast-capable links and point-to-point links, each router periodically sends to the multicast group a router advertisement packet that announces its availability. A host receives router advertisements from all routers, building a list of default routers. Routers generate router advertisements frequently enough so that hosts learn of their presence within a few minutes. However, routers do not advertise frequently enough to rely on an absence of advertisements to detect router failure. A separate detection algorithm that determines neighbour unreachability provides failure detection.

Routing Internet Protocol (RIP)

A routing protocol. Version 1 had several shortcomings, with a maximum hop count of 15 and a routing table update interval of 30 seconds, causing every router on a network to send out its table at once. Version 2 added support for CIDR and fixed some of the issues with version 1, but maximum hop count remained.

Rule-based Access Control (RBAC [2])

A series of rules are contained within an access control list to determine whether access should be granted or not, for example, don’t allow access to certain files outside of working hours during the week or on weekends.

Secure Access Service Edge (SASE)

A cloud-based security framework that provides secure access to network resources from anywhere.

Secure Copy Protection (SCP)

A means of securely transferring computer files between a local host, a remote host, or between two remote hosts.

Secure File Transfer Protocol (SFTP [1])

Uses SSH to provide the encryption for secure file transfer.

Secure Hashing Algorithm (SHA)

A hashing algorithm used to hash block data. The first version is SHA-1, with subsequent versions detailing the hash digest length: SHA-256, SHA-348, and SHA-512.

Secure Hypertext Transfer Protocol (SHTTP)

An alternative to HTTPS in which only the transmitted pages and POST fields are encrypted. Not widely used following the widespread adoption of HTTPS.

Secure Real-time Protocol (SRTP)

A secure version of the standard protocol for a standardised packet format used to carry audio and video traffic over IP networks.

Secure Shell (SSH)

An encrypted remote terminal connection program, used to remotely connect to a server. SSH uses asymmetric encryption, however, it generally requires an independent source of trust with a server, such as manually receiving a server key, to operate.

Secure Sockets Layer (SSL)

A protocol developed for transmitting private documents over the internet. It works by using a public key to encrypt sensitive data. This encrypted data is then sent over an SSL connection and then decrypted at the receiving end using a private key. Deprecated by Transport Layer Security (TLS).

Secure Web Gateway (SWG)

An on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

An encrypted implementation of the MIME protocol specification.

Security Assertions Markup Language (SAML)

An XML-based standard for exchanging authentication and authorisation data.

Security Content Automation Protocol (SCAP)

A method of using specific protocols and data exchanges to automate the determination of vulnerability management, measurement, and policy compliance across a system or set of systems.

Security Information and Event Management (SIEM)

A two-part process consisting of security event management (SEM), which performs real-time monitoring of security events and security information management (SIM), where the monitoring log files are reviewed and analysed by automated and human interpreters.

Security Operations Centre (SOC)

The grouping of security operations in an enterprise.

Security Orchestration, Automation, Response (SOAR)

A system designed to facilitate responses in incident response situations.

Security-enhanced Linux (SE Linux)

A security enhancement to Linux that allows users and administrators more control over access control. Standard Linux access controls allow a user, and the applications the user runs, to specify who has read, write, and execute permissions on a file, whereas SE Linux access controls are determined by a policy loaded on the system, which cannot be changed by careless users or misbehaving applications.

Self-Encrypting Drives (SED)

A data drive that has built-in encryption capability on the drive control itself.

Self-monitoring Analysis and Reporting Technology (SMART)

Monitoring system built in to hard drives that tracks errors and error conditions within the drive.

Sender Policy Framework (SPF)

An e-mail validation system designed to detect e-mail spoofing by verifying that incoming mail comes from a host authorised by that domain’s administrator.

Serial Advanced Technology Attachment (SATA)

Computer bus interface that connects host bus adapters to mass storage devices such as hard disk drives, optical drives and solid-state drives.

Serial Attached SCSI [Small Computer System Interface] (SAS)

A point-to-point serial protocol that moves data to and from computer-storage devices such as hard disk drives and tape drives.

Server Message Block (SMB)

The Internet standard protocol used by Microsoft Windows to share files, printers, and serial ports.

Server-side Request Forgery (SSRF)

A type of computer security exploit where an attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker.

