Cybersecurity Glossary

The dark web refers to a portion of the internet that is intentionally hidden and inaccessible through standard web browsers or search engines. It is often associated with illicit activities, illegal marketplaces, or forums where anonymity and privacy are prioritized, making it a hub for cybercrime, hacking tools, stolen data, and other malicious activities.

Data at rest refers to stored or inactive data that resides in persistent storage, such as hard drives, databases, or backup tapes, and is not actively being transmitted or processed. Protecting data at rest involves encryption, access controls, and security measures to prevent unauthorised access, data leakage, or theft.

Techniques used to increase the size or diversity of a dataset by artificially creating new data samples through modifications or transformations.

A data breach occurs when unauthorised individuals or entities gain access to sensitive or confidential data without proper Authorisation. Data breaches can result from cyberattacks, insider threats, or accidental disclosure, and they can lead to data theft, financial loss, reputational damage, or legal and regulatory consequences.

Data classification is the process of categorizing data based on its sensitivity, value, or criticality to an organisation. By classifying data, organisations can apply appropriate security controls, access restrictions, and protective measures based on the importance and sensitivity of the data.

Data encryption is the process of converting plaintext information into ciphertext using cryptographic algorithms. Encryption ensures that data is unreadable and unusable by unauthorised parties unless they possess the appropriate encryption keys. Data encryption provides confidentiality and helps protect sensitive information from unauthorised access or interception.

Data exfiltration, also known as data extrusion or data exfiltration, refers to the unauthorised extraction or theft of sensitive data from an organisation's network or systems. Attackers use various methods, such as malware, hacking, or social engineering, to transfer data out of the targeted environment, potentially leading to data breaches or loss of intellectual property.

Data integrity refers to the accuracy, completeness, and consistency of data throughout its lifecycle. It ensures that data remains unchanged and reliable, free from unauthorised modifications, corruption, or tampering. Data integrity is achieved through measures such as data validation, checksums, access controls, and backup and recovery mechanisms.

The process of manually annotating or tagging data with labels or annotations to create labeled datasets for supervised learning.

Data leakage, also known as data loss, data spill, or data exposure, refers to the unauthorised or unintentional release, disclosure, or transmission of sensitive or confidential data. Data leakage can occur through human error, insider threats, or security breaches, and it poses significant risks to an organisation's reputation, compliance, and privacy.

Data loss prevention (DLP) encompasses strategies, technologies, and processes implemented to prevent sensitive or confidential data from being lost, disclosed, or accessed by unauthorised individuals or entities. DLP solutions monitor and control data in motion, at rest, or in use to prevent data breaches, leakage, or unauthorised transfers.

Data masking is a technique used to protect sensitive data by replacing real data with fictional or obfuscated data while preserving its format and usability for non-production purposes. It helps organisations comply with privacy regulations and minimize the risk of data breaches during development, testing, or outsourcing activities, where real data is not necessary.

Data recovery is the process of retrieving or restoring data from damaged, corrupted, or inaccessible storage devices, such as hard drives, solid-state drives, or backup tapes. It involves using specialised techniques and software to recover lost or deleted data caused by accidental deletion, hardware failures, software errors, or malicious activities.

Data remanence refers to residual traces of data that remain on storage media even after it has been deleted or erased. It is a security concern because sensitive data can potentially be recovered using specialised techniques or tools. To mitigate the risk of data remanence, secure data destruction methods, such as overwriting or physical destruction of storage media, are employed.

Database auditing is the process of monitoring and recording activities that occur within a database system to ensure compliance, detect unauthorised access, and maintain data integrity. It involves tracking and logging events, such as user logins, data modifications, and administrative actions, to create an audit trail for investigation, forensic analysis, and compliance reporting.

Database encryption is the practice of encrypting sensitive data stored in a database to protect it from unauthorised access or disclosure. It involves applying encryption algorithms to the data at rest, ensuring that even if the database is compromised, the encrypted data remains unreadable without the appropriate decryption keys.

