A

Advanced Penetration Testing

Advanced penetration testing is the process of carrying out a simulated attack on network environments, computer systems, and applications in order to discover vulnerabilities.
 

Advanced Persistent Threat 

An Advanced Persistent Threat is a user or a program executing a continuous cyber attack, targeting a specific entity in order to infiltrate systems and steal sensitive data.

B

Blue team

A Blue Team is a group of cybersecurity professionals responsible for defending an organization’s systems, networks, and data from cyberattacks. They focus on detecting, preventing, and responding to security incidents, often through continuous monitoring, threat analysis, and the implementation of defensive measures.

Botnet

The term "bot" originates from the word robot and stands for a remotely controlled computer, which can run tasks automatically. A botnet is a whole network of bots, which can be used to execute cyber attacks. Attackers usually infect computers with malware to take over control and build a botnet which can then be controlled remotely. This gives the cybercriminals a powerful set up to launch a variety of attacks, ranging from simple spamming to sophisticated denial of service attacks (DDoS attacks).
 

Brute Force Attack

A Brute Force Attack is performed in order to gain access to information which is encrypted, e.g. passwords or Data Encryption Standard Keys. This method uses a trial and error approach to guess passwords by using programs which systematically run through all the possibilities. The higher the encryption standard or the stronger the password respectively, the longer this attack needs to run to successfully obtain the information. 

C

Containment

Containment in cybersecurity refers to the process of isolating a security threat or breach to prevent it from spreading further within an organization’s network or systems. It involves taking immediate actions, such as disconnecting affected devices or limiting access to critical resources, to minimize damage and reduce the risk of further exploitation.

CVE

A Common Vulnerabilities and Exposures (CVE) is a publicly disclosed cybersecurity vulnerability assigned a unique identifier to standardize and track security flaws across software and hardware. The CVE system helps organizations and security professionals quickly identify, assess, and remediate known vulnerabilities.

Cybersecurity

Cybersecurity, also referred to as Information Technology Security, is defined as processes, techniques, and resources in place to protect an organization's hardware, software, data, information and any system connected to cyberspace from being damaged, stolen or misused.

D

Distributed Denial of Service (DDoS)

A Distributed Denial of Service is an attack using numerous hosts to overwhelm and drown a system, by sending a massive amount of requests of data to a single target, such as a website, a server or a network, causing the target to be disrupted or even crash completely.

DLP

Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes designed to prevent sensitive data from being accessed, shared, or leaked inappropriately, either accidentally or maliciously. DLP solutions monitor and control data transfers across an organization’s network, endpoints, and cloud environments, helping to ensure compliance with privacy regulations and protecting intellectual property and sensitive information from unauthorized access.

E

End-to-End Encryption

End-to-end encryption is a method of communication between a system to another. The information sent is encrypted before being transferred through a network, to prevent third parties to access or tamper with the data. This allows only the communicating users to read the messages sent.

EDR

An Endpoint Detection and Response (EDR) system is a cybersecurity solution that continuously monitors and collects data from endpoints (such as computers and servers) to detect, investigate, and respond to potential threats in real time. It provides advanced threat detection, forensic analysis, and automated or guided response capabilities to mitigate security incidents effectively.

F

False Positive

A false positive, often encountered in vulnerability scanning of a network, is a security alert that incorrectly states that malicious activity is occurring.
 

Firewall

A firewall is a network security system that controls and monitors network traffic, both incoming and outgoing, based on a set of defined security rules. A firewall, therefore, is able to block unauthorized access and can prevent malicious activity and attacks such as viruses or worms entering a network.
 

Forensics

Forensics, or Cyber Forensics, is a method of electronic investigation to gather, retain and analyze data, in order to determine, reveal or prove criminal activity.

H

Honeypot

A honeypot is a cybersecurity technique whereby a server is set up (or many servers, which is then referred to as a "Honeynet"), to entice criminals to attack it.  The honeypot ideally looks like a legitimate target, but has intentionally built-in vulnerabilities, to attract the hackers. The purpose of setting up a honeypot is to learn how the attackers approach the vulnerabilities and also to divert the criminals from actual high-value assets.
 

