SPRITEHub Glossary


We have scoured the Internet to bring you good sources of common terms across digital trust, identity, privacy, and security. From FinTech to cybersecurity, this list contains over 300 terms, definitions, and links to sources where you can learn more about each term.

The table below is compiled and maintained by Dmitry Dereshev - SPRITE+ Research Associate, with the help from Natalie Theodoulou - Former SPRITE+ Project Manager. You can learn more about the people behind SPRITE+ here.

Last updated: 2020-06-10.


TermDefinitionSource 1Source 2
Access ControlThe process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.National Initiative for Cybersecurity Careers and Studies Committee on National Security Systems
Access Control List (ACL)A list of access control entries (ACE) that apply to an object. Each ACE controls or monitors access to an object by a specified user. In a discretionary access control list (DACL), the ACL controls access; in a system access control list (SACL) the ACL monitors access in a security event log which can comprise part of an audit trail. The International Association of Privacy Professionals SANS Institute
AccountabilityThe implementation of appropriate technical and organisational measures to demonstrate that the handling of personal data is performed in accordance with relevant law. Traditionally, accountability has been a fair information practices principle, that due diligence and reasonable steps will be undertaken to ensure that personal information will be protected and handled consistently with relevant law and other fair use principles. The International Association of Privacy Professionals European Data Protection Supervisor
Active ContentSoftware that is able to automatically carry out or trigger actions without the explicit intervention of a user.National Initiative for Cybersecurity Careers and Studies SANS Institute
Advanced Encryption Standard (AES)An encryption algorithm for security-sensitive, non-classified material by the U.S. Government. Selected in 2001 to replace Data Encryption Standard (DES) by the National Institute of Standards and Technology (NIST) through an open competition. The winning algorithm was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. The International Association of Privacy Professionals SANS Institute
Advanced Persistent Threat (APT)A type of attack that uses sophisticated methods and significant resource over a sustained period of time. The attack will usually come via multiple entry points (cyber, deception and possibly even physical) and it is difficult to stop once it has begun. Due to the sophistication of these attacks, they are usually targeted at large organisations or governments. Tech Nation Law Enforcement Cyber Center
AdversaryAn individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.National Initiative for Cybersecurity Careers and Studies DHS Risk Lexicon, 2010 Edition
AdwareA type of software that delivers ads to your system like pop-up ads or banners that appear when visiting websites. Adware comes in "bundle" versions with other applications. A dangerous form of adware delivers spyware, which can track down your activity and retrieve sensitive information.Heimdal Security Xyone Cyber Security
AlgorithmA finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer. The International Association of Privacy Professionals SANS Institute
AltcoinCryptocurrencies that are an alternative to Bitcoin. Many altcoins promote themselves as better alternatives to bitcoin (e.g. being more efficient, less expensive, etc.). International Capital Market Association #DisruptionBanking
AnonymisationThe process in which individually identifiable data is altered in a way that it no longer can be related back to a given individual. The 3 primary ways are: Suppression, which simply removes some identifying values from data; Generalization, which turns specific values (e.g. age: 18) and makes them broader (e.g. age range: 18-24); and Noise Addition, which switches identifying values from another individual in the same dataset. None of these processes guarantee that data is no longer identifiable.The International Association of Privacy Professionals Open Data Handbook
Antivirus SoftwareAntivirus software is used to monitor a computer or a network, to detect cyber security threats. As well as alerting you to the presence of a threat, antivirus programs may also remove or neutralise malicious code. National Initiative for Cybersecurity Careers and Studies Heimdal Security
AppShort for “application”, typically refers to a software program for a smartphone or tablet. National Cyber Security Centre Open Data Handbook
Application Programming Interface (API)A set of software instructions and standards that allows machine to machine communication – like when a website uses a widget to share a link on Twitter or Facebook.U.S. Government’s Open Data Open Data Institute
Artificial intelligence (AI)A field of computer science dedicated to simulating intelligent behaviour in computers. A process where machines learn from experience, adjust to new inputs, and perform tasks previously done by humans.The International Association of Privacy Professionals European Banking Authority
AssetAssets are things of value or properties to which value can be assigned. A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Anything useful that contributes to the success of something, such as an organizational mission.DHS Risk Lexicon, 2010 Edition Financial Stability Board
AttackAn attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.National Initiative for Cybersecurity Careers and Studies CORVID
Attack SignatureAn attack signature is a unique piece of information that is used to identify a particular cyber attack aimed at exploiting a known computer system or a software vulnerability. Attack signatures include certain paths used by cyber criminals in their malicious compromise attempts. These paths can define a certain piece of malicious software or an entire class of malware.National Initiative for Cybersecurity Careers and Studies Heimdal Security
Attack SurfaceA set of ways in which an adversary can enter a system and potentially cause damage. An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system. National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
Attack VectorA path or means by which an attacker can gain access to a computer or a network server.Law Enforcement Cyber Center CORVID
AttackerAn individual, group, organization, or government that executes an attack. A party acting with malicious intent to compromise an information system. National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
AuthenticationA process of verifying the identity or other attributes of an entity (user, process, or device). Also a process of verifying the source and integrity of data. The International Association of Privacy Professionals SANS Institute
AuthenticityA property of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message. National Initiative for Cybersecurity Careers and Studies SANS Institute
AuthorizationA process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset. Authorization criteria may be based upon a variety of factors such as organizational role, level of security clearance, applicable law or a combination of factors.The International Association of Privacy Professionals National Initiative for Cybersecurity Careers and Studies
AvailabilityData is "available" if it can be accessed when needed by the organization or data subject. The General Data Protection Regulation requires that a business ensure the availability of personal data and restore the availability and access to personal data in a timely manner in the event of a physical or technical incident. The International Association of Privacy Professionals Financial Stability Board
BackdoorAny means of getting around normal security measures and getting access on a computer system, network, or software application, used to steal personal data, hijack computers or install malware (malicious software). Also used legitimately by administrators to troubleshoot or update a system.SANS Institute Cybrary
BackupA backup is an exact copy of your files, your system or any other resources you need to protect. The copying and archiving of computer data to an external drive or cloud system so that it can be restored should the data get lost or damaged.Xyone Cyber Security BSI
BandwidthThe rate at which data can be transferred between computers.Open Data Handbook Cybrary
BaselA comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector.The International Association of Privacy Professionals #DisruptionBanking
Behaviour MonitoringObserving activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends. National Initiative for Cybersecurity Careers and Studies Global Knowledge
Big DataLarge volumes of different types of data, produced with high velocity from many and varied sources (such as the internet of things, sensors, social media, financial markets data, etc.), which are processed, often in real time, by secialised IT tools (powerful processors, software and algorithms). Open Data Handbook Deloitte
Binding Corporate RulesA set of binding rules put in place to allow multinational companies and organisations to transfer personal data that they control from the EU to their affiliates outside the EU (but within the organisation).The International Association of Privacy Professionals European Data Protection Supervisor
BiometricsData concerning the intrinsic physical or behavioral characteristics of an individual. Examples include DNA, fingerprints, retina and iris patterns, voice, face, handwriting, keystroke technique and gait. The General Data Protection Regulation, in Article 9, lists biometric data for the purpose of uniquely identifying a natural person as a special category of data for which processing is not allowed other than in specific circumstances.The International Association of Privacy Professionals Tech Nation
Bitcoin (BTC)A cryptocurrency first created in January 2009. Bitcoins are not backed by any country's central bank or government. Balances are kept on a public ledger in the cloud, that is verified by a massive amount of computing power, together with all Bitcoin transactions.International Capital Market Association Dataconomy
Black HatA Skilled computer user with malicious intent, seeking to compromise the security of a person or organization for personal gain. Not all black hats use the malware they develop - some sell the know-how to the highest bidder. Targets can include financial information (credit card data, bank accounts), personal information (email accounts, passwords), and sensitive company data (employee/client databases).Heimdal Security Xyone Cyber Security
BlacklistA list of entities (users, devices) that are blocked, or denied privileges and access. Heimdal Security ECSC
Block CipherA type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block. The action of dividing a data set into blocks enables the algorithm to encrypt data of any size.Global Knowledge SANS Institute
BlockchainA decentralized, digital ledger where transactions made in Bitcoin or other cryptocurrencies are recorded chronologically and publicly. The block contains information that, once it goes into the blockchain, it becomes part of the permanent and immutable database, connecting to other blocks in the blockchain like the links in a chain.International Capital Market Association Deloitte
