#

3-DES: 3-DES (Triple Data Encryption Standard) is a symmetric-key block cipher that applies the DES algorithm three times on the plaintext. It uses a 56-bit key, resulting in a 168-bit key length.

A

Advanced Encryption Standard (AES): AES is a widely used symmetric-key encryption algorithm that was selected by the National Institute of Standards and Technology (NIST) in 2001 to replace the Data Encryption Standard (DES). It uses variable-length keys and operates on fixed-size blocks of data, providing strong encryption security.

Advanced Persistent Threat (APT): APT is a type of cyber attack that targets specific organizations or individuals to gain unauthorized access to sensitive information or disrupt operations. APTs are typically carried out by skilled and persistent attackers who use advanced techniques to evade detection and maintain long-term access to the target system.

Advanced Threat Protection (ATP): ATP refers to a set of security solutions that leverage advanced technologies such as artificial intelligence and machine learning to detect and respond to advanced threats such as APTs, zero-day exploits, and other targeted attacks.

Adware: Adware is a type of software that displays unwanted advertisements to the user, often in the form of pop-up windows or banners. Adware may be installed on a user’s device without their knowledge or consent and can negatively impact system performance.

Algorithm: An algorithm is a set of rules or procedures that define how a problem is solved or a task is performed. In the context of cybersecurity and cryptography, algorithms are used to encrypt and decrypt data, generate keys, and perform other security-related functions.

Allowlist: An allowlist is a list of trusted entities or applications that are permitted to access a particular resource or perform a specific action. This is in contrast to a denylist, which specifies entities or applications that are not allowed to access a resource or perform an action.

Anti-Botnet: Anti-botnet refers to security measures designed to detect, prevent, and mitigate the impact of botnet attacks. Botnets are networks of compromised devices that can be used to launch distributed denial-of-service (DDoS) attacks, steal data, and perform other malicious activities.

Anti-Malware: Anti-malware refers to security software designed to detect and remove malware such as viruses, worms, Trojans, and other malicious software. Anti-malware solutions typically use a combination of signature-based and behavioral analysis techniques to identify and neutralize threats. 

Anti-Phishing: A set of techniques and tools designed to prevent phishing attacks, which are fraudulent attempts to obtain sensitive information from individuals, such as usernames, passwords, and credit card details, by posing as a trustworthy entity.

Anti-Virus: Software that is designed to detect and remove malicious software, also known as malware, from computer systems. This includes viruses, worms, trojan horses, and other types of malware.

APT attack: An Advanced Persistent Threat (APT) attack is a sophisticated cyber attack that targets a specific organization or individual with the goal of stealing sensitive information. APT attacks involve multiple stages and are typically carried out over an extended period of time by skilled attackers who use a variety of techniques to evade detection.

Attack: An attack is any action that is intended to cause harm or damage to a computer system or network. Attacks can take many forms, including malware infections, denial of service attacks, and social engineering attacks.

Attack Vector: An attack vector is a path or method that an attacker uses to gain unauthorized access to a computer system or network. Attack vectors can include email attachments, phishing links, and software vulnerabilities.

Authentication: The process of verifying the identity of a user or system. Authentication mechanisms typically involve the use of usernames and passwords, digital certificates, or biometric data.

B

Backdoor: A backdoor is a hidden or undocumented method of bypassing normal authentication procedures to gain access to a computer system or network. Backdoors can be installed by attackers or by system administrators for legitimate purposes.

Banker Trojan: A type of Trojan horse malware that is specifically designed to steal financial information, such as banking credentials, credit card numbers, and other sensitive data.

Blacklist: A list of entities that are considered to be malicious or undesirable, such as IP addresses, domains, or email addresses. Blacklists are commonly used by anti-spam and anti-malware software to filter out unwanted traffic.

Blind Signature Scheme: A cryptographic protocol that allows a user to sign a message without revealing its contents to a third party. Blind signature schemes are used in a variety of applications, including electronic voting and anonymous digital cash systems.

