Back to Posts

Cybersecurity Glossary

Jan. 23, 2026

"Glossary" spelled out by Scrabble tiles on a wooden table

Cybersecurity terms can feel like a different language, especially when you're juggling IT conversations, compliance requirements, and day-to-day business operations. This glossary consolidates key cybersecurity terms into plain-English definitions to help your team communicate clearly and make informed security decisions.

Cybersecurity Glossary

Access Control

Rules and policies that determine who can view or use resources in a computing environment.

Advanced Persistent Threat (APT)

A prolonged, targeted cyberattack where an intruder gains access and remains undetected for an extended period.

Antivirus/Anti-malware

Software designed to detect, prevent, and remove malicious programs from computers and networks.

API (Application Programming Interface) Security

Protection measures for the connections that allow different software applications to communicate.

Attack Surface

All the possible points where an unauthorized user could try to enter or extract data from your system.

Attack Vector

The method or path an attacker uses to gain access to a system (email, USB drive, network vulnerability, etc.).

Authentication

The process of verifying that someone is who they claim to be before granting access.

Authorization

Determining what an authenticated user is allowed to do or access within a system.

Backup

Copies of data stored separately so it can be restored if the original is lost or compromised.

Backup and Disaster Recovery (BCDR)

A combined approach to backing up data and having a plan to restore business operations after a cyberattack or system failure.

Blacklist

A list of entities (applications, IP addresses, email addresses) that are blocked from accessing a system.

Botnet

A network of infected computers controlled by an attacker to carry out coordinated attacks or send spam.

Breach

An incident where unauthorized individuals gain access to confidential data, systems, or networks.

Brute Force Attack

An attack method that tries many passwords or encryption keys until the correct one is found.

Business Email Compromise (BEC)

A sophisticated scam where attackers impersonate executives or vendors to trick employees into transferring money or sensitive data.

Cloud Security

Protection measures for data, applications, and infrastructure hosted in cloud environments.

CMMC (Cybersecurity Maturity Model Certification)

A framework required for defense contractors to prove they meet specific cybersecurity standards.

Compliance

Meeting regulatory and industry standards for data protection and cybersecurity practices.

Credential Stuffing

An attack where stolen username and password combinations are used to gain unauthorized access to user accounts.

Cryptography

The practice of encoding information so only authorized parties can read it.

Cyber Hygiene

Regular practices and steps users take to maintain system health and security (updating software, strong passwords, etc.).

Cyberattack

An attempt to damage, disrupt, or gain unauthorized access to computer systems, networks, or devices.

Dark Web

Parts of the internet not indexed by search engines, often used for illegal activities including selling stolen data.

Data Breach

An incident where sensitive, protected, or confidential data is accessed or disclosed without authorization.

Data Loss Prevention (DLP)

Tools and processes that prevent sensitive data from being shared, lost, or accessed by unauthorized users.

Denial of Service (DoS)

An attack that floods a system with traffic to make it unavailable to legitimate users.

Disaster Recovery Plan

A documented process for recovering and protecting IT infrastructure in the event of a disaster.

Distributed Denial of Service (DDoS)

A DoS attack that comes from multiple sources simultaneously, making it harder to stop.

DNS (Domain Name System)

The system that translates website names into IP addresses. DNS attacks can redirect users to malicious sites.

Email Security Gateway

A solution that monitors incoming and outgoing email to block threats and enforce policies.

Encryption

The process of converting data into a coded format that can only be read with the correct decryption key.

Encryption Key

A string of data used to lock (encrypt) and unlock (decrypt) information.

Endpoint

Any device that connects to your network (computers, laptops, mobile phones, tablets, servers).

Endpoint Detection and Response (EDR)

Security software that monitors endpoints for suspicious activity and can respond to threats automatically.

Exploit

A piece of code or technique that takes advantage of a vulnerability to compromise a system.

Exploit Kit

A pre-packaged set of tools that automate the exploitation of known vulnerabilities.

