Cybersecurity Glossary

Salting is a technique used in cryptography and password storage to add random data (salt) to passwords or plaintext before applying a one-way hash function. The salt is a randomly generated value that is unique for each password or plaintext input. Salting enhances the security of password storage by preventing the use of precomputed tables, such as rainbow tables, for password cracking. Each password or plaintext, when combined with a unique salt, produces a unique hash, making it more challenging and time-consuming for attackers to crack passwords through brute-force or dictionary attacks.

A sandbox is a controlled and isolated environment where applications, processes, or files can be executed or tested without affecting the underlying system or network. Sandboxing provides a secure environment to analyse the behaviour of potentially malicious software, test untrusted applications, or conduct vulnerability research. Sandbox environments restrict access to system resources, limit network connectivity, and monitor the activities of the sandboxed processes. Sandboxing helps prevent the spread of malware, isolate potentially risky actions, and enhance the overall security of systems and networks.

Secure coding, also known as secure software development, refers to the practice of writing software code in a way that minimizes security vulnerabilities and protects against potential exploitation. Secure coding involves following secure coding guidelines, using secure programming techniques, and employing best practices to address common software security issues, such as input validation, output encoding, secure session management, secure error handling, and secure cryptographic implementations. Secure coding practices aim to prevent common software vulnerabilities, reduce the attack surface, and ensure the overall security and reliability of software applications.

Secure Sockets Layer (SSL) is a deprecated cryptographic protocol that provided secure communication over a network, typically the internet. SSL has been replaced by Transport Layer Security (TLS), which is the current industry-standard protocol for secure communication. SSL/TLS protocols establish an encrypted connection between a client and a server, ensuring the confidentiality and integrity of data transmitted between them. SSL certificates, issued by certificate authorities (CAs), are used to authenticate the identity of the server and enable secure communication. SSL/TLS is widely used for securing sensitive online transactions, web browsing, and data transfers.

A security audit is a systematic and comprehensive evaluation of an organisation's security controls, policies, procedures, and infrastructure to assess their effectiveness, identify vulnerabilities, and ensure compliance with security standards, regulations, or best practices. Security audits involve reviewing security configurations, analysing security logs, conducting vulnerability assessments, testing access controls, and evaluating the overall security posture of an organisation. The findings from security audits help organisations identify weaknesses, prioritize remediation efforts, and enhance their security posture to mitigate risks and protect against threats.

Security awareness refers to the knowledge, understanding, and vigilance individuals have regarding cybersecurity risks, best practices, and their role in maintaining a secure environment. Security awareness programs aim to educate and empower individuals to make informed decisions, detect potential threats, and adopt security measures to protect themselves and the organisation. Security awareness encompasses various topics, such as phishing awareness, password hygiene, secure browsing, social engineering awareness, data protection, and incident reporting. Building a culture of security awareness helps establish a resilient defence against evolving cyber threats.

A security breach, also known as a data breach or security incident, occurs when there is unauthorised access, disclosure, or loss of sensitive information or the compromise of security controls, systems, or infrastructure. Security breaches can result from cyberattacks, human error, insider threats, or physical breaches. The impact of a security breach can be significant, including the exposure of sensitive data, financial losses, reputational damage, regulatory penalties, and legal consequences. Organisations should have incident response plans and security controls in place to prevent, detect, and respond to security breaches effectively.

A security control, also known as a security measure or security safeguard, refers to a specific measure or mechanism implemented to protect assets, systems, or data and mitigate potential security risks or threats. Security controls can be technical, administrative, or physical in nature. Examples of security controls include firewalls, intrusion detection systems, access controls, encryption, authentication mechanisms, security policies, security awareness training, video surveillance, and security audits. The selection and implementation of appropriate security controls depend on the specific risks, compliance requirements, and the organisation's overall security objectives.