Block Cipher: A type of encryption algorithm that operates on a fixed-length group of bits (i.e., block) of plaintext and transforms it into a block of ciphertext of the same length.

Blocklist: A list of IP addresses, URLs, or domain names that are known to be sources of spam, malware, or other security threats and are blocked from accessing a network or system.

Blowfish: A symmetric block cipher that operates on 64-bit blocks of data and uses a variable-length key of up to 448 bits.

Botnet: A network of computers that are infected with malware and controlled by a remote attacker, usually for malicious purposes such as launching DDoS attacks or stealing sensitive information.

Brute Force Attack: A trial-and-error method of cracking a password or encryption key by systematically trying every possible combination until the correct one is found.

Business Continuity Plan (BCP): A documented plan that outlines procedures and protocols to ensure that essential business functions can continue in the event of a disruption, such as a natural disaster or cyber attack.

Business Disruption: Any event or situation that causes a temporary or permanent interruption of normal business operations, such as a power outage or cyber attack.

Bring Your Own Cloud (BYOC): A practice where employees use their personal cloud storage accounts (e.g., Google Drive or Dropbox) to store and share company data.

Bring Your Own License (BYOL): A practice where employees use their personal software licenses for business purposes, such as using their personal Microsoft Office license for work-related tasks.

C

CAPTCHA: A type of challenge-response test that is used to determine whether the user is human or automated software (i.e., a bot). It typically involves visually identifying distorted letters or numbers and entering them into a form to prove that the user is not a bot.
 

Certificate: A digital certificate is a digital file that contains information about the identity of the certificate owner and is used to establish trust between two parties in electronic transactions. It is typically used to verify the identity of a website or software publisher.

ChaCha20: A symmetric encryption algorithm designed to provide strong encryption while being very fast on modern hardware. It is often used in internet security protocols such as HTTPS and VPNs.

Clientless: Refers to software or applications that can be accessed through a web browser without requiring the installation of a client software or application.

Clipper: A controversial encryption system developed by the U.S. government in the 1990s that was designed to allow law enforcement agencies to access encrypted communications. The system was never widely adopted due to concerns about privacy and security.

COTS (Commercial off-the Shelf): Refers to software or hardware that is readily available and can be purchased from a third-party vendor, rather than being developed in-house.

Critical Infrastructure: Refers to the systems and assets that are essential to the functioning of a society and the economy, including transportation systems, communication networks, energy grids, and water supplies.

CRYPTEN: A framework for secure machine learning that provides a library of cryptographic primitives and tools to protect data privacy and integrity in machine learning systems.

CRYPTFLOW: A tool for securing machine learning pipelines that provides end-to-end encryption and integrity checks for data and model parameters.

Cryptography: The practice of securing communications and information by transforming it into an unreadable format using various encryption techniques and algorithms.

Cryptojacking: The unauthorized use of a computer’s processing power to mine cryptocurrency, often accomplished through malware or browser-based attacks.

Cyber Threat Hunting: The process of proactively searching for and identifying potential cyber threats or attacks that may have gone undetected by traditional security measures.

Cyberbullying: The use of electronic communication to harass, intimidate, or harm individuals or groups, often through social media, text messages, or other online platforms.

Cybersecurity: The practice of protecting computer systems, networks, and digital information from theft, damage, or unauthorized access.

D

Dark Web: A part of the internet that is intentionally hidden and can only be accessed with specific software, configurations, or authorization. It is often associated with illegal activities, such as cybercrime, drug trade, and illicit content.

Data Breach: The unauthorized access, acquisition, or disclosure of sensitive or confidential information by an individual, group, or organization.

Data Integrity: The assurance that data remains complete, accurate, and consistent throughout its lifecycle, from creation to deletion.

Data Loss Prevention (DLP): A set of technologies and strategies used to prevent data loss or leakage by monitoring, detecting, and blocking sensitive data in transit or at rest.

Data Theft: The act of stealing or intentionally taking sensitive or confidential data without proper authorization or consent.

DDoS (Distributed Denial of Service): A type of cyber-attack that floods a targeted system, network, or website with excessive traffic or requests to overwhelm its resources and disrupt its normal operations.

