Introduction to Cybersecurity Sales
Expert-defined terms from the Professional Certificate in Cybersecurity Sales Enablement course at London School of Business and Administration. Free to read, free to share, paired with a globally recognised certification pathway.
Introduction to Cybersecurity Sales Glossary #
Introduction to Cybersecurity Sales Glossary
A #
A
1. Authentication #
The process of verifying the identity of a user or device attempting to access a system or network. This can involve using passwords, biometric data, security tokens, or other methods to confirm identity.
2. Attack Vector #
A path or means by which an attacker can gain unauthorized access to a system or network. Attack vectors can include phishing emails, malware, insecure web applications, and more.
3. Antivirus Software #
A type of cybersecurity tool designed to detect, prevent, and remove malicious software such as viruses, worms, and Trojans from a computer or network.
B #
B
4. Botnet #
A network of compromised computers or devices controlled by a single entity for malicious purposes such as launching DDoS attacks, sending spam, or stealing data.
5. Business Email Compromise (BEC) #
A type of cyberattack where an attacker impersonates a high-level executive or employee within an organization to trick employees into transferring money or sensitive information.
6. BYOD (Bring Your Own Device) #
A policy that allows employees to use their personal devices such as smartphones, laptops, and tablets for work purposes. BYOD can pose security risks if not properly managed.
C #
C
7. Cloud Security #
The set of policies, technologies, and controls designed to protect data, applications, and infrastructure in cloud environments. Cloud security aims to ensure confidentiality, integrity, and availability of cloud resources.
8. Cybersecurity #
The practice of protecting systems, networks, and data from cyber threats such as hackers, malware, ransomware, and phishing attacks. Cybersecurity aims to prevent unauthorized access, data breaches, and other cyber incidents.
9. Compliance #
Refers to adhering to laws, regulations, and industry standards related to data security and privacy. Compliance requirements vary by industry and may include GDPR, HIPAA, PCI DSS, and more.
D #
D
10. Data Breach #
An incident where sensitive or confidential data is accessed, stolen, or exposed without authorization. Data breaches can result in financial loss, reputational damage, and legal consequences for organizations.
11. Defense in Depth #
A cybersecurity strategy that involves deploying multiple layers of security controls to protect systems and networks. Defense in depth aims to mitigate the impact of a security breach by creating redundant security measures.
12. Denial of Service (DoS) #
A type of cyberattack that aims to make a website, server, or network resource unavailable to legitimate users by overwhelming it with traffic or requests.
E #
E
13. Encryption #
The process of converting data into a secure format that can only be read by authorized users with the decryption key. Encryption helps protect data confidentiality and integrity during transmission and storage.
14. Endpoint Security #
The practice of securing individual devices such as laptops, smartphones, and IoT devices from cyber threats. Endpoint security solutions include antivirus software, firewalls, and intrusion detection systems.
15. Exploit #
A piece of software or code that takes advantage of a vulnerability in a system or application to compromise security. Exploits can be used by attackers to gain unauthorized access or execute malicious commands.
F #
F
16. Firewall #
A network security device that monitors incoming and outgoing network traffic based on predetermined security rules. Firewalls help prevent unauthorized access and protect against malware and other cyber threats.
17. Phishing #
A type of cyberattack where an attacker impersonates a legitimate entity to trick individuals into revealing sensitive information such as passwords, credit card numbers, or personal data.
18. Ransomware #
A type of malware that encrypts data on a victim's computer or network, demanding payment (ransom) for decryption. Ransomware attacks can cause data loss, financial damage, and operational disruption.
G #
G
19. GDPR (General Data Protection Regulation) #
A privacy law that regulates how organizations collect, process, and store personal data of EU citizens. GDPR aims to protect individual privacy rights and impose strict data protection requirements on businesses.
20. Hacker #
A person who uses technical skills to gain unauthorized access to computer systems, networks, or data. Hackers can be motivated by financial gain, political reasons, or personal challenge.
21. Incident Response #
The process of detecting, analyzing, and responding to cybersecurity incidents such as data breaches, malware infections, and unauthorized access attempts. Incident response aims to minimize the impact of security breaches and restore normal operations.
I #
I
22. IoT (Internet of Things) #
Refers to interconnected devices and objects that can collect, transmit, and exchange data over the internet. IoT devices include smart home appliances, wearables, industrial sensors, and more.
23. IT Security #
The practice of protecting information technology systems, networks, and data from unauthorized access, data breaches, and cyber threats. IT security encompasses a range of technologies, processes, and policies to ensure data confidentiality, integrity, and availability.
24. Insider Threat #
A security risk posed by individuals within an organization who misuse their access privileges to steal data, sabotage systems, or compromise security. Insider threats can be accidental or intentional and require monitoring and mitigation strategies.
J #
J
25. Keylogger #
A type of malware that records keystrokes on a computer or device, capturing sensitive information such as passwords, credit card numbers, and login credentials. Keyloggers are often used by attackers to steal personal data.