A security incident refers to any adverse event or occurrence that poses a potential threat to the confidentiality, integrity, or availability of an organisation's information assets, systems, or networks. Security incidents can include cyberattacks, unauthorised access, malware infections, data breaches, system failures, physical breaches, or policy violations. Security incidents require a coordinated response, including detection, containment, eradication, and recovery efforts, to minimize the impact and restore normal operations. Effective security incident management is crucial for mitigating risks, preserving evidence, and preventing further damage or unauthorised access.

Security incident management is the process of planning, coordinating, and executing activities to detect, respond to, contain, and recover from security incidents effectively. Security incident management involves establishing incident response plans, defining roles and responsibilities, implementing incident detection and reporting mechanisms, conducting investigations, and coordinating remediation efforts. The goal of security incident management is to minimize the impact of security incidents, restore normal operations, preserve evidence for forensic analysis, and improve the organisation's overall security posture based on lessons learned from incidents.

A security incident response plan (SIRP), also known as an incident response plan (IRP) or cyber incident response plan (CIRP), is a predefined set of procedures and guidelines that outline the steps to be taken in response to a security incident. The SIRP provides a structured approach for detecting, responding to, containing, and recovering from security incidents, aiming to minimize damage, restore services, and prevent future incidents. The SIRP typically includes roles and responsibilities, communication protocols, incident categorization, escalation procedures, containment strategies, forensics processes, and coordination with stakeholders or external entities.

Security information and event management (SIEM) is a technology solution or platform that combines security event management (SEM) and security information management (SIM) capabilities to provide comprehensive visibility into security events and facilitate centralized monitoring, analysis, and reporting of security-related logs and data from various sources. SIEM systems collect and correlate data from network devices, systems, applications, and security controls to identify security incidents, detect anomalies, generate alerts, and support incident response activities. SIEM plays a vital role in proactive threat management, compliance monitoring, and security incident detection and response.

A security operations centre (SOC) is a centralized facility or team responsible for monitoring, detecting, analysing , and responding to security events and incidents within an organisation's networks, systems, and applications. SOC teams employ a combination of technology, processes, and skilled personnel to actively monitor security alerts, investigate potential threats, triage incidents, and coordinate response activities. The SOC serves as a command centre for incident response, threat intelligence analysis, vulnerability management, and continuous monitoring of the organisation's security posture.

A security patch, also known as a patch or a hotfix, is a software update or code modification that addresses a security vulnerability, bug, or weakness in a system, application, or software component. Security patches are released by vendors or developers to fix identified vulnerabilities and prevent potential exploitation. Applying security patches in a timely manner is essential to protect against known security risks and maintain the integrity and security of systems and applications. Organisations should have patch management processes in place to assess, prioritize, test, and deploy security patches efficiently.

A security policy is a documented set of rules, guidelines, procedures, and best practices that define how an organisation protects its information assets, systems, networks, and resources. Security policies establish the framework for managing and maintaining the organisation's security posture, specifying requirements for data protection, access controls, incident response, employee responsibilities, and acceptable use of technology resources. Security policies help ensure consistency, accountability, and compliance with relevant regulations, standards, or industry best practices, and guide the implementation of security controls and practices throughout the organisation.

Security through obscurity is a concept that relies on keeping the details or inner workings of a system, software, or cryptographic algorithm secret as a means of providing security. The idea is that by keeping the information about the system or algorithm unknown, it becomes more difficult for attackers to exploit its vulnerabilities or weaknesses. However, security through obscurity is generally considered a weak form of security because it does not rely on the inherent strength of the system or algorithm but rather on the secrecy of its implementation. It is widely accepted that security should be based on strong cryptographic algorithms, secure design principles, and robust security practices, rather than relying solely on obscurity.

