Get Quote

Glossary

A. Foundational Security Concepts

(How security works at its core)

  1. Authentication
    Authentication is the process of confirming that someone is who they claim to be before allowing access to a system.
    This can include passwords, fingerprints, face recognition, or one‑time codes sent to your phone.
    Example: Logging into your email using a password is authentication.
  2. Authorization
    Authorization determines what an authenticated user is allowed to access or do once they’re inside a system.
    Even if two users log in successfully, they may have very different permissions.
    Example: An employee can view files, but only a manager can delete them.
  3. Access Control
    Access control is the broader system of rules that combine authentication and authorization.
    It ensures people only access the data and systems appropriate to their role.
    Example: HR files are restricted to HR staff, not the entire company.
  4. Encryption / Data Encryption
    Encryption converts readable data into unreadable code so it can’t be understood by unauthorized parties.
    Even if data is stolen, encryption prevents it from being misused.
    Example: Encrypted laptops protect data if a device is lost or stolen.
  5. Least Privilege
    The principle of least privilege means users get only the access they need — nothing extra.
    This reduces damage if an account is compromised.
    Example: A contractor can upload files but cannot access financial systems.
  6. Trust Boundary
    A trust boundary is where data crosses from one system or user to another and must be verified.
    These points require extra security controls.
    Example: When employees access company data from home networks.
  7. Cyber Hygiene
    Cyber hygiene refers to everyday practices that reduce risk.
    Good hygiene dramatically lowers the chance of successful attacks.
    Example: Updating software, using strong passwords, and backing up data.
  1. Multi‑Factor Authentication (MFA)
    MFA requires more than one way to verify identity — something you know, have, or are.
    It significantly reduces account takeovers even if passwords are stolen.
    Example: Password + phone code when logging in.
  2. Two‑Factor Authentication (2FA)
    2FA is a specific form of MFA using exactly two factors.
    It’s widely adopted and easy to implement for SMBs.
    Example: Password + authentication app.
  3. Identity & Access Management (IAM)
    IAM systems manage user accounts and access across applications.
    They ensure users are granted — and removed — access properly.
    Example: Disabling employee accounts when someone leaves a company.
  4. Privileged Access Management (PAM)
    PAM protects high‑risk accounts with elevated permissions.
    These accounts are prime targets for attackers.
    Example: Admin rights on a server or accounting system.
  5. Single Sign‑On (SSO)
    SSO lets users log in once to access multiple systems.
    It improves usability but requires strong security controls.
    Example: One login for email, CRM, and internal tools.
  6. Zero Trust
    Zero Trust assumes no user or device is trusted automatically — even inside the network.
    Every request must be verified continuously.
    Example: Employees must re‑verify identity to access sensitive apps.
  7. Zero Trust Architecture
    This applies Zero Trust principles across systems, networks, and devices.
    Security is layered and dynamic rather than perimeter‑based.
    Example: Continuous identity checks across cloud and office systems.
  1. Phishing
    Phishing uses fake emails or messages to trick users into revealing information. It remains the most common entry point for attacks.
    Example: An email pretending to be Microsoft asking for a password.
  2. Spear Phishing
    Spear phishing targets specific individuals using personalized information. These attacks are harder to detect.
    Example: An email impersonating your CEO requesting payment.
  3. Business Email Compromise (BEC)
    BEC attacks manipulate financial or operational transactions. They often don’t involve malware at all.
    Example: Fake invoice payment request.
  4. Man‑in‑the‑Middle (MITM) Attack
    MITM attacks intercept communications between two parties. Attackers can steal or alter data silently.
    Example: Using unsecured public Wi‑Fi without a VPN.
  5. Brute Force Attack
    Attackers repeatedly try passwords until one works. Weak passwords are especially vulnerable.
    Example: Automated login attempts on email accounts.
  6. Credential Stuffing
    Stolen passwords are reused across many websites. This exploits password reuse habits.
    Example: A breach at one site leads to access elsewhere.
  7. Ransomware
    Ransomware locks data and demands payment for release. It can shut down an organization entirely.
    Example: Encrypted servers halting operations.
  8. Spyware
    Spyware silently monitors user activity. It often steals credentials or sensitive data.
    Example: Tracking keystrokes or browsing behavior.
  9. Keylogger
    Keyloggers record everything typed on a keyboard. They’re used to steal passwords and data.
    Example: Capturing login credentials invisibly.
  10. Trojan Horse
    Trojan malware disguises itself as legitimate software. Users unknowingly install it themselves.
    Example: Fake invoice PDF carrying malware.
  11. Botnet
    A botnet is a network of compromised machines. These devices are used to launch attacks.
    Example: Devices used in DDoS attacks.
  12. DDoS Attack
    DDoS floods systems with traffic to cause outages. It disrupts access rather than stealing data.
    Example: Websites going offline during attacks.
  13. Zero‑Day Attack
    Exploits unknown vulnerabilities before patches exist. They are especially dangerous.
    Example: Newly discovered flaw attacked immediately.
  1. Malware
    Malware is any malicious software.
    It includes viruses, ransomware, spyware, and more.
    Example: Infected email attachment.
  2. Worm
    Worms spread automatically without user action.
    They can move rapidly across networks.
    Example: Malware spreading inside an office network.
  3. Rootkit
    Rootkits hide attacker presence.
    They make detection extremely difficult.
    Example: Attackers remaining undetected for months.
  4. Backdoor
    Backdoors provide hidden access to systems.
    Attackers use them for persistent control.
    Example: Hidden admin access left after compromise.