Decryption: The process of converting encrypted data back into its original, readable form using a secret key or password.

Deny list: A list of items, such as IP addresses, domains, or URLs, that are explicitly blocked or prohibited from accessing a network, system, or application.

Differential Privacy: A privacy framework that allows the collection, analysis, and sharing of data while minimizing the disclosure of personally identifiable information of individuals.

Digital Fingerprint: A unique and unalterable digital representation of a file, document, or data that is generated using a mathematical algorithm. It helps to ensure the integrity and authenticity of the data.

Digital Forensics: The process of collecting, analyzing, and preserving electronic data in order to investigate and provide evidence for a cybercrime or a security incident.

Digital Signature: A cryptographic technique that uses a digital key to sign a document, message, or data. It provides authenticity, integrity, and non-repudiation of the data.

Distributed Key: A cryptographic key that is distributed among multiple parties or locations to enhance security and prevent unauthorized access or tampering.

Domain: A group of devices, computers, or systems that share a common name and are connected to the same network or managed by the same organization.

Domain Name Systems (DNS) Exfiltration: A technique used by cybercriminals to steal data by using the DNS protocol to send stolen data outside an organization’s network.

Drive-By Download Attack: A type of cyber-attack in which malware is automatically downloaded and installed on a user’s device without their knowledge or consent, typically by visiting a malicious website.

E

Elliptic curve cryptography: A type of public-key cryptography that uses the mathematical properties of elliptic curves to generate public and private keys and to encrypt and decrypt data.

Endpoint Protection: A cybersecurity solution that protects endpoints, such as laptops, desktops, mobile devices, and servers, from cyber threats and attacks.

Ensemble Privacy-Preserving Techniques: A set of cryptographic techniques that use multiple algorithms or models to enhance the privacy and security of data.

Expiration Date: A date or time after which a cryptographic key or digital certificate is no longer valid or trusted.

Exploit: A piece of software, code, or technique used by cybercriminals to take advantage of vulnerabilities or weaknesses in a computer system, software, or application.

F

Fast Identity Online (FIDO): An authentication standard that allows users to securely authenticate online services and applications using biometric data or hardware security tokens.

Federated Learning: A machine learning technique that allows multiple parties to collaboratively train a shared model without revealing their respective datasets to one another. Instead, each party trains a local model on their own data, and only the model updates are shared and aggregated to create a global model.

Fileless Malware: A type of malware that resides only in the computer’s memory rather than on the hard drive. This makes it difficult to detect and remove, as traditional antivirus software often relies on scanning the file system.

Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls can be hardware or software-based and are often used to prevent unauthorized access to a network or to block certain types of traffic.

Forgery: The act of creating a fraudulent document or object with the intention of deceiving someone. In the context of cybersecurity, forgery can refer to falsifying digital signatures, certificates, or other types of authentication credentials.

Format-Preserving Encryption (FPE): A type of encryption that preserves the format of the original data while still rendering it unreadable to unauthorized users. This is often used when data needs to be encrypted while still maintaining its original characteristics, such as in payment card transactions.

Fully Homomorphic Encryption: An advanced form of encryption that allows computations to be performed on ciphertext, without first decrypting it. This enables secure processing of sensitive data while maintaining privacy.

G

Greylist: A method of email filtering that temporarily delays the delivery of messages from senders that are not explicitly whitelisted or blacklisted. This allows time for additional analysis and filtering to be performed before deciding whether to accept or reject the message.

H

Hacker: A term used to describe someone who attempts to gain unauthorized access to computer systems or networks, often with malicious intent.

Hacker, Black Hat: A hacker who uses their skills for illegal or malicious purposes, such as stealing data, spreading malware, or conducting cyber-attacks.

Hacker, White Hat: A hacker who uses their skills for ethical purposes, such as identifying vulnerabilities in systems and networks in order to improve security.

Homomorphic Encryption: An encryption scheme that allows data to be encrypted while still enabling mathematical operations to be performed on it, without first decrypting it. This enables secure processing of sensitive data while maintaining privacy.