Service Delivery Platform (SDP)

A set of components that provides a service delivery architecture (service creation, session control, and protocols) for a service delivered to a customer or other system.

Service Level Agreement (SLA)

A document between a customer and service provider that defines the scope, quality, and terms of the service to be provided.

Service Level Objective (SLO)

An agreed upon target within a Service Level Agreement (SLA) that must be achieved for each activity, function, and process to provide the best opportunity for customer success.

Service Record (SRV)

DNS record that associates servers for individual protocols with a domain. SRV records specify a host, port, protocol, and other details for a specific service. For example, VoIP clients can readily discover a domain’s associated SIP server.

Service Set Identifier (SSID)

A 32-bit identification string, sometimes called a network name, that’s inserted into the header of each data packet processed by a wireless access point.

Session Initiation Protocol (SIP)

A signalling protocol for controlling voice and video calls over IP.

Shielded Twisted Pair (STP [1])

A Special kind of copper telephone and Local Area Network wiring that adds an outer layer, or shield, to reduce the potential for electromagnetic interference. Twisted pair wiring is where two conductors of a single circuit are twisted together to improve electromagnetic compatibility.

Short Message Service (SMS)

A form of text messaging over phone and mobile phone circuits that allows up to 160-character messages to be carried over signalling channels.

Simple Certification Enrolment Protocol (SCEP)

A protocol used in PKI for enrolment and other services.

Simple Mail Transfer Protocol (SMTP)

The main protocol used to send email over the internet.

Simple Mail Transfer Protocol Secure (SMTPS)

The secure version of the standard Internet protocol used to transfer e-mail between hosts.

Simple Network Management Protocol (SNMP)

A set of standards for communication with network devices, such as switches and routers, connected to a TCP/IP network. Used for network management.

Simple Object Access Protocol (SOAP)

An XML-based specification for exchanging information associated with web services.

Simultaneous Authentication of Equals (SAE)

A secure key negotiation and exchange method for password-based authentication methods. It is a variant of the Dragonfly key exchange protocol specified in RFC 7664, which in turn is based on the Diffie-Hellmann key exchange. It is used with Wi-Fi Protected Access 3 (WPA3), IEEE 802.11 WLAN mesh networks, amongst other things.

Single Inline Memory Module (SIMM)

A type of memory where the contacts on both sides perform the same function.

Single Loss Expectancy (SLE)

Monetary loss or impact of each occurrence of a threat. SLE = asset value x exposure factor.

Single Sign-On (SSO)

An authentication process by which the user can enter a single user ID and password and then move from application to application or resource to resource without having to supply further authentication information.

Single-Board Computer

A computer built on a single circuit board, which incorporates a processor, memory, input and output capabilities, along with many other features of a regular computer.

Small Computer System Interface (SCSI)

A set of standards for physically connecting and transferring data between computers and peripheral devices.

Small Form-factor Pluggable (SFP)

A Cisco module that enables you to add additional features to its routers.

Small Office Home Office (SOHO)

A classification of networking equipment, usually marketed to consumers or small businesses, which focuses on low price and ease of configuration. SOHO networks differ from enterprise networks, which focus on flexibility and maximum performance.

Small Outline Dual Inline Memory Module (SODIMM)

Type of computer memory used in laptops and other small devices.


An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via an SMS message, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.

Social Engineering

The use of deception to manipulate an individual into divulging confidential or personal information that may be used for fraudulent purposes.

Software as a Service (SaaS)

Cloud service model that provides centralised applications accessed over a network.

Software Development Kit (SDK)

A collection of software development tools that facilitate the creation of software, which can include a software framework, compiler and debugger.

Software Development Life Cycle (SDLC)

A process used by the software industry to design, develop and test high quality software. The Software Development Life Cycle typically consists of stages such as, planning and requirements analysis, definition of requirements, design, build, test, deploy and maintain. There are a number of different Software Development Life Cycle models that are used today, including the waterfall model, the iterative model, the spriral model, the V-medel and the big bang model.

Software Development Life-cycle Methodology (SDLM)

The processes and procedures employed to develop software. Sometimes also called secure development lifecycle model when security is part of the development process.

Software-Defined Network (SDN)

Programming that allows a master controller to determine how network components will move traffic through the network. Used in virtualisation.

