Comprehensive cybersecurity glossary and resource hub for IT professionals. Understand key terms, frameworks, tools, and concepts shaping today’s threat landscape.
A software designed to hunt and remove viruses from your device(s) or block viruses from entering in the first place.
Occur when cyber threat actors take advantage of any vulnerabilities within an application, usually to enter your devices or organization.
An Application Definition is the set of files and any custom rules that make up a particular application.
When an application is running in an environment, it has access to everything in that environment, such as sensitive files, and on networked devices, this includes everything on the network.
Software that allows you to perform a specific function on your desktop or mobile devices. Applications can include word processors, internet browsers, and media players.
Historically referred to as whitelisting, Allowlisting is a ThreatLocker endpoint security module that blocks all applications from operating unless explicitly permitted.
A specific set of instructions a computer must follow to perform a calculation or solve a problem.
A barrier between an organization’s digital assets and the internet or other networks.
The highest level of privileges a user has in the operating system (OS) of an organization; usually allowed to perform most or all functions.
Refers to a policy that allows employees within an organization to use their personal devices to connect to the organizations’ networks. The device is used to complete tasks necessary to complete their job which can potentially be sensitive or confidential.
Tools that are included in the basic platform functionality without any modifications.
Short for “Data Back Up,” a Back Up is a method of saving your devices’ data in a different online or offsite location.
Currency that exists digitally/virtually. Many ransomware attacks demand cryptocurrency payments, in Bitcoin for example, because it is decentralized and untraceable.
Anything with the ability to harm an individual or organization from an online source. Threats may damage or disrupt normal operations with malicious intents to cause destruction or financial loss.
As the US DoD explains, the CMMC is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The program provides the Department increased assurance that contractors and subcontractors are meeting the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.
The defensive approach one takes to protect their data stores or information systems from online threats like ransomware.
Cybercriminals are anyone who makes the attempt to initiate a cyberattack on another individual or organization, also known as threat actors.
Any attempt to infiltrate an individual’s or organization’s data storage or information systems usually for destructive purposes or financial gain.
A computer that an attacker will use to communicate with and control devices they have taken over.
Systems, applications, and operations that are cloud-based are hosted or conducted via the internet.
A physical or virtual device that can imitate most other physical and virtual devices. They can be used to lure attackers for users to study their behaviors.
An advanced version of regular ACLs that requires users to authenticate themselves through tenant before that can access any resources.
Ransomware that threatens to release a victim’s sensitive data if the ransom is not paid by a certain deadline.
Each member of this group holds administrative rights across all domains within an organization.
A step-by-step procedure that leads to the recovery of an organization’s data and operations if it were to be impacted by a cyberattack.
A strict policy that does not allow anything to operate unless it is specifically pre-approved.
In software, dependencies refer to other files that are required for the software to run, i.e., DLLs.
Determined what protective measures you implement to keep your safe from cyber threats.
Determined by how you store your data and the policies you set on who or what can access it.
The act of unauthorized, illegal transfer of confidential data, normally personal data like health records, financial data, and personal identifiable data.
Takes advantage of vulnerabilities within a system or software to perform malicious acts like installing ransomware.
Any code, file, or program that instructs a computer to perform an action or set of actions upon it being opened on said computer.
Software solution designed to integrate multiple systems used within the enterprise environment to streamline processes and ease management burden.
A cybersecurity solution that monitors endpoint devices for signs of compromise and sends alerts to IT admins.
Machines that connect to and communicate with an organization’s network. Examples include desktop computers, work phones, virtual machines, and servers.
Converting data and information, sensitive or not, into code to protect it and prevent any unauthorized access.
Elevation Control enables users to run specific applications as a local administrator, even when they do not have local admin privileges.
EDRs monitor and record activities and workloads taking place on a device. Using various techniques, EDRs will work to detect any suspicious activity and respond accordingly. EDR enables IT administrators to view suspicious activity in near real-time across an organization's endpoints. Focusing on behavioral patterns and unusual activity, EDRs will work to block threats and protect devices.