BotA computer or device that is connected to the internet and has been compromised, performing malicious activities and being in control of a remote administrator. Also known as a zombie. A botnet is a network is compromised devices, that work together to commit coordinated cyber attacks. The controller of such an attack is called a bot herder or bot master.National Initiative for Cybersecurity Careers and Studies Heimdal Security
BotnetA network of infected devices connected to the Internet, used to commit coordinated cyber attacks without their owners’ knowledge. The network can be controlled remotely by online criminals to serve their interests and it allows to avoid detection or legal actions by law agencies.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
BreachAn incident in which data, computer systems or networks are accessed or affected in a non-authorised way.National Cyber Security Centre CORVID
Bring Your Own Device (BYOD)A strategy or policy whereby an organisation permits employees to use their personal devices for work purposes.The International Association of Privacy Professionals Cybrary
BrowserA software system for accessing information on the Internet, or the World Wide Web. Common browsers include Mozilla Firefox, Internet Explorer, and Google Chrome.National Cyber Security Centre SANS Institute
Brute Force AttackAn attack method involving an exhaustive procedure that tries all possibilities (e.g. guessing passwords), one-by-one. SANS Institute National Cyber Security Centre
Buffer OverflowA buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.SANS Institute Heimdal Security
BugAn unexpected software behaviour that may affect the system's performance. A bug may cause system crashing or freezing. Bugs could also allow hackers to bypass program’s security and retrieve sensitive data from a computer or a network.National Initiative for Cybersecurity Careers and Studies Heimdal Security
Business Continuity Planning (BCP)A plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.The International Association of Privacy Professionals SANS Institute
Business Impact Analysis (BIA)An important element of an organization's business continuity plan (BCP) that detects vulnerabilities and analyzes their operational and financial impact on the overall business plan. According to the analysis, strategies are planned to minimize the detected risks.Heimdal Security SANS Institute
CacheA technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag. Also, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.Heimdal Security SANS Institute
CatfishingThe process of creating a fake online profile in order to trick people into believing they are someone else. Catifishing is frequently done for financial gain. The impersonator fools the victim into believing there is a genuine relationship between the two, carried out through text or phone but never in person. At some point, the impersonator will ask for a large favor, usually monetary, with an attached promise that after this the two will finally meet face to face. Even after the favor is completed, the impersonator still finds reasons to not meet, and will keep trying to extract money from the victim until he/she gives up.Cyberbullying Research Center MailGuard
Certified Information Systems Security Professional (CISSP)An accreditation which endorses the skills of an individual who has demonstrated a superior knowledge of information system security. CISSP is an internationally recognised standard of achievement, crediting the user with evidence of improving the security of business environments.Xyone Cyber Security #DisruptionBanking
Challenger BankChallenger banks tend be digital only with no physical branches, renowned for driving innovation, personalisation, new operational models and customer centricity but the term is not widely agreed upon and in the UK is also used to describe mid-tier banks, specialist banks and non-bank brands. Challenger banks are often known for delivering niche aspects such as real time transactions or no foreign transactions fee.Deloitte #DisruptionBanking
Chief Information Security Officer (CISO)A senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. Chief Security Officer (CSO) is another name used for the same job.Heimdal Security Law Enforcement Cyber Center
Chief Security Officer (CSO)A top-level executive in charge of security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business-oriented objectives, as they are responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. Chief Information Security Officer (CISO) is another name used for the same job.Heimdal Security Cybrary
CipherAn algorithm for encrypting and decrypting data. Sometimes used interchangeably with the word “code”.National Initiative for Cybersecurity Careers and Studies SANS Institute
CiphertextEncrypted (enciphered) data.The International Association of Privacy Professionals National Initiative for Cybersecurity Careers and Studies
CloudA buzzword for the internet, referring to the software and services that can be accessed online, rather than just from your computer. Also, part of the network through which data passes between two points. Also, it is where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services.National Cyber Security Centre Open Data Handbook
Cloud ComputingThe provision of information technology services over the Internet. These services may be provided by a company for its internal users in a "private cloud" or by third-party suppliers. The services can include software, infrastructure (i.e., servers), hosting and platforms (i.e., operating systems). Cloud computing has numerous applications, from personal webmail to corporate data storage, and can be subdivided into different types of service models.European Data Protection Supervisor National Initiative for Cybersecurity Careers and Studies
Command and Control (C&C) ServerA network server that controls a large number of compromised systems. This malicious server is used by attackers to send and receive commands from and to the infected computers. Using this type of network, attackers can launch distributed denial-of-service (DDoS) attacks by instructing the computers to perform the same action. Heimdal Security Trend Micro
ComplianceThe ability to reasonably ensure conformity and adherence to the organization's policies, plans, procedures, laws, regulations, contracts, ordinances and statutes. BCM Institute European Data Protection Supervisor
CompromiseDisclosure of information to unauthorised persons, or a violation of the security policy of a system in which unauthorised intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.Financial Stability Board Law Enforcement Cyber Center
Computer Emergency Response Team (CERT)An organization that studies computers and networks in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.Cybrary SANS Institute
Computer ForensicsA practice by which digital data is collected and analyzed for legal purposes. The main goal is to identify, analyze and present facts about digital information. The conclusions can be used in fight against cyber-crime or for civil proceedings. National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
Computer Incident Response Team (CIRT)A team of investigators focused on network security breaches. Their role is to analyse how the incident took place and what information has been affected/lost. They then use this insight to provide a response.Law Enforcement Cyber Center Heimdal Security
Computer Network Defense (CND)Actions taken to defend against unauthorized activity within computer networks. The establishment of a security perimeter and of internal security requirements with the goal of defending a network against cyberattacks, intrusions and other violations. A CND is defined by a security policy and can be stress tested using vulnerability assessment and penetration testing measures.National Initiative for Cybersecurity Careers and Studies Global Knowledge
ConfidentialityA set of rules or an agreement that restricts access to certain types of information. Data is “confidential” if it is protected against unauthorised or unlawful processing.European Data Protection Supervisor National Initiative for Cybersecurity Careers and Studies
ConsentAny freely given specific and informed indication of his or her wishes by means of an active step taken by the data subject which signifies his or her agreement to personal data relating to him or her being processed. Consent can be withdrawn after it has been given. Where data is “sensitive”, express consent must be given for processing the data.European Data Protection Supervisor The International Association of Privacy Professionals
ControllerA person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.Information Commissioner’s Office European Data Protection Supervisor
CookieA file on a computer or other electronic device that records user information when visiting a website. Cookies are often used to identify the websites that the device has visited, save login information and customization preferences, and enable the presentation of more personalized information or content. European Data Protection Supervisor The International Association of Privacy Professionals
CountermeasureReactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters.SANS Institute Cybrary
CredentialsA user's authentication information used to verify identity - typically one, or more, of password, token, or certificate.National Cyber Security Centre Comtact
Critical (National) InfrastructureThe systems and assets, whether physical or virtual, so vital to society that their incapacity or destruction may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.National Initiative for Cybersecurity Careers and Studies Global Knowledge
Cross Site Scripting (XSS)A software vulnerability typically found in web applications. It allows malicious attackers to inject user-facing script or overwrite access controls.Heimdal Security Comtact
CrowdfundingThe use of small amounts of capital from a large number of individuals to finance a new business venture. Crowdfunding makes use of the easy accessibility of vast networks of people through social media and crowdfunding websites to bring investors and entrepreneurs together.European Banking Authority Deloitte
CryptanalysisA science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the ciphertext to plaintext without knowing the key.National Initiative for Cybersecurity Careers and Studies SANS Institute
Crypto TokenA special kind of virtual currency that reside on their own blockchains and represent an asset or utility. Crypto tokens often serve as the transaction units on the blockchains that are created using standard templates.International Capital Market Association eToro
CryptocurrencyA digital currency using cryptography for regulation and security. No central entity exists to oversee the processes, instead, it uses a blockchain. There are several different kinds of cryptocurrency, including Bitcoin, Ethereum, and Ripple. International Capital Market Association Deloitte
CryptographyThe use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. The art and science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext. National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
Cyber AttackMalicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.National Cyber Security Centre Law Enforcement Cyber Center
Cyber IncidentA breach of the security rules for a system or service, e.g. attempts to gain unauthorised access to a system and/or to data, unauthorised use of systems, changes to a systems firmware, software or hardware without the system owners consent, or malicious disruption and/or denial of service (DoS). National Cyber Security Centre National Initiative for Cybersecurity Careers and Studies
