Cybersecurity Terms: A to Z Glossary

Cybersecurity is a branch of technology that focuses on protecting information and devices from malicious characters. Cybersecurity professionals use their technological skills to assess systems, patch weaknesses, and build systems that are secure against harm and theft.

You can use the terms in this cybersecurity glossary to familiarize yourself with essential terminology. Whether you’re preparing to earn a cybersecurity certification or interview for a new role, studying these cybersecurity terms and acronyms can help you feel more confident and ready.

Cybersecurity terms

Study key cybersecurity terms and definitions in the glossary below. 

Adware

Adware is a type of malware. It downloads to your device and displays advertisements based on your online activity or browsing history. Adware can appear as intrusive interstitials (pop-ups) and may slow down your device. 

Advanced Persistent Threat (APT)

An advanced persistent threat, or APT, is a cybersecurity threat that establishes a long-term, unauthorized presence on a network or in a computer system. APTs pursue their objectives repeatedly and through multiple types of cyberattacks. 

Antivirus

Antivirus software is sometimes referred to as anti-malware. It is a program used to prevent, identify, and remove viruses and other malicious software from your computer. Examples of commonly used antivirus software include Norton and McAfee. 

Attack vector

The term attack vector can be used to describe any technique a hacker uses to gain access to or harm a system.

Authentication (or user authentication)

Authentication is an identity verification process. It is used to verify the identity of users, devices, and other entities within a computer system. 

Botnet

A botnet is a network of private computers infected with malicious software. A botnet may be controlled without the owner's knowledge or used to send spam messages. 

Bug

A bug is an unintended software or hardware problem. These can be minor problems or error screens that don’t necessarily compromise a system. However, it can also be more significant and render a system inoperable.

Business continuity plan (BCP) or business continuity

Business continuity refers to an organization’s ability to continue with essential functions during a disruption (like a cyberattack or natural disaster). A business continuity plan or BCP is the protocol and processes an organization follows to ensure that operations continue with as little disruption as possible. 

Click fraud

Scammers generate money using fake clicks. They will sometimes hire people and pay them to click on ads from several devices to earn affiliate or advertising cash for an app install or website visit.

Cloud computing

Cloud computing refers to the delivery of computing and IT resources through the internet. Examples of these resources include data storage, servers, and development tools. Users and organizations typically pay a monthly fee to access these resources based on their specific cloud computing service needs and how frequently they will be used.

Cryptography

Cryptography is the practice of securing information and communication through writing and solving codes. It ensures that information is only readable to the party intended to read it. A cryptographer is responsible for converting plain data into an encrypted format.

Cyberattacks

Cyberattacks refer to attempts by hackers to cause harm, destroy, or access sensitive information in a computer system. 

Cyber espionage

Cyber espionage is the use of computer networks to gain unauthorized access to sensitive information. Purposes may include spying, economic gain, or political motivation. Cyber espionage typically involves data held by a government or an executive organization. 

Dark web 

The dark web or darknet is a part of the World Wide Web only accessible through special software or tools. This keeps its users and visitors hidden because they often exchange illegal and stolen information, such as people’s personally identifiable information. This information may include Social Security numbers, phone numbers, and credit card numbers.

Decryption

Decryption is the process of converting coded or encrypted data to its original form. Decryption allows information to be understood without an encryption key. 

Defense-in-depth

Defense-in-depth is the concept of stacking several layers of security, so backup protection is available if one fails.

Detection deficit

A detection deficit is a gap between the time an attack occurs and the time it is discovered. This term refers to the severity of attacks and how long they can cause harm undetected.

Distributed denial of service (DDoS) attack

DDoS, or distributed denial of service, occurs when a cybercriminal floods a server with traffic to prevent users from accessing a network, site, or system.

Domain

In cybersecurity terms, a domain is a group of connected computers. They typically share account information and security policies. A domain controller handles relevant administrative tasks. 

Encryption

Encryption is the process of converting information into a code to prevent unauthorized access. This practice helps hide sensitive information from those it is not intended for. 

Endpoint

In cybersecurity, an endpoint is a physical device connected to a computer network. Examples of endpoint devices include mobile devices, desktop computers, and embedded systems. 

Endpoint detection and response (EDR) or endpoint threat detection and response (ETDR)

These cybersecurity acronyms are used to describe a solution that continuously monitors and mitigates potential threats in endpoint devices. 

Ethical Hacking (white hat)

Ethical hacking is sometimes referred to as white hat hacking. It describes authorized hacking that is meant to simulate malicious hacking. Ethical hacking helps organizations identify vulnerabilities in their cybersecurity systems, protocols, and processes. 

Evil twin

In cybersecurity terms, an evil twin refers to a fraudulent Wi-Fi access point (AP). An evil twin attack occurs when someone disguises a fraudulent Wi-Fi AP as legitimate by mimicking a legitimate Wi-Fi’s network name and settings. Connecting to this network allows the attacker to eavesdrop and steal sensitive data.

Firewall 

A firewall is a network security device. It creates a barrier between a trusted network and an untrustworthy network. For example, a firewall can restrict internet traffic from accessing your private network. It acts like a gatekeeper, controlling incoming and outgoing traffic according to a predetermined set of security rules.