A security token is a physical or digital device used to authenticate an individual's identity for access to secure systems, networks, or resources. Security tokens provide an additional layer of security beyond traditional username and password authentication. Physical security tokens can be in the form of smart cards, USB tokens, or hardware tokens that generate one-time passwords. Digital security tokens can be software-based applications or mobile apps that generate unique authentication codes. Security tokens help protect against unauthorised access, phishing attacks, and password-based vulnerabilities by requiring possession of the token in addition to knowledge of a password.

A security token service (STS) is a component or service that issues security tokens used for authentication and Authorisation in distributed computing environments. STS acts as a trusted third party that facilitates the exchange of security tokens between parties, allowing for secure communication and access to protected resources. STS plays a crucial role in identity and access management (IAM) systems, enabling single sign-on (SSO), federated identity, and interoperability between different security domains. STS implementations often leverage standard protocols, such as Security Assertion Markup Language (SAML) or OAuth, for secure token exchange.

A learning paradigm that combines labeled and unlabeled data to train AI models, reducing the need for extensive labeled data.

A technique that determines the sentiment or subjective opinion expressed in text, typically for tasks like sentiment classification, opinion mining, or social media analysis. Sentiment analysis helps to extract insights from large volumes of text data.

Server security refers to the protection of servers, which are computer systems or software applications that provide services or resources to clients or other systems. Server security involves implementing appropriate security controls, configurations, and practices to safeguard server infrastructure from unauthorised access, data breaches, service disruptions, or exploitation. This includes hardening server configurations, applying security patches and updates, configuring access controls and authentication mechanisms, monitoring server logs, and conducting regular vulnerability assessments. Server security aims to ensure the confidentiality, integrity, and availability of server resources and data.

Session hijacking, also known as session stealing or session sidejacking, is an attack where an attacker intercepts or steals an authenticated session between a client and a server. By gaining control of the session, the attacker can impersonate the legitimate user, access sensitive information, perform unauthorised actions, or manipulate data. Session hijacking attacks often exploit vulnerabilities in session management mechanisms, network protocols, or session identifiers. To mitigate session hijacking, secure session management practices such as the use of secure cookies, encryption, and session expiration policies should be implemented.

Shoulder surfing is the act of visually eavesdropping on someone else's screen or keyboard to gain unauthorised access to sensitive information, such as passwords, PINs, or personal data. Shoulder surfing attacks can be conducted in public places, crowded environments, or by individuals who are in close physical proximity to the target. Protecting against shoulder surfing involves practicing good screen privacy by using privacy screens or adjusting screen angles, shielding keyboards when entering sensitive information, and being vigilant of potential eavesdroppers in public settings.

A side-channel attack is a type of attack that exploits information leaked through unintended channels, such as power consumption, electromagnetic emissions, timing variations, or acoustic signals, to extract sensitive information or gain unauthorised access. Side-channel attacks target the physical implementation of cryptographic algorithms or security mechanisms rather than directly attacking the algorithm itself. Examples of side-channel attacks include power analysis attacks, timing attacks, and electromagnetic radiation analysis. Countermeasures against side-channel attacks involve implementing secure cryptographic implementations, noise generation, or using countermeasures such as masking or blinding techniques.

Single sign-on (SSO) is an authentication mechanism that enables users to access multiple systems, applications, or resources using a single set of login credentials. With SSO, users authenticate once, typically through a centralized identity provider, and obtain access to multiple systems or services without the need to provide credentials for each individual application. SSO improves user experience, reduces password fatigue, and simplifies identity management for both users and administrators. It also allows for centralized access control, audit trails, and enhanced security through consistent authentication and Authorisation mechanisms.

Single sign-out, also known as global logout or federated logout, is a functionality provided by single sign-on (SSO) systems that allows users to terminate their authenticated sessions across multiple applications or systems with a single action. When a user initiates a single sign-out, all active sessions associated with their SSO credentials are invalidated, ensuring that the user is logged out from all integrated applications or services. Single sign-out helps maintain security by ensuring that users do not inadvertently leave their authenticated sessions active on shared or public devices.

