Skip to content

Glossary of cyber security terms

Cyber security is a broad, multi-disciplinary profession. While not everything in cyber security is technical, the profession has developed and/or uses an extensive vocabulary of terms to describe many of the concepts associated with it.




Access Control

Configuring systems in order that individuals and other systems accessing them are able to carry out only the functions they should be allowed to, and no more. See also Least Privilege.

Access Control List (ACL)

A setting in a network device that dictates where it's allowed to pass traffic to and from.

Access Point (AP)

The "landing point" of a Wireless Local Area Network: the AP is the entity to which each device on the wireless network connects directly. Some APs are autonomous and do all the work of interacting with the client devices (often called "fat APs") while others ("thin APs") are little more than radios that channel the traffic back to a central control point. Thin APs are better from a security point of view because everything's controlled centrally, which makes management easier and hence less error-prone.

Account Management

The addition, modification and deletion of user on systems and applications.


Being the one who has to get something done. The accountable person is where the buck stops in the event of failure. Only one person can be accountable for any one task or goal.


Formal recognition by an assessor that an individual or organisation has attained an agreed, recognised standard of qualification, behaviour or adherence to specific definitions and/or standards. As a verb, the action of the assessor awarding an accreditation. In the sense of the UK Cyber Security Council, a quality assurance process recognising the minimum standards required for the quality of an educational curriculum.


Adjective describing an organisation that has been awarded an Accreditation. Also, an adjective for an entity (for example a programme, course or training scheme) that has been independently assessed as meeting published requirements such as learning outcomes or standards of competence or other.

Active Learning

Training or education that involves the student in activities other than merely listening; active learning concepts include taking part in Collaborative Learning or doing exercises that are evaluated by the tutor or by a computer system.

Ad Hoc Network

A network - frequently based on Wireless Local Area Network technology - in which the owners of the devices in the network configure their own devices to communicate with each other. There's no central control over who can be a part of it, and hence it's hard to secure one. Ad Hoc networks are to be avoided in organisational networks, and you should use whatever tools are at your disposal to try to prevent devices that are on an ad-hoc network to connect into your corporate systems.

Adaptive Testing

A type of computer-based training in which the system delivering the material to the student adapts the material to suit the student based on (for example) how well the student scores on particular subject areas in Examinations or how long the student takes to answer particular types of question.

Administrative Account

A high-privilege login account that is able to do more than a normal user. System administrators use them to reconfigure systems, create and delete normal user accounts, and so on.

Advanced Encryption Standard (AES)

A Cryptography algorithm based on a symmetric block cipher, that is generally regarded as one of the best you can use (though see also Elliptic Curve Algorithm).

Advanced Persistent Threats (APT)

Deliberate, considered attacks on your security by outsiders who are determined to get into your system and who will try any number of different attacks in order to get in. If you think you have an APT going on you should look into it, because unlike most attackers they will spend significant time and effort attempting to breach your defences.


A notification put out by security consultancies, law enforcement agencies and the like to tell the world about a security problem they've come across which they think worthy of warning people about. It is wise to take the time to read them, as they're free information about attacks that may be beating on your door any time soon.


A notification from your security systems that someone is trying to break in (or, perhaps, has already done so).

Allow List

The opposite of a Block List in which a system permits connections only from the remote systems that appear in a specific list or database. Much more reliable than a Block List for keeping out nefarious connections because it will deny access by default to attackers' machines, but more time-consuming to manage. Traditionally called a Whitelist.

Anti-Malware Software

Synonymous with Anti-Virus Software.

Anti-Virus Software

Software which scans the files going in and out of your computer systems and tries to spot hidden software that is designed to cause damage or theft of data.


An individual or organisation seeking to obtain something. In the sense of the UK Cyber Security Council this could be an organisation seeking to be admitted to the Council or an individual applying to be admitted to the Council's register of security professionals.


A program that runs on a computer.


A regime of education which combines classroom and off-line study with on-the-job, practical, hands-on training.


A qualification, training scheme or course that is recognised as satisfying the minimum required standard by an organisation.


Something you own, and hence something that could be compromised or simply stolen. Note that a piece of information can also be classed as an asset, in the same way as a physical object.


A level of membership of an organisation below that of full membership, that confers only partial rights and privileges. In the sense of the UK Security Council, an organisation that is a member of the Council but does not have all the rights given to a full member organisation.

Asymmetric Cryptography

Largely synonymous with Public Key Cryptography - where the key used to decrypt something is different from the one that was used to encrypt it.

Attack Signature

The pattern of events that take place in order to perpetrate an attack on a computer system. Often, an intrusion involves several steps, and if one can establish out the sequence of steps then one can see whether two attacks are similar and hence may have been from the same source.


An assessment of an organisation's operation against one or more specified standards. Internal audits, often called first-party audits, are conducted as self-assessments by the organisation itself; external, or third-party audits, are conducted by an independent assessor from outside the organisation.

Audit Log

A system or application log that stores details of what people have been doing on the application/system it applies to, which is invaluable both for general monitoring and, in particular, for forensic analysis in the event of a problem.

Audit Trail

The next level up from an Audit Log: an audit trail is a chronology of events but is generally more human-readable than an Audit Log. The latter is system-generated and hence can be cryptic; the audit trail is built by a human being using sources such as the audit log and is written to be readable by non-technical people.


Confirming the identify of an individual who is trying to connect to and use a computer system.


One of the three pillars of security: CIA. It's all about ensuring that systems are up, running, accessible and not overloaded in order that the data and applications the users need are all usable. Denial of Service attacks are a common way of attempting to deny the availability of services.



Back Door

An unofficial means to access a system or application - one that's not officially supported and doesn't form part of the accepted or tested design, but which was inserted by one or more of the developers to provide a means of side-stepping the formal security mechanisms.


A copy of part or all of the content of a system that is stored safely in order that should the system fail (or should the Integrity of the contents be compromised) the system can be restored to service by copying the content from the backup.


Monitoring your systems' behaviour to establish what looks normal, so that your security systems can Alert you if they detect abnormal behaviour.

Bastion Host

A device in your network that you put in front of the Internet connection in order to fend off or absorb attacks.


A characteristic of your body which, in the context of cybersecurity, can be used to identify you; examples are your irises and your fingerprints.

