Cybersecurity Glossary

An Advanced Persistent Threat (APT) is a stealth cyberattack campaign where a hacker remains undetected inside a network to steal data for extended periods of time.

An attack surface is the sum of all possible malicious points of entry on a digital surface.

A cyber attack vector is a method of gaining unauthorized access to a private IT network. Cybercriminals exploit attack vectors to launch cyberattacks and inject malicious payloads.

The Bank Secrecy Act (BSA) aims to prevent financial institutions from laundering money.

Bill C-11 is a proposed cybersecurity law in Canada that mandates stricter customer data collection consent requirements.

A business continuity plan (BCP) outlines a set of preventive and recovery actions to be undertaken in the event of an incident.

Business email compromise (BEC) is a type of email scam where cybercriminals scam organizations through social engineering techniques. BEC is also referred to as email account compromise (EAC) or ‘man-in-the-email’ scamming.

A CASB (cloud access security broker) is a cloud security tool that enforces security policies between users in an organization and cloud services. CASBs are one of five major security functions in the increasingly popular SASE (Secure Access Service Edge) security model, alongside software-defined wide area network (SD-WAN), firewall-as-a-service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA).

Caches temporarily store data that hardware or software frequently access. As cached data is stored closer to a device, it enables faster load times and improved user experience.

CIFS (Common Internet File System) is a file-sharing protocol which enables local devices to access remote files and print services. The protocol is an unsecured dialect of SMB (Server Message Block), a communication protocol originally developed by IBM, with later versions developed by Microsoft.

Common Vulnerabilities and Exposures (CVEs) is a public catalog of known cybersecurity issues in software solutions.

Compliance management is the practice of submitting all policies and IT solutions to the cybersecurity regulations that apply to a particular industry.

A cyber attack is any unauthorized access to an IT network or digital devices for malicious purposes such as data theft, malware injection, or the initiation of additional attacks.

A cyber threat is any action or event that could result in an unwanted impact on IT infrastructures.

Cybersecurity is the practice of protecting sensitive data and IT networks from unauthorized access and cyber attacks.

A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a web server with fake internet traffic with the objective of forcing it offline.

A data breach is a critical security incident in which sensitive data is accessed without authorization or lost. These events are usually initiated by cybercriminals.

Data exfiltration is the malicious transfer of sensitive information from a compromised system to remote cybercriminal servers.

A data leak is an overlooked exposure of sensitive data usually occurring through a software vulnerability.

Digital risk involves all of the negative consequences resulting from digital transformation. Digital transformation is the process of scaling a business by increasing its dependency on digital solutions.

Digital risk management is the process of mitigating digital risk across all risk categories.

Endpoint detection and response (EDR), also known as endpoint threat detection, is a type of cybersecurity tool that identifies and mitigates cyber threats.

During an enumeration attack, hackers verify records stored in a web server using brute-force methods.

The Essential Eight is a cyber security posture maturity model by the Australian Cyber Security Center. The framework aims to help Australian businesses achieve the minimum baseline of cyber security recommended by the Australian government to defend against cyber threats.

FINRA is a U.S. organization that oversees the protection of brokerage customer data from compromise.

Fourth-party risk is risk brought on by your vendors’ vendors. An organization’s cybersecurity practices can become obsolete if its vendors do not have a robust third-party risk management (TPRM) program in place to manage fourth-party risk.

ISO/IEC 27001 is an international standard for improving the cyber resilience of information systems.

An Indicator of Attack is real-time evidence of a cyberattack taking place. IOAs indicate the intentions behind the attack and the likely techniques that will be implemented.

An intrusion detection system (IDS) identifies cyber attacks on a network or a host. Such attacks could include botnets, Distributed Denial of Service (DDoS), and ransomware.

Kerberos is an authentication protocol that uses secret-key cryptography to secure client-server communications.

A keylogger is a program that records every keystroke made by users. They are primarily used by cybercriminals to steal sensitive information like passwords and credit card numbers.

Malware is malicious software designed to compromise computer devices and IT networks.

Metasploit is a penetration testing framework, consisting of a number of tools used to test network security and discover system vulnerabilities.

The National Institute of Standards and Technology (NIST) is the United State's equivalent of the International Organization for Standardization (ISO).

OSFI self-assessments are security self-assessments by the Office of the Superintendent of Financial Institutions (OFSI).

Open source intelligence (OSINT) is data obtained from publically available sources which is analyzed and processed for intelligence purposes.

The Payment Card Industry Data Security Standards (PCI DSS) is a set of standards preventing credit card fraud and protecting credit card holders from personal data theft.

The Payment Services Directive (PSD 2) is a European directive for preventing monopolization in the banking sector.

Phishing is a type of social engineering attack that aims to steal sensitive data from individuals and organizations.

A proxy server acts as a middle man that forwards data requests from a user to the origin server.

Ransomware is a type of malware that encrypts computer systems to block user access until a set ransom is paid.

Australia’s Ransomware Action Plan outlines the Australian Government’s commitment to responding to the growing threat of ransomware attacks.

SASE (Security Access Service Edge), pronounced “sassy”, is an emerging cybersecurity concept that converges networking and security functionalities into a cloud-native architecture.

The SLACIP Act builds upon the SOCI ACT to further improve the cybersecurity of Australia's Critical Infrastructures.

The Sarbanes-Oxley (SOX) act of 2002 is a regulation that mandates financial practices to prevent fraud.

A security operations center (SOC) is a hub staffed by security personnel who continuously monitor an organization’s entire IT infrastructure. A SOC collects security event data from applications, security devices, data centers, cloud resources, and other systems via a Security Information Event Management (SIEM) system.

SMB (Server Message Block) is a Windows communication protocol that allows users to share files, access print services, and browse across a local area network (LAN). The protocol was first released by IBM in 1983 and Microsoft has since released many newer versions (or dialects), including the now-obsolete CIFS (Common Internet File System).

Social engineering is the practice of tricking victims into supplying private information that could facilitate unauthorized access to a network.

Spring4Shell is a a zero-day vulnerability in the Spring Core Java network

TTP hunting is a form of cyber threat hunting that analyzes the Tactics, Techniques, and Procedures (TTP) of cybercriminals.

The California Consumer Privacy Act of 2018 (CCPA) gives Californian consumers greater authority over how their personal data is collected and processed in California.

The General Data Protection Regulation (GDPR) is Europe’s mandatory regulation for protecting the personal data of its citizens.

The Gramm–Leach–Bliley Act (GLBA) is a U.S law that mandates the disclosure of customer data collection practices for organizations selling financial products and/or services.

Threat intelligence is information gathered by information security teams that is used to identify an organization’s cyber threats and mitigate the impact of any cyber attacks. Ongoing challenges across the cybersecurity landscape, like costly data breaches and increasing advanced persistent threats (APTs), are highlighting the importance of threat intelligence.

The UK-GDPR is the United Kingdom’s version of the European GDPR, created after Brexit.

A vendor risk management (VRM) program documents the processes and procedures an organization needs to implement an effective third-party risk management policy.

Vendor tiering is the process of categorizing third-party vendors by the level of security risk they introduce to an ecosystem.

A web shell attack is the process of injecting an infected script into a web server so that malicious commands can be issued to the compromised server from a web browser.