CyberbullyingAn umbrella term to encompass a number of harassing online behaviors like threats, embarrassment, or humiliation in an online setting.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
CybersecurityThe efforts to design, implement, and maintain security for an organization's network, which is connected to the Internet. It is a combination of technical-, physical-, and personnel-focused countermeasures, safeguards and security controls. An organization's cybersecurity should be defined in a security policy, verified through evaluation techniques (e.g. vulnerability assessment and penetration testing) and revised, updated and improved over time as the organization evolves and as new threats are discovered.Cyberbullying Research Center Online Harassment Field Manual
CyberspaceThe interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
CyberstalkingRepeated harassment using electronic devices and networked technology that includes threats of harm, or that is highly intimidating and intrusive upon one’s personal privacy. Cyberbullying Research Center Online Harassment Field Manual
Dark WebThe dark web refers to websites and online content that exists outside the reach of traditional search engines and browsers. This content is hidden by encryption methods (e.g. Tor encryption) and can only be accessed with specific software, configuration settings or pending approval from their admins.Heimdal Security MailGuard
DataData may be thought of as unprocessed atomic statements of fact. It very often refers to systematic collections of numerical information in tables of numbers such as spreadsheets or databases. When data is structured and presented so as to be useful and relevant for a particular purpose, it becomes information available for human apprehension. See also knowledge. Open Data Handbook U.S. Government’s Open Data
Data AggregationThe ability to get a more complete picture of the information by analyzing several different types of records at once.National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
Data BreachA security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data may include financial records, credit card details, corporate intellectual property. Law Enforcement Cyber Center The International Association of Privacy Professionals
Data ControllerThe natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by EU or member state law, the controller or the specific criteria for its nomination may be provided for by EU or member state law. European Data Protection Supervisor The International Association of Privacy Professionals
Data IntegrityInformation property that has not been altered or modified by an unauthorized person. The term is used to refer to information quality in a database, data warehouse or other online locations. National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
Data LeakageSame as Data Breach, but may also refer to imperfectly anonymised data that has been subsequently de-anonymised to reconstruct the identity of some data subjects together with personal data about them.National Initiative for Cybersecurity Careers and Studies Open Data Handbook
Data LossData loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cybercriminal hands. To prevent data loss, IT teams install backup and recovery equipment to avoid losing important information.National Initiative for Cybersecurity Careers and Studies Heimdal Security
Data Loss Prevention (DLP)The strategy for ensuring end users do not disseminate sensitive information, whether intentionally or unintentionally, to outside ineligible sources. The software products that aid network administrators in controlling what data end users can transfer. National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
Data ManagementThe policies, procedures, and technical choices used to handle data through its entire lifecycle from data collection to storage, preservation and use. A data management policy should take account of the needs of data quality, availability, data protection, data preservation, etc.Open Data Handbook Reference Model for an Open Archival Information System
Data MiningThe activity of analyzing and/or searching through data in order to find items of relevance, significance or value. The results of data mining are known as metadata. Data mining can be a discovery of individual important data items, a summary or overview of numerous data items or a consolidation or clarification of a collection of data items.European Data Protection Supervisor National Initiative for Cybersecurity Careers and Studies
Data ProcessingCovers almost everything that can be done with or to the data, including: obtaining, recording or entering data, keeping it on file without doing anything to it, organising, altering or adapting data in any way, retrieving, consulting or otherwise using data, disclosing data either by giving it out, by sending it on email, or simply by making it available, combining data with other information erasing or destroying data. European Data Protection Supervisor Information Commissioner’s Office
Data ProtectionThe rules and safeguards applying under various laws and regulations to personal data about individuals that organizations collect, store, use and disclose. “Data protection” is the professional term used in the EU, whereas in the U.S. the concept is generally referred to as “information privacy.” Importantly, data protection is different from data security, since it extends beyond securing information to devising and implementing policies for its fair use.The International Association of Privacy Professionals Xyone Cyber Security
Data Protection Impact Assessment (DPIA)The process by which companies can systematically assess and identify the privacy and data protection impacts of any products they offer and services they provide. It enables them to identify the impact and take the appropriate actions to prevent or, at the very least, minimise the risk of those impacts. DPIAs are required by the General Data Protection Regulation (GDPR) in some instances, particularly where a new product or service is likely to result in a high risk to the rights and freedoms of natural persons.European Data Protection Supervisor The International Association of Privacy Professionals
Data Protection Officer (DPO)Organizations that process personal data as part of their business model or those who process special categories of data as outlined in Article 9 of General Data Protection Regulation (GDPR) are obligated to designate a Data Protection Officer (DPO) on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. The DPO has a variety of mandated tasks, including communication with the supervisory authority, conducting Data Protection Impact Assessments (DPIAs), and advising the organization on the mandates of the GDPR and how to comply with it. European Data Protection Supervisor The International Association of Privacy Professionals
Data QualityA measure of how useable data is. An ideal dataset is accurate, complete, timely in publication, consistent in its naming of items and its handling of e.g. missing data, and directly machine-readable, conforms to standards of nomenclature in the field, and is published with sufficient metadata that users can easily understand, for example, who it is published by and the meaning of the variables in the dataset.Open Data Handbook U.S. Government’s Open Data
Data SubjectThe identified or identifiable living individual to whom personal data relates.Information Commissioner’s Office The International Association of Privacy Professionals
Data TheftIllegal operations in which private information is retrieved from a company or an individual. The stolen data may include credentials for online accounts and banking sites, credit card details or valuable corporate information.National Initiative for Cybersecurity Careers and Studies Heimdal Security
Data Warehouse(ing)A digital repository where businesses store their data. A hashing system may be used to make data easily searchable, so that different company departments can access each other’s content. Data warehousing is the process of this storage, which is used in everyday applications such as booking flights and withdrawing cash from an ATM. SANS Institute DataQuest
DatabaseAn organised collection of data, a dataset. Also, a software system for processing and managing data, including features to extend or update, transform and query the data. Examples are the open source PostgreSQL, and the proprietary Microsoft Access.Open Data Handbook DataQuest
Decrypt(ion)A process of transforming ciphertext into its original plaintext. The process of converting encrypted data back into its original form, so it can be understood. National Initiative for Cybersecurity Careers and Studies Committee on National Security Systems
Deep LearningAn artificial intelligence (AI) training process that utilises multiple layers of artificial neural networks to solve complex problems, such as facial recognition. The layers in a model start with identifying very simple patterns and then build in complexity. By the end the AI (hopefully) has a nuanced understanding that can accurately classify or predict values.The International Association of Privacy Professionals Deloitte
Demilitarized Zone (DMZ)A network area that sits between an organization's internal network and an external network, usually the Internet. DMZs provide a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination.The International Association of Privacy Professionals SANS Institute
Denial Of Service (DoS)An operation that brings down a website or other networked service to prevent access, typically by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems.National Cyber Security Centre National Initiative for Cybersecurity Careers and Studies
Dictionary AttackA type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses.National Cyber Security Centre SANS Institute
Digital CertificateA means to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority (CA). A certificate authority provides clarifying text information such as issuer of the certificate, subject identity, date of creation, date of expiration, algorithms, serial number and a hash value.SANS Institute Global Knowledge
Digital ForensicsThe process of collecting, preserving, extracting and analysing digital evidence and data for investigative purposes. National Cyber Security Centre National Initiative for Cybersecurity Education
Digital NativeAn individual who was born after the widespread adoption of digital technology (~1980 onward). This exposure to technology in the early years is believed to give digital natives a greater familiarity with and understanding of technology than people who were born before it was widespread.Dataconomy Cyberbullying Research Center
Digital SignatureA hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission.The International Association of Privacy Professionals National Initiative for Cybersecurity Careers and Studies
Disaster Recovery Plan (DRP)A set of procedures that are meant to protect or limit potential loss in a business IT infrastructure in case of an online attack or major hardware or software failure. A recovery plan should be developed during the business impact analysis process.Heimdal Security SANS Institute
