Cybersecurity Glossary
Decrypting the technical jargon of digital security. Find clear, concise definitions for all cybersecurity terms used across ROCyber Solutions services.
A
Adversary (Threat Actor)
Any individual or organization that conducts malicious activities (attacks) against a network or system. Threat actors use various methods (social engineering, malware, hacking tools) to gain unauthorized access or steal data.
Attack Surface
All the points where an unauthorized party could try to enter or extract data from an IT environment (e.g., open network ports, software vulnerabilities, user interfaces). Red team or penetration tests attempt exploits across the entire attack surface to identify security gaps.
Audit (Security Audit)
An independent examination of an organization’s IT systems and processes to assess security controls and compliance. A security audit reviews system configurations, access logs, and policies to detect weaknesses and recommend improvements. Audits can include vulnerability scans, configuration reviews, and compliance checks.
Automation (Automated scanning)
Using software tools to perform tasks like vulnerability scanning, log analysis, or phishing simulations without manual intervention. For example, vulnerability scanning tools automatically probe systems for known security flaws. Automation helps cover more ground quickly but must be guided by expert oversight.
B
Breach (Data Breach)
Any security incident in which unauthorized parties access confidential or sensitive information (such as personal data, financial records, or trade secrets). Examples include hacking into databases or mistakenly emailing customer records to the wrong recipient. Under GDPR and other laws, organizations often must notify authorities and affected individuals within a set time (e.g. 72 hours for GDPR).
Business Continuity (BC)
Planning and processes that keep a business running during and after a security incident or disaster. Although not explicitly detailed on ROCyber pages, BC (e.g., backups, failover systems) complements security measures to minimize downtime when an incident occurs.
C
Container Security
Practices that ensure software containers (lightweight virtualized environments for running applications) are configured and updated securely. This includes minimizing the host kernel’s attack surface, using only trusted container images, and following best practices for container orchestration (like Kubernetes). Container security configuration helps prevent attackers from exploiting containerized services.
Compliance (Regulatory Compliance)
Adherence to laws and standards governing data protection and cybersecurity. Examples include GDPR (EU data protection law), ISO/IEC 27001 (information security standard), PCI DSS (payment card data security), HIPAA (health data privacy). Compliance checks involve reviewing policies, controls and processes to ensure they meet these standards.
Configuration Review
A systematic check of system settings, network devices, and software configurations against security best practices. Misconfigurations (such as open ports, default passwords, or overly permissive access) are common vulnerabilities. A technical audit often includes configuration reviews to „detect configuration weaknesses”.
Container (Software Container)
A packaging technology (e.g. Docker) that bundles an application together with its dependencies. While convenient, containers must be secured (e.g. with image scanning and runtime protections) because misconfigured containers can expose internal resources.
CISO (Chief Information Security Officer)
The executive responsible for an organization’s information and cybersecurity strategy. The CISO oversees security teams (SOC, IT security, etc.) and ensures that policies, technologies, and procedures protect the company’s data and comply with regulations.
D
DPA (Data Processing Agreement)
A legally binding contract between a data controller (organization collecting data) and a data processor (third-party service handling that data). The DPA specifies each party’s responsibilities for protecting personal data (encryption, access controls, incident reporting, etc.) to ensure GDPR compliance.
DPIA (Data Protection Impact Assessment)
A formal process required under GDPR for high-risk data processing. A DPIA systematically identifies and addresses privacy risks when handling personal data (e.g. using sensitive data, large-scale profiling). It documents potential impacts on individuals and plans for mitigating them.
DPO (Data Protection Officer)
A GDPR role (may be internal or external) tasked with overseeing data protection compliance. A DPO provides expert guidance on privacy law, monitors processing activities (like DPIAs), and ensures data-handling complies with GDPR and related laws. Organizations must appoint a DPO when they process large volumes of sensitive data or are public bodies.
Dark Web
A portion of the Internet accessible only through special software (e.g. Tor). Cybercriminals use the dark web for illicit activities like selling stolen data or illegal services. Threat intelligence operations may „monitor the dark web” for leaked credentials or attack discussions.
Data Controller
In GDPR, the person or organization that determines why and how personal data is processed. The controller is ultimately responsible for GDPR compliance (even if processing is outsourced).
Data Processor
In GDPR, the party (company or service) that processes personal data on behalf of a controller. Processors must be bound by a Data Processing Agreement (DPA) and follow the controller’s instructions to protect data.
Data Protection by Design (and by Default)
An EU privacy principle requiring systems be built with data protection in mind from the start. It means implementing security measures (encryption, access controls) and limiting data collection to what is strictly necessary, ensuring privacy is the default configuration (e.g., no personal data shared unless explicitly needed).
Data Processing
Any operation performed on personal data (collection, storage, usage, sharing, deletion, etc.). GDPR applies only when personal data is processed.
