An Explanation of Cybersecurity Terms: A-Z

Cybersecurity is the study and practice of protecting technological infrastructure and information. Cybersecurity also protects physical systems, information, and money from being interfered with or stolen by cybercriminals. 

Cybersecurity is in virtually every industry and company in the public and private sectors.

Which jobs need to know about cybersecurity?

Jobs that deal with cybersecurity concepts include cybersecurity analyst, software developer, cybersecurity consultant, network engineer, systems engineer, and cybersecurity administrator. However, anyone with a background in data, business, or finance should have basic cybersecurity knowledge because many business operations work tangentially with tech, data, and cybersecurity professionals.

Read more: What Is Cybersecurity and What Career Opportunities Does It Offer?

Common cybersecurity terms you should know.

If you’re interested in a career in cybersecurity or just the field in general, you should understand these key cybersecurity terms.

Adware

Adware is malware that downloads to your device and serves you advertisements. Adware can also track your online activity and serve ads related to your browsing. The ads appear as desktop pop-ups, which can be annoying and may slow down your device.

Anti-virus (anti-malware)

An anti-virus program detects viruses and potential malware and prevents them from affecting your device or deletes them if they’re already present. This software can also warn you when you’re on an unsecured network or website or are downloading a malicious file.

Botnet

A botnet is a robot network that’s a group of infected computers working together to attack other devices and recruit more devices into its network. A “bot herder,” the attacker using this network of machines to launch an attack, controls this network.

Bug

A bug is an unintended software or hardware problem. These can be minor problems or error screens that don’t necessarily compromise a system. However, it can also be more significant and render a system inoperable.

Click fraud

Scammers generate money using fake clicks. They will sometimes hire people and pay them to click on ads from several devices to earn affiliate or advertising cash for an app install or website visit.

Cloud computing

Cloud computing is when various computing resources, such as tools, applications, servers, data storage, software, and more, are delivered via the internet instead of being held on-site.

Cyber espionage

Cyber espionage uses computer networks to find sensitive information or spy on someone. The government and some executive organizations use this tactic against enemies or criminals.

Dark web

The dark web or darknet is a part of the World Wide Web only accessible through special software or tools. This keeps its users and visitors hidden because they often exchange illegal and stolen information, such as people’s personally identifiable information. This information can include Social Security numbers, phone numbers, and credit card numbers.

Decrypt

Decrypt means to convert encrypted or coded data back into its original form or message so a human can understand it.

Distributed denial of service (DDoS) attack

A DDoS attack is when a cybercriminal floods a server with traffic to prevent users from accessing the site, network, or system.

Defense-in-depth

Defense-in-depth is the concept of stacking several layers of security so backup protection is available if one fails.

Detection deficit

A detection deficit is a gap between the time an attack occurs and the time you discover it happened. This term refers to the severity of attacks and how long they can do damage without being discovered.

End-to-end encryption

End-to-end encryption is a communication process that prevents other parties from accessing data sent between two agents. The only people who can view the data are the sender and the recipient. No one else can view the data, even the server the data went through.

Evil twin

An evil twin is when an attacker uses a fraudulent Wi-Fi access point disguised as a legitimate one by mimicking the legitimate Wi-Fi’s network name and settings. Connecting to this network allows the attacker to eavesdrop and steal sensitive data.

Firewall

A firewall is a part of a computer system or network that blocks unauthorized internet or network access while maintaining connectivity. The firewall filters incoming and outgoing traffic based on an organization’s internet policies.

File transfer protocol (FTP)

FTP refers to a group of policies that regulate how computers exchange files securely.

Gateway

A gateway is a middleman between different networks or software that converts information from one format to another. A Wi-Fi router may be a gateway between your computer and your internet service provider’s network.

Guessing entropy

The guessing entropy measures how difficult it would be for a cybercriminal to guess a password.

Hacker

A hacker tries to access data they aren’t authorized to view. Hackers can be cyber criminals, also known as black hat hackers, or cybersecurity professionals attempting to secure a system by exposing its vulnerabilities, which are called white hat hackers.

Hashing

Hashing is an encryption process using algorithms to create a string of characters of a fixed length to describe the content of the hash as a way to verify the content being shared or checked.

Identity theft

Identity theft is when a criminal takes a person’s identifying information and uses it without permission. 

Intrusion detection system (IDS)

An IDS detects vulnerabilities and attacks on a system. Expanded IDS systems go one step further by also blocking threats.

IP spoofing

IP spoofing is when a cybercriminal disguises the actual source of IP packets, making it hard to determine their origin. These IP packets can masquerade as a different computer or hide the sender’s identity. Hackers often use this tactic for DDoS and main-the-middle attacks.

Intrusion prevention system (IPS)

An IPS is a network security tool that monitors a network for suspicious activity. It then reports, blocks, or drops the activity to prevent harm.

Keylogger

A keylogger records every keystroke a user makes on a computer. A cybercriminal will typically use this information to collect usernames and passwords or other sensitive information.

Link jacking

This is when an attacker tricks a user into clicking a benign link, like an image or a trusted logo, but it sends the user to a malicious website.

Macro virus

A macro virus is a computer virus written in the same macro language as Microsoft Word or Excel. Hackers design it to attack software applications, which are independent, meaning it can infect computers running any operating system.

Malware

Malware is software designed specifically to damage or gain unauthorized access to a system.

Mobile banking trojan

A mobile banking trojan is a trojan-style virus aimed at android users to steal banking information.

