Learn cybersecurity language

| By:
John Ford

When you get started working around cybersecurity, it can sound like people are speaking a foreign language. Like most of the IT industry, cybersecurity has a language of its own. We’ve all become familiar with the basic security terms and aspects when we secure our personal data and information, but when you go deeper into the rabbit hole, the more technical things can get.

Let’s go over some commonly used terms you’ll hear so you can talk the talk when it comes to cybersecurity.


A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents, sometimes by removing or neutralizing the malicious code.1

Chief Information Security Officer (CISO)

A senior-level executive who’s responsible for developing and implementing an information security program which includes procedures and policies designed to protect enterprise communications, systems, and assets from both internal and external threats. The CISO may also work alongside the Chief Information Officer (CIO) to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The CISO may also be referred to as the chief security architect, the security manager, the corporate security officer, or the information security manager, depending on the company's structure and existing titles. While the CISO is also responsible for the overall corporate security of the company, which includes its employees and facilities, he or she may simply be called the Chief Security Officer (CSO).2

Continuous monitoring

A risk management approach to cybersecurity that maintains an accurate picture of an agency's security risk posture, provides visibility into assets, and leverages use of automated data feeds to quantify risk, ensure effectiveness of security controls, and implement prioritized remedies.


Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.


The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.3

Cybersecurity framework

An IT security framework is a series of documented processes used to define policies and procedures around the implementation and ongoing management of information security controls. These frameworks are basically a blueprint for building an information security program to manage risk and reduce vulnerabilities. Information security pros can utilize these frameworks to define and prioritize the tasks required to build security into an organization.4

Data breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.5

Data exfiltration

The unauthorized transfer of data from a computer, attached device, or network. Such a transfer may be manual and carried out by someone with physical access to a computer, or it may be automated and carried out through malicious programming over a network.

Data loss prevention

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.6

Data protection/insider threat

Data protection places emphasis on data as an asset that has a value assigned. Think about intellectual property, trade secrets, personally identifiable information (PII), personal health information (PHI), credit card, or financial information as an example. This IS the last layer of defense. Activities include data classification, data loss prevention (DLP), data masking, or de-identification.

Endpoint protection

Relates to all manners of protection regarding the operating systems, applications, connections, and behavior of an endpoint such as a laptop, desktop, mobile device, or server. This is one of the last layers of defense. Activities include antivirus, anti-malware, operating system/application hardening, configuration management, email/web filtering, access control, patching, and monitoring.


The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.7


A capability to limit network traffic between networks and/or information systems.

Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.8


An umbrella approach referring to a company’s posture towards governance, risk, and compliance. This includes the rules of the road and guidance that the company follows. These activities are foundational and provide meaning and direction to the following items: security policies and procedures, training and awareness, risk and vulnerability assessment, and penetration testing along with providing metrics as to where a company is on a risk and maturity scale as well as trends showing progress.


An occurrence that actually or potentially results in adverse consequences, adverse effects on or poses a threat to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.9

Incident response

Activities related to how an organization prepares, trains, and coordinates response to assumed or confirmed security incidents that have a material impact of the corporate business strategy, as well as impacts to employees or business partners. Incident response in action includes the following activities: monitoring, incident identification and triage, remediation, restore, and recovery activities (designed to restore the company to normal operations). In the SMB, space this may include Business Continuity and Disaster Recovery.

Log collection

Log collection is the heart and soul of a SIEM. The more log sources that send logs to the SIEM, the more can be accomplished with the SIEM.10

Log management

The National Institute for Standards and Technology (NIST) defines log management in Special Publication SP800-92 as: "the process for generating, transmitting, storing, analyzing, and disposing of computer security log data."

Log management is defining what you need to log, how it’s logged, and how long to retain the information. This ultimately translates into requirements for hardware, software, and of course, policies.11


Software that compromises the operation of a system by performing an unauthorized function or process.12

Synonym(s): malicious code, malicious applet, malicious logic

Multi-factor authentication (MFA)

A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.13

The National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. The organization’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.


A digital form of social engineering to deceive individuals into providing sensitive information.14

Risk assessment

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.15

Risk management

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Extended Definition: Includes 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.16

Security Information and Event Management (SIEM)

SIEM became the generalized term for managing information generated from security controls and infrastructure. It is essentially a management layer above your existing systems and security controls. SIEM connects and unifies information from disparate systems, allowing them to be analyzed and cross-referenced from a single interface.17

Security operations center (SOC)

A security operations center (SOC) is a facility that houses an information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes.18

Single sign-on (SSO)

Single sign-on (SSO) is a session and user authentication service that permits an end user to enter one set of login credentials (such as a name and password) and be able to access multiple applications.19


A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.20

Now that you have a better understanding of cybersecurity terms and phrases you’ll hear around the industry, share them with your customers so you’ll start speaking a common language.


1, 3, 5, 6, 7, 8, 9, 12, 14, 15, 16, 20 Explore Terms: A Glossary of Common Cybersecurity Terminology
Retrieved from https://niccs.us-cert.gov/about-niccs/glossary

2 Rouse, M (December 2016) CISO (Chief Information Security Officer)
Retrieved from https://searchsecurity.techtarget.com/definition/CISO-chief-information-security-officer

4 Granneman, J (May 2019) Top 7 IT Security Frameworks and Standards Explained)
Retrieved from https://searchsecurity.techtarget.com/tip/IT-security-frameworks-and-standards-Choosing-the-right-one

10 Constantine, C (December 2018) Standards and Best Practices for SIEM Logging
Retrieved from https://www.alienvault.com/blogs/security-essentials/what-kind-of-logs-for-effective-siem-implementation

11 Torre, D (October 2010) What Is Log Management and How to Choose the Right Tools
Retrieved from https://www.csoonline.com/article/2126060/network-security-what-is-log-management-and-how-to-choose-the-right-tools.html

13 Rouse, M (March 2015) Multifactor Authentication (MFA)
Retrieved from https://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA

17 Constantine, C (March 2014) SIEM and Log Management—Everything You Need to Know but Were Afraid to Ask, Part 1
Retrieved from https://www.alienvault.com/blogs/security-essentials/everything-you-wanted-to-know-about-siem-and-log-management-but-were-afraid

18 Lord, N (July 2015) What Is a Security Operations Center (SOC)?
Retrieved from https://digitalguardian.com/blog/what-security-operations-center-soc

19 Rouse, M (June 2019) Single Sign-On (SSO)
Retrieved from https://searchsecurity.techtarget.com/definition/single-sign-on