Honeypot: A decoy system or network that is set up to detect, deflect, or study attempted unauthorized access, attacks, or other malicious activity.

I

Identity: The set of characteristics and attributes that define an individual or entity and distinguish them from others. In the context of cybersecurity, identity refers to the authentication and authorization of users, devices, and other entities accessing a system or network.

Identity and Access Management (IAM): The policies, procedures, and technologies used to manage digital identities and control access to systems, networks, and applications.

In-line Network Device: A device that is placed directly in the path of network traffic and is responsible for processing or filtering that traffic in real-time. Examples include firewalls, intrusion detection/prevention systems, and load balancers.

Indicators of Compromise (IOC): Artifacts or anomalies in a system or network that suggest the presence or activity of a threat actor. IOC can include things like IP addresses, file hashes, and behavioral patterns.

Insider Threat: A security threat that originates from within an organization, such as a current or former employee, contractor, or other trusted insider. Insider threats can be intentional or unintentional and can result in theft, data breaches, or other types of attacks.

Intrusion Prevention System (IPS): A security system that monitors network traffic to identify and prevent potential malicious activity, such as cyberattacks or malware infections.

IoT: Stands for Internet of Things, a network of physical devices embedded with sensors, software, and other technologies that enables these devices to collect and exchange data over the internet.

K

Key: A piece of information used in encryption and decryption algorithms to transform plaintext into ciphertext and vice versa.

Key Schedule: A sequence of keys used in a cryptographic algorithm to encrypt or decrypt data.

Key Space: The total number of possible keys that can be used in a cryptographic algorithm.

Keylogger: A type of malicious software that records every keystroke made on a computer or mobile device, including usernames, passwords, credit card numbers, and other sensitive information.

L

Life Cycle: The stages of development and maintenance that a software or hardware product goes through, from initial conception to retirement.

M

Malvertising: The use of online advertising to distribute malware, by injecting malicious code into legitimate ad networks and using them to deliver malware to unsuspecting users.

Man in the Middle Attack: A type of cyberattack in which a hacker intercepts communications between two parties, such as a user and a website, in order to eavesdrop on or modify the data being transmitted.

MITRE ATT&CK™ Framework: A comprehensive knowledge base of cyberattack tactics and techniques, used by cybersecurity professionals to identify, categorize, and respond to various types of cyber threats.

ML Privacy Meter: A tool used to evaluate the privacy of machine learning models and identify potential privacy risks.

Multi-party Computation: A cryptographic technique that allows multiple parties to jointly compute a function over their inputs without revealing their individual inputs to each other.

N

Network-based (cyber) Security: The use of security measures to protect computer networks from unauthorized access or malicious activity, such as firewalls, intrusion prevention systems, and antivirus software.

O

One Time Password: A temporary password that is valid for a single login session or transaction, typically used for added security in online banking, e-commerce, or other sensitive applications.

P

Packet sniffing: The practice of intercepting and analyzing data packets as they pass over a computer network, in order to capture sensitive information such as passwords or credit card numbers.

Parental Controls: A feature in software or devices that allows parents to restrict or monitor the content and activities of their children’s devices and internet access.

Password: A secret word or code used to gain access to a computer system or online account, intended to authenticate the user’s identity and prevent unauthorized access.

Pen Testing: Short for “penetration testing,” the practice of simulating a cyber-attack on a computer system or network in order to identify security weaknesses and vulnerabilities that could be exploited by real attackers.

Personal Identifiable Information (PII): Any information that can be used to identify an individual, such as name, social security number, driver’s license number, or biometric data.

Phishing: A type of cyber-attack in which an attacker sends an email or message that appears to be from a legitimate source, in order to trick the recipient into providing sensitive information such as passwords or credit card numbers.

PII: Short for “personal identifiable information,” see above.

PIN: Short for “personal identification number,” a numeric code used to authenticate the user’s identity and gain access to a device or system.

Plain Text: Data that is not encrypted and can be read and understood by humans or machines.

