Skip to content

Glossary

Updated June 13, 2025

Denial-of-service attack

Floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.

DKIMDomainKeys Identified Mail

DKIM adds a digital signature to each email message, which can be verified by the receiving mail server. This ensures the message hasn’t been altered in transit and confirms it was sent by the claimed domain.

See also DMARC and SPF. Together, these three protocols help protect against email spoofing and phishing attacks.

DMARCDomain-based Message Authentication, Reporting & Conformance

DMARC builds on SPF and DKIM by telling receiving mail servers what to do if an email fails authentication—such as reject, quarantine, or allow it. It also provides reporting, so domain owners can monitor and improve their email security.

See also DKIM and SPF. Together, these three protocols help protect against email spoofing and phishing attacks.

DNSDomain Name System

The Internet's system for converting alphabetic names into numeric IP addresses. For example, when a Web address (URL) is typed into a browser, DNS servers return the IP address of the Web server associated with that name. In this made-up example, the DNS converts the URL www.company.com into the IP address 204.0.8.51. Without DNS, you would have to type the series of four numbers and dots into your browser to retrieve the website, which you actually can do. See IP address.

DNS Tunneling

Utilizes the DNS protocol to communicate non-DNS traffic over port 53. It sends HTTP and other protocol traffic over DNS. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. It can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.

EncryptionEncrypted data

The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text;

Hacker

A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s).

Information Resource

The data and information assets of an organization, department or unit.

IP addressInternet Protocol address

The address of a connected device in a TCP/IP network, which is the worldwide standard both in-house and on the Internet. Every desktop and laptop computer, server, scanner, printer, modem, router, smartphone, tablet and smart TV is assigned an IP address, and every packet (Web, email, video, etc.) traversing an IP network contains a source IP address and a destination IP address.

Man-in-the-middle attack

Also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.

MFA (Multi-Factor Authentication)2FA (Two-Factor Authentication)

A way to make your accounts more secure by requiring two or more proofs of identity. Instead of just a password, you also need something like a code sent to your phone or a fingerprint. It’s like needing both a key and a code to get into a building — much harder for someone to break in.

Passkeys

Passkeys are a new, safer way to sign in to apps and websites without using passwords. Instead of typing a password, you use your device (like your phone or computer) to confirm it’s really you — with a fingerprint, face scan, or PIN. Passkeys are harder to steal and protect you better from phishing and hacking.

Plain text

Unencrypted, therefore unprotected data.

Protected Health Information (PHI)

Any information about health status, provision of health care, or payment for health care that is created or collected by a "Covered Entity" (or a Business Associate of a Covered Entity), and can be linked to a specific individual.

Personally Identifiable Information (PII)

Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered.

Protected data

See PII and PHI.

Phishing

The practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine.

See also: Phishing attack, Spearphishing attack, Whaling attack.

Phishing attack

Broadly targeted email that works through large volumes of low-cost messages to many users. The message might contain a link to a site inviting users to sign up to win a cash prize, and by signing up, the victim gives up their sign-in credentials.

Ransomware

A type of malicious software or malware. It encrypts a victim's data, after which the attacker demands a ransom. Once the ransom is paid, the attacker can send a decryption key to restore access to the victim's data (without any assurance that they will).

RaaSRansomware-as-a-Service

Ransomware-as-a-Service (RaaS) is a cybercrime business model in which ransomware developers create and distribute ransomware tools that are leased or sold to affiliates, who then use them to carry out attacks.

It’s modeled after legitimate Software-as-a-Service (SaaS) platforms, but for malicious purposes.

Safeguards

Countermeasures, controls put in place to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. Safeguards help to reduce the risk of damage or loss by stopping, deterring, or slowing down an attack against an asset.

SPFSender Policy Framework

SPF is an email authentication method that lets domain owners specify which mail servers are allowed to send emails on their behalf. It helps recipients verify that incoming messages from a domain come from an authorized source, reducing spoofing and spam.

See also DKIM and DMARC. Together, these three protocols help protect against email spoofing and phishing attacks.

Sensitive data

Data that is encrypted or in plain text and contains PII or PHI data. See PII and PHI above.

Session token or user's session token

A user’s session token is a unique, temporary identifier that a server assigns to a user after they log in. It keeps the user authenticated as they navigate a website or app without needing to log in again on every page.

Think of it like a visitor badge—once you’re verified at the front desk, you wear the badge (session token) to prove you’re authorized, until the session ends (e.g., you log out or it expires). If an attacker steals this token, they can impersonate the user without knowing their username or password.

Spearphishing attack

A targeted attack against a specific individual; for example, inducing an accountant to open an attachment that installs malware. The malware then helps the attacker gain access to accounting and bank data.

SSOSingle Sign-On

SSO (Single Sign-On) is a way to log in once and access multiple apps or services without having to sign in again for each one. It simplifies the login process and reduces the number of passwords you need to remember, while still keeping your accounts secure.

Spoofing

The forgery of an email header by an attacker so that a message appears to have originated from someone other than the actual source. When one of your users sees the email sender, it may look like someone they know, or appear to be from a domain that they trust. Email spoofing is a tactic used in phishing and spam campaigns, because email users are more likely to open a message when they believe it’s from a legitimate source.

SQL injection

Occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.

URLUniform Resource Locator

The address used to locate and access resources on the internet. It includes components like the protocol (https), domain name (example.com), and optionally a path, query string, or fragment.

Behind the scenes, the domain name in a URL is resolved via the Domain Name System (DNS) to an IP address, which tells your browser where the server is located.

VirusMalware

A piece of malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.

VPNVirtual Private Network

A VPN, or Virtual Private Network, is a service that protects your internet connection by creating a secure, encrypted tunnel between your device and the websites or services you use. This means that your online activity is hidden from hackers, internet providers, and even government surveillance.

Using a VPN also changes your IP address, making it appear as though you’re browsing from a different location. This can help protect your privacy and allow access to content that might be restricted in your region.

Whaling attack

An attempt to trick individuals into taking a specific action such as making a money transfer. A whaling scam is designed to masquerade as a critical business email, sent from a legitimate authority or what appears to be legitimate.

Zero-day exploit

An attack that happens after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time.

Zero Trust Security model

Zero trust is a cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. A holistic view of zero trust security is further defined as the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a zero trust architecture plan. Zero trust security is, therefore, not only a product or an approach--it's a web of connected policies, practices, software, and hardware that create an entire zero-trust ecosystem.

Much like other kinds of digital transformation, zero trust isn't a plug-and-play solution to the shortcomings of current cybersecurity practices: It's a total commitment to a process that alters large swaths of an organization's structure.