26. Zero #
Day Exploit: An exploit that targets a previously unknown vulnerability in software or hardware, giving attackers the advantage of launching attacks before a patch or fix is available. Zero-day exploits pose a significant threat to organizations and require rapid response to mitigate risks.
27. Multi #
Factor Authentication (MFA): A security mechanism that requires users to provide two or more forms of authentication to verify their identity before accessing a system or application. MFA enhances security by adding an extra layer of protection against unauthorized access.
K #
K
28. Keystroke Dynamics #
A biometric authentication method that analyzes typing patterns and rhythms to verify a user's identity. Keystroke dynamics can be used as a behavioral biometric to enhance authentication security and detect imposters.
29. Knowledge #
Based Authentication (KBA): A security method that verifies a user's identity by asking them to answer personal questions or provide specific information only known to them. KBA is commonly used for password recovery and account verification processes.
30. Kerberos #
A network authentication protocol that provides secure authentication for users and services in a network environment. Kerberos uses tickets and encryption to verify identities and establish trusted connections between entities.
L #
L
31. Log Management #
The process of collecting, storing, and analyzing logs generated by systems, applications, and devices to monitor security events, detect anomalies, and investigate incidents. Log management helps organizations maintain visibility into their IT environment and improve security posture.
32. Least Privilege #
A security principle that restricts users' access rights to the minimum level necessary to perform their job functions. Least privilege helps reduce the risk of insider threats, data breaches, and unauthorized access by limiting user permissions.
33. LAN (Local Area Network) #
A network that connects computers, devices, and resources within a limited geographic area such as a home, office, or campus. LANs enable sharing of files, printers, and internet access among connected devices.
M #
M
34. Malware #
Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems, networks, or data. Types of malware include viruses, worms, Trojans, ransomware, spyware, and adware.
35. Man #
in-the-Middle (MitM) Attack: A type of cyberattack where an attacker intercepts and alters communication between two parties without their knowledge. MitM attacks can result in data theft, eavesdropping, and unauthorized access to sensitive information.
36. Mobile Device Management (MDM) #
A security solution that enables organizations to manage and secure mobile devices such as smartphones and tablets used by employees. MDM software provides features like remote data wipe, device encryption, and application control to protect corporate data.
N #
N
37. Network Security #
The practice of protecting networks from unauthorized access, data breaches, and cyber threats. Network security includes technologies such as firewalls, intrusion detection systems, VPNs, and access control mechanisms to safeguard network traffic and data.
38. Next #
Generation Firewall (NGFW): A type of firewall that combines traditional firewall capabilities with advanced security features such as intrusion prevention, application awareness, and sandboxing. NGFWs provide enhanced protection against modern cyber threats and help organizations improve security posture.
39. Non #
Repudiation: A security principle that ensures that the originator of a message or transaction cannot deny their involvement or intent. Non-repudiation mechanisms like digital signatures and audit trails provide evidence of communication and actions to prevent disputes.
O #
O
40. Open Source Software #
Software whose source code is freely available for users to view, modify, and distribute. Open source software fosters collaboration, innovation, and transparency but can pose security risks if not properly maintained or updated.
41. Out #
of-Band Authentication: A security method that verifies a user's identity using a separate communication channel or device than the one being accessed. Out-of-band authentication enhances security by reducing the risk of man-in-the-middle attacks and unauthorized access.
42. OSINT (Open Source Intelligence) #
Refers to publicly available information collected from open sources such as websites, social media, and online databases. OSINT is used for threat intelligence, investigations, and cybersecurity research to gather insights and identify potential risks.
P #
P
43. Penetration Testing #
A security assessment technique that simulates real-world cyberattacks to identify vulnerabilities in systems, networks, and applications. Penetration testing helps organizations assess their security posture, validate controls, and prioritize remediation efforts.
44. Patch Management #
The process of identifying, deploying, and testing software updates (patches) to fix security vulnerabilities and improve system performance. Patch management helps organizations reduce the risk of cyberattacks and ensure software security.
45. Phishing #
A type of cyberattack where an attacker impersonates a legitimate entity to trick individuals into revealing sensitive information such as passwords, credit card numbers, or personal data.
Q #
Q
46. Quantum Computing #
A technology that uses quantum mechanics principles to perform calculations at speeds significantly faster than traditional computers. Quantum computing has the potential to break current encryption algorithms and impact cybersecurity practices.
47. Quarantine #
A security measure that isolates potentially compromised devices, files, or networks to prevent the spread of malware or other threats. Quarantine allows organizations to contain and investigate security incidents without impacting the rest of the network.
48. Query #
A request for information or data from a database, search engine, or application. Queries are used to retrieve specific records, perform searches, and analyze data to support business operations, decision-making, and cybersecurity investigations.
R #
R
49. Risk Assessment #
The process of identifying, evaluating, and prioritizing potential risks and threats to an organization's assets, operations, and reputation. Risk assessments help organizations understand their risk exposure, implement controls, and make informed decisions to mitigate risks.
50. Ransomware #
A type of malware that encrypts data on a victim's computer or network, demanding payment (ransom) for decryption. Ransomware attacks can cause data loss, financial damage, and operational disruption.
