Cyber security glossary

An A-Z of commonly used words and phrases in cyber security.

What are phishing, ransomware, and malware? Our cyber glossary explains all the cyber security terms and phrases you need to know.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z



Advanced Persistent Threat (APT)

The name given to threat actors who carry out the stealthiest and most sophisticated cyber attacks, which often go unnoticed and their presence remains within an IT estate for a long period of time. These highly-skilled adversaries are also referred to as nation-state actors or well-established organised crime groups.

A cyber attacker. See ‘Threat actors’.

An attempt to subvert or bypass a system's security. Attacks may be passive or active: active attacks attempt to alter or destroy data, whereas passive attacks try to intercept or read data without changing it.

Attack Surface Indicator (ASI)
A simple metric that quantifies how vulnerable your systems are to compromise. The ASI is calculated by dividing the number of high severity vulnerabilities identified in your IT estate by the number of endpoints you have.

Attack vector
The method a cyber attacker uses to gain access to a computer or network.


Unauthorised access to data, IT systems, and endpoints.

Brute force
A technique used by adversaries to infiltrate networks. Automation is used to crack passwords by continuously trying different combinations to gain access.

Business impact
The effect a cyber attack has on a business’ operations, finances, and reputation.


CEO fraud
An attack where a threat actor impersonates a company’s senior executive (usually the CEO), and sends social engineering emails to coerce colleagues into making payments to fraudulent accounts.

Access to, or disclosure of, information on an IT system without authorisation.

Cyber criminal
An adversary who is motivated by financial gain. 

Credential harvesting
The illegal gathering of usernames and passwords by adversaries.


Data breach
The unauthorised compromise of data and sensitive information.

Domain Name Server (DNS)
The internet’s phonebook. DNS is a way of translating alphabetical website addresses which are easy to read and remember, into numerical IP addresses which identify the location of the website.

Dwell time
The length of time an attacker is present on an IT system without being detected.


The scrambling of data so it becomes very difficult to unscramble and interpret.

A computer or other user-driven device that communicates with the network it is connected to.

Short for 'executable', an exe is a file that can be executed or run as a programme on a Windows computer.

An attack crafted to breach a specific vulnerability in an IT system.


Fileless malware
A type of malicious software that operates in computer memory.

A firewall is a system designed to prevent unauthorised network traffic to or from a trusted network. It can be implemented in either hardware or software form, or a combination of both. 

A common denial of service (DoS) attack that takes systems offline by overloading the target with surplus requests, which disrupts services and blocks legitimate requests from getting through.



Government Cloud (G-Cloud) is a framework which supports the UK government’s ‘cloud first’ initiative by encouraging the public sector to choose cloud-based services over on-premise solutions. CORVID is proud to be a registered supplier under the G-Cloud 12 Framework.

A European regulation that lays down rules relating to the protection of natural persons with regards to the processing of personal data, and rules relating to the free movement of personal data. In the UK, it is further tailored by the Data Protection Act 2018.



A hashing function takes an input (or 'message') and returns a fixed-size alphanumeric string. The string is called the 'hash value', 'message digest', 'digital fingerprint', 'digest', or 'checksum'.

An unsecured, internet-connected computer that is monitored for signs of malicious activity and compromise attempts. The intelligence gathered from this activity is used to protect against future cyber attacks.

A host is a computer. It can be a client, server, or any other type of computer. Each host has a unique identifier called a hostname that allows other computers to access it.


Incident response
Action that is taken following the detection of compromise to remove malicious activity and provide answers to how and where the security breach took place, what information was accessed, how to fix it, and how to stop it happening again.

The action a virus carries out when it enters a computer system or storage device.

Internet of Things (IoT)
A term used to describe all objects with internet connectivity, including smart phones, wearable tech, cars, and household appliances.


Junk mail
Unwanted emails. See 'Spam'.



A programme that records keystrokes on a computer, without the user being aware.



Log file
A record of time-stamped events that have occurred within an operating system or software programme.

Logic bomb
Malicious code in malware that triggers once set conditions are met, often resulting in the corruption of data.



A generic term used to describe malicious software such as viruses, trojans, spyware, and malicious active content.