Network resilience

Network resilience is how easily a network can resist disruption and recover from a cyberattack. A network also can scale when met with rapid or unpredictable demand.

One-way encryption

This is when one-way encryption is applied to a string before storing it on the disk. With this kind of encryption, it should be impossible to decrypt the data.

Open Wi-Fi

This is a Wi-Fi network with no security protocols running on it. You can connect to it freely, but a hacker can also connect and potentially steal data.

Open Web Application Security Project (OWASP)

OWASP is a nonprofit organization focused on improving software security.

Password sniffing

Password sniffing is when a hacker observes and passively records network traffic and uses special software to steal usernames and passwords.

Pharming

Pharming is when hackers create a fraudulent website with malicious code designed to steal login credentials and other sensitive data.

Phishing

Phishing is sending emails to get people to click on fraudulent links that steal data or reveal sensitive information.

Ransomware

Ransomware is malicious software that blocks users' access to their computers or network until they pay a ransom.

Reverse engineering

Reverse engineering is dismantling software or hardware to see how it works.

Rootkit

A rootkit is a set of software tools that give users access to another machine without being detected.

Script kiddie

A script kiddie is someone who lacks programming knowledge and uses already existing software to launch attacks.

Spoof (Spoofing)

Spoofing is when cybercriminals disguise their identity as a trusted source to exploit an unassuming user. Posing as a legitimate website to steal usernames and passwords or using a fake email address to seem legitimate are examples of spoofing.

Social engineering

Social engineering is when a hacker gains a person's trust, then exploits this trust to gain access to data or systems. An example would be posing as an organization's IT team member to access the network’s username and password.

Trojan horse

A Trojan horse program poses as legitimate software which gets through a computer system’s security measures. This program is often malware that activates after it bypasses security measures.

Two-step authentication or two-factor authentication

This is when users must use two authentication methods to log into a system, preventing attackers from gaining access just using one exploited password. For example, you must still enter a code from an authenticator app after entering your password to log into a system.

Vishing

This is the practice of making phone calls or leaving messages to get a user to reveal personal information.

Zero-day

This term describes recently discovered exploits, suggesting the company has just realized the exploit exists and has zero days to fix it. 

Zombie computer

A zombie computer is one that a worm, virus, or other malware has captured.

How can you learn more about cybersecurity? 

Many cybersecurity courses, including introductory classes from leading universities and cybersecurity courses for business or finance, are available on Coursera. You can also find many boot camps and free instructional videos on the web to help you learn about cybersecurity.

You can find many resources online, so don’t be intimidated to dive into anything that interests you. Setting some time aside daily to catch up on industry practices can help you learn a lot over time.

spezialisierung

Introduction to Cyber Security

Cybersicherheit. An introduction to modern information and system protection technology and methods.

4.7

(2,624 Bewertungen)

45,485 bereits angemeldet

Stufe BEGINNER

Mehr erfahren

Durchschnittliche Zeit: 4 Monat(e)

In Ihrem eigenen Lerntempo lernen

Kompetenzen, die Sie erwerben:

Cryptography, Cybersecurity, Risk Assessment, Cyber Defense, Cyber Attacks, Information Security (INFOSEC), Denial-Of-Service Attack (DOS), Public-Key Cryptography

spezialisierung

Cybersecurity for Business

Discover the practical side of computer security. Identify what threatens your business and master how to practically defend against those threats.

4.7

(1,023 Bewertungen)

24,530 bereits angemeldet

Stufe BEGINNER

Mehr erfahren

Durchschnittliche Zeit: 5 Monat(e)

In Ihrem eigenen Lerntempo lernen

Kompetenzen, die Sie erwerben:

Cybersecurity, Information Security (INFOSEC), Risk Assessment, Attack Surface

Attend a college or university.

Information technology (IT) majors study computer science, business, and communications. They can also specialize in web development, software engineering, or networking as they make their way through the degree program. Other degree programs include cybersecurity, computer science, or computer engineering.

Regardless of specialization, any degree programs listed above will cover all the basics needed to pursue a wide range of technology careers, including cybersecurity.

Should I get a master’s degree in cybersecurity?

Nearly a quarter of cybersecurity job listings require a graduate degree, so earning one can open up new opportunities in your career [1]. Some universities offer master’s degrees in cybersecurity. Others, like the Online Master of Computer Science from Arizona State University, offer the option to concentrate in cybersecurity.  

Read more: Cybersecurity Degrees and Alternatives: Your 2023 Guide

Professional certificates

Certifications for cloud computing, database management, penetration testing, and cybersecurity are all highly valued and sought-after certifications in the industry. A professional certificate is a great way to supplement your resume and demonstrate expertise in a particular skill set, making you more valuable to employers.

Cybersecurity certifications

Certifications can help you get ahead in cybersecurity, and you can choose from a long list. Some popular options include: 

• Certified Ethical Hacker (CEH)

• Certified Information Security Manager (CISM)

• CompTIA Security+

• Certified Information Systems Auditor

Read more: 10 Popular Cybersecurity Certifications [2023 Updated]

Other resources

You can access a wide range of technology courses, classes, and workshops from top industry competitors, institutions, and universities available on Coursera. Some top options for beginners include the University of Maryland’s Cybersecurity for Everyone and IBM’s IT Fundamentals for Cybersecurity. For those looking to advance their career, more in-depth courses like Arizona State’s Cybersecurity Mastertrack Certificate can help you move up. 

Cybersecurity MasterTrack® Certificate

Arizona State University

MasterTrack® Zertifikat

Mehr erfahren