Common Security Terms

Security is a broad term that can cover anything from military security to personal safety. It’s also about making sure your information, data and property are safe. Security systems have evolved over the years in order to keep up with new technologies and threats, but what do all these terms mean? Let’s take a look at some of the more common security terms so you know what it means when someone mentions them.

Glossary of Security Terms

This glossary of security terms covers a definition and description of terms related to the art, science, and profession of physical protection, including:

  • Cloud – A cloud is an internet-based platform that facilitates the sharing of resources between users. For example, you could use a software as a service (SaaS) package hosted in the cloud to work on your documents.
  • Domain – A domain is like a website address. For example www.example.com is the domain for the website you are currently on.
  • VPN – A virtual private network (VPN) is a technology that extends a private network over a public network, allowing users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. An example of this would be when you use the internet at school/college/university to log into your company VPN so that you can access all your files from home as if they were stored on your computer right there at work.
  • IP Address – IP stands for Internet Protocol which creates an address system for computers using binary numbers to communicate with each other via routers or switches, much like a post code system.
  • Exploit – In computer security, exploit refers to a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
  • Breach – When systems have been hacked into and information is stolen. For example if your credit card details were breached this means they may be freely able to access all the information you give them online such as email addresses and passwords.
  • Firewall – A firewall is an electronic barrier that blocks unauthorized access to private networks by outsiders while permitting authorized users access under controlled conditions. This could be installed on your computer for example to block hackers from getting into your system if they manage to gain access somehow.
  • Malware – Malware is a general term used to denote a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, ransomware, spyware and adware.
  • Virus – A virus is a program that can copy itself and infect a computer by attaching a copy of itself to other files or programs. It also changes the way the system works usually without you knowing. For example if your computer was infected with ransomware then this would mean they could lock all your files using strong encryption so that only they hold the key to decrypt them again for you and if you don’t pay up within 3 days they will destroy the key forever! Luckily there is now great anti-virus protection around which can stop most viruses from infecting your computer. However, some viruses can be more advanced and harder to detect so it is always best to have up-to-date antivirus software on your PC at all times!
  • Ransomware – Ransomware is a type of malware that installs covertly on a victim’s computer system with the aim of blocking access to the system or encrypting (scrambling) data until a sum of money is paid. It often also includes the option to decrypt the files for free after a time period but if you don’t pay up then they can delete your key forever making it impossible for you to restore your data without paying them again. Keeping good back ups on external hard drives on separate networked computers are necessary so that you can restore your data if you ever get infected with this nasty malware!
  • Trojan Horse – A Trojan horse (or Trojan) is a type of malicious software (malware) that masquerades as legitimate software. The term is derived from the Ancient Greek story in which the Greeks gained access to Troy by hiding soldiers within a large wooden horse. Typically, users are tricked into downloading and executing such malwaare through emails or other direct means onto their computers. They fall for the “bait” and then infect themselves unwittingly. This can open up all sorts of vulnerabilities on your computer system without you knowing about it until it’s too late.
  • Worm – Is similar to virus however they do not need people clicking on links or files to be activated or spread/ They replicate by creating copies of themselves. A worm is self-contained and does not need to be part of another program in order to act or spread itself. Worms often exploit a vulnerability which allows them to spread.-
  • Botnet – Is a network of private computers infected with malicious software allowing the owner (botmaster) access back into the computer systems without the owners knowledge or consent through electronic communication networks. The botnet can use your device as part of an attack on another system. For example they could crash services of large companies using distributed denial-of-service attacks which send lots of traffic to targeted websites making their servers crash!
  • Spyware – Is software that gathers information about a person or organization without their knowledge. It can send this information to another computer or person for malicious purposes. Some spyware is used to monitor the behaviour of a computer user and make a record of which keys are pressed, where they click on screen etc allowing them access to passwords entered by the victim without their knowledge!
  • Rootkit – Is special software that allows an attacker to hide processes/files/open ports from the normal OS functions within your device making it difficult for you as a system administrator to find out what exactly is happening on your device behind your back!
  • Distributed Denial-of-Service (DDoS) – An example of cyber warfare whereby an attacker seeks to disrupt or deny access to a resource or service through overwhelming flood of requests sent simultaneously to the target (victim).-
  • Phishing – Is a cyber attack that aims to steal sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication like email or website. For example it could be pretending to represent your bank asking you for personal details so they can “check on some irregular activity on your account”. Spear phishing is highly targeted phishing attacks against specific individuals, companies or groups within the victims organisations using more personalized emails!
  • Encryption – The process of encoding messages or information in an attempt to prevent unauthorized access to the message/information. Encryption uses algorithms, which are mathematical functions often referred to as ciphers, to ‘scramble’ messages. Once encrypted, the message can only be decrypted using a matching key or password.-
  • BYOD – Is allowing your employees to use their own mobile devices for work purposes, instead of solely providing them with company-issued devices. This term has evolved more recently to include laptops and other devices that might not be purely mobile but are nevertheless personal.
  • Pen-testing – A penetration test is an authorized simulated attack on computer systems, performed in order to identify vulnerabilities as well as security weaknesses. It is intended to enforce the security of data by trying to circumvent protections and exploit vulnerabilities . Unlike regular vulnerability scanning, where data files are checked “honestly” against known vulnerabilities, penetration tests involve active attempts at cracking passwords etc!
  • Social Engineering – is psychological manipulation of people into performing actions or divulging confidential information. It typically involves using deceit and playing on the trust or sympathies of a victim to obtain access to assets in order for example an attacker to compromise a computer system!
  • Clickjacking – Is a cyber attack where websites you visit can put hidden windows over your browser without you knowing, making it look like you are clicking somewhere else!
  • Deepfake – A deep fake is when someone can produce digital content that contains believable audio & video. This could be pictures with realistic looking text superimposed on them , videos which are manipulated or even voices being changed to make other people say things they never did!
  • White hat – Is a computer hacker who breaks into a computer system or network with the intent of finding security vulnerabilities that a malicious hacker could exploit. A white hat hacker/pentester is sometimes referred to as a “security expert”, though this may be an oversimplification.
  • Grey hat – Is someone who violates others’ intellectual property rights, such as copyrights and trademarks, to gain benefit for themselves or their company, but ostensibly without damaging the interests of the copyright holder. Grey hats might also find and exploit security vulnerabilities on systems and networks .
  • Black hat – Is a hacker who breaks into computer systems or networks with malicious intent. An attacker can be motivated by profit (i.e., seeking to sell information obtained from credit card numbers);productivity (e.g., improving their skill or that of other hackers);or just for fun or curiosity (see hacktivism).
  • Security operations – the management of security sensitive information with the goal of ensuring organizational objectives are met.
  • Security surveys – a type of reconnaissance that is carried out for a system or network in order to determine how an adversary may attack it. Surveys can range from assessing the level of wireless network coverage to assessing how many entrances there are into the facility.
  • Secure public key infrastructure (PKI) – PKI systems use public-key cryptography for digital signatures to create certificates that verify the identity of entities on networks.

Leave a Comment

Your email address will not be published. Required fields are marked *

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close