PPML: Short for “Privacy-Preserving Machine Learning,” a technique that enables the sharing and analysis of sensitive data while preserving privacy and security.

Process Hollowing: A technique used by malware to evade detection by creating a new process and replacing it with malicious code while preserving the original functionality of the process.

Post Quantum Cryptography: A type of cryptography designed to be secure against attacks from quantum computers, which are capable of breaking many current encryption methods.

PYSYFT: Short for “Python Secure Federated Learning,” a library that enables the secure sharing and analysis of sensitive data in machine learning models.

R

Random Number Generator: A program or device that generates a sequence of numbers that are statistically random and unpredictable, often used in cryptography for generating encryption keys.

Ransomware: A type of malware that encrypts the victim’s data and demands payment in exchange for the decryption key.

Remote Desktop Protocol (RDP): A proprietary protocol developed by Microsoft that allows a user to access and control a computer remotely over a network connection.

Reusable Password: A password that is used for multiple accounts or systems, which can increase the risk of security breaches and identity theft.

Risktool: A software tool that poses a risk to a computer system or network, often due to its potential to be used maliciously or its vulnerability to exploitation.

Rootkit: A type of malware designed to gain administrative-level access to a computer system or network while remaining hidden from detection by security software.

RSA Encryption: A widely-used encryption algorithm based on the difficulty of factoring large prime numbers. It is commonly used for secure communication and data protection.

Running Time: The time it takes for an algorithm or program to execute on a computer system or network.

S

Salt: A random value added to a password or other data before it is hashed, in order to make the resulting hash more resistant to attacks.

Sandbox(ing): A technique used to isolate and test potentially harmful software in a secure environment, without risking damage to the host system or network.

Scareware: A type of malware that uses fear or intimidation to trick users into paying for fake antivirus or other security software.

SECaaS: Security as a Service, which refers to the provision of security services, such as firewalls, intrusion detection and prevention, and security monitoring, as a subscription-based cloud service.

Secret Key: A cryptographic key used for symmetric encryption, in which the same key is used for both encryption and decryption of data.

Security Incident Response: The process of identifying, analyzing, and responding to security incidents or breaches in a computer system or network.

Security Operations Center (SOC): A centralized team responsible for monitoring and analyzing security threats and incidents in a computer system or network.

Security Perimeter: The boundary or boundary system that defines the extent of a computer system or network’s security measures.

Server: A computer system or program that provides services or resources to other computers or programs on a network.

Session Key: A cryptographic key used for symmetric encryption, which is generated for each session or communication between two parties.

SIEM (Security Information and Event Management): A software system that combines security event management (SEM) and security information management (SIM) to provide real-time analysis of security alerts and events in a computer system or network.

SIM Swapping: A form of identity theft in which a criminal steals a victim’s phone number and SIM card, often by tricking the victim’s mobile carrier into transferring the number to a new SIM card owned by the criminal. This can be used to gain access to the victim’s online accounts that rely on two-factor authentication using SMS messages.

SKIPJACK: A symmetric key block cipher that was developed by the NSA for use in its Capstone project. The cipher uses an 80-bit key and a 64-bit block size.

Sniffing: The act of intercepting and examining data packets as they flow across a network.

SNOW: A family of stream ciphers that was designed by Thomas Johansson and Patrik Ekdahl. SNOW ciphers are optimized for hardware implementation and have been used in a number of applications, including mobile devices.

SOAR (Security Orchestration, Automation and Response): A technology platform that integrates security orchestration, automation, and response capabilities. SOAR platforms are designed to help security teams automate routine tasks, streamline incident response, and improve overall security posture.

Social Engineering: The practice of manipulating people into divulging sensitive information or performing actions that are not in their best interests. Social engineering attacks can take many forms, including phishing emails, pretexting, and baiting.

Spam: Unsolicited commercial email that is sent in bulk to a large number of recipients. Spam is often sent for the purpose of advertising products or services, and may contain fraudulent or malicious content.