Got it. Thank you for sticking with this — you were absolutely right to push for completeness and depth.

Below is the continuation and completion of the glossary, covering Sections E through J, fully expanded with 2–4 clear lines per term plus SMB‑relevant examples, and numbering continued exactly from where we left off.

This completes the entire cybersecurity learning glossary, end‑to‑end, in a way that is approachable, practical, and aligned with PULP Cyber’s Accessible · Affordable · Accountable philosophy.

(How threats are identified and handled)

  1. Logging & Monitoring
    Logging records system activity, while monitoring reviews those records to spot unusual behavior.
    Together, they create visibility into what’s happening across systems.
    Example: Tracking failed login attempts to detect a possible attack.
  2. Intrusion Detection System (IDS)
    An IDS monitors systems and alerts when suspicious activity is detected.
    It does not stop attacks but provides early warning.
    Example: Alerting IT when unusual network traffic appears.
  3. Endpoint Detection & Response (EDR)
    EDR continuously monitors computers and devices for threats and responds automatically.
    It goes beyond antivirus by watching behavior, not just files.
    Example: Stopping ransomware on a laptop before it spreads.
  4. Extended Detection & Response (XDR)
    XDR unifies detection across endpoints, networks, email, and cloud systems.
    It provides a broader picture of attacks spanning multiple systems.
    Example: Correlating phishing email activity with device behavior.
  5. SIEM (Security Information & Event Management)
    SIEM systems collect logs from many sources and analyze them centrally.
    They help identify patterns that individual systems may miss.
    Example: Detecting coordinated login failures across departments.
  6. SOAR (Security Orchestration, Automation & Response)
    SOAR automates security responses to detected threats.
    This reduces reaction time and human error.
    Example: Automatically isolating a compromised account.
  7. Incident Response Plan (IRP)
    An IRP defines how an organization responds when a security incident occurs.
    It reduces chaos and speeds recovery.
    Example: Steps to follow after a ransomware detection.

(Limiting damage and restoring operations)

  1. Firewall: A firewall filters network traffic based on rules. It blocks unauthorized access while allowing legitimate activity.
    Example: Preventing external access to internal systems.
  2. Network Segmentation: Splitting networks into separate zones limits how far attackers can move. Even if one area is breached, others remain protected.
    Example: Separating guest Wi‑Fi from internal systems.
  3. Sandboxing: Sandboxing runs suspicious programs in isolation. It prevents malware from affecting real systems.
    Example: Opening email attachments safely.
  4. Patch: A patch fixes known vulnerabilities or bugs in software. Unpatched systems are prime attack targets.
    Example: Updating operating systems monthly.
  5. Patch Management: The process of identifying, testing, and applying patches regularly. Poor patching is a leading cause of breaches.
    Example: Ensuring all company devices run updated software.
  6. Backup & Recovery: Backups create copies of data so it can be restored after loss. They are critical protection against ransomware.
    Example: Restoring files after an encryption attack.
  7. Data Loss Prevention (DLP): DLP prevents sensitive data from leaving systems improperly. It protects against both mistakes and malicious actions.
    Example: Blocking credit card numbers from being emailed.
  8. Disaster Recovery Plan (DRP): A DRP explains how to restore IT systems after major incidents. It focuses on technical recovery.
    Example: Rebuilding servers after a cyberattack.
  9. Business Continuity Plan (BCP): BCP ensures business operations continue during disruptions. It goes beyond IT and includes people and processes.
    Example: Keeping payroll running during outages.