File Integrity Monitoring

Software that alerts you when important files are changed unexpectedly, which could signal an attack.

Firewall

A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Hacker

Someone who uses technical skills to gain unauthorized access to systems. Can be malicious (black hat) or ethical (white hat).

HIPAA (Health Insurance Portability and Accountability Act)

Federal law requiring protection of sensitive patient health information.

Honeypot

A decoy system designed to attract attackers and study their methods without risking real assets.

Identity and Access Management (IAM)

Systems and policies that manage digital identities and control user access to resources.

Incident Response

The systematic approach to managing and addressing a security breach or cyberattack.

Incident Response Plan

A documented strategy for detecting, responding to, and recovering from cybersecurity incidents.

Indicator of Compromise (IoC)

Evidence that a system has been breached or is under attack (unusual network traffic, suspicious files, etc.).

Internet of Things (IoT)

Network-connected devices like smart thermostats, cameras, and sensors that can be vulnerable to attacks.

Intrusion Detection System (IDS)

Software that monitors network traffic for suspicious activity and alerts administrators.

Intrusion Prevention System (IPS)

Similar to IDS but can automatically take action to block detected threats.

IP Address

A unique numerical label assigned to each device connected to a network.

Keylogger

Malicious software that records every keystroke to steal passwords and sensitive information.

Lateral Movement

When an attacker moves from one compromised system to another within a network.

Least Privilege

A security principle where users are given only the minimum access necessary to perform their jobs.

MAC Address

A unique identifier assigned to each network device, like a serial number for hardware.

Malware

Malicious software designed to harm, exploit, or disable computers and networks (includes viruses, ransomware, spyware).

Managed Extended Detection and Response (MXDR)

A service where security experts monitor and respond to threats across your entire environment, not just endpoints.

Managed Security Service Provider (MSSP)

A company that provides outsourced monitoring and management of security systems and devices.

Man-in-the-Middle Attack

An attack where someone secretly intercepts and potentially alters communication between two parties.

Mobile Device Management (MDM)

Software that secures, monitors, and manages mobile devices used in the workplace.

Multi-Factor Authentication (MFA)

A security process requiring two or more verification methods to access an account (something you know, something you have, something you are).

Network Segmentation

Dividing a network into smaller sections to contain threats and limit access to sensitive data.

Network Security

Measures taken to protect the integrity, confidentiality, and accessibility of networks and data.

Password Manager

A tool that securely stores and manages passwords, often generating strong passwords automatically.

Patch

A software update that fixes vulnerabilities or bugs.

Patch Management

The process of updating software and systems to fix security vulnerabilities and improve functionality.

Payload

The part of malware that actually causes damage, like encrypting files or stealing data.

Penetration Testing (Pen Testing)

Simulated cyberattacks on your systems to identify vulnerabilities before real attackers find them.

Perimeter Security

Security measures that protect the boundary between your internal network and outside threats, like a fence around your property.

Phishing

Fraudulent emails or messages designed to trick people into revealing sensitive information or clicking malicious links.

Privileged Access Management (PAM)

Controls and monitoring for accounts with elevated permissions (administrators, IT staff).

Ransomware

Malware that encrypts your files and demands payment for the decryption key.

Ransomware-as-a-Service (RaaS)

A business model where ransomware developers sell or lease their malware to other criminals.

Red Team/Blue Team

Security exercise where the red team simulates attacks while the blue team defends (like offense vs. defense).

Remote Access

The ability to connect to a network or system from a different location.

Risk Assessment

The process of identifying, analyzing, and evaluating cybersecurity risks to your organization.

Rootkit

Malware that provides an attacker with administrator-level access while hiding its presence.

Security Audit

A systematic evaluation of an organization's security measures and practices.

Security Awareness Training

Education programs that teach employees to recognize and respond to cybersecurity threats.

Security Control

A safeguard or countermeasure designed to protect information systems.

Security Information and Event Management (SIEM)

Software that collects and analyzes security data from across your network to detect threats.