Discretionary Access Control (DAC)A type of access control that allows an owner of an object, within a given computer-based information system, to grant or deny access.The International Association of Privacy Professionals SANS Institute
DisruptionA circumstance or event that interrupts or prevents the correct operation of system services and functions.National Initiative for Cybersecurity Careers and Studies SANS Institute
Distributed Denial Of Service (DDoS)A denial of service (DoS) attack committed by thousands (or tens of thousands) of computers against a single target.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
Distributed Ledger Technology (DLT)Independent computers (referred to as nodes) that record, share and synchronize transactions in their respective electronic ledgers (instead of keeping data centralized as in a traditional ledger). Blockchain is one type of a distributed ledger which organises data into blocks chained together in an append only mode.European Banking Authority International Capital Market Association
Dodd-Frank Wall Street Reform and Consumer Protection ActA financial reform legislation that was passed in 2010 as a response to the financial crisis of 2008. The reforms aim to decrease various risks in the US financial system.The International Association of Privacy Professionals #DisruptionBanking
Domain Name Server/System (DNS)The Internet’s phonebook. DNS is a way of translating alphabetical website addresses that people understand (e.g. google.com) into numerical IP addresses (e.g. 172.217.17.110) which computers understand.The International Association of Privacy Professionals SANS Institute
Drive-By DownloadAn unintentional download of a virus or malicious software (malware) onto a system when visiting compromised/poisoned websites. A drive-by download can install tracking tools, remote access backdoors, botnet agents, keystroke loggers or other forms of malicious utilities. In most cases, the occurrence of the infection based on the drive-by download is unnoticed by the user.Heimdal Security Global Knowledge
Due DiligenceA requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and a means to detect them if they occur.Heimdal Security SANS Institute
Dumpster DivingA process of obtaining passwords, corporate directories, and other sensitive information by searching through discarded media, traditionally a dumpster, where a given company discards paper trash.Heimdal Security SANS Institute
EavesdroppingThe act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears). Heimdal Security Global Knowledge
eCommerceA business model that lets firms and individuals conduct business over electronic networks, most notably: the internet. Electronic commerce operates in all four of the following major market segments: Business to business; Business to consumer; Consumer to consumer; Consumer to business.The International Association of Privacy Professionals Cybrary
EmailElectronic mail. Allows Internet users to send and receive electronic messages to and from other Internet users.Cyberbullying Research Center BCM Institute
EncryptionThe process of transforming information (commonly referred to as plaintext/data) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, commonly referred to as a cryptographic key. National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
Encryption KeyA secret number used by an encryption algorithm to control the encryption and decryption process. Generally, the longer the key length, the more security it provides.The International Association of Privacy Professionals Global Knowledge
EndpointA computer, smartphone or other user-driven device that communicates with the network it is connected to.U.S. Government’s Open Data CORVID
Enterprise Risk Management A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives. Involves identifying dependencies, enterprise capabilities, risks, threats, and implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats. National Initiative for Cybersecurity Careers and Studies Heimdal Security
Ethereum (ETH)An open source, decentralized platform based on blockchain technology. Sometimes called “Bitcoin 2.0” since it solves many Bitcoin problems and allows smart contracts to be written into the blockchain code. It allows developers to create markets, store registries of debts, and so on. The platform is also the basis for its own virtual currency, Ether, and its own Turing-complete programming language.International Capital Market Association eToro
EthernetThe most widely-installed Local Area Network (LAN) technology. Specified in a standard IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires.Law Enforcement Cyber Center SANS Institute
European Data Protection Board (EDPB)An independent European body, which contributes to the consistent application of data protection rules throughout the European Economic Area (EEA), and promotes cooperation between the EEA’s data protection authorities. European Data Protection Supervisor The International Association of Privacy Professionals
EventAn observable occurrence in an information system or network. Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring.National Initiative for Cybersecurity Careers and Studies SANS Institute
ExfiltrationThe unauthorized transfer of information from an information system.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
ExploitA piece of software, a chunk of data or a sequence of commands that take advantage of a vulnerability in software in order to penetrate a user’s system with malicious intentions. These may include gaining control of a computer system, allowing privilege escalation, or launching a denial-of-service (DOS) attack.National Cyber Security Centre National Initiative for Cybersecurity Careers and Studies
Exploit KitA computer program designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it. The attacker can also sell their knowledge about vulnerabilities rather than attacking the system themselves.Heimdal Security Tech Nation
ExposureThe condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network. National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
Extensible Markup Language (XML)A flexible markup language for structured electronic documents. XML is based on SGML (standard generalized markup language), an international standard for electronic documents. XML is commonly used by data-exchange services (like blog feeds) to send information between otherwise incompatible systems.Open Data Handbook U.S. Government’s Open Data
False PositiveWhen a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there's a malware threat on your PC, but it could be that the program it's blocking is safe.Heimdal Security #DisruptionBanking
File Transfer Protocol (FTP)A service that enables computers to transfer files to and from FTP servers quickly. The FTP service is built into all modern network operating systems.Law Enforcement Cyber Center SANS Institute
FinTechAny technological innovation in the financial sector. This can include advances in financial education, retail banking, investment and cryptocurrencies. Examples of fintech include stock trading apps and websites, peer-to-peer lending sites, robo-advisor services that provide online, algorithm-based portfolio management, and challenger banks, among others.European Banking Authority Deloitte
FirewallHardware or software that restricts and regulates incoming and outgoing data to or from computer systems. Firewalls can allow or disallow accessing certain websites or social media platforms or use certain internet protocols.National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
FloodingAn attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.SANS Institute Cybrary
ForkA radical change in blockchain protocol that requires every node to update to the new protocol.International Capital Market Association eToro
GatewayA network point that acts as an entrance to another network. A router is a common gateway connecting a private network to the Internet.Law Enforcement Cyber Center Cybrary
General Data Protection Regulations (GDPR)A regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.The International Association of Privacy Professionals Xyone Cyber Security
Government Communications Headquarters (GCHQ)Tthe UK Government’s intelligence and security organisation tasked to protect the nation from national and international threats, including cybercrime.Tech Nation Xyone Cyber Security
HackerA person who can analyse computer and software systems, and modify their capabilities. A hacker may be ethical and authorized or they may be malicious and unauthorized. Hackers can range from skilled professionals to those who have little to no knowledge of the specifics of a system or exploit but who can follow directions (called “script kiddies”). National Initiative for Cybersecurity Careers and Studies Global Knowledge
HackingLearning and modifying programming languages and computer systems. Also, the process of bypassing security of a computer system or a network.Cyberbullying Research Center Xyone Cyber Security
HacktivismThe activity of using hacking techniques to protest against or fight for political and social objectives (rather than personal gain). One of the most well known hacktivist groups in the world is Anonymous.Law Enforcement Cyber Center BCM Institute
Hash FunctionA cryptography tool that turns any input (text or file) into a string of characters that serves as a virtually unforgeable digital fingerprint of the data, called a hash. Hashes can be used to test whether a file has been modified since last hash was obtained, or as means to store passwords in a way that is harder for the attackers to decypher.The International Association of Privacy Professionals Cybrary
HijackingThe process of taking over a live connection between two users so that the attacker can masquerade as one of the users.SANS Institute Cybrary
Honey Client (Honeymonkey)An automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have.Heimdal Security SANS Institute
Honeypot (Honeynet)A system that has been setup with intentional vulnerabilities, with the intention to attract attackers. The attacks are then studied for techniques and methods and used to improve security. Multiple systems set up this way form a Honeynet.National Cyber Security Centre Law Enforcement Cyber Center
HostAny computing device that can communicate with others computers. Each host has a unique identifier called a hostname that allows other computers to access it.Open Data Handbook Law Enforcement Cyber Center
HubA network device that operates by repeating data that it receives on one port to all the other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub.Law Enforcement Cyber Center Cybrary
Hybrid AttackA hybrid attack builds on the dictionary attack method by adding numerals and symbols to dictionary words to crack passwords and gain unauthorised access.SANS Institute Cybrary
Hyper Text Transfer Protocol (HTTP)A networking language that manages data packets over the Internet. It defines how messages are formatted and transmitted. Further, it defines what actions Web servers and web browsers take in response to various commands.The International Association of Privacy Professionals Law Enforcement Cyber Center
Hyper Text Transfer Protocol Secure (HTTPS)A protocol for secure communication over the Internet. HTTPS should be found at the beginning of any address in your browser’s address bar security is expected, e.g. online banking, e-commerce sites, secure login areas and any services handling confidential information.The International Association of Privacy Professionals Law Enforcement Cyber Center
