Cyber Dictionary

Authentication that requires two distinct verification factors before granting access.

Symmetric block cipher that applies DES three times to each data block; now considered legacy.

Authorisation model that grants access based on attributes of the user, resource, and environment.

Microsoft's directory service for managing identities, devices, and policies in Windows networks.

Symmetric block cipher standardised by NIST and used worldwide for protecting sensitive data.

Hypothetical AI that can perform any cognitive task a human can.

Computer systems that perform tasks normally requiring human intelligence.

Vendor category for detecting and responding to threats targeting AI systems and agents.

Continuous discovery, assessment, and prioritisation of risk across an organisation's AI footprint.

Regulatory regime requiring institutions to detect and report suspicious financial transactions.

A defined contract that lets software systems exchange data and invoke functions.

A sophisticated, often state-sponsored adversary that maintains long-term unauthorised access to a target.

Protocol that maps IP addresses to MAC addresses on a local network.

Practice of continuously discovering, inventorying, and reducing an organisation's exposed assets.

Documented strategy for keeping critical operations running during disruptions.

Targeted fraud where attackers impersonate executives or vendors to redirect payments or data.

Routing protocol that exchanges path information between autonomous systems on the internet.

Process of identifying and quantifying the impact of disruptions on critical business functions.

Firmware that initialises hardware during boot before handing off to the operating system.

Policy that lets employees use personal devices for work, requiring extra access and data controls.

Infrastructure attackers use to direct compromised systems, often via covert channels.

Entity that issues and vouches for digital certificates used to verify identities online.

Discipline that gives security teams a unified inventory of internal and external cyber assets.

Control point between users and cloud services that enforces policy on data, access, and risk.

California state law granting consumers rights over how businesses collect and sell their data.

Coordinating body that handles cybersecurity incidents at national or organisational level.

Practice of automatically building, testing, and shipping code changes throughout the day.

Discipline that governs who and what has which permissions across multi-cloud environments.

Executive responsible for the organisation's IT strategy and operations.

Non-profit that publishes the CIS Controls and CIS Benchmarks used as security baselines.

U.S. federal agency responsible for protecting critical infrastructure and coordinating cyber response.

Executive accountable for the organisation's information security programme.

U.S. Department of Defense framework that certifies contractors against tiered security controls.

Integrated platform combining CSPM, CWPP, CIEM, and code scanning for cloud-native applications.

Ready-made commercial software or hardware procured rather than custom-built.

Structured naming scheme for IT products and platforms used in vulnerability data.

Team within an organisation that detects, responds to, and recovers from cyber incidents.

Tooling that continuously assesses cloud configurations against security and compliance baselines.

Web attack that tricks an authenticated user's browser into performing unwanted actions on a trusted site.

Evidence-based knowledge about threats and adversaries used to inform defensive decisions.

Executive responsible for the organisation's technology direction and engineering.

Global identifier system for publicly disclosed software and hardware vulnerabilities.

Open framework for assigning numeric severity scores to security vulnerabilities.

Community-driven catalogue of software and hardware weakness types underlying CVEs.

Security platform that protects VMs, containers, and serverless workloads at runtime.

Black-box testing that probes a running application for vulnerabilities from the outside.

Control architecture for industrial processes where controllers are spread across the plant.

Attack that overwhelms a target with traffic from many distributed sources.

Legacy symmetric block cipher, now considered insecure and superseded by AES.

Practice that unites software development and IT operations to shorten delivery cycles.

Extension of DevOps that embeds security into every stage of the delivery pipeline.

Protocol that automatically assigns IP addresses and network settings to devices on a network.

Email authentication standard that cryptographically signs outgoing messages to prove sender identity.

Controls that detect and block unauthorised movement of sensitive data.

Email policy and reporting standard that builds on SPF and DKIM to combat spoofing.

Hierarchical naming system that translates human-readable domain names into IP addresses.

Cryptographic extensions to DNS that authenticate the origin and integrity of DNS records.

Protocol that performs DNS resolution over an encrypted HTTPS connection.

EU regulation that mandates operational resilience requirements for financial entities and their ICT providers.

Attack that disrupts a service's availability for its intended users.

Protocol that performs DNS resolution over a TLS-encrypted connection on a dedicated port.

Role required by GDPR to oversee data protection strategy and compliance.

Technologies that control how digital content can be accessed, copied, or distributed.

Documented procedures for recovering IT systems and data after a disruptive event.

Encryption scheme where only the communicating endpoints can read the message content.

Continuous discovery and assessment of internet-exposed assets visible to an attacker.

Public-key cryptography based on elliptic curves, offering strong security with smaller keys.

Security tooling that records endpoint activity and supports detection, investigation, and response.

AWS managed Kubernetes service that runs the control plane on the customer's behalf.

Combined approach to managing devices, applications, and content on the corporate mobile fleet.

EU agency that promotes a high common level of cybersecurity across member states.

Data-driven model that estimates the probability a vulnerability will be exploited in the wild.