Black Box Testing

Security testing of a system where the tester has no information about the system's design, implementation or security mechanisms. The opposite of White Box Testing.


Synonymous with Block List, the term "Blacklist" is widely falling into disuse following the growth of the Black Lives Matter movement.

Block Cipher Algorithm

An Encryption Algorithm (and an associated Decryption Algorithm) that operates on fixed-size chunks of data at a time.

Block List

A list or databases of users, systems, companies, etc. that are specifically prohibited from accessing a system (e.g. an email server would reject inbound email from any domain that was on the organisation's Block List).

Blue Team

A security testing team that focuses on analysing systems and designing new or improved security mechanisms to defend the systems from attack. See also Red Team.


A highly intensive approach to training in which students are exposed to a high level of material in just a few days (typically around a week) but with a high number of hours per day in the classroom.


The "edge" of a system or network, where it connects to another system or network. For example, the firewall providing connectivity between the Local Area Network and the internet is part of the Boundary.

Brute Force Attack

A means of trying to figure out the password of a particular login account for a system. It's the simplest cracking program to write because you just have to loop through every possible password or through every entry in an extensive list of potential passwords. Trouble is, trying every possible combination takes a long time. Brute Force attacks work best not by trying to log into a remote system bazillions of times (each connection can take several seconds - which adds up when trying several million passwords) but by breaking in and stealing the password file and running the cracker against it on a nice fast machine.

Buffer Overflow

A technique for hacking systems that injects more characters into a request than should be permitted, either causing the system to crash or injecting code into the target system to change its behaviour. Buffer Overflow attacks are generally possible because of poor design and coding techniques when systems are built.

Business Continuity Plan (BCP)

A framework and procedure set that you build in order to maximise your chances of recovering from a business-impacting incident (which could include a security breach or some such).

Business Impact Analysis (BIA)

An assessment of all of your systems to estimate the negative effect on the organisation of a system being compromised or disabled.



A student in a training course and/or an individual sitting a related test or Examination.

Career Pathway

The expectations, skills and development required for a professional specialism or area of practice along with details on progression through different roles.

Certificate Management

The regime of creating, storing and managing.

Certificate Revocation List (CRL)

A list of digital certificates that have been revoked by their Certification Authority. It's particularly important for your software to check the CRL because it's there precisely to tell you that a certificate i no longer acceptable - perhaps its host was compromised and the private key stolen, for instance.


The award of a formally recognised qualification or title to an individual or an organisation by a recognised body such as an examination board or a professional body.

Certification Authority (CA)

A respected organisation that issues digital certificates, which you can attach to your Web servers in order to prove your organisation's identity.


Synonymous with Approved.

Chain of Evidence

A definitive, provable sequence of events and/or actions that you use to demonstrate to a court or tribunal, or your HR department, that conclusively demonstrates what occurred in a security breach. It should be possible to step through your Chain of Evidence from beginning to end and demonstrate that none of the evidence could have been tampered with or illicitly seen at any stage.


A basic means of authentication, where a system requests action from the user, and the user responds - for example, a system requesting a user's password and the user entering it.

Charitable Incorporated Organisation

A type of registered business designed for, and only available to, charitable organisations in the United Kingdom, and assigned by the Charity Commission.


See Royal Charter.


In the sense of an individual, see Chartered Status. In the sense of an organisation, the holder of a Royal Charter. In the context of the UK Cyber Security Council, an adjective describing individuals who are on the Council's Register as having achieved one of the its professional titles.

Chartered Status

The state of having been awarded a recognised qualification by a professional body that is the holder of a Royal Charter.


A calculation that's used to confirm the Integrity of a collection of data: a calculation is performed on all the individual bytes of data and the result is the checksum. Checksums are good for checking for corruption but less so for ensuring that the data has not been tampered with, because it's often possible to change the data so that the checksum works out correctly; use a Hash Function instead in the latter case.

Chief Information Officer (CIO)

The head of information services within an organisation; the individual responsible for information processing and IT systems from a business-oriented point of view. Sometimes the CIO is also responsible for the underlying infrastructure in a raw technical sense, but often the latter is the remit of the Chief Technology Officer.

Chief Information Security Officer (CISO)

The head of information security and cyber security in the organisation.

Chief Technology Officer (CTO)

A senior executive who oversees the technology and engineering aspects of the organisation.


Confidentiality, Integrity and Availability: the three core pillars of cybersecurity.


Synonymous with Encryption Algorithm.

Cipher Text

The result of running Plain Text through a Cipher or Encryption Algorithm.

Classified Information

Highly confidential information that pertains to, for example, national security.

Clear Text

Unencrypted information.


Formal certification, generally from a government agency, that permits one to work with Classified Information. Required for many government-related jobs.

Cloud Computing

A technology setup in which a third party owns and manages the infrastructure whose resources are then consumed by other organisations.

Code of Conduct (CoC)

A set of guidelines used by an organisation to regulate the behaviour of its members with a focus on compliance and rules. in the sense of the UK Cyber Security Council, each licensed body must have its own Code of Conduct.

Code of Ethics

A set of principles designed to help professionals and/or members of an organisation or professional body conduct business honestly, transparently and with integrity.

Collaborative Learning

Training or education in which the students work together to enhance the value of the learning by sharing experiences and ideas.


An instance in which an encryption or Hash Function produces the same output for two or more given sets of input.


The act of actively engaging to comply with the requirements of an organisation along with other requirements such as behaving appropriately in society in general or engaging in Continuing Professional Development.

Company Limited by Guarantee

A type of limited company registered with Companies House that is commonly used by not-for-profit organisations.

Common Vulnerability Scoring System (CVSS)

An industry standard for assessing the severity of a Vulnerability on a computer system and representing it as a "score" between 0 (no risk) and 10 (severe risk).


See Competency.


The proven or demonstrated capacity of an individual to carry out a specific function or functions using their know-how, skills, qualifications and/or knowledge. In the sense of the UK Cyber Security Council, a part of the requirements that must be demonstrated in order to be admitted to the Council's Register; maintaining competence is required of registered cyber security professionals. See also Continuing Professional Development.

Competency-Based Training

Training or education that is oriented toward teaching specific skills to a high level of ability rather than covering a wide range of skills to a lesser extent. Success is measured by evaluating the student's ability to carry out specific tasks to a given standard.