51. Rootkit #
A type of malicious software that enables attackers to gain unauthorized access to a computer or network while hiding their presence. Rootkits can be difficult to detect and remove, allowing attackers to maintain long-term control over compromised systems.
S #
S
52. Sandboxing #
A security technique that isolates and executes untrusted or potentially malicious software in a restricted environment to prevent damage to the host system. Sandboxing helps analyze and contain threats without compromising the integrity of the network.
53. Security Incident #
An event that compromises the confidentiality, integrity, or availability of an organization's data, systems, or networks. Security incidents include data breaches, malware infections, unauthorized access, and other cybersecurity threats that require investigation and response.
54. Security Policy #
A set of rules, guidelines, and procedures that define how an organization protects its information assets, enforces security controls, and manages security risks. Security policies help establish a security framework, ensure compliance, and promote a security-aware culture.
T #
T
55. Two #
Factor Authentication (2FA): A security mechanism that requires users to provide two forms of authentication to verify their identity before accessing a system or application. 2FA typically combines something the user knows (password) with something they have (security token, smartphone) to enhance security.
56. Trojan Horse #
A type of malware disguised as legitimate software to trick users into downloading and executing it. Trojans can steal sensitive information, create backdoors, or damage systems without the user's knowledge.
57. Threat Intelligence #
Information about potential cybersecurity threats, vulnerabilities, and indicators of compromise gathered from various sources. Threat intelligence helps organizations identify and prioritize security risks, detect threats early, and improve incident response capabilities.
U #
U
58. Unified Threat Management (UTM) #
A security solution that combines multiple security features such as firewall, intrusion detection, antivirus, and VPN into a single integrated platform. UTM helps organizations simplify security management, reduce costs, and improve protection against cyber threats.
59. URL Filtering #
The process of blocking or allowing access to specific websites based on predefined security policies. URL filtering helps organizations control web browsing activities, prevent access to malicious sites, and enforce acceptable use policies.
60. User Awareness Training #
Education programs that teach employees about cybersecurity best practices, threats, and social engineering techniques to reduce the risk of human errors, data breaches, and insider threats. User awareness training aims to create a security-conscious culture within organizations.
V #
V
61. Vulnerability #
A weakness or flaw in a system, application, or network that can be exploited by attackers to compromise security, steal data, or disrupt operations. Vulnerabilities can be caused by software bugs, misconfigurations, or human errors and require timely patching or mitigation.
62. Virtual Private Network (VPN) #
A secure communication tunnel that encrypts data transmitted between a user's device and a remote network. VPNs help protect privacy, secure internet connections, and enable users to access resources securely over public networks.
63. Vendor Risk Management #
The process of assessing, monitoring, and mitigating risks posed by third-party vendors and suppliers who have access to an organization's data, systems, or networks. Vendor risk management helps organizations ensure the security of their supply chain and third-party relationships.
W #
W
64. Whitelist #
A list of approved entities, applications, or websites that are allowed to access a system or network. Whitelisting helps organizations restrict access to trusted sources, prevent unauthorized activities, and enhance security by minimizing exposure to threats.
65. Web Application Firewall (WAF) #
A security tool that filters and monitors HTTP traffic between a web application and the internet to protect against web-based attacks such as SQL injection, cross-site scripting, and DDoS. WAFs help organizations secure web applications and prevent data breaches.
66. Wireless Security #
The set of measures and protocols designed to secure wireless networks from unauthorized access, eavesdropping, and data interception. Wireless security includes encryption, authentication, and access control mechanisms to protect data transmitted over wireless channels.
X #
X
67. XSS (Cross #
Site Scripting): A type of web application vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. XSS attacks can steal sensitive information, hijack user sessions, and compromise web applications if not properly mitigated.
68. X.509 Certificate #
A digital certificate standard used to authenticate and secure communication between entities over the internet. X.509 certificates contain public key information, digital signatures, and other data to establish trust and encrypt data transmissions.
Y #
Y
69. YARA #
An open-source tool used for malware detection, analysis, and categorization based on predefined rules and patterns. YARA helps security researchers and analysts identify and classify malware samples, extract indicators of compromise, and improve threat intelligence.
70. Zero Trust #
A security model that assumes no trust in users, devices, or applications inside or outside the network perimeter. Zero Trust architecture requires strict access controls, continuous verification, and least privilege principles to protect data and prevent lateral movement of threats.
71. Zero #
Day Vulnerability: A security flaw in software or hardware that is unknown to the vendor or security community, making it vulnerable to exploitation by attackers. Zero-day vulnerabilities pose a high risk to organizations until patches or mitigations are available to address the issue.
Z #
Z
72. Zombie #
A compromised computer or device controlled remotely by an attacker as part of a botnet. Zombies are used to launch DDoS attacks, send spam, steal data, or perform other malicious activities without the user's knowledge or consent.
73. Zoombombing #
The act of disrupting online meetings, webinars, or virtual events on the Zoom video conferencing platform by unauthorized participants. Zoombombing incidents can involve harassment, hate speech, or sharing inappropriate content, leading to security and privacy concerns for users.