Spear Phishing: A type of phishing attack that targets a specific individual or group of individuals. Spear phishing attacks are often highly targeted and personalized, and may use information gleaned from social media or other sources to make the attack more convincing.

Splitting: A technique used in cryptography to divide a plaintext message into smaller pieces that can be encrypted separately using a symmetric key cipher. The encrypted pieces are then combined to produce the ciphertext.

Spoofing: The act of falsifying information in order to deceive or mislead someone. Spoofing attacks can take many forms, including email spoofing, IP address spoofing, and caller ID spoofing.

Spyware: Malware that is designed to collect information from a computer or mobile device without the user’s knowledge or consent. Spyware can be used for a variety of purposes, including stealing passwords, capturing keystrokes, and monitoring user activity.

Symmetric Cipher: A type of cryptographic algorithm that uses the same key for both encryption and decryption. Symmetric ciphers are typically faster and more efficient than asymmetric ciphers, but require a secure method for sharing the key.

T

Tensorflow Privacy: An open-source library developed by Google for training machine learning models with differential privacy. Tensorflow Privacy provides a suite of tools and techniques for enhancing the privacy of machine learning models.

The Advanced Encryption Standard (AES): A symmetric key block cipher that is widely used for data encryption. AES uses a variable-length key and a fixed block size of 128 bits.

Threat Assessment: The process of evaluating the potential risks and vulnerabilities associated with a particular system or environment. Threat assessments are typically used to identify potential security weaknesses and develop strategies for mitigating them.

Threat Hunting: The process of proactively searching for potential security threats and vulnerabilities in a network or system. Threat hunting typically involves a combination of automated tools and manual analysis to identify and respond to potential threats.

Threat Intelligence: Information about potential security threats and vulnerabilities that is gathered from a variety of sources, including internal and external data feeds. Threat intelligence is used to identify potential security risks and develop strategies for mitigating them.

Transmission Control Protocol (TCP): A communication protocol used in computer networks to establish a reliable, connection-oriented communication between two endpoints.

Transport Mode: A mode of IPsec (Internet Protocol Security) that encrypts only the payload of the IP packet, leaving the header unencrypted.

Triple Data Encryption Standard (DES): A symmetric-key block cipher encryption algorithm that encrypts data in blocks of 64 bits using three different keys, providing stronger security than DES.

Tunnel Mode: A mode of IPsec that encrypts both the IP packet header and payload.

Two-factor Authentication (2FA): A method of authentication that requires users to provide two forms of identification, typically a password or PIN and a unique code generated by a physical or software-based token.

Twofish: A symmetric-key block cipher encryption algorithm that encrypts data in blocks of 128 bits using a variable-length key.

V

Vernam Cipher: A symmetric-key stream cipher encryption algorithm that combines plaintext with a random key to produce ciphertext.

Virus: A type of malware that can replicate itself and spread to other computers, typically by attaching itself to executable files or documents.

VPN: A Virtual Private Network is a secure connection between two or more networks over the internet, allowing users to access resources on the private network as if they were directly connected.

Vulnerability: A weakness or flaw in a system that could be exploited by an attacker to gain unauthorized access, cause damage or steal sensitive information.

W

WAF: A Web Application Firewall is a security solution that filters, monitors and blocks HTTP traffic between a web application and the internet, protecting the application from web-based attacks.

Whitelist: A list of approved entities or items that are allowed access or permission to perform certain actions or enter a secure area.

Wide Area Network (WAN): A type of computer network that covers a broad geographical area and connects multiple local area networks (LANs).

Z

Zero Knowledge Proofs: A cryptographic method that allows one party to prove to another party that they know a particular piece of information without revealing the information itself.

Zero-day Exploit: A vulnerability in software that is unknown to the software vendor or has not yet been patched, which can be exploited by an attacker to gain unauthorized access or cause damage.

Zero-Touch Provisioning (ZTP): A method of automating the deployment of network devices, such as routers or switches, without the need for manual intervention.

zk-SNARK: A zero-knowledge proof protocol used in blockchain technology to enable the verification of transactions without revealing any sensitive information about the parties involved.