The level to which systems and security are operated in accordance with documented standards, policies and procedures.


A successful penetration into a system by a hacker despite the security mechanisms defending it.

Computer Emergency Response Team (CERT)

A team that exists to provide response and recovery from a computer or cyber security incident. Because the abbreviation "CERT" is a registered trademark in the US, terms such as Computer Incident Response Team or Cyber Security Incident Response Team are often used instead.

Computer Incident Response Team (CIRT)

See Computer Emergency Response Team.

Computer-Based Training (CBT)

Training or education that is delivered by the student accessing the materials via a computer or similar device (such as a tablet) rather than by interacting with an instructor. CBT is not Online Instructor-Led Training as there is no interaction with a human teacher.

Configuration Management

A regime of recording, monitoring and regularly verifying the configuration of systems and applications to verify that changes that are made do not have unexpected security consequences.

Conflict of Interest

A set of circumstances that create a risk that professional judgement or actions regarding a primary interest will or could be unduly influenced by a secondary interest.


The presence, on a system, of applications or data that should not be there.

Contextualised Standard

A standard that has been tailored to cater for the specific requirements of an organisation whilst still upholding all of the core general requirements of the standard.

Continuing Professional Development (CPD)

Largely synonymous with Professional Development, CPD is the common term for the measure of the ongoing development undertaken by an individual to maintain a current and relevant level of practice. "CPD credits" are the common units of measurement: one credit generally equates to one hour of attendance at a seminar or conference, for example.

Continuous Professional Development (CPD)

See Continuing Professional Development.


A token embedded into Web pages that let the owner of the site you're connected to track your progress, remember who you're logged in as, and so on.


An action, application or device that reduces a security threat in a system or application.

Critical National Infrastructure (CNI)

An organisation that is core to the underlying operation of a nation or principality, for which an outage or a cyber attack would have potentially massive implications on the operation of the country. This includes the power companies, water providers, telecoms providers, government IT infrastructure, health service, rail and road infrastructure operators and the owners/operators of the major ports and airports.

Cross Certificate

A certificate issued by a Certification Authority to sign the certificate of another Certification Authority.

Cross Site Scripting (XSS)

One of the most common vulnerabilities in web sites, and one that is straightforward to avoid with diligent development techniques.


The study of the mathematics and other techniques involved in Cryptography.

Cryptographic Key

The third element (of three) when encrypting data: one takes an Encryption Algorithm and combines it with a Cryptographic Key to transform Plain Text into Cipher Text.

Cryptographic Strength

The level of difficulty in breaking a cryptographic system: a high cryptographic strength means the cipher is very difficult to break.


The discipline of transforming data from its raw form into a form where it cannot easily be read by unauthorised individuals.


The Cyber Security Qualifications Framework, as defined by the UK Cyber Security Council.

CSQF Endorsed

A qualification in cyber security that is CSQF Recognised and also carries the recommendation of the governing body of the CSQF.

CSQF Recognised

A qualification in cyber security that has been formally acknowledged as satisfying the requirements of the CSQF. See also CSQF Endorsed.

Cyber Security

The defence of information held and processed on digital systems against unauthorised access, damage or misuse. It includes the protection of the hardware, software and associated infrastructure, the data that is held, and the services provided, and encompasses both technical and non-technical defence mechanisms. Cyber security is defined by ITU-T Recommendation X.1205.

Cyber Security Incident Response Team (CSIRT)

See Computer Emergency Response Team.

Cyber Security Profession

The Profession encompassing all roles whose holders are focused primarily on the Cyber Security of the organisations for (or with) which they work.

Cyber Security Qualifications Framework (CSQF)

The framework observed by the UK Cyber Security Council in managing and regulating the qualifications and certifications that can be attained under the Council's auspices.


The area of organisational risk that derives from the operation of IT systems.


The Cyber Security Body of Knowledge, a comprehensive collection of material collated from a variety of recognised experts and organisations, to inform and underpin education and professional training for the cyber security sector. CyBOK is detailed at

Cyclic Redundancy Check (CRC)

A means of error checking data by computing a function against the transmitted and received versions of data and comparing the results. Similar to a Checksum.



Data Encryption Standard (DES)

A symmetric encryption algorithm (known commonly as "DES") devised in the 1970s; superseded by Triple DES.

Data Leakage Prevention (DLP)

Software that prevents information that shouldn't be leaving your systems from doing so - for instance by scanning the content of outbound email or files being copied to a USB stick.


To convert Cipher Text into Clear Text using a Decryption Algorithm.

Decryption Algorithm

The opposite of an Encryption Algorithm.

Defence in Depth

Employing several layers of protection to improve your chances of preventing someone from breaking into your systems - so if they breach the outermost layer of security they then have several more different types of protection to breach before they can access your systems.

Deleted File

A file on a computer that the user thinks has been deleted but which probably hasn't: unless you specifically use the "secure delete" function if there is one, deleting a file usually just leaves it there but takes its entry out of the directory. Very useful if you delete something by mistake as you can get utilities to recover "deleted" files, but less useful if you lose your disk because anyone else can also get utilities to recover "deleted" files. See also Zeroisation.

Demilitarised Zone (DMZ)

A network that sits between the Internet and the secure LAN, in which you put services such as Web and email servers.

Denial of Service

An attack that bombards a system with connections to keep it so busy that it is unable to accept legitimate connections. See also Distributed Denial of Service instead.


A development regime in which the Operations and Security teams work with the Development teams throughout the project in order that the security team can provide constant, ongoing feedback to help developers get the operations and security aspects of the system right.

Digital Signature

An electronic means of proving that a document you've sent someone really is for you. Generally based on Public Key Cryptography.

Disaster Recovery Plan (DRP)

Like a Business Continuity Plan but with a focus on the technical aspects of getting systems back up in the event of a severe security attack or outage.


A specific area of practice with a discrete, definable body of knowledge. See also Specialism.

Disk Imaging

The technique of taking an exact copy of a computer's hard disk in order to preserve evidence and/or allow for forensic investigation without risking damaging the original and hence invalidating the Chain Of Evidence.

Distributed Denial of Service (DDoS)

A security attack whereby the attacker exploits dozens, hundreds of thousands of systems around the world to target simultaneous attacks against a single organisation. It relies on the attacker being able to get a piece of [Malware] onto those worldwide systems. The idea of DDoS is that the collective bandwidth and processing power of the machines doing the attack far exceed the bandwidth and processing power of the attacked organisation. See also Denial of Service.