An attack method whereby online advertising space is used to distribute malware.

MIME parts
Multipurpose Internet Mail Extension (MIME) parts are all the individual elements that form an email, including character sets, text, and non-text attachments such as images and videos.


A group of interconnected endpoints and systems.



Many organisations choose to enlist the help of reputable managed security service providers to handle their cyber security. This may be due to insufficient resource in-house, or a lack of specific expertise, as there is a well-known global cyber skills shortage.



Patch management
The process of systematically discovering, prioritising and remediating software vulnerabilities using patches provided by the software vendor or device manufacturer.

The component of an attack which causes malware to initiate.

A method of cyber attack that uses social engineering techniques via email or instant messaging, in an attempt to fraudulently acquire personal information, such as passwords and credit card details, or divert payments to a criminal’s account.

A method of displaying Unicode with ASCII characters. Although a useful translation tool for an international domain name (IDN), it is also used by threat actors to spoof an email address to appear as though it comes from a genuine company, by using substitute characters that look the same as standard characters.



Where malicious emails and files are stored safely in isolation.



Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files, and demands payment of a ransom to regain access.

Remote Access Trojan (RAT)
A type of malware that allows threat actors remote access to networks, and a backdoor for unauthorised control and surveillance of the target.

A rootkit is malware, designed to enable access to a computer or an area of its software that is not otherwise allowed.



A separate environment on a network that can be used to isolate applications and attachments from critical IT infrastructure. Malware and suspicious files can be fully investigated in the sandbox without risking compromise to the rest of the network.

A form of cyber blackmail. Threat actors email their target claiming to have evidence (normally video from the target's own webcam) of them performing sexual activities, while visiting taboo websites. The blackmailer threatens to share the evidence with the target’s family and colleagues, unless a ransom is paid (normally using hard-to-trace cryptocurrency payments). To add credibility, the email may also contain a password the victim has used in the past which was compromised in an online breach. Threat actors can buy large lists of compromised email addresses and associated passwords on the dark web.

A pattern (often a simple string of characters or bytes) expected to be found in every instance of a particular virus. Anti-virus scanners and intrusion detection systems use these signatures to identify and locate specific viruses.

Unsolicited or unwanted electronic messages. Spam includes legitimate adverts, misleading adverts, and phishing messages designed to trick recipients into giving up personal and financial information.

Spear phishing
A social engineering attack that targets a specific person or company, usually with a specially crafted email containing requests for sensitive or financial information, or containing malicious links to credential harvesting sites.

Spoofed website
A site that mimics a real company’s website, to harvest confidential information (passwords, account numbers, card details, etc.) from people who are tricked into visiting it. The fake site looks exactly like the real site, down to the logo, graphics, and detailed information.



Threat actors
Cyber criminals, hackers, and other malicious individuals who use the internet to commit crimes such as identity theft, PC and network hijacking, illegal spamming, phishing, and fraud.

Threat hunting
Proactively searching through data to identify threats that evade existing security defences such as anti-virus solutions.

Threat landscape
The range of current cyber threats you could encounter.


Unintentional insider threat 
An employee who unwittingly allows a cyber attacker to achieve their goal, whether it’s a breach of systems or information, or diverting payments to a criminal’s account.



A file capable of attaching to disks or other files and replicating itself repeatedly, typically without a user’s knowledge or permission.

An exploitable weakness or loophole which allows an attacker to compromise a system.


A social engineering attack that targets senior executives – those with the authority to give the green light to financial transactions and business decisions.


Self-replicating malware that spreads autonomously onto other connected devices.



A markup language that defines a set of rules for how to store, retrieve, and present information. Extensible Markup Language (XML) is both human-readable and machine-readable.



Cross-site scripting (XSS) is a web application vulnerability that allows malicious scripts to be injected into otherwise harmless websites, and executed in the end user's browser.



A tool that helps with the identification and classification of malware samples.



Zero day attack
A brand new attack, never before detected by security teams, for which there is no immediate vendor solution.

Zero day vulnerability
A brand new vulnerability in a piece of software, which a vendor has not produced a security patch for.

A compromised computer that is connected to the internet, which can be used remotely to carry out malicious tasks.


Back to top