Database security refers to the measures and controls implemented to protect databases from unauthorised access, data breaches, or other security threats. It includes various security mechanisms such as access controls, encryption, authentication, auditing, and activity monitoring to ensure the confidentiality, integrity, and availability of the data stored in databases.

Deception technology, also known as decoy technology, involves deploying deceptive elements within an organisation's network or systems to mislead and divert potential attackers. These decoys can include fake systems, data, or credentials that appear legitimate to lure attackers away from valuable assets and provide early detection and threat intelligence about ongoing attacks.

A machine learning algorithm that uses a hierarchical structure of decision nodes and branches to model decisions or classifications. Decision trees are easy to interpret and can handle both numerical and categorical data.

Decryption is the process of converting encrypted or ciphered data back into its original, readable form using a decryption algorithm and the appropriate decryption key. It is the reverse process of encryption and is necessary to access and interpret encrypted data.

A subfield of machine learning that utilizes artificial neural networks with multiple layers to learn and extract high-level representations from complex and large-scale data, enabling the development of highly accurate models for tasks such as image and speech recognition.

Deepfake refers to synthetic media, such as videos, images, or audio, that are created or manipulated using deep learning techniques, particularly generative adversarial networks (GANs). Deepfakes can be used to create realistic but fake content, including forged videos or audio recordings of individuals saying or doing things they never actually did. Deepfakes pose significant challenges for authentication, trust, and the spread of disinformation.

Defence in depth is a cybersecurity strategy that involves layering multiple security controls and measures throughout an organisation's systems, networks, and data. Each layer provides a different level of protection, and if one layer is breached, other layers are still in place to mitigate the risk. This approach aims to increase the overall security posture by adding redundancy and complexity to deter, detect, and respond to attacks effectively.

A denial-of-service (DoS) attack is an attempt to disrupt the availability or performance of a computer system, network, or service by overwhelming it with a flood of illegitimate requests, traffic, or resource consumption. The objective is to exhaust system resources, such as bandwidth, processing power, or memory, rendering the target unable to respond to legitimate requests or causing a complete system crash.

Deobfuscation is the process of reversing or unravelling obfuscated code or data to reveal its original form and purpose. It is often used in reverse engineering or malware analysis to understand the functionality and behaviour of obfuscated software or to detect hidden malicious code.

Device management refers to the administration, configuration, and control of various devices, such as computers, mobile devices, or Internet of Things (IoT) devices, within an organisation's network. It involves tasks such as inventory management, software distribution, patching, policy enforcement, and monitoring to ensure the security and proper functioning of the devices.

A digital certificate, also known as a public key certificate, is a digital document that binds an entity's identity (such as an organisation or individual) to a public key. It is used in public key infrastructure (PKI) systems to verify the authenticity and integrity of digital communications and transactions. Digital certificates are issued by certificate authorities (CAs) and are an essential component of secure communication over networks.

Digital footprint refers to the trail of data or information that an individual or organisation leaves behind while using digital services, applications, or devices. It includes online activities, interactions, posts, transactions, and other digital records that can be tracked, collected, and analysed. Managing and protecting one's digital footprint is important for privacy and security.

Digital forensics, also known as computer forensics, is the process of collecting, analysing , and preserving digital evidence from computers, storage devices, or digital systems to investigate and reconstruct events related to cybercrimes or security incidents. It involves techniques such as data recovery, data analysis, and forensic tools to uncover evidence and support legal proceedings or incident response.

Digital rights refer to the legal and ethical rights of individuals or organisations regarding the use, access, distribution, and protection of digital information, content, or intellectual property. Digital rights encompass issues such as copyright, privacy, data protection, freedom of expression, and access to information in the digital realm.

Digital rights management (DRM) refers to technologies, systems, or measures used to protect and control the use, distribution, or access to digital content, such as music, movies, or e-books. DRM aims to enforce copyright restrictions, prevent unauthorised copying or sharing, and manage licensing and usage rights associated with digital content.