The range of individual differences amongst a community, where each individual is recognised to be unique and the differences may be in terms of race, ethnicity, gender, sexual orientation, socio-economic status, age, disabilities, religious beliefs, political beliefs, or other ideologies.


Easter Egg

Hidden code within computer software that does something that doesn't form part of its normal operation. Sometimes this is officially included by the vendor, but is sometimes illicit in order to provide a Back Door.

Eavesdropping Attack

An attack in which the attacker listens passively to supposedly secret transmissions in order to perpetrate an attack.

Egress Filtering

Filtering outbound network traffic so that, for example, data marked as "internal use only" is not exfiltrated from the organisation's systems.


Education or training that uses computer technology to enhance the learning materials to provide a richer and more effective learning experience than would be possible with paper-based materials.

Elliptic Curve Algorithm

The current favourite (i.e., believed to be most secure) type of Encryption Algorithm.

Elliptic Curve Cryptography (ECC)

Cryptography that is based upon the use of Elliptic Curve Algorithms.


To convert Clear Text into Cipher Text using an Encryption Algorithm so that it can’t be read by someone you don't want to see it.

Encryption Algorithm

The mechanism used to Encrypt data, which is usually based on a mathematical formula.


Where two parties lodge, with a third party, something that's important to both of them but which the recipient can't be certain to be able to get from the provider. Code escrow is a common concept: if company B builds a bespoke piece of software for company A, it's common for both parties to agree to lodge a copy of the source code "in Escrow" with party C, who is trusted to release that source code to company A only in the event that company B goes out of business.

Ethics Committee

A body comprising independent, impartial and multi-disciplinary individuals whose purpose within an organisation is to oversee the implementation and running of the organisation's according to the organisation's own ethical policies/guidelines and/or accepted best practice in the field of ethics. The Ethics Committee may also conduct, oversee or advise on investigations or disciplinary proceedings where ethical concerns are involved.


An occurrence relating to security that's sufficiently interesting that you think it's worth recording for later reference or reporting.

Evidence-based training

Training that covers a number of core areas of competency, and which unlike Competency-Based Training is evaluated by examining the student's ability to perform simultaneously across the range of competencies rather than one at a time.


A formal test that is undertaken by a Candidate to demonstrate his or her knowledge and/or competence in a particular field. Examinations may be written, computer-based or face-to-face with a human examiner.

Exemplifying Qualification

A qualification that demonstrates the knowledge, understanding and skills to meet a given requirement. In the sense of the UK Cyber Security Council, an educational or vocational qualification that demonstrates the knowledge, understanding and skills to meet or partly meet the Council's requirements for registration in a particular category.

External Audit

See Audit.


An Internet site that's designed for partner or customer organisations to connect to your systems to access information and other materials.



Where you have systems configured in a High Availability setup, a Failover is where you switch from the active element to the standby element.

False Positive

An instance in which a security system gives an Alert that turns out to be spurious. False Positives are inevitable in many security systems that work on statistical probability when establishing whether a threat exists.

Fermat's Last Theorem

A mathematical conjecture, finally proven true over 350 years from its inception, which is core to the idea that Trap Door algorithms are effectively irreversible.


A device that filters traffic between two networks (commonly between a private LAN and the Internet) in order to ensure that only the desired connections can happen. Often old and obsolete and running an antique version of the firmware that's so long in the tooth as to make the device's existence largely pointless.


The low-level software in a computer or network device that drives the core operation. Upgrading the firmware generally means downtime, so it's the part of the system that seldom gets upgraded until something goes wrong because of a bug in it.


A problem with a computer or network system that was introduced by human error.

Forensic Copy

A copy of a computer disk that is used for forensic analysis, generally set to be read-only so that the content cannot be damaged by the investigation process.


The process of retrospectively analysing and investigating cyber attacks in a way that preserves evidence.

Formal Proof

A step-by-step sequence of mathematical operations that show unequivocally that a theorem is true.

Functional Testing

Testing a system, particularly its security, under real-world operational conditions.


Graduated Security

A system that has various levels of security based on the nature of the different data sets stored and processed.



Traditionally, someone who uses novel techniques to achieve something with a computer system. These days, someone who attempts to break into computer systems.


Taking a default installation of a computer system (particularly a server) and changing its configuration to make it more secure - by disabling system components that aren't used, for instance, or by enabling on-board security software.

Hash Function

A function that takes a Clear Text string and converts it into a cryptic, fixed-length string. The point of a Hash Function is that it's one-way; that is, it is effectively impossible to take the hashed version and transform it back into the Clear Text version.

High Availability

Implementation of a system using multiple devices so that if one fails, the others will automatically take over service.


A system (generally a Web site) that is set up to entice attackers, and which does not contain any of the organisation's sensitive data.

Host Intrusion Prevention System (HIPS)

A system that runs on computers (typically servers) to identify and block intrusion attempts that somehow got through the firewall. A component of Defence in Depth.

Hybrid Instructor-Led Training

Instructor-Led Training that is conducted with a mix of classroom-based sessions and Online Instructor-Led Training.




The negative effect that an attack will have on your systems and business.

Inadvertent Disclosure

Where someone unwittingly sends sensitive information outside the company systems.


The next step up from an Event; whereas an Event is the potential precursor to damage but this does not manifest, it transforms into an Incident if the outcome is some kind of unwanted or unplanned effect on the system(s) involved.

Incident Response Plan (IRP)

Largely synonymous with a Business Continuity Plan.


The practice within an organisation of providing equal access to opportunities and/or resources regardless of status and of characteristics such as race, age, ethnicity, religion, physical or mental ability, or membership of a minority.

Industrial Control System (ICS)

The control unit for a non-IT system, such as an air conditioning system or heavy machine plant. Industrial Control Systems are increasingly being provided with network interfaces to permit them to be managed remotely, which has made them a common target for cyber attack as they have a reputation for having poor security features. ICS is commonly used synonymously with Supervisory Control and Data Acquisition systems.

Information Owner

The individual who has Accountability for a given collection of data.

Information Security

The regime of keeping one's organisation's data safe and away from theft and prying eyes.

Information Security Architect

The person within the organisation who designs the systems and technology for implementing and maintaining Information Security.