Holistic approach to identifying, assessing, and managing risks across the whole organisation.

Cloud execution model where the provider runs individual functions on demand without managing servers.

U.S. government programme that standardises security authorisation for cloud services.

U.S. law requiring federal agencies to develop and maintain information security programmes.

Legacy protocol for transferring files between client and server, considered insecure without TLS.

AI systems that produce new content such as text, images, or code from learned patterns.

EU regulation governing how personal data of individuals in the EU/EEA must be processed.

Google Cloud's managed Kubernetes service for running containerised workloads.

Integrated discipline that aligns governance, risk management, and regulatory compliance.

Software that monitors a single host for signs of intrusion or anomalous activity.

U.S. law setting standards for the privacy and security of protected health information.

Cryptographic construct that uses a hash function and secret key to authenticate messages.

Algorithm that generates one-time passwords from a shared secret and an incrementing counter.

Tamper-resistant device that generates, stores, and uses cryptographic keys.

Application protocol used to request and deliver resources on the web.

HTTP transported over TLS to provide confidentiality and integrity for web traffic.

Intelligence collected from human sources through interviews, recruitment, or observation.

Cloud model where the provider supplies virtualised compute, storage, and networking on demand.

Managing and provisioning infrastructure through machine-readable definition files.

Discipline and tooling that controls who can access which resources under which conditions.

Hybrid testing that observes application behaviour from inside while exercising it from outside.

Network protocol used for diagnostics and error reporting between IP devices, such as ping.

Hardware and software systems that monitor and control industrial processes.

System that monitors traffic or hosts and alerts on signs of malicious activity.

International standards organisation for electrical, electronic, and related technologies.

Application of IoT in industrial settings such as manufacturing, energy, and logistics.

Protocol for retrieving and managing email messages stored on a mail server.

Behavioural signal that reveals adversary actions, regardless of whether known malware is involved.

Forensic artefact (hash, IP, domain) suggesting a system has been compromised.

Network of physical objects embedded with sensors, software, and connectivity.

Network-layer protocol that addresses and routes packets across the internet.

Inline security control that detects and actively blocks malicious traffic or behaviour.

Coordinated process for handling cybersecurity incidents from detection through recovery and lessons learned.

Approach that unifies risk processes across the enterprise into a single view.

Body that develops international standards including the ISO/IEC 27000 information security series.

Microsoft model that limits administrators to the minimum capabilities needed for a task.

Pattern that grants elevated privileges only for a limited window when needed.

Open-source platform for orchestrating containerised applications across a cluster of machines.

Algorithm that derives one or more cryptographic keys from a secret value such as a password.

CISA-maintained catalogue of vulnerabilities that have been observed exploited in attacks.

Service that creates, stores, rotates, and controls access to cryptographic keys.

Tooling that assesses Kubernetes clusters against security and compliance baselines.

Regulatory process for verifying customer identity to prevent fraud and money laundering.

Network that connects devices within a limited geographic area such as an office or building.

Protocol for accessing and maintaining distributed directory services over IP networks.

Vulnerability that lets attackers include arbitrary local files through an application input.

Neural network trained on vast text corpora and used for tasks like generation and reasoning.

Practices for deploying, monitoring, and governing LLMs in production.

Cryptographically broken hash function, retained only for checksums and legacy use.

Tooling that configures, secures, and monitors mobile devices used by an organisation.

Outsourced security service combining technology, analysts, and processes for 24/7 detection and response.

Authentication requiring two or more independent factors before access is granted.

Attack where the adversary secretly intercepts and possibly alters communication between two parties.

AI subfield where systems learn patterns from data rather than being explicitly programmed.

TLS configuration where both client and server present and verify certificates.

Average time between an incident occurring and being detected by the security team.

Average time between detecting an incident and starting effective response actions.

Solution that authenticates devices and enforces policy before granting network access.

Technique that maps multiple internal IP addresses to one or more public addresses.

Security tooling that analyses network traffic to detect, investigate, and respond to threats.

Firewall that combines stateful inspection with application awareness, IPS, and threat intelligence.

IDS that monitors network traffic at one or more points rather than on each host.

EU directive expanding cybersecurity obligations for essential and important entities.

U.S. agency that publishes widely used cybersecurity standards including the NIST CSF and SP 800 series.

Field of AI focused on understanding and generating human language.

Open standard that lets users grant scoped access to their data without sharing credentials.

Identity layer on top of OAuth 2.0 that lets clients verify a user's identity via an identity provider.

Intelligence collected from publicly available sources such as websites, news, and social media.

Hardware and software that monitors and controls physical devices and industrial processes.

Password valid for only one login session or transaction.

Discipline and tooling for securing, controlling, and monitoring privileged accounts and sessions.

Security standard for organisations that store, process, or transmit cardholder data.

Cryptographic system widely used for encrypting and signing emails and files.

Individually identifiable health data protected under regulations such as HIPAA.

Any data that can be used to identify a specific individual.

Capability for managing, activating, and auditing privileged roles, often time-bound.