Hunters

A hunter, or cyber threat hunter, is an information security professional, who seeks/hunts to identify, contain and remediate anomalies and cyber threats inside a network.

I

Incident

A security incident is an event that compromises the confidentiality, integrity, or availability of an organization’s systems, data, or network. It can range from minor policy violations to major cyberattacks, requiring investigation and response to mitigate potential damage.

Intelligence

Cyber Intelligence, also referred to as 'Threat Intelligence", is a special form of information collected from various sources such as the indexed web, the deep-web, and the dark-net. The purpose of this collection is to constantly have the latest knowledge on cyber threats, in order to minimize risks of companies and act proactively against attacks.

Intrusion Detection System (IDS)

A security system designed to detect and alert on suspicious activities or intrusions within a network or system, helping identify potential threats early.

Insider Threat

An insider threat refers to a security risk posed by individuals within an organization, such as employees, contractors, or business partners, who misuse their authorized access to systems, data, or networks for malicious purposes. These threats can involve stealing sensitive information, sabotaging systems, or inadvertently causing security breaches through negligence or lack of awareness.

IT

Information Technology (IT) encompasses the use of computers, networks, software, and systems to store, process, and transmit data for business and organizational operations. It focuses on managing digital information, ensuring cybersecurity, and optimizing communication and productivity through technology.

K

Keylogger

A type of malware designed to record keystrokes on a device to capture sensitive information, such as passwords and personal data.

M

Malware

Malware is a phrase used to describe all types of software which are designed to damage or disable IT-systems. Common examples of malware are viruses, worms, trojans, and ransomware.

MDR

Managed Detection and Response (MDR) is a cybersecurity service where a third-party provider offers continuous monitoring, detection, and response to threats on an organization’s network and endpoints. MDR combines advanced threat detection technologies with human expertise to identify and mitigate security incidents, helping organizations strengthen their security posture without having to manage these tasks in-house.

MitM (Man-in-the-Middle)

A type of cyberattack where an attacker intercepts and potentially alters communication between two parties without their knowledge.

N

Network Segmentation

Network segmentation is the practice of dividing a network into smaller, isolated segments to improve security, performance, and manageability. By restricting communication between segments, it reduces the attack surface, limits the spread of threats, and enhances access control within an organization’s infrastructure.

O

OT

Operational Technology (OT) refers to hardware and software systems that monitor and control industrial processes, equipment, and infrastructure in sectors like manufacturing, energy, and transportation. Unlike traditional IT, OT systems focus on real-time operation, reliability, and safety, often integrating with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.

P

Penetration Testing

Penetration testing (pen testing) is a simulated cyberattack on an organization’s systems, applications, or networks to identify security vulnerabilities before they can be exploited by real attackers. It helps assess the effectiveness of security controls and provides recommendations for improving an organization’s overall cybersecurity posture.

Phishing

Phishing is a method used by cybercriminals to trick individuals to reveal sensitive information, most common passwords or financial information such as credit card numbers. A typical approach is to send legitimate looking emails including a link or an attachment which if clicked on, installs malware on the receivers system or prompts the individual to enter sensitive information.

R

Red Team

A Red Team is a group of cybersecurity professionals who simulate real-world attacks to test and evaluate an organization’s defenses, response capabilities, and overall security posture. They adopt the mindset and tactics of potential adversaries, aiming to uncover vulnerabilities and weaknesses in both technology and procedures.

Remediation

Remediation in cybersecurity refers to the process of addressing and fixing vulnerabilities, security flaws, or incidents to restore the security and integrity of an organization’s systems. It involves applying patches, implementing new security measures, or adjusting configurations to eliminate risks and prevent future attacks.

Ransomware

Ransomware is a type of malicious software that will encrypt the targets system and deny the user to access it. To regain access, the attackers demand a ransom payment.

RAT

Remote Access Trojan. A type of malware that allows attackers to remotely control and monitor a victim’s device, often for espionage or data theft.

S

Security Operations Centers (S.O.C.)