Information Sharing

A regime in which systems and people share information as permitted by the configuration of access rights of the systems.

Inside Threat

The threat of a security attack that originates inside the organisation, such as a disgruntled employee.

Instructor-Led Training

Interactive training in which a qualified trainer teaches one or more students face-to-face in a classroom-like environment.


The correctness of data. If data is corrupted or altered it becomes useless, and so an attack on data integrity is often just as bad as an attack that steals data. The I in CIA.

Intellectual Property (IP)

Data, designs and other intangible concepts when expressed in the context of who owns it. Intellectual Property is generally about patents, trademarks, designs and copyright.

Internal Audit

See Audit.

Internal Network

The network connecting all of an organisation's internal systems together.

Internal Security Testing

Probing the Internal Network to see how susceptible it is to an attack from within (or by an intruder who has managed to gain access).


A global network connecting the vast majority of computer systems worldwide.

Internet Protocol (IP)

The mechanism used by devices on the Internet to communicate with each other.


A Web server that is entirely internal to your organisation and not available from the Internet.


A situation in which an unwanted individual is able to access one's systems.

Intrusion Detection System (IDS)

Software that watches for, and identifies, attempts to break into your systems.

Intrusion Prevention System (IPS)

Similar an Intrusion Detection System but has extra features that can take action to attempt to stop the attack (for example by automatically disabling a network connection).

IP Security (IPSec)

A security mechanism for [Internet Protocol] networks, most commonly used for Virtual Private Network connections.


A problem.

IT Security Policy

A set of rules that are applied to all members of an organisation regarding acceptable use of its IT systems in a security-specific sense.



The technique of rendering a WiFi network unusable by bombarding the air with garbage transmissions on the same frequency of the WiFi radio.



One of the more common authentication protocols. Implemented in a number of systems and applications, most notably Microsoft's Windows products.


A parameter used in a cryptographic algorithm: you apply the algorithm to the Plain Text and the key, and the result is the Cipher Text. If a different key is used for the same Plain Text, the result will be a different Cipher Text.

Key Escrow

Where one lodges a copy of a Key with a trusted third party, generally when there is a risk of one of the two parties involved in the data exchange going out of business.

Key Exchange

The process of exchanging a Public Key between the sender and receiver of a piece of data.

Key Logger

A rogue piece of software or hardware that monitors what a user types on a keyboard (which potentially includes usernames and passwords) and sends it to an attacker.


Least Privilege

The principle of assigning every user with only the privileges they actually need to do their job, and no more.

Licensed Body

A body to whom the process of assessing and, if the assessment proves satisfactory, admitting individuals or organisations to membership of the delegating body. In the sense of the UK Cyber Security Council, a member organisation that is permitted to nominate its members for inclusion on the Council's Register.


See Licensed Body.

Link Encryption

A situation in which the entire end-to-end connection between the sending endpoint and the receiving endpoint is encrypted in some way.

Local Area Network (LAN)

A collection of network-connected computers and other electronic systems that are all located within a specific location such as a home, office or other building, and are hence "local" to each other.

Logic Bomb

A piece of malicious code that's planted in a computer system and set to activate when certain conditions are met (for example a particular date and time being reached).


Macro Virus

A piece of Malware that exploits the macro languages in popular applications such as word processor and spreadsheet software.

Malicious Code

An item of software designed to so something nefarious that the user wasn't expecting and which they didn't ask for.


A piece of software that finds its way into a system and causes a security problem by (for example) sending confidential data out to the malware's source or impeding the performance of the system.

Man-in-the-middle (MitM) Attack

Where a piece of Malware, or even a hardware device, is inserted between the sender and receiver of a piece of data and is thus able to copy that data.

Manual Key Transport

The approach of providing a third party Key in person or by phone rather than letting systems exchange it automatically.


Physical storage devices such as tapes, disks or USB memory sticks.


In a general sense, an individual, group or organisation that is part of a group or organisation. In the sense of the UK Cyber Security Council, an organisation that is a member of the Council.

Membership Level

The level of seniority of membership within an organisation; higher levels convey higher degrees of rights and benefits, and generally demand a higher level of qualification and/or membership fees.

Message Digest

The output after applying a Hash Function to some Plain Text.

Message Digest 5 (MD5)

A well-known Hash Function which is considered insecure owing to its susceptibility to Collisions.


Quantitative data collected concerning performance, security attacks and the like.

Mission Critical

Denotes a system that is critical to the organisation's operation, and whose demise as a result of a security incident would cause major impact.

Multi Factor Authentication (MFA)

Generally used synonymously with Two Factor Authentication, though Multi Factor Authentication may use more than two different identification mechanisms.

Multilevel Security (MLS)

Providing different users with different levels of permissions to access systems - so different users have different levels of access.

Mutual Authentication

The act of two parties in a data exchange authenticating each other prior to transmission taking place.

Mutual Suspicion

An approach whereby neither party in a data exchange trusts the other, and hence each insists on the other authenticating itself.




Where users only have access to systems and data they need in order to do their job. Synonymous with Least Privilege.


A collection of IT systems that interact with each other via electronic connections.

Network Admission Control (NAC)

A mechanism whereby the network infrastructure forbids a device from communicating until it has proven its identify and that its operating software and Anti-Malware Software are up to date.

Network Resilience

See High Availability.

Network Sniffing

The act of putting a monitor on a network and capturing/examining the traffic as it flies past.


On-Demand Learning

Synonymous with [Self-Paced Learning].

One Time Pad (OTP)

A paper pad of encryption Keys on which each key is different from the next and where there is no discernible pattern to the various keys. The sender and receiver must have the same One-Time Pads in order that the receiver can decrypt the message. One of the most secure approaches to an Encryption Algorithm so long as nobody is able to duplicate the One Time Pad.

One-Way Hash Function

Synonymous with Hash Function. All Hash Functions are one-way by definition.

Online Instructor-Led Training

Instructor-Led Training which is conducted on-line via videoconferencing software rather than with the trainer and students in a physical classroom. Online Instructor-Led Training became particularly popular in 2020 as a result of the Coronavirus pandemic.

Operations Security (OpSec)

The concept of taking a systemic, proactive approach to the operation of the security function in your organisation.

Outside Threat

A threat posed by a system or individual outside your organisation's network and premises.