Fiduciary duty is a legal obligation for executives and boards to act in the best interests of stakeholders. In the cybersecurity context, this means protecting company data, disclosing material risks, and ensuring sound security practices.
A method threat actors use to reinstall malware onto a device after it is cleaned and rebooted. The program leaves vulnerabilities within the device for malware to relaunch.
A federal act put into effect in 2020 that requires federal entities to implement strict information security measures.
Once an application matches a policy, it stops processing so no further policies will take effect on that application. Care must be taken when creating and ordering policies to ensure that policies apply as intended.
A security program or software that filters your network traffic and prevents outsiders, including malicious threat actors, from entering your organization.
A type of malicious software that infects computers using legitimate programs. It exists without relying on files and leaves no trace that it was ever there, making it difficult to detect and remove.
Cybersecurity governance is the framework of policies, oversight, and accountability that guides how an organization manages risk.
A golden ticket attack is an attack that targets Windows Active Directory access control. Threat actors bypass normal authentication by taking advantage of a Kerberos weakness. Attackers must have access to the system before a Golden Ticket Attack can be performed.
A US federal act established in 1996 that restricts access to individuals’ private medical information.
Actions taken by users/employees that unintentionally result in the infiltration of malware, viruses, and more into an organization.
Another word for computer, particularly references a computer that is connected to a network.
A file hash is a unique numerical value calculated using a specific algorithm. The hash of a file can help validate the integrity of a file. If a single value within the file is changed, the hash will be completely different. For example, changing a period to a question mark in a word document will result in a completely different hash value.
The physical portions of a computer or machine: wiring, circuit boards, storage drives, etc.
Generally, someone who uses technical skills to overcome technical problems. In cybersecurity, a hacker is referred to as a threat actor with malicious intent to access an individual’s or organization’s data unauthorized.
An arrangement of characters numbers that act is the identification number of any internet-connected device. Each device has its own unique IP Address.
When different computers work together in some way, often exchanging data between them.
Policies and standard procedures set into place to protect sensitive data from unauthorized access.
A strategy developed for organizations to respond to cyber threats and attacks in their network.
Another way of saying on demand, something is enabled exactly when needed and disabled when no longer needed.
Online storage services for confidential data. These file-storing and sharing services act as a “virtual locker”, giving them their name.
When a threat actor uses software already existing in the environment to carry out malicious activities without being detected by security solutions like antivirus.
A.K.A “Data Libraries” is a large collection of organizational data; usually in archives or repositories to keep safe from unauthorized access.
When a user within an organization is given the minimum access to files, applications, software, or systems they need to conduct their job.
A.K.A. “Doxware” is ransomware that threatens to release a victim’s sensitive data if the ransom is not paid by a certain deadline.
A LAN is a group of electronic devices that are in the same physical location and are connected via a network.
A third-party organization that provides outsourced services in security for organizations.
A third-party organization that provides outsourced services, usually in IT, for organizations.
A method of authentication that utilizes two or more factors of providing proof of identification and authorization.
Software that is built for the sole purpose of malicious intent, usually for destructive purposes or financial gain (ransomware).
A single programming instruction that expands into a set of instructions to automate actions in your device, tools, or software in order to provide a certain output per user input. Macros are commonly found in office applications like Word and Excel.
NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
An endpoint firewall that enables you to have total control over all network traffic, using dynamic ACLs, all managed from a central location.
The gathering, appraisal, and assessment of publicly accessible data to answer a particular inquiry related to intelligence.
The ability to understand the inner workings of a system by observing only its external manifestations
PSA stands for professional services automation. In IT, a PSA system is used to manage teams, including tracking tickets to ensure tasks are completed.
Built into Windows, PowerShell is a programming language and shell that is used to automate tasks. Hackers commonly abuse PowerShell by using it to inject malicious code into memory to avoid detection by traditional antivirus software.
Port Control is the ability to control network traffic at the port level, opening and closing ports.
