Cybersecurity Glossary

Your A to Z Guide for Cybersecurity Terms

Cybersecurity with Net Friends

One of our Core Values at Net Friends is Sharing Knowledge. We created this glossary with cybersecurity terms and definitions to help you deepen your understanding of common concepts in the IT security industry. This resource is intended for anyone interested in cybersecurity, including business leaders, security professionals, and general end-users.

A

AICPA (American Institute of Certified Public Accountants)

Green down arrow

Professional organization that maintains standard controls & guidance for independent audits.

Advanced Persistent Threat (APT)

Green down arrow

Akira Ransomware

Green down arrow

B

Behavioral Indicator of Compromise (BIOC)

Green down arrow

Suspicious activities on a network that could be a sign of a cyberattack.

Business Continuity & Disaster Recovery (BC/DR)

Green down arrow

This usually refers to a contingency plan that goes into play if critical systems go down.

C

Cybersecurity Assessment

Green down arrow

Report on an organization's readiness to protect the data in its custody from unauthorized use.

Cybersecurity Insurance

Green down arrow

Policy purchased to help reduce the financial risks of doing business online.

D

Data Loss Prevention (DLP)

Green down arrow

DLP stands for Data Loss Prevention.

E

Encryption Key

Green down arrow

Used to scramble and unscramble data, altering it to appear random and block access.

Endpoint

Green down arrow

An endpoint is anything that is the starting or ending point of any communication on a computer.

Endpoint Management

Green down arrow

The practice of authenticating and supervising the access rights of endpoint devices.

Exfiltration

Green down arrow

An intentional data breach.

F

Firewall

Green down arrow

A network security device that functions as a gatekeeper for network traffic access.

Forensics

Green down arrow

Also referred to as digital forensics or computer forensics.

G

H

Hacking

Green down arrow

Unauthorized attempts to exploit a private network or computer system.

Hashing

Green down arrow

A process that produces a numeric value or "hash value" to represents a set of data.

I

ISO

Green down arrow

Stands for Information Security Office.

Interlock Ransomware

Green down arrow

J

K

L

Leakware

Green down arrow

A new twist on a briefly popular form of ransomware called "doxware."

LockBit Ransomware

Green down arrow

M

Maze Ransomware

Green down arrow

MDR

Green down arrow

Stands for Managed Detection & Response.

MSSP

Green down arrow

Stands for Managed Security Service Provider.

N

NIST

Green down arrow

Stands for the National Institute of Standards and Technology at the U.S. Department of Commerce.

O

Operating System (OS)

Green down arrow

Software programmed on a computer system as initial boot program.

P

Pentesting

Green down arrow

Short for Penetration Testing or also known as "White Hat Hacking."

Phishing

Green down arrow

A socially engineered scam that prioritizes tricking a large quantity of its targets.

Physical Security

Green down arrow

Physical security is integral to every organization's cybersecurity best practices.

Q

R

Ransomhub

Green down arrow

RansomHub is a Ransomware-as-a-Service (RaaS) group that emerged in early 2024. It operates by providing ransomware to affiliates who conduct attacks, often using double extortion (stealing data before encryption and threatening to leak it). The group has quickly become prominent, attracting affiliates from defunct ransomware operations and targeting various sectors

Ransomware

Green down arrow

Malware that encrypts a victim's files for extortion. Simply put, it's data kidnapping.

REvil

Green down arrow

Risk Assessment

Green down arrow

Also known as Cybersecurity Assessment. Used to understand cyber strengths, weaknesses, and gaps.

Ryuk Ransomware

Green down arrow

S

SIEM

Green down arrow

Stands for Security Information and Event Management

SOC

Green down arrow

Stands for Security Operations Center. (SOC is pronounced "sock")

SOC 2 Type I

Green down arrow

Stands for System and Organization Controls 2, Type I.

SOC 2 Type II

Green down arrow

Stands for System and Organization Controls 2, Type II.

SOCaaS

Green down arrow

Stands for SOC-as-a-Service. SOC is short for Security Operations Center.

Smishing

Green down arrow

A socially engineered phishing scam that leverages text messages.

Social Engineering

Green down arrow

Spear Phishing

Green down arrow

A socially engineered phishing scam that targets specific individuals or organizations.

T

Threat Hunting

Green down arrow

The act of identifying previously unknown or ongoing, non-remedied threats within a network.

U

UNIX

Green down arrow

A multi-user and multi-tasking operating system (OS) originally developed in the 1970s.

Update

Green down arrow

A patch, upgrade, or modification to code that corrects software security or functionality.

User

Green down arrow

V

W

Whaling

Green down arrow

A patch, upgrade, or modification to code that corrects software security or functionality.

Worm

Green down arrow

X

XDR

Green down arrow

XDR stands for eXtended Detection & Response

Y

Z

Zero Trust Architecture

Green down arrow

Zero Trust is governed by the principle to "never trust, always verify."