Data Retention
How long an organization keeps personal or business data. GDPR requires that personal data be stored no longer than necessary for its purpose (Article 5 principle). A retention review examines whether each type of data is kept in accordance with legal and business requirements.
Data Subject
An individual whose personal data is processed by an organization (often customers, employees, website visitors). Under GDPR, data subjects have specific rights (see below).
Data Subject Rights
Legal rights granted under GDPR to individuals (data subjects) about their personal data. Key rights include the right to access their data, correct it, erase it („right to be forgotten”), restrict processing, and obtain a copy (data portability). Organizations must facilitate these rights and respond to requests.
DNS (Domain Name System)
The Internet’s address book that translates human-readable domain names (e.g. example.com) into IP addresses. Not explicitly defined on ROCyber, but relevant to domain reputation tools.
E
Encryption
The process of encoding data so that only authorized parties can read it. Common uses are protecting data in transit (e.g. via SSL/TLS for websites) or at rest (encrypted hard drives). Strong encryption is essential to GDPR compliance and general security (e.g., GDPR requires „appropriate encryption” for personal data).
Endpoint
Any device (PC, smartphone, server) that connects to a network. Endpoints can be targets for attacks and often have agents installed for security monitoring (logs, antivirus, EDR, etc.).
Endpoint Detection and Response (EDR)
Security software installed on endpoints to monitor, detect, and respond to suspicious activities. EDR tools collect endpoint logs and can isolate or remediate threats automatically.
Executive Summary
A high-level overview of security findings and recommendations intended for management. This term appears on ROCyber pages (e.g., Phishing Simulations include executive summaries) but is a general business term meaning a concise report of key results.
Extended Detection and Response (XDR)
A security approach that correlates and analyzes data from multiple sources (endpoints, networks, cloud, email) for unified threat detection and response. Mentioned in SOC context.
F
Files Integrity Monitoring (FIM)
A security technique that scans critical files and directories to detect unauthorized changes. ROCyber’s Technical Audit mentions „Filesystem integrity monitoring”, a form of FIM, which helps detect tampering or malicious modifications of system files.
Firewall
A network security device (hardware or software) that filters inbound and outbound traffic according to security rules. It is fundamental security infrastructure, though not specifically defined on ROCyber pages.
HIPAA (Health Insurance Portability and Accountability Act)
A U.S. law for protecting health information privacy and security. Mentioned as an example of a security/compliance standard. For example, technical audits can help meet HIPAA requirements, and user risk training may highlight HIPAA-sensitive scenarios.
HTTPS/SSL/TLS
HTTPS (HTTP over SSL/TLS) is the encrypted protocol for secure web traffic. SSL and its successor TLS are cryptographic protocols that protect data in transit (e.g., website logins) by encryption. ROCyber’s Security Check includes an „SSL/TLS Test” to check a site’s certificate quality.
I
IDS (Intrusion Detection System)
A security tool that monitors network traffic or system activity for malicious patterns or violations of security policies. An IDS alerts administrators to potential intrusions but does not block traffic. (Modern solutions often integrate IDS with SIEM to correlate alerts).
Incident (Security Incident)
Any event that threatens the confidentiality, integrity, or availability of data or systems (e.g., detected breach, virus outbreak). Incident response refers to the process of identifying, containing, eradicating, and recovering from such events.
Incident Response (IR)
The coordinated approach to handling security incidents. It includes preparation (plans and tools), detection, containment, eradication of threats, recovery of systems, and post-incident review. ROCyber offers incident response planning and drills (tabletop exercises) in its Security Advisory services.
IOC (Indicator of Compromise)
Digital evidence that suggests a breach or malicious activity. Examples include suspicious IP addresses, domain names, file hashes, or registry changes associated with malware. IOCs are used in threat hunting and SIEM correlation to detect ongoing or past attacks.
ISO/IEC 27001
An international standard for an information security management system (ISMS). It provides a framework for managing sensitive company information through risk assessment and security controls. ROCyber mentions ISO 27001 when describing audit services (e.g., audits cover compliance with ISO 27001).
IT (Information Technology)
The technology of computers, networks and software in use by an organization. ROCyber solutions support IT and security teams to secure these systems.
J
Jailbreak
The process of removing software restrictions imposed by the device manufacturer, often to gain unauthorized access to a device’s full capabilities, which can introduce security risks.
JSON (JavaScript Object Notation)
A lightweight data-interchange format that is easy for humans to read and write and easy for machines to parse and generate. Commonly used in APIs and web communications.
JWT (JSON Web Token)
A compact, URL-safe token format used for securely transmitting information between parties as a JSON object. Commonly used in authentication and authorization to verify users without storing session data on the server.
K
Keylogger
A type of malware or hardware device that records keystrokes on a keyboard to capture sensitive information such as passwords or credit card numbers without the user’s knowledge.
