top of page
East CRC Background .png

Cyber Security Glossary at the Eastern Cyber Resilience Centre 

The CRC glossary - a set of straightforward definitions for common cyber security terms

| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |


adware (advertisement-supported software)

Malware that hides on your device and shows you advertisements. Some adware also monitors your behaviour online so it can target you with specific ads.


Software that is designed to detect, stop and remove viruses and other kinds of malicious software.


Short for Application, typically refers to a software program for a smartphone or tablet.


Malicious actor who seeks to exploit computer systems with the intent to change, destroy, steal or disable their information, and then exploit the outcome.


The process of verifying the identity or other attributes of a user, process or device.



A list of entities (users, devices) that are either blocked, denied privileges or access.


A computer connected to the Internet that has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.


A network of infected devices, connected to the Internet, used to commit coordinated cyber attacks without their owner's knowledge.


An incident in which data, computer systems or networks are accessed or affected in a non-authorised way.

bring your own device (BYOD)

An organisation's strategy or policy that allows employees to use their own personal devices for work purposes.


A software application which presents information and services from the web.

brute force attack

Using a computational power to automatically enter a huge number of combination of values, usually in order to discover passwords and gain access.


A relatively minor defect or flaw in an information system or device.




A form of digital identity for a computer, user or organisation to allow the authentication and secure exchange of information.


Where shared compute and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. Resources can include infrastructure, platform or software services.

cobalt strike

A commercially available penetration testing framework used by legitimate security researchers and companies to emulate cyber intrusions on corporate networks. However, it has also been used by cyber criminals for malicious purposes. 


A user's authentication information used to verify identity - typically one, or more, of password, token, certificate.

credential stuffing

Credential stuffing is similar to brute-force attack in that attackers use trial and error to gain access. However, instead of guessing passwords, they use stolen credentials. Credential stuffing works off the assumption that many people reuse their passwords for multiple accounts across various platforms. .

cross Site Scripting (XSS)

Cross-site scripting (XSS) is a software vulnerability usually found in Web applications that allows online criminals to inject client-side script into pages that other users view.


A form of malware that hides on your device and steals its computing resources in order to mine for valuable online currencies like Bitcoin.

cyber attack

Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means.

cyber essentials

A UK Government-backed self-assessment certification that helps you protect against cyber attacks while also demonstrating to others that your organisation is taking measures against cyber crime.

cyber incident

A breach of the security rules for a system or service - most commonly;

  • Attempts to gain unauthorised access to a system and/or to data.

  • Unauthorised use of systems for the processing or storing of data.

  • Changes to a systems firmware, software or hardware without the system owners consent.

  • Malicious disruption and/or denial of service.

cyber security

The protection of devices, services and networks — and the information on them — from theft or damage.



data at rest

Describes data in persistent storage such as hard disks, removable media or backups.

data breach

Describes a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

denial of service (DoS)

When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests.

deny list

An access control mechanism that blocks named entities from communicating with a computer, site or network. Can also be known as 'blacklisting' across the industry.

dictionary attack

A type of brute force attack in which the attacker uses known dictionary words, phrases or common passwords as their guesses.

digital footprint

A 'footprint' of digital information that a user's online activity leaves behind.

domain controller

A server that responds to authentication requests and verifies users on computer networks. When users log into their domain, the DC checks their username, password, and other credentials to either allow or deny access for that user.

download attack

The unintentional installation of malicious software or virus onto a device without the users knowledge or consent. May also be known as a drive-by download.




A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.

end user device (EUD)

Collective term to describe modern smartphones, laptops and tablets that connect to an organisation's network.

ethical hacking

The use of hacking techniques for legitimate purposes – i.e. to identify and test cyber security vulnerabilities. The actors in this instance are sometimes referred to as ‘white hat hackers’.


The transfer of information from a system without consent.


May refer to software or data that takes advantage of a vulnerability in a system to cause unintended consequences.




Hardware or software which uses a defined rule set to constrain network traffic to prevent unauthorised access to or from a network.




General Data Protection Regulations. European legislation designed to prevent the misuse of data by giving individuals greater control over how their personal information is used online.




In mainstream use as being someone with some computer skills who uses them to break into computers, systems and networks.


A scrambled representation of a password or entry. The data is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm. This is a one-way process and virtually impossible to turn back to the original password. However it can be used to verify the entry as the same data, using the same algorithm, will have the same hash.

honeypot (honeynet)

Decoy system or network to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.




A breach of the security rules for a system or service, such as:

  • attempts to gain unauthorised access to a system and/or data

  • unauthorised use of systems for the processing or storing of data

  • changes to a systems firmware, software or hardware without the system owners consent

  • malicious disruption and/or denial of service

incident response plan

A predetermined plan of action to be undertaken in the event of a cyber incident.

insider threats

The potential for damage to be done maliciously or inadvertently by a legitimate user with privileged access to systems, networks or data.

internet of things (IoT)

Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions.