Over-The-Air (OTA)

An approach in which key exchange is carried out over the same path that the encrypted data is traversing.



Packet Filter

A mechanism, typically within a router or a firewall, that only allows specific types of traffic to and from specific addresses.

Packet Sniffer

The piece of software that does Network Sniffing.

Passive Attack

Synonymous with an Eavesdropping Attack, where one listens into a transmission without actually interrupting it.


A sequence of characters used by Users alongside their user IDs as part of the process of gaining access to a computer system.

Password Generator

An application that generates complex, hard-to-crack passwords for Users.

Password Protected

A situation in which a system demands a Password before it admits Users. Password protection is not considered sufficient for critical systems - [Two Factor Authentication] is a better option.


An update for an operating system or software application, to correct a functional problem or security vulnerability.

Patch Management

A regime of regularly downloading and applying the Patches required for your systems and monitoring Patch currency.

Peer Review

An evaluation of an individual's work by another individual with similar skills, qualifications and Competency.

Penetration Testing

Testing the security of a system - generally an internet-facing system - by using tools and manual effort to attempt to find vulnerabilities.


The point at which a private network meets the public Internet.

Personal Data

See Personally Identifiable Information.

Personal Firewall

Security software that resides on an individual PC or other computer.

Personal Identification Number (PIN)

A passcode comprising only numeric digits, commonly used as authentication for users of credit and debit cards, and which is known only to the individual to whom the entity being protected has been entrusted.

Personally Identifiable Information (PII)

Also called Personal Data: data that identifies individuals and which can be used by intruders for nefarious purposes such as identity theft.


Sending fake emails to people purporting to be someone they know or someone senior at their workplace, in the hope that the recipient will take the requested action believing that the sender is genuine.

Physically Isolated Network

A network that is deliberately and entirely isolated from all others, in order to eliminate entirely the risk of a network-based intrusion.

Plain Text

See Clear Text.

Port Scanning

A simple test where a piece of software computer attempts to make every possible type of connection from the machine on which it is running to one or more other (target) machines. Used by Hackers as the first step in identifying potential vulnerabilities in a system.

Portable Electronic Device (PED)

Any piece of computer kit that can easily be carried around - a laptop, mobile phone, tablet, etc.


A web site.


An individual who is has a high level of skills, training and/or education and is actively engaged in a given Profession.


Maintaining the confidentiality of systems and data such that they are readable, and read, only by those authorised to do so.

Private Key

One of the two Cryptographic Keys in a Public Key Cryptography setup.


The rights that someone is granted to a computer system to control the types and levels of access they are given.


An occupation for which one is remunerated, and particularly one that involves significant relevant training or education and formal qualifications.


A person who undertakes a Profession. As an adjective, describes an individual who demonstrates the qualities - skills and attributes - of their Profession while also demonstrating adherence to standards of behaviour which would typically be expected of members of that profession.

Professional Development

The act of enhancing one's capabilities within one's chosen Profession. Individuals with Chartered Status are often required to demonstrate their professional development in order to retain that status by showing that they have, for example, researched new concepts or attended relevant seminars or conferences. See also Continuous Professional Development.

Professional Registration

As a verb, the process of becoming registered with a professional body that maintains a register of Professionals in its industry. As a noun, the situation of being so registered. In the sense of the UK Cyber Security Council, the process by which an individual is admitted to the Council's Register.


The act of behaving in a Professional way, particularly by the demonstration of integrity and the placing of the long-term interests of the profession and its positive role in society ahead of one's own interests.


A measure of an individual's knowledge and/or capability in a given subject area, generally assessed via Examinations.

Promiscuous Mode

The network card in your PC will, in normal operation, filter traffic that arrives over the network and only accept traffic that is addressed to it. If switched it to "promiscuous mode" it will accept everything that arrives - which is useful for (say) analysing all the traffic on a network segment for diagnostic purposes.


In computer terms, a defined and agreed way of two systems interacting.


A system that makes requests to a server on behalf of the client - useful because there is no direct end-to-end connection between the client and the server, thus reducing the risk of something nefarious at one the server from directly infecting the other.

Pseudorandom Number Generator (PRNG)

An algorithm that generates numbers that are almost random, using sources of unpredictability within the host computer. Used because the generation of truly random numbers is complex and costly, and pseudorandom numbers are generally sufficient for most applications.


A means of Examination in which the student's psychological profile is examined rather than his or her knowledge in a particular subject area. Psychometric testing examines areas such as personality, attitude or beliefs.

Public Domain Software

Software whose source code is released to the public at no charge, and which can be reused by anyone under the terms of a liberal set of licensing rules.

Public Key

The other of the two Cryptographic Keys in a Public Key Cryptography setup, alongside the Private Key.

Public Key Cryptography

A mechanism whereby each party in a data interchange advertises a Public Key for the other to use for encryption, whilst using a Private Key to decrypt whatever arrives.


Qualifications Directory

A catalogue of qualifications provided, facilitated, recognised or endorsed by an organisation.

Qualifications Framework

A formalised structure defining one or more qualifications and their learning outcomes, which is used to structure the teaching and assessment of students studying to attain those qualifications.


A storage area to which Anti-Malware Software moves infected files for further inspection, removing them from their original locations in order that they cannot cause damage.


Radio Frequency Identification (RFID)

A mechanism assets are given passive electronic tags that respond with a unique identifier when irradiated with radio waves.

Random Number Generator (RNG)

A system that uses a source of genuinely random data in order to generate random numbers for consumption by computers. As sources of random data can be expensive to implement, Pseudorandom Number Generators are often used in their stead.

Read Access

Where a user who as access to data can only read it, not update or delete it.

Recognised Standard

A standard whose content and quality has been acknowledged by an organisation. In the case of the UK Cyber Security Council, a standard that a Member organisation deems as reflecting the characteristics of a given Specialism while also satisfying the general requirements.

Recovery Point Objective (RPO)

The point in time to which the data on a system must be recovered in the case of a data loss. For example, if the RPO is 24 hours, backups or snapshots must be taken at least daily.

Recovery Procedures

The sequence of actions taken to restore a failed system such that it is usable.

Recovery Time Objective (RTO)

The longest acceptable time between a system failing and it being returned to service such that it can be used, even if not optimally.