Kerberos
A network authentication protocol designed to provide secure authentication for users and services within a network using secret-key cryptography and tickets.
Kill Chain
A model describing the stages of a cyberattack, from initial reconnaissance to achieving the attacker’s objectives, used to identify and disrupt attacks early.
L
Least Privilege
A security principle ensuring that users and processes have only the minimum access rights needed to perform their tasks. This reduces the risk of unauthorized access or accidental misuse.
Log Management
The process of collecting, storing, and analyzing log data from devices and applications. Effective log management is essential for incident detection, forensic analysis, and regulatory compliance.
Machine Learning (ML)
A branch of artificial intelligence where systems learn patterns from data to make decisions or detect anomalies. ML is used in security to identify unusual behavior or emerging threats automatically.
Malware
Any malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Examples include viruses, ransomware, spyware, and trojans.
Metric (Security Metric)
A measurement used to evaluate aspects of security performance, such as incident response time or phishing click rates. Metrics help track improvements and identify weak points.
MITRE ATT&CK
A globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs). Security teams use it to understand attacker behavior and improve detection and response.
Load Balancer
A device or software that distributes network or application traffic across multiple servers to increase reliability and performance.
Logic Bomb
A malicious code triggered by specific conditions or events, designed to disrupt system operation or cause damage.
M
Man-in-the-Middle (MITM) Attack
An attack where the attacker secretly intercepts and possibly alters communication between two parties without their knowledge.
Multi-Factor Authentication (MFA)
A security mechanism requiring users to provide two or more verification factors to gain access, improving protection beyond passwords alone.
Mobile Device Management (MDM)
Software solutions that allow organizations to monitor, manage, and secure employees’ mobile devices remotely.
Mutex (Mutual Exclusion)
In malware context, a technique used to prevent multiple instances of a malicious program from running simultaneously on the same system.
N
NDA (Non-Disclosure Agreement)
A legal contract that ensures confidentiality between parties. NDAs are often used in security audits and consulting engagements to protect sensitive information.
NIS2 (Network and Information Security Directive 2)
An EU directive that sets cybersecurity requirements for critical infrastructure sectors. It mandates risk management and incident reporting to strengthen cybersecurity across member states.
Network Segmentation
The practice of dividing a network into multiple segments or subnetworks to improve security and limit the spread of attacks.
Nonce
A random or unique number used once in cryptographic communication to prevent replay attacks.
O
Open-Source Intelligence (OSINT)
Publicly available information (such as websites, forums, social media) collected and analyzed to support threat intelligence and security investigations.
Operations (Security Operations)
Ongoing activities aimed at monitoring and protecting an organization’s digital assets from cyber threats, including log analysis, alert management, and incident response.
OAuth
An open standard for access delegation commonly used to grant websites or applications limited access to user information without exposing passwords.
Obfuscation
The process of making code or data difficult to understand or analyze, often used by malware authors to evade detection.
P
Penetration Test (Pen Test)
A controlled, simulated attack performed by security professionals to identify and exploit vulnerabilities, demonstrating potential risks in real-world scenarios.
PCI DSS (Payment Card Industry Data Security Standard)
A set of security standards designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment.
Phishing
A social engineering attack where attackers impersonate trusted entities to trick individuals into revealing sensitive information or installing malware.
Phishing Simulation
A training exercise where fake phishing emails are sent to employees to measure and improve their ability to recognize and respond to phishing attempts.
Physical Security Testing
Assessments that simulate attempts to bypass physical security controls, such as unauthorized facility access, to identify vulnerabilities in physical protections.
Privilege Escalation
The act of gaining higher access rights than initially authorized, often exploited by attackers to control systems or access sensitive data.
Privacy Policy
A document that explains how an organization collects, uses, and protects personal data, often required to comply with privacy laws like GDPR.
Proxy Server
An intermediary server that separates end users from the websites they browse, often used to improve security, privacy, and performance.
Patch Management
The process of identifying, acquiring, testing, and installing software updates (patches) to fix vulnerabilities or bugs in systems.
Q
QR Code
A type of barcode that stores data such as URLs or other information, which can be scanned by mobile devices to perform actions or navigate to websites.
Quarantine
The isolation of suspected malware files or compromised devices to prevent the spread of infection within a system or network.
Queue
A data structure or mechanism that stores items or tasks to be processed in order, often used in incident ticketing or alert handling systems.
R
Red Team
A group of security professionals who simulate realistic attacks on an organization’s systems to test defenses and identify weaknesses before attackers do.
Remediation
The process of fixing or mitigating identified security issues to reduce risk and improve the security posture.
Reporting (Risk Reporting)
The generation of reports that summarize security findings, incidents, and risk assessments to inform stakeholders and guide decision-making.
Risk (Cyber Risk)
The potential for loss or damage when a threat exploits a vulnerability, often assessed by likelihood and impact to prioritize mitigation efforts.