Software-defined Visibility (SDV)

A framework that enables visibility into network operations and functions.

Software-Defined WAN (SDWAN)

A wide area network that uses software-defined network technology, such as communicating over the Internet using overlay tunnels which are encrypted when destined for internal organisation locations.

Software-defined Wide Area Network (SD-WAN)

A virtual wide area network architecture that allows enterprises to connect users securely and efficiently to applications. Software is used to control the connectivity, management and services between data centres, remote offices, and cloud resources.

Solid State Disk/Drive (SSD)

A mass storage device, such as a hard drive, that is composed of electronic memory as opposed to a physical device made up of spinning platters.

Spam over Instant Messaging (SPIM)

Spam sent over an instant messaging channel.

Spanning Tree Protocol (STP [2])

A protocol that enables switches to detect and prevent switching loops automatically.


Spoofing is a fraudulent or malicious activity whereby a communication is sent from an unknown source disguised as a source that is known to the receiver. E-mail spoofing is a particular type of spoofing where the header of an e-mail is forged to appear as though it from a particular sender, but instead is from an unknown source.

SSH File Transfer Protocol (SFTP [2])

A secure file transfer subsystem associated with Secure Shell (SSH).

Standard Connector (SC)

Fibre-optic connector used to terminate single-mode and multimode fibre. It is characterised by its push-pull, snap mechanical coupling, known as 'stick and click'. Commonly referred to as subscriber connector, standard connector, and sometimes, Siemon connector.

Standard/Subscriber Connector (SC)

Fibre-optic connector used to terminate single-mode and multimode fibre. It is characterised by its push-pull, snap mechanical coupling, known as “stick and click”. Commonly referred to as subscriber connector, standard connector, and sometimes, Siemon connector.

Start of Authority (SOA)

DNS record that defines the primary name server in charge of a domain. Also includes parameters that control how secondary name servers check for updates to the zone file, such as the serial number which indicates whether the zone file has updates to fetch.

Stateless Address Auto-Configuration (SLAAC)

A process that enables network clients to determine their own IPv6 addresses without the need for DHCP.

Statement of Work (SOW)

A document used in project management, that provides a narrative description of the work requirements for a project. It includes a definition of project activities, deliverables and timelines for an organisation providing services to a client.

Static Random-access Memory (SRAM)

A type of RAM that uses latching circuitry to store each bit. It’s volatile memory so data is lost when power is removed and doesn’t need to be periodically refreshed.

Storage Area Network (SAN [1])

A server that can take a pool of hard disks and present them over the network as any number of logical disks.

Straight Tip or Snap Twist (ST)

Fibre-optic connector used primarily with 2.5 mm single-mode fibre. It uses a push-on, then twist-to-lock mechanical connection commonly called stick-and-twist although ST actually stands for straight tip.

Structured Exception Hander (SEH)

The process used to handle exceptions in the Windows operating system core functions.

Structured Query Language (SQL)

A language created by IBM that relies on simple English statements to perform database queries. SQL enables databases from different manufacturers to be queried using a standard syntax.

Structured Query Language Injection (SQLi)

An attack against an interface using SQL.

Structured Threat Information eXpression (STIX)

A framework for passing threat information across automated interfaces.

Subject Alternative Name (SAN [2])

A field in a certificate that has several uses, for example, for a machine, it can represent its Fully Qualified Domain Name (FQDN), for a user, it can be the User Principal Name (UPN), and for an SSL certificate, it can indicate multiple domains for which the certificate is valid.

Subscriber Identity Module (SIM)

An integrated circuit or hardware element that securely stores the International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephones.

Supervisory Control and Data Acquisition (SCADA)

A system that has the basic components of a distributed control system (DCS), yet is designed for large-scale, distributed processes and functions with the idea that remote devices may or may not have ongoing communication with the central control.


An electronic device that provides a common point for the connection of network devices, which replaced Hubs. A switch will learn the MAC address of all connected devices when they first connect. This means that it can forward data to the correct device, rather than to all connected devices, as with a Hub.

System Log (SYSLOG)

System log collector in macOS and Linux. Useful for auditing, performance monitoring, and troubleshooting.

System on Chip (SoC)

The integration of complete system functions on a single chip in order to simplify construction of devices.

