For all your cybersecurity jargon decoding and acronym-detangling needs, because there is way too much jargon in this industry. When possible, I've tried my best to explain these terms in a simple and easily understandable way that doesn't require much technical knowledge, but if my wording could be improved or there are terms missing, please let me know.
- 2FA = Two-Factor Authentication. An authentication method that involves using multiple identifying factors to log in, instead of just entering a single password. This can include incorporating a text message code sent to your phone, a code generation app like Authy, or a physical USB "key" device that you plug into the computer. It is almost always more secure than just a password alone, because even if your username and password is compromised, it is unlikely that an outside attacker would have both your password and access to your phone to fully log in. Synonym of: MFA.
- AI = Artificial Intelligence. See also: ML.
- APT = Advanced Persistent Threat. A skilled, intelligent or persistent and frequently returning threat actor or group, often using advanced hacking techniques.
- ASV = Approved Scanning Vendor.
- ATT&CK = Adversarial Tactics, Techniques & Common Knowledge.
- AV = Antivirus. A computer program that is used to detect, prevent, remove, and verify the presence of malware and viruses. Commonly used antivirus programs include Avast, Bitdefender, Kaspersky, Malwarebytes, McAfee, Norton 360, and Windows Defender.
- BAS = Breach and Attack Simulation Tools.
- C&C = Command and Control. A malicious domain server that is owned and controlled by an attacker, from which they are able to issue commands to other compromised systems that they had previously infected and set up to respond to this server's orders. Once infected by this attacker's customized malware, an infected machine will often "phone home" to this server to let the attacker know to add it to the list of botted machines for future malicious use. The goal of a command and control setup is typically to activate and control a botnet of infected machines to perform massive DDoS attacks, attack websites, mine cryptocurrency, or send email spam.
- CAPTCHA = Completely Automated Public Turing Test to Tell Computers and Humans Apart. A test that is often used by websites on account creation to verify that the person trying to make an account is not a bot. This usually involves identifying objects in pictures, i.e. "select all squares that contain traffic lights." It may also involve reading a distorted image of a word or a group of letters.
- CERT = Computer Emergency Response Team. A group of computer experts that handle security incidents and alert organizations about attacks.
- CIS = Center for Internet Security. A nonprofit organization that develops, promotes and publishes best practices for cyber defense.
- CISA = Certified Information Systems Auditor. Professional computer experts who audit, monitor, and assess computer systems.
- CISM = Certified Information Systems Security Manager. A certification that verifies an individual can link the goals of a security program with the wider business goals of the organization around them.
- CISO = Chief Information Security Officer. The C-level executive who is responsible for the information and data security of their organization. Not every organization has one, especially if it is a smaller business.
- CISSP = Certified Information Systems Security Professional. A certificate for security analysts that indicates a person has mastered a baseline level of standardized cybersecurity knowledge.
- CoBiT = Control Objectives for Information and Related Technologies.
- CTI = Cyber Threat Intelligence.
- DAST = Dynamic Application Security Testing.
- DoS = Denial of Service. A type of attack where an attacker will try to overload your system, shut down your network, or crash your system such that legitimate users are prevented from accessing your services. The goal is usually to damage your revenue, disgruntle your users, or simply cause an annoying and potentially expensive disruption to your business.
- DDoS = Distributed Denial of Service. A subtype of Denial of Service attack where the attacker utilizes a large array of machines - often a botnet or a group of previously compromised "sleeper" systems that the attacker secretly controls - in order to flood your systems with more traffic than it can handle, which causes an overload that stops legitimate users from being able to connect. There are many different types of DDoS attacks. They can often be difficult to block or intelligently filter due to the ability of an attacker to spoof IP source addresses or adapt to your attempts to thwart the attack in real time.
- EDR = Endpoint Detection and Response.
- ERP = Enterprise Resource Planning. A software platform that is used by organizations to manage day-to-day business activities. The features of an ERP can include accounting, procurement, risk management, compliance, supply chain operations, and more. An ERP can be on-site, in the cloud, or a mixture of both (hybrid). Common ERP systems include Epicor, FinancialForce, NetSuite, Oracle, Salesforce, SAP, and Workday.
- IDS = Intrusion Detection System.
- ISP = Internet Service Provider.
- JDK = Java Development Kit. A software development kit for creating applications using the Java programming language.
- JVM = Java Virtual Machine. A virtual machine that allows a computer to run Java programs.
- MFA = Multi-Factor Authentication. See: 2FA.
- ML = Machine Learning. See: AI.
- NIST = National Institute of Standards and Technology. In cybersecurity circles, NIST is mostly known for the NIST Cybersecurity Framework, the NIST Risk Management Framework (RMF), the NIST 800-53 series of security controls and management guidance, and the NIST Digital Identity Guidelines.