(Where weaknesses exist)

  1. Vulnerability: A vulnerability is a weakness attackers can exploit. Not all vulnerabilities are bugs — some are process gaps.
    Example: Weak passwords or outdated software.
  2. Attack Surface: The attack surface includes all possible entry points attackers could target. Reducing it lowers risk.
    Example: Unused applications exposed to the internet.
  3. Risk Assessment: Risk assessments identify threats, vulnerabilities, and potential impact. They help prioritize what to protect first.
    Example: Assessing ransomware risk to financial systems.
  4. Threat Landscape: The threat landscape describes current and emerging cyber threats. It changes constantly.
    Example: Increased phishing during tax season.
  5. Supply Chain Risk: Risk introduced through vendors, contractors, or partners. Third‑party breaches often spread inward.
    Example: Vendor access exposing your systems.
  6. Shadow IT: Shadow IT refers to unauthorized tools used without approval. It creates blind spots and security gaps.
    Example: Employees using personal file‑sharing services.

(Who does what — and why intent matters)

  1. White Hat: Ethical professionals who test and defend systems. They work to improve security.
    Example: Consultants performing security audits.
  2. Black Hat: Malicious attackers seeking harm or profit. They exploit vulnerabilities intentionally.
    Example: Criminal ransomware groups.
  3. Gray Hat: Operate between ethical and unethical boundaries. They may break rules without malicious intent.
    Example: Reporting flaws without permission.
  4. Red Team: Red teams simulate real‑world attacks. They test defenses realistically.
    Example: Ethical hackers attempting breach simulations.
  5. Blue Team: Blue teams defend systems and respond to incidents. They monitor alerts and protect assets.
    Example: Security analysts reviewing logs.
  6. Purple Team: Purple teams combine Red and Blue team insights. They improve detection and response collaboratively.
    Example: Attack simulations followed by defense improvements.
  7. Threat Actor: Any person or group executing cyberattacks. Includes criminals, insiders, or nation‑states.
    Example: Hackers targeting small businesses.

(Structure, governance, and compliance)

  1. NIST: A U.S. institution publishing cybersecurity standards. Widely adopted globally.
    Example: Used for policy development.
  2. NIST Cybersecurity Framework (CSF): Guidance for managing cyber risk across five functions. Designed for organizations of all sizes.
    Example: Structuring security programs.
  3. NIST SP 800‑53: A detailed catalog of security controls. Used heavily in government contexts.
    Example: Protecting federal systems.
  4. NIST SP 800‑171: Controls for protecting sensitive government data in private systems. Required for many government contractors.
    Example: Handling regulated information.
  5. ISO/IEC 27001: International information security management standard. Focuses on processes and continual improvement.
    Example: Certifying security programs.
  6. CIS (Center for Internet Security): Provides practical cybersecurity guidance. Focused on real‑world effectiveness.
    Example: SMB security baselines.
  7. CIS Critical Security Controls: A prioritized cybersecurity action list. Designed for fast risk reduction.
    Example: Implementing top 18 controls.
  8. MITRE ATT&CK Framework: Describes known attacker techniques. Helps defenders anticipate behavior.
    Example: Mapping ransomware activity.
  9. SOC / SOC 2: Standards assessing security controls and trustworthiness. Often required by customers and partners.
    Example: Vendor due diligence.
  10. GRC (Governance, Risk & Compliance): Managing security, compliance, and risk together. Aligns business and security objectives.
    Example: Coordinating audits and policies.
  11. PIPEDA: Canada’s federal data protection law. Governs how personal data is handled.
    Example: Compliance for Canadian businesses.
  12. GDPR: European data protection regulation. Applies globally if EU data is processed.
    Example: Customer data protections.
  13. HIPAA: U.S. healthcare data protection law. Protects patient health information.
    Example: Securing medical records.

(How security should feel and function)

  1. Accessibility : Security that people can understand and use. Avoids jargon and fear.
    Example: Clear guidance instead of technical manuals.
  2. Affordability: Security aligned with real budgets. Avoids enterprise‑only pricing.
    Example: Flexible subscription models.
  3. Accountability: Clear ownership of security outcomes. No “set it and forget it” solutions.
    Example: Ongoing monitoring responsibility.
  4. Achievability: Security that delivers measurable results. Focused on outcomes, not promises.
    Example: Reduced phishing incidents.
  5. Security Posture: An organization’s overall readiness to resist threats. Reflects culture, tools, and processes.
    Example: Strong defenses plus trained staff.
GET STARTED
Ready to Simplify Security & Sustainability?

Partner with PULP to protect information, support sustainability, and strengthen community impact.

Speak With Our Team
Get Quote
Explore Solutions