Tactics, Techniques, and Procedures (TTP)

The methods used by an adversary, organised in a fashion to assist in identification and defence.

Telecommunications Industry Association/Electronic Industries Alliance (TIA/EIA)

The standards body that defines most of the standards for computer network cabling. Many of these standards are defined under the ANSI/TIA-568 standard. Since the Electronics Industry Association (EIA) was accredited by the American National Standards Institute (ANSI) to develop the standards, the name changed from TIA/EIA to ANSI/TIA after the EIA closed in 2011.

Temporal Key Integrity Protocol (TKIP)

A deprecated encryption standard used in WPA that provided a new encryption key for every sent packet.

Terminal Access Controller Access Control System Plus (TACACS+)

A proprietary protocol developed by Cisco to support Authorisation, Authentication, and Accounting (AAA) in a network with many routes and switches. It is like RADIUS in function but uses TCP port 49 by default and separates AAA into different parts.

Ticket Granting Ticket (TGT)

A part of the Kerberos authentication system that is used to prove identity when requesting service tickets.

Time to Live (TTL)

A field in the IP header that indicates the number of hops a packet can make before it hits its demise and gets discarded by a router.

Time-based One Time Password (TOTP)

A password that is used once and is only valid during a specific time period.

Time-of-check (TOC)

Refers to the time a value of something is checked in a multithreaded application.

Time-of-use (TOU)

Refers to the time a value of something is used in a multithreaded application. The greater the separation between the time a program checks a value, and when it uses the value, the more likely it is for problems such as race conditions to arise.

Trade Reporting and Compliance Engine (TRACE)

A regulation in the United States, developed by FINRA (Financial Industry Regulatory Authority), to facilitate the reporting of over-the-counter transactions in eligible fixed income securities.

Transaction Signature (TSIG)

A protocol used as a means of authenticating dynamic DNS records during DNS updates.

Transmission Control Protocol (TCP)

A Layer 4 connection-oriented protocol within the TCP/IP suite. TCP provides a reliable communications channel over an unreliable network by ensuring all packets are accounted for and retransmitted if any are lost.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A set of communication protocols, developed by the U.S. Department of Defence, which enable dissimilar computers to share information over a network.

Transmit and Receive (TX/RX)

Abbreviations used for transmit and receive.

Transport Layer Security (TLS)

A protocol where hosts use public-key cryptography to securely negotiate a cipher and symmetric key over an unsecured network, and the symmetric key to encrypt the rest of the session. TLS is the current name for the historical SSL protocol.

Triple Data Encryption Standard (3DES)

Three Rounds of DES encryption used to improve security.

Trivial File Transfer Protocol (TFTP)

A protocol that transfers files between servers and clients, without the need for user login. Devices that need an operating system, but have no local hard disk (for example, diskless workstations and routers), often use TFTP to download their operating systems.

Trusted Automated eXchange of Indicator Information (TAXII)

A transport framework for STIX data communication.

Trusted Platform Module (TPM)

A hardware chip to enable trusted computing platform operations.

Twisted Neumatic (TN)

Technology breakthrough that made LCDs practical. It doesn’t require a current to flow for operation and uses low operating voltages suitable for use with batteries.

Ultra-Physical Contact (UPC)

Fibre-optic connector that makes physical contact between two fibre-optic cables. The fibres within a UPC are polished extensively for a superior finish and better junction integrity.

Unified Endpoint Management (UEM)

The aggregation of multiple products into a single system on an endpoint for efficiency purposes.

Unified Extensible Firmware Interface (UEFI)

A specification that defines the interface between an operating system and the hardware firmware. This is a replacement to BIOS.

Unified Threat Management (UTM)

The aggregation of multiple network security products into a single appliance for efficiency purposes.

Uniform Resource Identifier (URI)

A set of characters used to identify the name of a resource in a computer system. A URL is a form of URI.

Uniform Resource Locator (URL)

An address that defines the type and the location of a resource on the Internet. URLs are used in almost every TCP/IP application.

Uninterruptible Power Supply (UPS)

A source of power, usually a battery, that is designed to provide uninterrupted power to a computer system in the event of a temporary loss of power.