Red Team

A group of security specialists who analyse an organisation's systems by simulating cyber attacks on the system, in order to identify vulnerabilities that can then be mitigated. Often paired with a Blue Team in order to examine security from multiple angles.


The authoritative list of individuals or organisations who have been admitted to membership of a body. In the case of the UK Cyber Security Council, the register of individuals who have bene recognised as competent in the Profession by the Council.


An individual who is listed on the membership register of an organisation. In the case of the UK Cyber Security Council, an individual cyber security professional who has demonstrated the Council's required standard of competence and commitment and has been accepted onto the Council's register of professionals.


The process of assessing and admitting an individual or organisation to membership of an entity, or (in the case of the individual or organisation) the process of being registered as a member of that entity. in the context of the UK Cyber Security Council this may be the admission of an organisation as a Council member or admission of an individual to the Council's register of cyber security professionals.


A formal but non-statutory definition of mandatory behaviour in an activity which carries a risk of causing harm if it is not carried out correctly OR the exercise of oversight on an activity, a person or an organisation, or a group of any of these, to ensure that regulations are adhered to.


Corrective action undertaken to fix or mitigate a security vulnerability.

Remote Access

A mechanism for users to access your organisation's systems from outside the organisation's premises.

Remote Learning

Any type of education or learning in which the student is in a different location from the teacher or instructor. Online Instructor-Led Training is an example.

Remote Maintenance

Carrying out system maintenance using Remote Access mechanisms.

Removable Media

A storage device (such as a USB memory stick or a FireWire-connected hard drive) on which data can be stored for off-site transport.

Replay Attacks

An attack in which the attacker monitors and records traffic from your network then pushes the recording back into your system, perhaps with some subtle modifications, in order to break in or cause a problem.

Residual Risk

Any security risk that remains once the agreed actions have been taken to mitigate an identified risk.


Maximising system availability by designing in the ability for Failover and High Availability.


The act of renewing one's membership of an organisation, usually for a multiple of years (generally one or three). Whilst gaining initial membership may involve one-off challenges such as Examinations or interviews, revalidation generally involves demonstrating one's continued development in relevant fields of expertise and/or professional operation, usually by attaining Continuing Professional Development credits.


The level of impact on the organisation of a given adverse event happening. Cyber security is widely regarded as simply one instance of business risk.

Risk Assessment

The process of identifying and documenting risks that exist in an organisation.

Risk Mitigation

Reducing risk by making changes to systems, policies and/or processes.

Risk Tolerance

The level of risk an organisation is willing to accept, on the basis that risk is inevitable and can never be reduced to zero.

Rogue Device

An unauthorised system on a network that is neither known to nor supported by the official IT team.

Role-Based Access Control (RBAC)

A concept whereby access to systems and resources is based on the nature of the individual's role(s) rather than being attached to the individual him/herself.

Root Cause Analysis (RCA)

Establishing the underlying issue that was the cause of a security incident or system outage.


A set of covert tools installed by an attacker to compromise the security of a computer system, particularly one with a Unix-style system such as Linux.

Royal Charter

As defined by the Privy Council, "an instrument of incorporation, granted by The Queen, which confers independent legal personality on an organisation and defines its objectives, constitution and powers to govern its own affairs." Incorporation by Charter is widely recognised as a prestigious way of acquiring legal personality and reflects the high status of that body.



Also a variable passed into a cryptographic algorithm or Pseudorandom Number Generator to improve randomness/strength.


Setting aside an area of a computer as a "safe" place in which software can be run without risk of it infecting production systems. Often a system that has no network connectivity to any other systems in the organisation.


Removing labels and other identifying marks from a system. Also the process of taking real data and changing it to render it unrecognisable as real data (a common technique for rendering Personally Identifiable Information anonymous for use in development and test purposes.

Secure Hash Algorithm (SHA)

The most commonly used family of Hash Functions; unlike Message Digest 5 there are no known vulnerabilities in the more recently devised SHA algorithms.

Secure Socket Layer (SSL)

An encrypted method of communication between two endpoints, particularly Web sites. All versions of SSL are now considered insecure, and best practice is to use Transport Layer Security instead.

Secure Software Development Life Cycle (S-SDLC)

The result of adding a security focus to the Software Development Life Cycle.


The assessment and mitigation of the organisation's risks with regard to CIA.

Security Assertion Markup Language (SAML)

A standard protocol for authenticating user logins against computer systems.

Security Incident

An Incident whose primary impact relates to security.

Security Information and Event Management (SIEM)

A system that collates log and event data that it receives from a wide variety of systems and then reports perceived issues to the security operations team.

Security Policy

A statement detailing how the organisation wishes its staff to behave and its systems to operate in order to attain and preserve its desired level of security.

Security Posture

The state of an organisation's systems with regard to security, and the organisation's preparedness for response to a security incident.

Self-Paced Learning

Training or education in which the student dictates the schedule and pace of the material. This is commonly achieved where the learning materials are paper- or computer-based, with the student free to undertake each element when he or she wishes.

Self-Regulatory Body

A model of regulation in which an organisation conducts an internal regime of assessment to confirm that its operation is aligned with a documented or agreed Standard.

Semi-Quantitative Assessment

An evaluation of the organisation's security vulnerability which involves quantifying the level of risk faced by the organisation using data sources that are partially quantitative but partially qualitative.

Sensitive Information

Information that the organisation wishes to keep confidential from outside parties.

Service Level Agreement (SLA)

An agreement between a supplier and a customer that forms a framework for the provision of the services, often including security-specific requirements.

Short Message Service (SMS)

A basic text messaging system used by mobile telephones. SMS is a common mechanism used to alert IT and cyber security staff to potential issues that have been detected by a system.


Expertise in one or more activities - the ability to do those things well. Skills can be termed "hard", which generally relate to specific technical areas, or "soft", which relate to personal attributes such as empathy, leadership and the ability to communicate.

Skills Gap

A situation in which there are too few people with appropriate skills to fill all jobs - that is, there is a mismatch between the skills that employers rely upon in their employees, and the skills that job seekers possess.


Similar to Phishing but using SMS text messages instead of email.


A piece of software for Network Sniffing.

Social Engineering

Tricking people into giving up sensitive information by pretending to be someone authoritative - the company's Service Desk, the CEO of the company, and so on.

Software Development Life Cycle (SDLC)

Synonymous with System Development Life Cycle, albeit considered in the specific area of software development.