A hypothetical future point where AI and technology advancements reach a level that surpasses human capabilities and understanding.

Smishing is a type of phishing attack that targets individuals through text messages (SMS) or multimedia messaging service (MMS) on mobile devices. Smishing messages often attempt to deceive users into divulging sensitive information, clicking on malicious links, or downloading malware by impersonating legitimate entities, such as banks, government agencies, or service providers. Users should exercise caution when receiving unsolicited messages, avoid clicking on suspicious links, and refrain from sharing personal or financial information through text messages. It is important to verify the authenticity of any message before taking any action to mitigate the risk of smishing attacks.

Social engineering is the psychological manipulation of individuals to trick them into divulging sensitive information, performing actions, or bypassing security controls. Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, relying on deception, persuasion, or manipulation. Common social engineering techniques include phishing, pretexting, baiting, tailgating, or impersonating trusted individuals or entities. Mitigating social engineering attacks requires user education, awareness training, implementing strong authentication mechanisms, and maintaining a culture of security vigilance within an organisation.

A social media policy is a set of guidelines and rules established by an organisation to govern the use of social media platforms by employees, contractors, or other representatives of the organisation. Social media policies define acceptable use of social media, specify guidelines for protecting the organisation's reputation, address privacy concerns, establish rules for disclosing proprietary information, and outline the consequences for policy violations. Social media policies help protect the organisation's brand, intellectual property, and sensitive information while promoting responsible and professional use of social media platforms.

Social media security refers to the protection of individuals' and organisations' social media accounts and activities from various security risks, including unauthorised access, data breaches, identity theft, phishing attacks, or reputation damage. Social media security involves implementing strong passwords, enabling two-factor authentication (2FA), being cautious of accepting friend or connection requests from unknown individuals, carefully managing privacy settings, avoiding sharing sensitive information publicly, and being vigilant of phishing attempts or malicious links. Maintaining awareness of social media security best practices helps minimize the risks associated with social media usage.

The software-defined perimeter (SDP) is a security framework and architecture that dynamically creates secure, micro-segmented network connections between users and resources based on their identity, device posture, and other contextual factors. SDP focuses on user-centric, zero-trust principles and replaces traditional network-centric security models. By establishing secure, encrypted connections on a per-session basis, SDP provides enhanced security, visibility, and control over network access, reducing the attack surface and preventing unauthorised access. SDP can be particularly useful for securing remote or cloud-based environments where traditional perimeter-based security measures may be insufficient.

Spam refers to unsolicited and unwanted messages, typically sent in bulk, such as email spam, instant messages, or text messages. Spam messages are often commercial in nature, advertising products, services, or fraudulent schemes. Spam can also include malicious attachments, links to phishing websites, or malware downloads. Effective spam filtering solutions and email security practices can help reduce the impact of spam by blocking or diverting these messages to spam folders, minimizing the risk of falling victim to scams, malware, or unwanted solicitations.

Spam email, also known as junk email, is unsolicited and often mass-mailed messages sent to a large number of recipients. Spam emails typically contain advertising content, scams, or malicious links or attachments. Spam emails can be used for phishing attacks, spreading malware, or attempting to trick recipients into disclosing sensitive information or performing unauthorised actions. To combat spam email, users should exercise caution when opening email attachments or clicking on links, regularly update their spam filters, and avoid responding to or interacting with suspicious or unsolicited messages.

A spam filter is a software or system that is designed to detect and filter out spam or unwanted email messages. Spam filters analyse incoming emails based on various criteria, such as sender reputation, content analysis, blacklists, whitelists, and machine learning algorithms, to determine the likelihood of a message being spam. Spam filters automatically divert detected spam messages to a separate spam folder, quarantine them, or block them altogether, reducing the amount of unwanted or malicious email reaching the user's inbox. Spam filters help protect users from scams, phishing attacks, malware, and unwanted solicitations.