- OPSEC = Operational Security. In the hacking world, having "good opsec" - meaning the proper usage of anonymization tools and Tor bridges while browsing the dark web and obfuscating your network traffic - means you are effectively untraceable when performing illicit activities.
- OSINT = Open Source Intelligence. The public knowledge base and public data that surrounds a specific intelligence area.
- PCI-DSS = Payment Card Industry Data Security Standard. The security standards and compliance checklist around processing, accepting, storing, and transmitting credit card information.
- PII = Personally Identifying Information. Any sensitive and potentially valuable data that belongs to an individual person, including their full name, birthday, Social Security Number, address, phone number, email address, etc. Attackers will often seek out an organization's customer and client PII in order to gather it and trade it for financial gain.
- SaaS = Software As A Service.
- SANS = System Administration, Networking, and Security Institute. A private company that releases security certifications and provides security training.
- SIEM = Security Information and Event Management.
- SOC = Security Operations Center. A central building, location or team within an organization that is responsible for monitoring, assessing and defending against security risks and attackers.
- SSO = Single Sign-On. A system which enables users to securely authenticate themselves with multiple applications and websites by logging in with a single set of credentials. If you've ever hit the "Log in with Google" button when logging in instead of entering a username and password, you have used SSO.
- TTP = Tactics, Techniques and Procedures. The methods that attackers will try to use to get into your system. Attackers will constantly be attempting to innovate new methods, so new TTPs are always being discovered and released.
- VPN = Virtual Private Network. A service that, when connecting through it, ensures that all the data you send and receive travels through an encrypted "tunnel" so that no one can see what you are transmitting or decipher it. VPNs also allow you to hide your geographical location and IP address, displaying the IP address of the VPN server you are using instead. Many people use VPNs for non-commercial purposes to hide their location or access services that are unavailable in their country. Common VPN services include AirVPN, ExpressVPN, Mozilla VPN, Mullvad, NordVPN, Proton VPN, Surfshark, and TunnelBear.
- VPS = Virtual Private Server.
- Black Box Testing = A type of penetration test where the testers go in knowing absolutely nothing about your organization, its tech stack, or where to start. This is meant to simulate a completely blind attack from an outsider with no inside knowledge. See also: Grey Box Testing, White Box Testing.
- Blue Team = The team of security professionals who work from inside the organization and defend it from attackers, acting as the "good guys" who thwart and defend against attacks in mock security tests.
- Clear Net / Clear Web / Surface Web / Visible Web = The part of the Internet that is publicly accessible and visible to an everyday Internet user using a Web browser, and is crawled by search engines like Google. Your activities on the clear web are traceable, and anyone can access a clearnet site.
- Dark Net / Dark Web / Deep Web = The part of the Internet that is hidden from conventional search engines and from the general Internet populace, with obscure and difficult-to-find website domains that are deliberately obtuse and often dangerous to visit. The dark web is typically used for illicit purposes such as drug trading, child pornography, credential theft and stolen credential trading, malware development and trading, "Ransomware As A Service," organized hacking, and so on.
- Grey Box Testing = A type of penetration test where limited information is shared with the tester, more than they got in black box but less than they would get in white box. This simulates an attacker who has some privileged access or inside knowledge ahead of time and is able to cause more targeted damage than someone going in blind. See also: Black Box Testing, White Box Testing.
- Pen Testing / Penetration Testing = A service wherein your systems undergo mock attack scenarios and recon attempts by outside consultants to determine where your weak spots are, so that they can be fixed before real attackers find them.
- Purple Team = A cybersecurity testing exercise where the security experts take the role of both the blue team and the red team.
- Red Team = The team of security professionals who simulate mock attacks on your systems during penetration testing, acting as an attacker would and attempting a variety of exploits to see if something works.
- Script Kiddie = A novice, inexperienced and generally "just for kicks" hacker who rarely invents their own scripts or finds their own exploits, but rather copies the scripts of other, more experienced hackers. They typically find these scripts on hacking forums and through the dark web.
- Threat Hunting = Proactively searching for cyber threats, malware infections or other security problems that might be lurking undetected in your network. This could involve data gathering and research on new attack vectors, updates to metrics and monitoring systems to account for new behaviors, checking historical logs for signs of infection that might have been missed, and so on.
- White Box Testing = A type of penetration test where the testers have a full base of preexisting knowledge about your organization, access to your organizational systems before the test begins, as well as the ability to perform direct code analysis on your codebase to look for vulnerabilities and flaws. This is a deep and thorough test that is useful for completely evaluating a part of your organization on a deeper level than black box or grey box. See also: Black Box Testing, Grey Box Testing.