HyperlinkLinked graphic or text that is used to connect an end user to other websites, parts of websites or web-enabled services.The International Association of Privacy Professionals SANS Institute
Hypertext Markup Language (HTML)A content authoring language used to create web pages. Web browsers use HTML to interpret and render visible and audible content from the web pages.The International Association of Privacy Professionals SANS Institute
IncidentAn occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response to mitigate the consequences. Also an occurrence that violate or is an imminent threat to security policies, security procedures, or acceptable use policies.National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
Incident Handling/Management/ResponseThe activities that address the short-term, direct effects of an incident and may also support short-term recovery. Cybersecurity work where a person responds to crisis or urgent situations to mitigate immediate and potential threats.National Initiative for Cybersecurity Careers and Studies Cybrary
Incremental BackupsIncremental backups only backup the files that have been modified since the last backup.Heimdal Security Cybrary
Information Security (InfoSec)The practice of defending information from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The term is generic regardless of the form the data or information may take, while cybersecurity looks specifically at digital assets.The International Association of Privacy Professionals Xyone Cyber Security
Information Security PolicyA written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organization. (Also known as security policy) .National Initiative for Cybersecurity Careers and Studies Global Knowledge
Information Technology (IT)Any equipment or system that processes, transmits, receives, or interchanges data or information.National Initiative for Cybersecurity Careers and Studies BCM Institute
Infrastructure-As-A-Service (IaaS)A cloud service where the provider offers the customer virtual machines and the flexibility to arrange them into a network. The customer can install any software or custom code onto these virtual machines. This saves the customer the costs of buying and maintaining their own servers.Deloitte Global Knowledge
Initial Coin Offering (ICO)A type of fund raising that is primarily done by crowdfunding. In an ICO, a quantity of cryptocurrency is sold in the form of "tokens" ("coins") to speculators or investors, in exchange for legal tender or other cryptocurrencies such as Bitcoin or Ethereum. The tokens sold are promoted as future functional units of currency if or when the ICO's funding goal is met and the project launches. In some cases, like Ethereum the tokens are required to use the system for its purposes.Deloitte #DisruptionBanking
Initial Public Offering (IPO)When a private corporation undergoes the process of offering its shares to the public for the first time, it is called an Initial Public Offering (IPO). Growing companies in need of capital can use IPOs to raise funds; established firms can use IPOs to permit the owners to exit part or all of their ownership through selling shares to the public.Deloitte eToro
Inside(r) ThreatA malicious threat to an organization that comes from someone within, like an employee, contractor, or business associate, who has insider information regarding the organization’s data, computer systems, or security measures.National Cyber Security Centre Law Enforcement Cyber Center
Institute of Electrical and Electronics Engineers (IEEE) Standard 802.11 (Wi-Fi)A family of IEEE standards that extend the common wired Ethernet local network standard into the wireless domain. The 802.11 standards are widely known as “Wi-Fi” because the Wi-Fi Alliance provides certification for 802.11 products.Law Enforcement Cyber Center BSI
IntegrityThe property whereby information has not been modified or destroyed in an unauthorized manner. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.National Initiative for Cybersecurity Careers and Studies The International Association of Privacy Professionals
International Organization for Standardization (ISO)An international standard-setting body composed of representatives from various national standards organizations. Founded in 1947, the organization promotes worldwide proprietary, industrial and commercial standards.SANS Institute Cybrary
InternetA worldwide network of computers communicating with each other via phone lines, satellite links, wireless networks, and cable systems. Open Data Handbook SANS Institute
Internet Message Access Protocol (IMAP)A protocol that defines how a client should fetch email from and return email to a mail server.Law Enforcement Cyber Center Cybrary
Internet of Things (IoT)A term used to describe all objects with internet connectivity, including smart phones, wearable tech, cars, and household appliances.The International Association of Privacy Professionals National Cyber Security Centre
Internet Protocol (IP)The method or protocol by which data is sent from one computer to another on the Internet.Law Enforcement Cyber Center SANS Institute
Internet Protocol (IP) AddressA string of numbers used to identify each computer using the internet.Law Enforcement Cyber Center SANS Institute
Internet Protocol (IP) FloodA Denial of Service (DOS) attack which aims to send a host an avalanche of pings (echo request packages) that the protocol implementation cannot manage. This causes a system to fail and send a denial of service error.Heimdal Security Cybrary
Internet Protocol (IP) SpoofingA tactic used by attackers to supply a false IP address in an attempt to trick the user or a cybersecurity solution into believing it is a legitimate actor.Heimdal Security Cybrary
Internet Service Provider (ISP)Any company that provides Internet access to homes and businesses.The International Association of Privacy Professionals Law Enforcement Cyber Center
IntranetA computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders. SANS Institute Cybrary
IntrusionAn act of getting around a system’s security mechanisms to gain unauthorized access.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
Intrusion DetectionTechniques designed to detect breaches into a computer system or network.National Initiative for Cybersecurity Careers and Studies Law Enforcement Cyber Center
Intrusion Detection System (IDS)A security management system set up to actively protect computer and networks. It works by analyzing information from various areas of a computer/network to spot potential security breaches. These breaches can be either caused by intrusions (external attacks) and misuse (insider attacks).The International Association of Privacy Professionals Law Enforcement Cyber Center
Intrusion Prevention System (IPS)A security tool that attempts to detect and prevent cybersecurity attacks from becoming successful. An IPS is considered a more active security tool as it attempts to proactively respond to potential threats. An IPS can block IP addresses, turn off services, block ports and disconnect sessions as well as notify administrators.The International Association of Privacy Professionals Law Enforcement Cyber Center
KernelThe core of a computer’s operating system that houses the most essential functions of the computer.Law Enforcement Cyber Center Cybrary
KeyloggerA computer program that records keystrokes made by a user. This user is typically unaware that their actions are being monitored and that a hacker now has access to passwords and other confidential data.National Initiative for Cybersecurity Careers and Studies The Law Society
Know Your Customer (KYC)The process whereby a business verifies the identity of the client. This process can be completed either before or during the business begins to do business with them. It is increasingly common to see financial institutions use KYC as a requirement to do business. May also refer to a standard protocol driven by regulators and market participants that ensures bodies know detailed information about their clients' risk tolerance, investment knowledge, and financial position. KYC iniatives aim to protect both clients and firms.European Banking Authority #DisruptionBanking
Least PrivilegeA cybersecurity principle of allowing users or applications the least amount of permissions necessary to perform their intended function.The International Association of Privacy Professionals SANS Institute
Litecoin (LTC)A cryptocurrency. It offers shorter block generation times than Bitcoin, increased transaction speed, and lower transaction costs.International Capital Market Association eToro
Local Area Network (LAN)A network of computers that is contained within a limited geographic area (typically a single building). For a typical LAN, all of the networked machines are owned and controlled by a single individual or an organization.The International Association of Privacy Professionals The Law Society
Logic BombA program or a snippet of code that executes when a certain event occurs. Logic bombs may be set off on a certain date or when a specified set of circumstances occurs.Heimdal Security SANS Institute
Machine LearningA subfield of artificial intelligence (AI), it trains a computer to identify new patterns in a large amount of data. A trained algorithm can then be deployed to either make predictions (e.g. stock market prices, weather patterns) or classify objects into groups (e.g. differentiating cancers based on X-ray images, detecting fraudulent transcactions in bank accounts). Companies and governments increasingly deploy machine learning algorithms for speech recognition, image classification and other pattern-recognition applications.#DisruptionBanking DataQuest
Macro VirusMalware that attaches itself to documents and uses macro programming options (like those found in Microsoft Word or Excel) to execute malicious code or propagate itself.Heimdal Security The Law Society
Malicious Advertisement (Malvertisement)Malware that is distributed through online advertising networks, usually without the website owner’s knowledge. This type of technique is widely use to spread financial malware, data-stealing malware, ransomware and other cyber threatsNational Cyber Security Centre Heimdal Security
Malicious Code or Software (Malware)An umbrella term for software that is defined by malicious intent. This type of ill-intentioned software can disrupt normal computer operations, harvest confidential information, obtain unauthorized access to computer systems, display unwanted advertising and more. Includes viruses, trojan horses, worms, spyware, adware, etc.Law Enforcement Cyber Center Committee on National Security Systems
Man-In-The-Middle AttackAn attack where the attacker interposes themselves between the victim and the website or another victim that they are trying to reach, either to harvest the information being transmitted or alter it.Law Enforcement Cyber Center ECSC
Mandatory Access ControlA system that controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.Law Enforcement Cyber Center Cybrary
Media Access Control (MAC) AddressA physical address; a numeric value that uniquely identifies a network device from every other device on the planet. MAC addresses are used in a variety of technologies, including Ethernet and WiFi, and allow to test whether a given physical device is allowed on a network.The International Association of Privacy Professionals Cybrary
