Insights

    Cybersecurity Glossary

    Clear, concise definitions of cybersecurity terms. No jargon, no fluff, just practical explanations to help you understand security concepts and communicate with your team.

    Penetration Testing

    A controlled security assessment where ethical hackers simulate real attacks to identify vulnerabilities in systems, networks, or applications before malicious actors can exploit them.

    Social Engineering

    The psychological manipulation of people to perform actions or reveal confidential information. Attackers exploit human trust rather than technical vulnerabilities.

    Phishing

    A type of social engineering attack using fraudulent emails or messages to trick recipients into revealing sensitive information or clicking malicious links.

    Vishing

    Voice phishing, social engineering attacks conducted over phone calls. Attackers impersonate trusted entities to extract information or convince targets to take harmful actions.

    Ethical Hacker

    A security professional who uses the same techniques as malicious hackers but with authorization and for defensive purposes. Also known as a white-hat hacker.

    Security Awareness

    Training and education programs designed to help employees recognize and respond appropriately to security threats, particularly social engineering attacks.

    NIS2

    The Network and Information Security Directive 2 is EU legislation establishing cybersecurity requirements for essential and important entities across member states.

    Ransomware

    Malware that encrypts a victim's files or systems and demands payment for the decryption key. Often spreads through phishing or exploiting vulnerabilities.

    Red Team

    A group that simulates real-world attacks against an organization to test its defenses. Red team exercises are more comprehensive than standard penetration tests.

    OSINT

    Open Source Intelligence, information collected from publicly available sources to support security assessments, threat intelligence, or reconnaissance.

    API Security

    The practice of protecting application programming interfaces from attacks and misuse. Includes authentication, authorization, rate limiting, and input validation to prevent data breaches and service disruption.

    GDPR

    The General Data Protection Regulation is EU legislation protecting personal data and privacy. It requires organizations to implement appropriate security measures.

    PCI DSS

    Payment Card Industry Data Security Standard, requirements for organizations that handle credit card data. Compliance requires regular security assessments.

    Human Factor

    The role of human behavior, decisions, and errors in cybersecurity. Most breaches involve some element of human manipulation or mistake.

    Mystery Guest

    A physical security assessment where testers attempt to gain unauthorized access to facilities through social engineering and pretexting.

    Missing a Term?

    If there's a cybersecurity concept you'd like us to explain, let us know. We're always expanding this glossary.

    Suggest a Term

    Ready to Improve Your Security?

    Our ethical hackers can help you understand and address your risks.

    Contact UsView Services