Universal Naming Convention (UNC)

Specifies a common syntax to describe the location of a network resource, such as a shared file, directory, or printer e.g., \\CompName\SharedFolder\Resource

Universal Plug and Play (UPnP)

Set of networking protocols that permits networked devices, such as PCs, printers etc to seamlessly discover and interact with each other on the network.

Universal Serial Bus (USB)

A common interface that enables communication between devices and a host controller such as a personal computer (PC) or smartphone. It connects peripheral devices such as digital cameras, mice, keyboards, printers, scanners, media devices, external hard drives, and flash drives. Because of its wide variety of uses, including support for electrical power, the USB has replaced a wide range of interfaces like the parallel and serial port.

Unmanned Aerial Vehicle (UAV)

A remotely piloted flying vehicle.

Unshielded Twisted Pair (UTP)

A popular cabling for telephone and computer networks composed of pairs of wires twisted around each other at specific intervals. The twists serve to reduce interference, or crosstalk, as it is sometimes known. The more twists, the less interference. The cable has no metallic shielding to protect the wires from external interference, unlike Shielded Twisted Pair (STP). UTP is available in a variety of grades, called categories.


A standardised specification that allows a device to read data from a USB device without requiring a PC.

User Acceptance Testing (UAT)

The application of acceptance-testing criteria to determine fitness for use according to end-user requirements.

User Access Control (UAC)

Mandatory access control enforcement facility introduced with Microsoft Windows Vista and Windows Server 2008, with a more relaxed version in Windows 7, 8, 10, Server 2008 R2 and 2012.

User and Entity Behaviour Analytics (UEBA)

A security process that uses user behaviour patterns to determine anomalies.

User Datagram Protocol (UDP)

Connectionless protocol in the TCP/IP suite. Has less overhead and better performance than TCP, but also a higher risk of errors. Fire-and-forget UDP datagrams do a lot of important behind-the-scenes work in a TCP/IP network.

Variable Length Subnet Masking (VLSM)

The process of using variable-length subnets to create subnets within subnets.

Vertical Alignment (VA)

Type of LCD technology that’s characterised by vertically aligned pixels.

Video Graphics Array (VGA)

Video display controller and accompanying de-facto graphics standard. Includes the resolution 640 x 480.

Video Random-access Memory (VRAM)

Memory in a computer system that holds the pixels and other information displayed on a computer monitor.

Video Teleconferencing (VTC)

A business process of using video signals to carry audio and visual signals between separate locations, thus allowing participants to meet via a virtual meeting instead of traveling to a physical location.

Virtual Desktop Environment (VDE)

The use of virtualisation technology to host desktop systems on a centralised server.

Virtual Desktop Infrastructure (VDI)

The use of servers to host virtual desktops by moving the processing to the server and using the desktop machine as merely a display terminal.

Virtual IP (VIP)

A single IP address shared by multiple systems. This is commonly the single IP address assigned to a home or organisation that uses NAT to have multiple IP stations on the private side of the NAT router. Virtual IP addresses are also used by the First Hop Redundancy Protocol (FHRP).

Virtual Learning Environment (VLE)

A system for delivering learning material via the web. Its purpose is not to replace face to face teaching, but to enhance it, with the use of various activities that they provide. VLEs are also a means to share resources with its users, such as files and web links.

Virtual Local Area Network (VLAN)

A common feature among managed switches that enables a single switch to support multiple Layer 2 broadcast domains and provide isolation between hosts on different VLANs. Critical for modern network performance and security.

Virtual Machine (VM)

A virtual computer accessed through a class of programs called a hypervisor or virtual machine monitor. A virtual machine runs inside your actual operating system, essentially enabling you to run two or more operating systems at once.

Virtual Network Computing (VNC)

A remote access program and protocol.

Virtual Network Interface Card (vNIC)

Software-based NIC that functions identically to a physical NIC and uses a software connection to pass traffic from the real. NIC to the virtual one.

Virtual Private Cloud (VPC)

A cloud instance that is virtually isolated by the provider.

Virtual Private Network (VPN)

A network configuration that enables a remote user to access a private network via the Internet. VPNs employ an encryption methodology called tunnelling, which protects the data from interception.

Virtual Router Redundancy Protocol (VRRP)

Open standard FHRP that provides high availability by taking multiple routers and grouping them together into a single virtual router with a single IP address that clients use as a default gateway.