MetadataInformation about data such as its title and description, method of collection, author or publisher, area and time period covered, licence, date and frequency of release, etc.The International Association of Privacy Professionals Open Data Handbook
MitigationSteps taken to minimise and address (cybersecurity) risks.National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
Multifactor Authentication (MFA)A type of authentication that uses two or more factors to achieve authentication. These factors can include something the users know (a password or a PIN), something the users have (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).The International Association of Privacy Professionals Heimdal Security
National Cyber Security Centre (NCSC)Part of the Government Communications Headquarters (GCHQ) , this is a UK government organisation that offers advice and support to the public and private sector on how to avoid and prevent cyber security threats, attacks and breaches.Xyone Cyber Security Tech Nation
National Institute of Standards and Technology (NIST)A U.S. federal agency responsible for the “Framework for Improving Critical Infrastructure Cybersecurity” – voluntary guidelines used by organisations to manage their security risks.The International Association of Privacy Professionals Cybrary
Non-RepudiationThe ability to ensure that neither the originator nor the receiver in a transaction can dispute the validity of the transaction or access request. An independent verification takes place which allows the sender’s identity to be verified, typically by a third party, and also allows the sender to know that the intended recipient of the message actually received it. Non-repudiation of origin proves that data has been sent and non-repudiation of delivery proves that the data has been received.The International Association of Privacy Professionals Committee on National Security Systems
Open SourceSoftware for which the source code is available under an open licence. Not only can the software be used for free, but users with the necessary technical skills can inspect the source code, modify it and run their own versions of the code, helping to fix bugs, develop new features, etc. Some large open source software projects have thousands of volunteer contributors.The International Association of Privacy Professionals Open Data Handbook
Open Systems Interconnection (OSI) ModelA standard description of how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implemention so that products consistently work with other products. The reference model defines 7 layers of functions that take place at each end of a communication. Many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion.SANS Institute Law Enforcement Cyber Center
Outside ThreatAn unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.Heimdal Security Committee on National Security Systems
OutsourcingThe practice of hiring a party outside a company to perform services and create goods that traditionally were performed in-house by the company's own employees and staff. Outsourcing is often used to obtain best-of-breed level service rather than settling for good-enough internal operations. It can be expensive and increases an organization's security risk due to the exposure of internal information and data to outsiders.The International Association of Privacy Professionals Global Knowledge
PacketA piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.SANS Institute Cybrary
Packet SnifferA type of software designed to monitor and record traffic on a network. It can be used to run diagnostic tests and troubleshoot potential problems. It can also be used for malicious purposes, like collecting your web browsing history, your downloads, the people you send emails to, etc.Law Enforcement Cyber Center Heimdal Security
Passive AttackAn attack where a system is monitored or scanned for information, but no action is taken against the system. Passive attacks are therefore much more difficult to detect, as there are no obvious changes made to the system.Network Working Group Request for Comments: 4949 Internet Security Glossary, Version 2 Tech Nation
PasswordA string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. National Initiative for Cybersecurity Careers and Studies BSI
Password SniffingMonitoring and snooping on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.SANS Institute Cybrary
PatchA small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.National Cyber Security Centre BCM Institute
Patch ManagementActivities related to researching, testing, approving and installing updates and patches to computer systems. Patch management is an essential part of security management in order to prevent downtime, minimize vulnerabilities and prevent new untested updates from interfering with productivity.Heimdal Security Global Knowledge
PayloadThe element of the malware that performs the malicious action – the cybersecurity equivalent of the explosive charge of a missile. Usually spoken of in terms of the damage wreaked.SANS Institute CORVID
Payment Card Industry Data Security Standard (PCI DSS)A self-regulatory system that provides an enforceable security standard for payment card data. The rules were drafted by the Payment Card Industry Security Standards Council, which built on previous rules written by the various credit card companies. Except for small companies, compliance with the standard requires hiring a third party to conduct security assessments and detect violations. Failure to comply can lead to exclusion from Visa, MasterCard or other major payment card systems, as well as penalties.The International Association of Privacy Professionals Law Enforcement Cyber Center
Payment GatewayA service provider that authorizes credit card payments. They act as an intermediary between a payment portal, like a website, and a bank. Dataconomy Deloitte
Peer-to-peer (P2P) LendingA practice of lending money to businesses or individuals over an online platform that matches lenders with borrowers. Since most of these platforms run online, it often allows them to run with lower overheads and costs than typical financial institutions.Deloitte #DisruptionBanking
Penetration Testing (Pen Testing, Pentesting)Also known as ethical hacking, pentesting is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. A penetration test will use the same tools, techniques and methodologies as criminal hackers, and provide recommendations on how to mitigate risks and improve security of the tested system.National Initiative for Cybersecurity Careers and Studies National Cyber Security Centre
Personal DataAny information relating to a person (a “data subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social ide ntity of that person. European Data Protection Supervisor Information Commissioner’s Office
Personal FirewallSoftware running on a PC that controls network traffic to and from that computer.Heimdal Security SANS Institute
Personally Identifiable Information (PII)Any information about an individual, including any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and any other information that is linkable to an individual, such as medical, educational, financial, and employment information.The International Association of Privacy Professionals National Initiative for Cybersecurity Careers and Studies
PharmingRedirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This is accomplished by either attacking an individual computer, attacking an individual router, or attacking a Domain Name Server/System (DNS). In every case, even if the victim types in a correct website name, they will be redirected to a fake one.The International Association of Privacy Professionals National Cyber Security Centre
PhishingA social engineering attack that attempts to collect information from victims. Phishing attacks can take place over email, text messages, through social networks, calls, or via smartphone apps. The goal of a phishing attack may be to learn logon credentials, credit card information, system configuration details or other company, network, computer or personal identity information. Phishing attacks are often successful because they mimic legitimate communications from trusted entities or groups such as false emails from a bank or a retail website.National Cyber Security Centre Committee on National Security Systems
PlaintextUnencrypted information.National Initiative for Cybersecurity Careers and Studies SANS Institute
Platform-As-A-Service (PaaS)A cloud computing model whereby an external company provides an organisation with a platform and an environment which allows them to build applications and services over the internet. PaaS gives developers the tools and services required for code to be deployed efficiently. They are designed to avoid the cost and complexity of building and maintaining the platform themselves.Deloitte Global Knowledge
PortThe endpoint of a logical connection that client computers use to connect to specific server programs.Law Enforcement Cyber Center SANS Institute
Post Office Protocol, Version 3 (POP3)A client/server protocol in which email is received and held for you by your Internet server.Law Enforcement Cyber Center SANS Institute
Pretty Good Privacy (PGP)A computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.SANS Institute Cybrary
Privacy“A right to be let alone”. The assurance that the confidentiality of, and access to, certain information about an entity is protected. The ability of individuals to understand and exercise control over how information about themselves may be used by others. A right to privacy is recognised by the Universal Declaration of Human Rights and the European Convention on Human Rights. Common areas of privacy include information privacy, bodily privacy, territorial privacy, and communications privacy.European Data Protection Supervisor The International Association of Privacy Professionals
Privacy by DesignA principle that encourages designers to build privacy and data protection up front, into the design specifications and architecture of information and communication systems and technologies, in order to facilitate compliance with privacy and data protection principles.European Data Protection Supervisor The International Association of Privacy Professionals
Privacy Impact AssessmentA process designed to help organisations identify and mitigate privacy risks associated with proposed data processing activities.The International Association of Privacy Professionals University College London Legal Services
Proprietary InformationData that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets.Heimdal Security SANS Institute
Proxy ServerAn intermediary between a computer and the internet, used to enhance cybersecurity by preventing attackers from accessing a computer or private network directly.SANS Institute Cybrary
Public KeyA cryptographic key that may be widely published and used to enable the operation of a public key encryption. The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.Committee on National Security Systems SANS Institute
Public Key EncryptionAlso known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.National Initiative for Cybersecurity Careers and Studies Cybrary
Public Key Infrastructure (PKI)A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.Committee on National Security Systems The International Association of Privacy Professionals
RansomwareA type of malware that encrypts data on a PC or mobile device, blocking access to it. The victim then receives a time-limited message that ransom has be paid (usually in Bitcoins) in order to get the decryption key. There is no guarantee that if the victim pays the ransom, they will get the decryption key. Regularly backing up your data is an effective solution against this kind of attack.National Cyber Security Centre Xyone Cyber Security