The removal of a device’s security restrictions, with the intention of installing unofficial apps and making modifications to the system. Typically applied to a mobile phone.



A type of software or hardware that tracks keystrokes and keyboard events to monitor user activity.


logic bomb

A piece of code that carries a set of secret instructions. It is inserted in a system and triggered by a particular action. The code typically performs a malicious action, such as deleting files.




A small program that can automate tasks in applications (such as Microsoft Office) which attackers can use to gain access to (or harm) a system.

macro virus

A type of malicious code that uses the macro programming capabilities of a document’s application to carry out misdeeds, replicate itself and spread throughout a system.

malicious code

Program code designed for evil. Intended to hurt the confidentiality, integrity or availability of an information system.


Using online advertising as a delivery method for malware.


Malicious software - a term that includes viruses, trojans, worms or any code or content that could have an adverse impact on organisations or individuals.

man-in-the-middle Attack (MitM)

Cyber criminals interpose themselves between the victim and the website the victim is trying to reach, either to harvest the information being transmitted or alter it. Sometimes abbreviated as MITM, MIM, MiM or MITMA.


An open source tool, publicly available from GitHub, which is able to extract passwords from system memory. This functionality allows criminals to search for admin credentials in order to escalate privileges. .


Steps that organisations and individuals can take to minimise and address risks.

multi-factor authentication (MFA)

An authentication method that requires the user to provide two or more verification factors to gain access, also known as Two Factor Authentication (2FA).



National Cyber Security Centre (NCSC)

Part of GCHQ. A UK government organisation set up to help protect critical services from cyber attacks.


Two or more computers linked in order to share resources.



Open source

Software that has their code listed as free to use, share, and modify.



packet sniffing

Also known as a packet analyser, protocol analyser or network analyser — is a piece of hardware or software used to monitor network traffic. Sniffers work by examining streams of data packets that flow between computers on a network as well as between networked computers and the larger Internet..

patching / patch management

Applying updates to firmware or software to improve security and/or enhance functionality.


The element of the malware that performs the malicious action – the cyber security equivalent of the explosive charge of a missile. Usually spoken of in terms of the damaging wreaked.


Short for penetration test. An authorised test of a computer network or system designed to look for security weaknesses so that they can be fixed.


An attack on network infrastructure that results in a user being redirected to an illegitimate website despite the user having entered the correct address.


A cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.


The basic hardware (device) and software (operating system) on which applications can be run.

proxy server

A go-between a computer and the internet, used to enhance cyber security by preventing attackers from accessing a computer or private network directly.






Malicious software that makes data or systems unusable until the victim makes a payment.


Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

remote access trojan (RAT)

Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.

remote desktop protocol (RDP)

A Windows feature that allows users to log onto a network from a remote computer. 


A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.


A network device which sends data packets from one network to another based on the destination address. May also be called a gateway.




The addition of a unique, random string of characters known only to the site to each password before it is hashed


Using electronic or physical destruction methods to securely erase or remove data from memory.

security policy

A rule or set of rules that govern the acceptable use of an organisation’s information and services to a level of acceptable risk and the means for protecting the organisation’s information assets.


Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.

social engineering

Manipulating people into carrying out specific actions, or divulging information, that's of use to an attacker.

software as a service (SaaS)

Describes a business model where consumers access centrally-hosted software applications over the Internet.


A more targeted form of phishing, where the email is designed to look like it's from a person the recipient knows and/or trusts.


Faking the sending address of a transmission to gain unauthorised entry into a secure system.


Spyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyber attacks.

SQL injection

This is a tactic that uses code injection to attack applications that are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.



threat assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.


A type of malware or virus disguised as legitimate software, that is used to hack into the victim's computer.

two-factor authentication (2FA)

The use of two different components to verify a user's claimed identity. Also known as multi-factor authentication.


The process of acquiring misspellings of a domain name in the hopes of catching and exploiting traffic intended for another website, for example (instead of



Unauthorised access

Any access that violates the stated security policy



Virtual Private Network (VPN)

An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.


Programs which can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.


A weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.



water-holing (watering hole attack)

Setting up a fake website (or compromising a real one) in order to exploit visiting users.


Highly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.


A list of entities that are considered trustworthy and are granted access or privileges.


A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.






Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.

Anchor A
Anchor B
Anchor C
Anchor D
Anchor E
Anchor F
Anchor G
Anchor H
Anchor I
Anchor J
Anchor K
Anchor L
Anchor M
Anchor N
Anchor O
Anchor P
Anchor R
Anchor S
Anchor T
Anchor U
Anchor V
Anchor W
Anchor Z
bottom of page