Roadmap (Security Roadmap)
A strategic plan outlining steps and timelines for improving an organization’s security posture over time.
ROI (Return on Investment)
A financial metric measuring the benefit or value gained relative to the cost of a security investment or project.
S
SIEM (Security Information and Event Management)
A platform that collects, analyzes, and correlates security event data from across an organization to detect threats and support incident response.
SIEM Agent
Software installed on devices that collects and forwards log data to the SIEM system for centralized analysis.
SIEM Rules (Correlation Rules)
Predefined patterns within a SIEM that identify combinations of events that may indicate security incidents, triggering alerts.
SIEM/SOAR
Security Orchestration, Automation, and Response (SOAR) integrates with SIEM to automate detection, investigation, and response workflows.
SOC (Security Operations Center)
A centralized team or facility that monitors and manages an organization’s security posture, detecting and responding to threats 24/7.
Social Engineering
Manipulating individuals into divulging confidential information or performing actions that compromise security, often via phishing or pretexting.
SOAR (Security Orchestration, Automation, and Response)
Software that automates and coordinates security processes to improve incident response efficiency and reduce manual workload.
Spam
Unsolicited bulk email messages often used for advertising or phishing attacks.
SPF (Sender Policy Framework)
An email validation protocol that helps prevent spoofing by verifying that incoming mail from a domain comes from authorized servers.
Spyware
Malware that secretly gathers information about a user’s activities without their consent.
SQL Injection
A web application attack where malicious SQL code is inserted into input fields to manipulate databases and extract or modify data.
Supply Chain Attack
An attack targeting less-secure elements in the supply chain to compromise a final target, often by infiltrating trusted software or hardware providers.
T
Threat
Any potential cause of an unwanted incident that may harm a system or organization.
Threat Hunting
Proactive searching through networks and datasets to detect advanced threats that evade automated detection.
Threat Intelligence
Information about threats and threat actors that helps organizations understand and prepare for cyber risks.
Tokenization
The process of substituting sensitive data with non-sensitive placeholders (tokens) to protect information in storage or transit.
Two-Factor Authentication (2FA)
A security process that requires two different forms of identification before granting access, such as a password plus a code from a mobile app.
Threat Modeling
A structured approach for identifying, enumerating, and prioritizing potential threats to a system or application during its design and development.
Transport Layer Security (TLS)
A cryptographic protocol that provides secure communication over a computer network, widely used for HTTPS websites and email.
U
UDP (User Datagram Protocol)
A communication protocol used across the Internet that allows sending messages without guaranteed delivery, often used in streaming or gaming.
Uptime
The amount of time a system or service is operational and available, often measured to evaluate reliability.
User Behavior Analytics (UBA)
Technology that analyzes patterns of user behavior to detect insider threats or compromised accounts based on anomalies.
URL Filtering
A security technology that blocks access to malicious or inappropriate websites based on URL categories or blacklists.
V
Vulnerability
A weakness in a system that can be exploited to compromise security.
Vulnerability Assessment
A systematic review of security weaknesses in an IT system to identify, classify, and prioritize vulnerabilities.
VPN (Virtual Private Network)
A service that encrypts your internet traffic and hides your IP address to provide secure, private communications over public networks.
Virus
A type of malware that attaches itself to legitimate programs or files and spreads to other systems, often causing damage or disruption.
W
WAF (Web Application Firewall)
A security device or software that filters, monitors, and blocks HTTP traffic to and from a web application to protect against attacks like SQL injection and cross-site scripting.
Whitelist
A list of trusted entities (IPs, applications, users) allowed to access a system or network, blocking all others by default.
Watering Hole Attack
A targeted attack where the attacker infects websites frequently visited by a particular group to compromise its members.
Weak Password
A password that is easy to guess or crack, often due to simplicity, common usage, or lack of complexity, increasing vulnerability to unauthorized access.
X
XSS (Cross-Site Scripting)
A security vulnerability where an attacker injects malicious scripts into trusted websites, executed in users’ browsers to steal data or perform actions on their behalf.
XDR (Extended Detection and Response)
An advanced security approach integrating multiple security products to provide holistic detection, investigation, and response across endpoints, networks, and cloud environments.
Y
YARA
A tool aimed at helping malware researchers identify and classify malware samples by creating descriptions of malware patterns.
Z
Zero-Day
A previously unknown vulnerability that attackers exploit before the vendor can issue a patch or fix.
Zero Trust
A security model that assumes no user or device is trustworthy by default, enforcing strict verification for all access requests regardless of origin.
Zombie
A compromised computer controlled remotely by an attacker, often part of a botnet used to conduct DDoS attacks or send spam.
Need More Security Insights?
Explore our services to strengthen your cybersecurity posture with professional assessments, training, and protection solutions.
View Our Services