Red TeamA group authorised to emulate a potential adversary’s attack against an enterprise’s IT systems. This is usually done as part of penetration testing, to identify cybersecurity weaknesses in the system being tested.Committee on National Security Systems #DisruptionBanking
RedundancyAdditional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of a primary system, sub-system, asset, or process.National Initiative for Cybersecurity Careers and Studies BCM Institute
Regulatory Technology (RegTech)The use of information technology within the financial services industry to enhance the regulatory processes. Tthe main functions include compliance, reporting, and regulatory monitoring amongst others. RegTech largely consists of companies using cloud computing technology to help comply with financial regulations more efficiently and cost-effectively.European Banking Authority Deloitte
Remote Access (Administration) Trojan (RAT)A malware program that gives an intruder administrative control over a target computer. RATs are usually downloaded invisibly with a user-requested program, such as a game, or sent as an email attachment. Once the host system is compromised, the intruder may use it to distribute more RATs for a botnet.Law Enforcement Cyber Center Heimdal Security
ResilienceThe ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.Financial Stability Board The International Association of Privacy Professionals
Reverse EngineeringDisassembling and analyzing the design of a system component or a piece of software. The technique is often used by cybersecurity researchers to take apart malware to analyze it. Through reverse engineering they can observe and understand how the malware works, and can devise security solutions that can protect users against it.SANS Institute Cybrary
Right of AccessAn individual’s right to request and receive their personal data from a business or other organization.European Data Protection Supervisor The International Association of Privacy Professionals
RiskThe potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.Financial Stability Board SANS Institute
Risk AssessmentThe process of evaluating the state of risk of an organization. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. Threats are evaluated for their exposure factor (EF) (i.e. the amount of loss that would be caused by the threat causing harm) and frequency of occurrence (i.e. ARO - Annualized Rate of Occurrence) in order to calculate a relative risk value known as the ALE (Annualized Loss Expectancy). The largest ALE indicates the biggest concern or risk for the organization.DHS Risk Lexicon, 2010 Edition BCM Institute
Risk ManagementThe process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.DHS Risk Lexicon, 2010 Edition BCM Institute
Rivest-Shamir-Adleman (RSA) AlgorithmThe most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication.The International Association of Privacy Professionals Cybrary
Robo-AdvisorDigital platforms that provide automated, algorithm-driven financial planning services with little to no human supervision. A typical robo-advisor collects information from clients about their financial situation and future goals through an online survey, and then uses the data to offer advice and/or automatically invest client assets.European Banking Authority Deloitte
Role-Based Access ControlAccess policies that espouse the view that no employee should have greater information access than is necessary to capably perform his or her job function. This is similar to the principle of least privilege.The International Association of Privacy Professionals Cybrary
RootkitA set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools. These can be used by both IT administrators, and by attackers.Law Enforcement Cyber Center Committee on National Security Systems
RouterA device that connects two or more networks and allows packets to be transmitted and received between them. A router determines the best path for data packets from source to destination. Routers typically connect home or office networks to the wider internet.National Cyber Security Centre Law Enforcement Cyber Center
SandboxA means of isolating applications, code or entire operating systems in order to perform testing or evaluation. The sandbox limits the actions and resources available to the constrained item. This allows for the isolated item to be used for evaluation while preventing any harm or damage to be caused to the host system or related data or storage devices. Law Enforcement Cyber Center Global Knowledge
ScavengingSearching through data residue in a system to gain unauthorized knowledge of sensitive data.SANS Institute Cybrary
Secret KeyA cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme. Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. The International Association of Privacy Professionals Committee on National Security Systems
Secure Shell (SSH)A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.Law Enforcement Cyber Center SANS Institute
Secure Sockets Layer (SSL)An encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. It is the most widely used security protocol on the internet for online banking and shopping sites. Generally speaking, the presence of “https://” as opposed to “http://” in the browser address bar indicates that the connection between your computer and the website is SSL encrypted.The International Association of Privacy Professionals Law Enforcement Cyber Center
Security Information and Event Management (SIEM)A category of products and services that aggregate and analyse network information, in order to detect suspicious activity and provide real-time security alerts. An approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security.Law Enforcement Cyber Center BSI
Security PerimeterThe boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeter aims to prevent any interactions between outside entities and internal entities that might violate or threaten the security of the internal systems.BSI Global Knowledge
Security PolicyInternal security measures such as the prevention of unauthorized or unnecessary access to corporate data or resources. Includes intellectual property, financial data and personal information. Physical security measures, such as locks, safes, cameras and fences are security measures that protect against both internal and external threats.The International Association of Privacy Professionals Committee on National Security Systems
Sensitive dataAny data that is confidential, for which access is limited to a certain category of users, who can view, access and use it. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.European Data Protection Supervisor SANS Institute
ServerA computer, usually on the internet and managed by a hosting company, that responds to requests from a user, e.g. for web pages, downloaded files or to access features in a Software as a Service package being run on the server.Open Data Handbook BCM Institute
Short Message Service (SMS) Phishing (Smishing)Phishing via SMS: mass text messages sent to users asking for sensitive information (e.g. bank details) or encouraging them to visit a fake website.National Cyber Security Centre Tech Nation
Signals Intelligence (SIGINT)Refers to electronic transmissions that can be collected by ships, planes, ground sites, or satellites. Conducting SIGINT activities in the U.S. is primarily the responsibility of the National Security Agency (NSA). The U.S. Federal Bureau of Investigation (FBI) collects SIGINT through authorized wiretaps and other electronic intercepts of information.Law Enforcement Cyber Center Cybrary
SignatureAn identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. Traditional antivirus solutions can spot, block and remove malware based on their signature.Heimdal Security Committee on National Security Systems
Single-Sign-On (SSO)An authentication process that allows a user to access multiple applications or services with one set of login credentials. This service authenticates the actions of the user for all the applications to which the user has been granted rights, eliminating further prompts when the user switches applications during the same session.The International Association of Privacy Professionals Dataconomy
Smart ContractsComputer programs that automatically execute a contract. Often blockchain-based, smart contracts permit trusted transactions and agreements to be carried out among disparate, anonymous parties without the need for a central authority, legal system, or external enforcement mechanism. They render transactions traceable, transparent, and irreversible.European Banking Authority Dataconomy
SnifferA tool used to monitor traffic over a network. It can be used legitimately, to detect issues with the data flow, and by malicious actors, to harvest data that’s transmitted over a network.Cybrary Law Enforcement Cyber Center
Social EngineeringA psychological (rather than a technical) attacks that aims to either gain access to information or to a logical or physical environment. May be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff or gaining copies of data files by encouraging a worker to cut-and-paste confidential materials into an e-mail or social networking post.National Cyber Security Centre The International Association of Privacy Professionals
SocketA socket is one endpoint of a two-way communication link between two programs running on the same network. A socket is bound to a port number so that the Transmission Control Protocol (TCP) layer can identify the application that data is destined to be sent to.Law Enforcement Cyber Center SANS Institute
SoftwareComputer programs and associated data. Software can be otherwise named programs or apps.SANS Institute Cybrary
Software-as-a-Service (SaaS)A software licensing model in which access to the software is provided on a subscription basis, with the software being located on external servers rather than on servers located in-house. SaaS is typically accessed through a web browser, with users logging into the system using a username and password. Examples of a SaaS include online email services or online document editing systems. A user of a SaaS solution is only able to use the offered application and make minor configuration tweaks. The SaaS provider is responsible for maintaining the application.National Cyber Security Centre Open Data Handbook
SpamUnsolicited email messages, often sent in bulk to a large number of users, usually for the purpose of advertising, spreading malware, or carrying out phishing attacks.Cyberbullying Research Center Committee on National Security Systems
Spear PhishingA cyber and social engineering attacks that aims to extract sensitive data from a victim using a very specific and personalised message designed to look like it's from a person the recipient knows and/or trusts. This message is usually sent to individuals or companies, and it is usually extremely effective and well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create a spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information. National Cyber Security Centre The International Association of Privacy Professionals
SpoofAttempt by an unauthorized entity to gain access to a system by posing as an authorized user. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. Spoofing can come in the form of emails, caller ID, entire websites, IP addresses and more.Global Knowledge Committee on National Security Systems