The S.O.C. team is responsible for the operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to analyze, detect, respond to, report on, and prevent cybersecurity incidents as well as doing containments, forensics, and remediations if an incident has happened. The first step in establishing a S.O.C. is to identify assets and doing a cyber assessment across the organization in order to define a strategy that incorporates business-specific goals from various departments. Along the strategy, a SIEM system to collect events from the sensors (such as firewalls, Industrial control systems,  endpoints …) will be installed. The security operations center monitors incoming events being marked as alerts and distinguishes them between false positives and positives. The team either responds directly to the positives or send them to the deeper S.O.C. levels (Tier 3,4) for further investigations. The S.O.C. either directly eliminates incidents or assists the organizational incident response teams to fix them.

SIEM

A Security Information and Event Management (SIEM) system collects, analyzes, and correlates security data from various sources across an organization to detect and respond to threats in real time. It provides centralized visibility, log management, and automated alerting to help security teams identify and mitigate potential security incidents.

SOAR

A Security Orchestration, Automation, and Response (SOAR) system integrates various security tools and automates threat detection, investigation, and response processes to improve efficiency and reduce reaction time. It enables security teams to streamline workflows, coordinate incident response, and enhance overall threat management through automation and orchestration.

Spear-Phishing

Spear-Phishing is a type of Phishing, in form of a targeted attack. Cybercriminals thereby send emails to targeted individuals, which contain e.g. an attachment with malicious software or a link that downloads malicious software. Unlike Phishing attacks whereby e.g. emails are usually sent to masses of people and all have the same format, Spear-Phishing often involves emails in disguise, which look legitimate as they seem to be sent by a person or organization the receiving party knows.

Spoofing

Spoofing is a practice of cybercriminals whereby they pretend to be a known source to the user or receiver of a message and trying to obtain sensitive information. Common forms of spoofing include e-mail spoofing, IP spoofing, and website spoofing.
 

Spyware

Spyware is a type of malicious software used by cybercriminals to spy on individuals and thereby gain access to sensitive information. 

T

Threat Vector

A threat vector is a path or method through which a cyberattack can gain unauthorized access to an organization’s systems, networks, or data. It can include various means, such as phishing emails, malware, unsecured networks, or vulnerabilities in software, through which attackers exploit weaknesses to launch an attack.

Trojan Horse

A Trojan Horse is a type of malicious software, often disguised as legitimate looking software, that enables cybercriminals to fully access a computer system remotely. This malware will breach the system, for example allowing the hacker to download files from the system or even observe the user's keystrokes.

V

Virtual Private Network (VPN)

A Virtual Private Network (VPN) is a tool that allows the user to utilize a private network which is built over a public infrastructure (e.g. the internet). It enables the creation of a secure connection to another network over the Internet. This essentially masks the user's location and enables the user to browse the internet anonymously.
 

Virus

A Virus is a type of malicious software designed to spread from host to host and replicate itself by altering other software and inserting its own code. Viruses can cause software damages, steal or erase data and even cause a denial of service (DNS) incidents.

W

Whitehat hacker

A Whitehat hacker is an information security professional, who utilizes his hacking know-how for ethical purposes to e.g. support organizations to strengthen their cybersecurity competence. A blackhat hacker on the other side usually intends to perform criminal activities.
 

Worm

A worm is a type of malicious software which is able to replicate itself and spread to other IT-systems by e.g. using network connections. The difference to a virus is that a worm stays a separate entity and does not need to be attached or inserted to other files. Mostly worms do not cause direct damages as for example viruses do, however they can have strong negative effects on networks if they have a high bandwidth consumption.

X

XDR

Extended Detection and Response (XDR) is a comprehensive cybersecurity solution that integrates multiple security products and tools across endpoints, networks, servers, and email to provide centralized threat detection, investigation, and response. XDR uses advanced analytics and automation to detect, correlate, and respond to complex threats in real time, offering a more holistic approach to cybersecurity compared to traditional point solutions.

Z

Zero Day

Zero-days usually result from vulnerabilities in the code of software, which are unknown to the software maker or the public. The term comes from the fact that developers have "zero-days" from the time the weakness was discovered to protect against a potential cyber breach.