Unsolicited bulk messages, generally sent by email. Spam is a popular way to target people because although only a fraction of the messages penetrate the organisation's defence, the sheer quantity of messages makes this fraction numerically significant.


The field of professional activity, responsibility or practice in which an individual or group is most expert relative to his/her/its other capabilities.


The requirements definition for a new architecture, application or system.

Split Brain

In a resilient implementation where primary and secondary systems enter a state where the secondary mistakenly acts as if it were the primary, causing network disruption due to traffic routing inconsistently and switching between the two devices.

Split Tunnelling

When a computer is connected to two networks at once, for example, to the Internet and also via a VPN to a company network. This has a security risk as there is the potential for illicit traffic ingress from the Internet to use the computer as a route to the company network.


Faking the source address of a communication in order to masquerade as a different individual or system.


A defined level of quality or attainment used as a reference against which achievements or levels of compliance can be measured. Alternatively, the minimum level of performance an individual must achieve when carrying out functions in the workplace.

Static Key

A Key that changes infrequently, if at all.


The science of communicating in such a way that hides the communication - for instance by concealing sensitive data within an innocuous-looking document such as a photograph.

Supervisory Control and Data Acquisition (SCADA)

A controller module for a piece of equipment that would not usually be connected to the network (a generator, for instance or some other piece of plant machinery) so it can be monitored and/or controlled from a PC. SCADA interfaces have a reputation for having a disproportionate level of security vulnerabilities. Commonly used synonymously with Industrial Control Systems.

System Administrator

The technical specialist who manages a computer system, and whose credentials are usually highly privileged and hence sought after by Hackers.

System Development Life Cycle (SDLC)

An organised framework for designing, implementing, testing, deploying, maintaining, operating, improving and eventually decommissioning new computer systems.


Tabletop Exercise

The act of testing one's [Incident Response Plan] by going through a simulated Incident rather than by actually taking any real systems out of action.


Traditionally, the use of a telephone network for voice and data communication. Today, the transport of data (particularly voice and video) via electronic means of any sort.


A situation or event that could possibly have an adverse effect on a computer system, but which has yet to occur.

Threat Analysis

A detailed, rigorous analysis of the threats faced by an organisation.

Time Bomb

Rather like a Logic Bomb - a piece of nefarious software that lies dormant until the date and time at which it has been programmed to become active.

Transport Layer Security (TLS)

The successor of Secure Socket Layer; unlike SSL, there are as yet no known breaches of the more recent versions of TLS.

Trap Door

In the context of an encryption algorithm, an algorithm that is very simply and quick to execute in one direction, and intractably hard and slow to execute in the other direction.

Triple DES (3DES)

A development of the Data Encryption Standard which is considerably more secure.

Trojan Horse

A malicious program hidden inside an ostensibly innocuous one.

Trusted Certificate

A digital certificate that is trusted by the machine that is using it for identification; certificates are deemed "trusted" when they have been issued by a reputable issuing organisation.


Sending data using one protocol through a connection established using another. Virtual Private Networks are a good example of tunnels.

Two Factor Authentication (2FA)

A mechanism for improving security by making users identify themselves by two means rather than one (the latter generally being a password) - typically using a one-time code generated by an electronic token or smartphone program or by entering a code that is sent by the target system to the user's phone by SMS.



A user is a person who utilises a computer or network service.



Code that verifies the nature of the data being entered by users prior to using it in a program. Validation of user input is essential for preventing intrusions such as SQL Injection attacks.

Virtual Machine (VM)

A software-based computer that runs on another computer.

Virtual Private Network (VPN)

A point-to-point connection between two computers or networks which uses a potentially insecure network (usually the Internet) to transport data securely by using strong Authentication and Encryption Algorithms.


A common alternative term for Malware.


An aspect of a computer system or network that is susceptible to intrusion due to a flaw in design or programming.


Warm Site

A premises that is not a fully live backup to one's primary site, but which is equipped such that it can be brought into operation within a reasonable time following an incident (such as a fire or a flood) that has rendered all or part of the primary site inoperative.

Web Application Firewall (WAF)

A system that examines inbound connections to an internet-connected system (generally a web server) with the intention of blocking illicit requests (particularly, but not limited to Distributed Denial of Service attacks) so that such attacks do not reach the target system.

Web Filtering Software

Software that is put at the edge of your network to prevent users from accessing material on the Internet that is classed as threatening or otherwise unwanted.

White Box Testing

A security test in which the testing team are given detailed information regarding the design and implementation of the system. See also Black Box Testing.


Synonymous with [Allow List], the term "Whitelist" is widely falling into disuse following the growth of the Black Lives Matter movement.

Wi-Fi Protected Access (WPA)

More commonly known by the abbreviation WPA, a mechanism for [Wireless Local Area Network] access which is (particularly in the case of WPA2) considerably more secure than it predecessor [Wired Equivalent Privacy]. WPA2 is not yet known to have been successfully cracked.

Wired Equivalent Privacy (WEP)

A wireless encryption standard that, although the name may suggests otherwise, is very insecure. WEP was an early wireless encryption standard that is no longer considered usable.

Wireless Access Point

See Access Point.

Wireless Application Protocol (WAP)

An early form of mobile phone based data access, introduced in 1999 but obsolete today.

Wireless Local Area Network (WLAN)

A LAN that uses radio transmission in place of copper or fibre cables. Wireless LANs provide versatility and are simpler and less expensive to set up than cabled networks, but are slower and more susceptible to security attacks, particularly Eavesdropping Attacks.


A Malware computer program that spreads to other machines by replicating itself and sending copies of itself using vulnerabilities in those other machines. The most famous worm was created in 1988 by Robert Tappan Morris.



The ISO/ITU-T standard for public key certificates.



Zero Day Attack

An attack on a computer system which exploits a vulnerability of which the software or anti-malware vendor is not aware.


Overwriting data on disk or tape multiple times in order to render it unreadable, on the premise that deleting a file in most operating systems usually just removes the directly entry but leaves the file content on the disk. On magnetic disks the accuracy tolerance of the read/write head on the disk is such that an attempt to overwrite an item once may be slightly askew of the precise point at which the data is located, and so Zeroisation of magnetic disks involves writing each element several times to achieve a high probability of overwiting the exact location.