An attempt to gain sensitive information, such as user account and bank details, for malicious reasons, via the telephone, purporting to be from a trustworthy source. This might be to steal someone’s identity, for financial gain, or both.

Visual Basic for Applications (VBA)

A Microsoft specification for using Visual Basic in applications such as the Office Suite.

Voice over Internet Protocol (VoIP)

The use of an IP network to conduct voice calls.

Wavelength Division Multiplexing (WDM)

In fibre-optic communications, wavelength-division multiplexing (WDM) is a technology which multiplexes several optical carrier signals onto a single optical fibre by using different wavelengths (i.e., colors) of laser light. This technique enables bidirectional communications over a single strand of fibre, also called wavelength-division duplexing, as well as multiplication of capacity.

Web Application Firewall (WAF)

A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.

Wi-Fi Protected Access (WPA)

A wireless security protocol that addresses weaknesses and acts as an upgrade to WEP. WPA offers security enhancements such as dynamic encryption key generation (keys are issued on a per-user and per-session basis), an encryption key integrity-checking feature, user authentication through the industry standard Extensible Authentication Protocol (EAP), and other advanced features that WEP lacks. WPA has been replaced by the more secure WPA2.

Wi-Fi Protected Access 2 (WPA2)

Consumer name for the IEEE 802.11i standard and the replacement for the WPA protocol. It uses the Advanced Encryption Standard, making it harder to crack than its predecessor.

Wi-Fi Protected Access 3 (WPA3)

Wireless encryption standard that is replacing WPA2. Uses Simultaneous Authentication of Equals (SAE), a key exchange based on Diffie-Hellman that generates unique encryption keys between each client and WAP.

Wi-Fi Protected Setup (WPS)

A network security standard that allows easy setup of a wireless home network.

Wide Area Network (WAN)

A geographically dispersed network created by linking various computers and LANs over long distances, generally using leased phone lines. There is no firm dividing line between a WAN and a LAN.

Windows, Apache, MySQL, and PHP (WAMP)

The Windows operating system, Apache web server, MySQL database, and PHP web scripting language can be used together to create a fully functioning web server.

Wired Equivalent Privacy (WEP)

The encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks.

Wireless Access Point (WAP)

Connects wireless network nodes to wireless or wired networks. Many WAPs are combination devices that act as high-speed hubs, switches, bridges, and routers, all rolled in to one.

Wireless Internet Service Provider (WISP)

An internet service provider for which the last segment or two uses a point-to-point long-range fixed wireless connection.

Wireless Intrusion Detection System (WIDS)

An intrusion detection system established to cover a wireless network.

Wireless Intrusion Prevention System (WIPS)

An intrusion prevention system established to cover a wireless network.

Wireless Local Area Network (WLAN)

A network that allows devices to connect and communicate wirelessly.

Wireless Mesh Network (WMN)

A hybrid wireless network topology in which most nodes connect in a mesh network while also including some wired machines. Nodes act like routers by forwarding traffic for other nodes, but without wires.

Wireless TLS (WTLS)

A protocol based on the Transport Layer Security (TLS) protocol, that provides reliability and security for wireless communications using the Wireless Application Protocol (WAP). It is necessary due to the limited memory and processing abilities of some WAP enabled mobile devices.

Wireless Wide Area Network (WWAN)

A form of wireless network over a wide area, which utilises cellular network technologies, such as 4G LTE and 5G to transfer data.

Work Order (WO)

A task or job for a customer, that can be scheduled or assigned to a particular person.

World Wide Web Consortium (W3C)

An international body that maintains web-related rules and frameworks, comprising of over 350 member organisations, which jointly develop web standards, run outreach programs, and maintain an open forum for talking about the Web.

Write Once Read Many (WORM)

A data storage technology where things are written once permanently and then can be read many times, such as with optical disks.

XML External Entity (XXE)

A security vulnerability that allows a threat actor to inject unsafe XML entities into a web application that processes XML data. This can lead to the threat actor being able to interact with systems the application can access, view files on the server, and in some cases, perform remote code execution (RCE).

Zed Attack Proxy (ZAP)

An open-source penetration testing tool for finding vulnerabilities in web applications.

Zero Trust Network Access (ZTNA)

A solution that provides secure remote access to an organisation’s applications, data, and services based on clearly defined access control policies.