Spear phishing is a targeted form of phishing attack where an attacker sends highly customized and personalized phishing emails to specific individuals or groups within an organisation. Spear phishing emails are carefully crafted to appear legitimate and often impersonate trusted entities or individuals known to the recipients. The goal of spear phishing is to trick targeted individuals into revealing sensitive information, providing access credentials, or executing actions that can be exploited by the attacker. Protecting against spear phishing requires user education, strong email security measures, and implementing advanced threat detection and prevention technologies.

The technology that enables computers to convert spoken language into written text. Speech recognition systems use techniques such as acoustic modeling and language modeling to accurately transcribe spoken words or commands.

Spoofing is a technique used in cyberattacks to falsify or manipulate data, network communications, or the identity of a sender to deceive recipients, gain unauthorised access, or bypass security measures. Examples of spoofing include email spoofing, IP spoofing, caller ID spoofing, or website spoofing. Spoofing attacks can be used for phishing, identity theft, distributing malware, or performing reconnaissance. Implementing strong authentication mechanisms, email validation protocols, network access controls, and robust security measures can help mitigate the risks associated with spoofing attacks.

Spyware is malicious software (malware) that is designed to covertly monitor a user's activities, gather sensitive information, and transmit it to an external entity without the user's consent or knowledge. Spyware can be installed on a user's device through malicious downloads, infected websites, or bundled with legitimate software. Spyware can capture keystrokes, record browsing habits, collect login credentials, capture personal information, or control the user's device remotely. To protect against spyware, users should employ up-to-date anti-malware solutions, practice safe browsing habits, and exercise caution when downloading or installing software from untrusted sources.

Spyware removal refers to the process of detecting and eliminating spyware or other types of malicious software (malware) from a system or device. Spyware removal involves using dedicated anti-spyware or anti-malware software to scan the system, identify and quarantine or remove any detected spyware infections. Spyware removal also includes cleaning up any traces or remnants of the spyware, restoring system settings, and ensuring that the device is secure and free from unauthorised monitoring or data collection.

SQL injection is a type of web application vulnerability that allows attackers to manipulate or inject malicious SQL queries into an application's database. SQL injection attacks exploit improper handling of user input within SQL statements, enabling attackers to modify, disclose, or delete data, bypass authentication mechanisms, or execute arbitrary commands within the database. Preventing SQL injection requires secure coding practices, such as parameterized queries or prepared statements, input validation and sanitization, and minimizing the exposure of database-related errors or information to users.

An SSL certificate, also known as a digital certificate, is a digital document that authenticates the identity of a website or web server and establishes an encrypted connection between the client's browser and the server. SSL certificates are issued by trusted certificate authorities (CAs) and contain information about the website owner, the CA's digital signature, and the cryptographic keys used for encryption. SSL certificates enable secure communication by encrypting data transmitted between the client and the server, protecting it from interception or tampering. SSL certificates play a crucial role in establishing trust and ensuring the confidentiality and integrity of online transactions and communications.

An SSL/TLS certificate is a digital certificate that enables secure communication over the internet using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. SSL/TLS certificates authenticate the identity of websites or web servers and establish an encrypted connection between the client and the server, ensuring the confidentiality, integrity, and authenticity of data transmitted over the network. SSL/TLS certificates are issued by trusted certificate authorities (CAs) and are used to enable secure browsing, online transactions, and data transfers. Websites or applications that use SSL/TLS certificates are identified by the "https//" prefix in the URL and display a padlock symbol in the browser's address bar.

The SSL/TLS handshake is a process that occurs at the beginning of an SSL/TLS communication session between a client (e.g., a web browser) and a server. During the handshake, the client and server exchange information, negotiate encryption algorithms, and verify each other's identity using SSL/TLS certificates. The handshake involves multiple steps, including the client's hello, server's hello, key exchange, certificate verification, and session establishment. The SSL/TLS handshake ensures the secure establishment of an encrypted connection, sets up the parameters for secure communication, and enables the client and server to authenticate each other.