A digital signature is a cryptographic mechanism used to authenticate the integrity and origin of digital messages, documents, or transactions. It involves using a private key to generate a unique digital signature that can be verified using the corresponding public key. Digital signatures provide non-repudiation, ensuring that the signer cannot deny their involvement in the signed content.

The process of reducing the number of input variables or features in a dataset while preserving important information. Dimensionality reduction techniques, such as Principal Component Analysis (PCA) and t-SNE, help to overcome the curse of dimensionality, improve computational efficiency, and visualize high-dimensional data.

Disaster recovery refers to the process and set of strategies and procedures designed to restore critical systems, data, and operations after a natural or man-made disaster, such as a fire, flood, hardware failure, or cyber attack. It involves planning, backup and replication of data, offsite storage, and recovery strategies to minimize downtime and ensure business continuity.

A DMZ, or Demilitarized Zone, is a network segment or subnetwork that acts as a buffer zone between an organisation's internal network and an external network, typically the internet. The DMZ is designed to host publicly accessible services, such as web servers, while providing an additional layer of security by isolating the internal network from direct external access.

DNS filtering is a technique used to control or block access to specific websites or content by inspecting and filtering DNS (Domain Name System) requests. It involves using DNS filtering services or deploying DNS filtering software or appliances to enforce policies, block malicious domains, or prevent access to inappropriate or unauthorised content.

DNS poisoning, also known as DNS spoofing or DNS cache poisoning, is an attack that manipulates the DNS system to redirect legitimate domain name resolution requests to malicious or unauthorised IP addresses. By compromising the DNS cache or injecting false DNS records, attackers can redirect users to fake websites, intercept communications, or perform other malicious activities.

DNS security refers to the practices, protocols, and technologies implemented to protect the Domain Name System (DNS) from vulnerabilities, attacks, and unauthorised access. It includes measures such as DNSSEC (DNS Security Extensions) for data integrity and authentication, DNS filtering for content control, and DNS firewalls or threat intelligence to detect and prevent DNS-based attacks.

DNSSEC (DNS Security Extensions) is a set of protocols and extensions to the DNS system that provides data integrity, authentication, and validation of DNS responses. It uses cryptographic signatures to ensure that DNS data is not tampered with during transit and that the responses come from authorized DNS servers. DNSSEC helps prevent DNS hijacking, DNS spoofing, and other attacks that manipulate DNS responses.

Domain hijacking, also known as domain theft or domain hijack, is an attack that involves unauthorised changes to the registration of a domain name, typically by gaining control over the domain owner's account credentials. The attacker can modify the domain's DNS settings, transfer ownership, or redirect traffic to malicious websites. Domain hijacking can lead to service disruptions, phishing, or reputation damage.

Domain reputation refers to the assessment of a domain name's trustworthiness, credibility, and reliability based on its historical behaviour, security practices, and online presence. Domain reputation can impact email deliverability, website ranking in search engines, and user trust. Monitoring and maintaining a positive domain reputation is important for maintaining online visibility and protecting against abuse or blacklisting.

Doxing, short for "dropping documents," is the malicious act of publicly disclosing or publishing private and personal information about an individual or organisation without their consent. This includes sensitive information such as home addresses, phone numbers, email addresses, or financial details. Doxing is often carried out as a form of harassment, revenge, or to facilitate other cybercrimes.

A drive-by download is a type of web-based attack where malware is automatically downloaded and installed on a user's device without their knowledge or consent, simply by visiting a compromised or malicious website. Drive-by downloads exploit vulnerabilities in web browsers, plugins, or operating systems to deliver and execute malicious code, often with the aim of infecting the device or stealing sensitive information.

Dumpster diving refers to the practice of searching through discarded physical materials, such as printed documents, papers, or electronic devices, in search of sensitive or valuable information. Attackers may target dumpsters or trash bins outside organisations to find documents, hard drives, or other items that contain confidential information that can be exploited for identity theft, corporate espionage, or other malicious purposes.