File transfer protocol (FTP)

File transfer protocol or FTP refers to the policies organizations implement to regulate and secure file exchange. 

Gateway

A gateway is an intersection where networks with different transmission protocols meet. Gateways serve as the entry and exit points for all data, converting information from one format to another. For example, A Wi-Fi router is a gateway between your computer and your internet service provider’s network. 

Read more: Information Technology Terms: A to Z Glossary

Guessing entropy

Guessing entropy is a measurement of difficulty. It is used to determine how many tries a hacker may need to guess a password or some other unknown variable. 

Hacker

A hacker is someone who tries to access data they aren’t authorized to view. Hackers can be cybercriminals (black hat hackers) or cybersecurity professionals attempting to secure a system by exposing its vulnerabilities (white hat hackers).

Identity theft

Identity theft occurs when someone gains unauthorized access to personal, identifying information and uses it maliciously. Someone committing identity theft may use the victim’s information to open new accounts, steal money, and damage their credit. 

Information security (InfoSec)

InfoSec stands for information security. It refers to a subcategory of cybersecurity that focuses on the practices, systems, and processes used to protect sensitive information.

Internet of things (IoT)

The Internet of Things, or IoT, is a network of physical devices. These devices can transfer data to one another without human intervention. IoT devices are not limited to computers or machinery. The Internet of Things can include anything with a sensor assigned a unique identifier (UID).

Intrusion detection system (IDS)

An intrusion detection system or IDS is a monitoring device or software. It detects vulnerabilities, policy violations, and malicious activity in a system. An expanded IDS blocks threats in addition to identifying them. 

IP address

An internet protocol address, or IP address, is a string of numbers associated with a computer. IP addresses are used to identify each computer using the internet through a network. 

IP packet

An IP packet is sometimes referred to as a network packet. It is a unit of data that contains the information needed to transmit data between devices over a network. Similar to the way a postal envelope works, an IP packet contains information about where the data comes from, where it’s going, and other information that may help route it. 

IP spoofing

IP spoofing refers to disguising the source of IP packets, making it difficult to determine their origin. These IP packets can masquerade as a different computer or hide the sender’s identity. Hackers often use this tactic for DDoS attacks.

Malware

Malware is short for malicious software. Malware attacks are the most common form of cyberattack among businesses and organizations. It is designed to disrupt computer systems like mobile devices.

Malicious code

Malicious code is code that was designed to cause harm, create vulnerabilities, or otherwise threaten the security of a system. 

Operating system

An operating system (OS) is system software that manages a computer’s resources and processes. They are also responsible for your computer’s ability to run and execute programs. Operating systems enable you to communicate with your computer without needing to speak your computer’s language. 

Penetration testing

Penetration testers, or pen testers for short, perform simulated cyberattacks on a company’s computer systems and networks. These authorized tests help identify security vulnerabilities and weaknesses before malicious hackers have the chance to exploit them.

Phishing

Phishing is a form of fraud that involves contacting victims through email, telephone, or text to trick them into sharing personal information. Typically, phishing scams aim to persuade victims to transfer money, reveal financial information, or share system credentials. 

Programming

Programming refers to a technological process for telling a computer which tasks to perform in order to solve problems. You can think of programming as a collaboration between humans and computers, in which humans create instructions for a computer to follow (code) in a language computers can understand.

Ransomware

Ransomware is a form of malware. It is designed to block users from accessing a computer system until a sum of money has been paid. 

Rootkit

A rootkit is a set of software tools that give users access to another machine without being detected.

Security engineering

Security engineering is the practice of designing and implementing core security measures in an information system. Security engineers build systems used to protect computer systems and networks and track incidents.

Social engineering

Social engineering occurs when a hacker gains a person's trust, then exploits this trust to gain access to data or systems. For example, a malicious character may pretend to be an organization's IT team member to access the network’s username and password.

Spoof (or spoofing)

Spoofing is when cybercriminals disguise their identity as a trusted source to exploit an unassuming user. For example, someone may pose as a legitimate website to steal usernames and passwords or use a fake email address to appear legitimate.

Threat assessment

In cybersecurity terms, a threat assessment refers to an evaluation of the risks and potential threats to an organization.  

Two-factor authentication (or multi-factor authentication)

This term describes the use of two authentication methods to log into a system. Two-factor authentication prevents attackers from gaining access with just one exploited password. For example, you may still need to enter a code from an authenticator app after entering your password to log in.

Virus

A virus is a malicious program that infects computers without user knowledge or permission. Viruses have the ability to replicate themselves to spread to other computers. 

Virtual private network (VPN)

A virtual private network or VPN is an encrypted internet connection. VPN services aim to provide a secure, private network connection for safe data transmission from network devices.

Vulnerability

A vulnerability, in cybersecurity terms, refers to a weak point or flaw. Security vulnerabilities can arise in security procedures or processes or in a computer system or design.

Zero-day

This cybersecurity term describes recently discovered exploits, suggesting the company has just realized the exploit exists and has zero days to fix it.

Take the next step in your cybersecurity career with Coursera 

You can learn in-demand cybersecurity skills on your own time from industry leaders in technology with the Microsoft Cybersecurity Analyst Professional Certificate or the IT Fundamentals for Cybersecurity Specialization from IBM and get qualified for one of the many open jobs in cybersecurity.