SpywareSoftware that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge. Spyware can be operated by an advertising and marketing agency for the purpose of gathering customer demographics. But it can be also operated by attackers using the data gathering tool to steal an identity or learn enough about a victim to harm them in other ways.The Law Society Committee on National Security Systems
SteganographyMethods of hiding the very existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. Examples of steganography include "invisible" ink, messages hidden in other messages, text hidden in images, etc.SANS Institute Cybrary
Structured Query Language (SQL) InjectionAn attack that injects malicious SQL code, which allows the attacker to fully control the underlying database. Can be perfomed by injecting commands into inappropriately configured text search boxes on websites. The underlying database can be a full list of users and their credentials, a list of shopping items, etc. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable.The International Association of Privacy Professionals ECSC
Supply ChainThe path of linked organizations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer. An interruption of the supply chain can cause a termination of the production of the final product immediately or this effect might not be noticed until the materials already in transit across the supply chain are exhausted.BSI Committee on National Security Systems
SwitchA networking device used to connect other computer together. Switches forward information between specific computers, rather than passing information to every computer connected to the switch.Law Enforcement Cyber Center SANS Institute
Symmetric CryptographyAlgorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key.Cybrary Committee on National Security Systems
TamperTo deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services. Heimdal Security SANS Institute
TelnetA user command and an unsecured underlying protocol for accessing remote computers. In practice users and administrators often prefer Secure Shell (SSH), as it provides a more secure way to access a remote digital device.Law Enforcement Cyber Center Cybrary
Third PartyAny person other than the data subject, the data controller, the data processor or other person authorised to process data for the data controller or processor. Third party does not include employees or agents of the data controller or data processor.European Data Protection Supervisor University of Bath Data Protection Glossary
ThreatA possible security violation that can become certainty if the right context, capabilities, actions and events unfold. If a threat becomes reality, it can cause a security breach or additional damages.Law Enforcement Cyber Center DHS Risk Lexicon, 2010 Edition
Threat ActorAn individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.Financial Stability Board DHS Risk Lexicon, 2010 Edition
Threat Analysis (Assessment)The detailed evaluation of the characteristics of individual threats.National Initiative for Cybersecurity Careers and Studies Heimdal Security
TokenisationA system of de-identifying data which uses random tokens as stand-ins for meaningful data. Can also refer to the process by which real-world assets are turned into something of digital value, often subsequently able to offer ownership of parts of this asset to different owners.The International Association of Privacy Professionals International Capital Market Association
Transmission Control Protocol (TCP)A protocol which enables two devices to establish a connection and exchange data.The International Association of Privacy Professionals Law Enforcement Cyber Center
Transmission Control Protocol (TCP) Internet Protocol (IP) Suite (TCP/IP)The basic communication protocol of the Internet. It can also be used as a communications protocol in a private network.SANS Institute Cybrary
Transport Layer Security (TLS)A protocol that ensures privacy between client-server applications and Internet users of the applications. When a server and client communicate, TLS secures the connection to ensure that no third party can eavesdrop on or corrupt the message. TLS is a successor to Secure Sockets Layer (SSL).The International Association of Privacy Professionals Law Enforcement Cyber Center
Trojan (Horse)A form of malicious software that disguises itself as a harmless computer program but provides threat actors with the ability to execute any variety of attacks that steal information, disrupt functionality or damage data. National Cyber Security Centre Committee on National Security Systems
TrollingDeliberately and disingenuously posting information to entice an emotional response. Often done to inflame or provoke others.Cyberbullying Research Center Online Harassment Field Manual
Two-Factor Authentication (2FA)Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.National Cyber Security Centre The Law Society
Typhoid AdwareA Man-in-the-middle attack that injects advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.Heimdal Security Tech Nation
Unauthorised AccessAny access or use of a computer system, network or resource which violates a security policy, or when the person or user was not explicitly granted authorization to access or use the resource or system .Global Knowledge Committee on National Security Systems
Uniform Resource Locator (URL)More-commonly known as a web address. Most web browsers display the URL of the web page in their address bar.The International Association of Privacy Professionals Xyone Cyber Security
Uniform Resource Locator (URL) InjectionA cyber attack where a cyber criminal created new pages on a website owned by someones else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a Distributed Denial of Service (DDoS) attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated Wordpress or plugins.Heimdal Security Tech Nation
Virtual Private Network (VPN)A network that uses the Internet to provide remote offices or traveling users an access to a central organizational network. VPNs typically require remote users of the network to be authenticated and often secure data with encryption to prevent disclosure of private information to unauthorized parties. VPN can also be offered as a service, where it will hide your online activity from attackers and offer extra shield when you want to safely navigate online.The International Association of Privacy Professionals National Cyber Security Centre
VirusA computer program designed to make copies of itself and spread itself from one machine to another without the help of the user. Viruses are typically attached to files, applications or downloads that appear to be non-threatening. Once downloaded, opened or executed, the virus can corrupt data or expand throughout a network and damage systems across a company.National Cyber Security Centre Committee on National Security Systems
Voice over IP Phishing (Vishing)A form of phishing where an attacker able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity. As with phishing, smishing, spear phishing and social engineering, urgency is usually applied in an attempt to sidestep any kind of urge to double-check or second guess.The Law Society Global Knowledge
VulnerabilityA weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.Financial Stability Board DHS Risk Lexicon, 2010 Edition
WabbitsA type of computer programme that replicates itself repeatedly, with malicious side effects. It does not infect other computers.Heimdal Security Tech Nation
War DialingA computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that an attacker can try to break into the systems.SANS Institute Cybrary
WardrivingA process of driving around town with a laptop looking for Wireless Access Points (WAPs) that can be communicated with. The network card on the laptop looks for signals coming from anywhere. After intruders gain access, they may steal Internet access or start damaging data.Law Enforcement Cyber Center Cybrary
Water-Holing AttackA type of cyber attack that is highly targeted towards a specific group of people, who perhaps all work for the same organisation, within the same industry or live in the same region. The attacker collects information about websites that this group of people frequent and then infects one of those websites with malware. Once one person has fallen foul to the malware, the attacker then uses that breach to access a wider associated network. These attacks work because of the constant vulnerabilities in website technologies, even with the most popular systems, making it easier than ever to stealthily compromise websites.National Cyber Security Centre Law Enforcement Cyber Center
WhalingA form of sophisticated phishing attack that targets high-profile, famous and wealthy targets, such as celebrities, CEOs, top-level management and other powerful or rich individuals. By using the phished information, fraudsters and cyber criminals can trick victims into revealing even more confidential or personal data or they can be extorted and suffer from financial fraud.The International Association of Privacy Professionals National Cyber Security Centre
White HatAlso known as ethical hackers, these are usually cybersecurity specialists, researchers or just skilled techies who find security vulnerabilities for companies and then notify them to issue a fix. Companies often hire white hats to test their security systems (known as penetration testing).Heimdal Security Committee on National Security Systems
WhitelistA whitelist is a list of email addresses or IP addresses that are considered to be spam-free. It's the opposite of a blacklist, which usually includes a list of blocked users. A list of entities that are considered trustworthy and are granted access or privileges.National Cyber Security Centre National Initiative for Cybersecurity Careers and Studies
Wide Area Network (WAN)A communications network linking computers across different geographical locations.The International Association of Privacy Professionals BSI
WiretappingMonitoring and recording data that is flowing between two points in a communication system.SANS Institute Cybrary
World Wide Web (WWW)The global, hypermedia-based collection of information and services that is available on Internet servers, and can be accessed using Internet browsers.SANS Institute Cybrary
WormA form of malware that focuses on replication and distribution. A worm is a self-contained malicious program that attempts to duplicate itself and spread to other systems. Generally, the damage caused by a worm is indirect and due to the worm's replication and distribution activities consuming all system resources. A worm can be used to deposit other forms of malware on each system it encounters.The International Association of Privacy Professionals Committee on National Security Systems
Zero-DayRecently discovered vulnerabilities, not yet known to vendors or antivirus companies, that hackers can exploit. A brand new attack, never before detected by security teams, for which there is no immediate vendor solution.National Cyber Security Centre Heimdal Security
ZombieA zombie computer is one connected to the Internet, that in appearance is performing normally, but can be controlled by a hacker who has remote access to it. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launch of Denial of Service (DoS) attacks, with the owner being unaware of it.Law Enforcement Cyber Center Heimdal Security