Framework of certificates, keys, and authorities that enables trusted use of public-key cryptography.

Industrial digital controller used to automate processes such as machinery and assembly lines.

Legacy protocol for downloading email from a server to a client, typically deleting on download.

Technique where an LLM retrieves external context and uses it to ground its generated response.

Security technology embedded in the application that detects and blocks attacks at runtime.

Malware that gives an attacker covert remote control over an infected device.

Access model where permissions are assigned to roles, and users gain permissions through role membership.

Vulnerability or attack class that lets an adversary run arbitrary code on a target system.

Vulnerability that lets an attacker include and execute remote files via an application input.

Maximum acceptable amount of data, measured in time, that may be lost in a disruption.

Public-key cryptosystem widely used for secure data transmission and digital signatures.

Maximum acceptable time to restore a service after a disruption.

Cloud delivery model where the provider hosts the application and customers access it over the network.

XML-based standard for exchanging authentication and authorisation data between parties.

Architecture combining networking and network security into a unified cloud-delivered service.

White-box testing that analyses source code or binaries for vulnerabilities without running them.

Machine-readable inventory of components and dependencies that make up a piece of software.

Practice of identifying and assessing open-source components and their known vulnerabilities.

Industrial control system that supervises and collects data from distributed equipment.

Network architecture that uses software to dynamically route WAN traffic across multiple links.

Structured process covering planning, building, testing, releasing, and maintaining software.

File transfer protocol that runs over SSH, providing authentication and encryption.

Family of cryptographic hash functions published by NIST, with SHA-2 and SHA-3 in current use.

Platform that aggregates, correlates, and analyses log data from across the enterprise for security use.

Intelligence gathered by intercepting electronic signals and communications.

Standard protocol used to send email between servers across the internet.

Platform that automates and orchestrates security workflows across tools and teams.

Team and facility responsible for continuously monitoring and defending an organisation's security.

AICPA audit framework that reports on a service provider's controls around security, availability, and privacy.

U.S. law setting requirements for financial reporting and related internal controls in public companies.

Email authentication that lets domains list authorised sending servers to combat spoofing.

Attack where untrusted input is inserted into SQL queries to manipulate database operations.

Cloud-delivered security stack — typically SWG, CASB, and ZTNA — without the networking pieces of SASE.

Protocol that provides encrypted remote login and tunneling over an untrusted network.

Deprecated predecessor of TLS, still loosely referenced when people say 'SSL certificate'.

Authentication scheme that lets a user access multiple systems with one set of credentials.

Vulnerability that lets an attacker coerce a server into making requests on the attacker's behalf.

Standardised language for representing cyber threat intelligence.

Web proxy that enforces policy, filters URLs, and blocks malicious or unwanted web traffic.

Protocol for sharing cyber threat intelligence, typically used with STIX.

Connection-oriented transport protocol that guarantees ordered, reliable byte streams.

Development practice where tests are written before the production code they validate.

Isolated processing environment that protects code and data from the rest of the system.

Information about adversaries, tools, and techniques used to inform defensive decisions.

System that aggregates, normalises, and operationalises threat intelligence feeds.

Set of designations (red, amber, green, white) used to control sharing of sensitive information.

Cryptographic protocol that provides confidentiality, integrity, and authentication for network traffic.

Algorithm that generates one-time passwords from a shared secret and the current time.

Hardware chip that provides secure key storage and cryptographic functions for the host system.

Programme for identifying and managing risk introduced by suppliers and partners.

Behavioural patterns used by threat actors, often catalogued via the MITRE ATT&CK framework.

Analytical approach that profiles normal user behaviour and surfaces deviations.

Connectionless transport protocol that prioritises speed and low overhead over reliability.

UBA extended to also profile non-human entities such as service accounts, hosts, and devices.

Modern firmware standard that replaces BIOS and brings features like secure boot.

Single platform for managing PCs, mobile devices, and other endpoints under one policy framework.

Outsourced CISO function delivered on a fractional or interim basis.

Machine-readable advisory that states whether a product is actually affected by a given CVE.

Logical network segmentation within a switched physical network.

Encrypted tunnel that extends a private network across an untrusted one, such as the internet.

Tenable's risk score that combines CVSS, exploit data, and threat context to prioritise vulnerabilities.

Process for assessing and monitoring risk arising from suppliers and service providers.

Inline filter that inspects HTTP traffic to block attacks targeting web applications.

Network that spans a large geographic area, typically connecting multiple LANs.

Obsolete and broken Wi-Fi encryption standard, fully replaced by WPA and successors.

Family of Wi-Fi security protocols replacing WEP, with WPA2 and WPA3 in current use.

Security platform that correlates telemetry across endpoints, identity, cloud, and network for unified detection and response.

Web vulnerability that lets attackers inject and execute scripts in another user's browser.

Pattern-matching tool widely used to write rules that identify malware and other artefacts.

Security model that assumes no implicit trust and verifies every access request based on identity and context.

Access model that grants application-specific access based on identity and context rather than network location.