Security Operations Center (SOC)

A centralized team that monitors, detects, analyzes, and responds to cybersecurity threats 24/7.

Security Policy

Written rules and guidelines that govern how an organization protects its information assets.

Security Posture

The overall cybersecurity strength of an organization based on its resources, controls, and practices.

Shadow IT

Technology and software used within an organization without IT department approval or knowledge.

Single Sign-On (SSO)

A system that allows users to access multiple applications with one set of credentials.

Social Engineering

Manipulation tactics that exploit human psychology to trick people into breaking security procedures.

Spear Phishing

A targeted phishing attack directed at specific individuals or organizations.

Spoofing

Disguising communication or identity to appear as if it's coming from a trusted source.

Spyware

Malware that secretly gathers information about a person or organization.

Supply Chain Attack

An attack that targets less-secure elements in the supply chain to reach the primary target.

Threat Actor

An individual or group that carries out cyberattacks (hackers, cybercriminals, nation-states).

Threat Hunting

Proactively searching for cyber threats that may have evaded existing security measures.

Threat Intelligence

Information about current and emerging cybersecurity threats used to make informed security decisions.

Token

A physical device (like a key fob) or digital code sent to your phone used to verify your identity along with a password.

Trojan Horse

Malware disguised as legitimate software that gives attackers access to your system.

Two-Factor Authentication (2FA)

A security process requiring two forms of identification (typically a password and a code sent to your phone).

Virtual Private Network (VPN)

An encrypted connection that allows secure remote access to your network.

Virus

Malicious code that attaches itself to files and spreads when those files are shared.

Vulnerability

A weakness in a system, application, or process that could be exploited by attackers.

Vulnerability Management

The ongoing process of identifying, evaluating, treating, and reporting on security vulnerabilities.

Vulnerability Scanning

Automated tools that check systems for known security weaknesses.

Web Application Firewall (WAF)

Security that filters, monitors, and blocks HTTP traffic to and from a web application.

Whaling

A phishing attack that specifically targets high-level executives (CEOs, CFOs).

Whitelist

Allowing only approved applications or users to access a system, blocking everything else by default.

Worm

Self-replicating malware that spreads across networks without human interaction.

Zero Trust

A security model that assumes no user or device should be trusted by default, requiring verification for everyone trying to access resources.

Zero-Day Vulnerability

A security flaw that's unknown to the software vendor and has no available patch, making it especially dangerous.

How to Use This Glossary

Bookmark this page or integrate these acronyms into your internal documentation. Understanding these terms can improve communication across teams and help with onboarding new staff or clients.

Consider creating flashcards from these acronyms for team training sessions, or include them in your security awareness program. Regular exposure to these terms will help staff become more comfortable with cybersecurity concepts.

Taking Action: Next Steps for Your Business

Knowledge of terminology is just the beginning. Here are practical steps to improve your cybersecurity posture:

  • Conduct a security assessment using these terms as a framework
  • Identify which security measures are most critical for your specific operations
  • Consider working with an MSSP if in-house expertise is limited
  • Implement at least basic protections like MFA and endpoint security
  • Develop an incident response plan before you need it

Real-World Impact

Our clients often reference this glossary during audits, tabletop exercises, and policy development. Having a shared understanding of terminology helps reduce confusion and ensures alignment across departments.

Staying informed about cybersecurity terminology helps your business maintain resilience against increasingly sophisticated attacks. While large corporations may have extensive security teams, small and midsize companies can achieve comparable protection by understanding and implementing these fundamental concepts.

Need Help with Cybersecurity Documentation?

Contact STACK Cybersecurity for assistance in building glossaries, policy templates, and training materials tailored to your business. We specialize in making complex cybersecurity concepts accessible and actionable.

Website: stackcyber.com
Email: info@stackcyber.com
Phone: (734) 744-5300

Cybersecurity Consultation

Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cybersecurity's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Explore our Risk Assessment