SSL/TLS protocols, such as SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, are cryptographic protocols that provide secure communication over a network, typically the internet. SSL/TLS protocols establish an encrypted connection between a client and a server, protecting the confidentiality and integrity of data transmitted between them. Each SSL/TLS protocol version introduces security improvements, algorithm enhancements, and stronger encryption mechanisms. TLS 1.2 and TLS 1.3 are the most widely supported and recommended versions due to their stronger security features and resistance to known vulnerabilities.

Steganalysis is the practice of detecting and analysing hidden messages or information concealed within digital media, such as images, audio files, or documents, using steganography techniques. Steganalysis techniques involve examining the suspicious media for signs of manipulation or hidden data, identifying statistical anomalies, analysing the file structure, or using specialised software tools to extract and analyse hidden information. Steganalysis plays a role in digital forensics, data leakage prevention, and detecting potential covert communication channels or malicious activities.

Steganography is the practice of concealing or hiding sensitive or confidential data within other non-secret data or media to prevent detection or interception. Steganography techniques involve embedding the secret data within digital images, audio files, video files, or documents without visibly altering their appearance or quality. Steganography can be used for covert communication, data exfiltration, or as a means to bypass security controls. Detecting steganography requires specialised tools and techniques that can analyse and reveal hidden information within digital media.

A variant of gradient descent that updates the model's parameters using a random subset of the training data at each iteration. SGD is computationally efficient and is commonly used in large-scale machine learning tasks.

Stuxnet is a highly sophisticated computer worm that was discovered in 2010 and is considered one of the most complex cyber weapons ever created. Stuxnet specifically targeted industrial control systems (ICS), particularly those used in Iran's nuclear program. The worm exploited multiple vulnerabilities and used advanced techniques to compromise and manipulate programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems, ultimately causing physical damage to centrifuges used in uranium enrichment. Stuxnet highlighted the potential impact of cyberattacks on critical infrastructure and raised awareness about the importance of protecting industrial control systems.

A type of ML where the algorithm learns from labeled examples, with known inputs and corresponding desired outputs.

Supply chain security focuses on securing the end-to-end lifecycle of products, services, or software throughout the supply chain process. It involves implementing measures to mitigate the risks associated with third-party vendors, suppliers, or service providers, ensuring the integrity, confidentiality, and availability of the components or services acquired from external sources. Supply chain security includes processes such as vendor assessment, secure procurement, secure development practices, third-party risk management, and ongoing monitoring and auditing of suppliers or vendors. Protecting the supply chain helps prevent the introduction of counterfeit, tampered, or malicious components or services that could compromise the overall security of an organisation's products or systems.

A supervised learning algorithm used for classification and regression tasks. SVMs find optimal hyperplanes in a high-dimensional space to separate or classify data points based on their features.

An AI approach inspired by the collective behavior and intelligence observed in social insect colonies, where a group of simple agents collaboratively solves complex problems.

A system backup is the process of creating copies or snapshots of critical system files, data, or configurations to protect against data loss, system failures, or disasters. System backups are typically stored in separate locations or on separate storage media to ensure redundancy and enable recovery in case of data corruption, hardware failures, malware attacks, or natural disasters. System backups can be performed using various methods, such as full backups, incremental backups, or differential backups. Regular and reliable system backups are essential for disaster recovery, business continuity, and the restoration of systems and data to a previous state.

System logs, also known as event logs or audit logs, are records of events, activities, or transactions that occur within a computer system, network, or application. System logs capture information such as user logins, system processes, security events, errors, warnings, and system-level activities. System logs are critical for troubleshooting, forensic analysis, incident response, and compliance monitoring. They provide a historical record of system events, enabling administrators to detect anomalies, identify security incidents, and analyse system behaviour for performance optimization or security auditing purposes.