Cyber Security Jargon Buster

Don't know your Trojans from your SOC 2? Demystify cyber security with our jargon buster.



Definition: official recognition that an organisation has the competence and impartiality to perform certification, testing, audits and inspections.

Within cyber and information security standards this usually refers to the accreditation a certifying body receives in order to be able to audit and certify that other organisations adhere to specific standards. For example an organisation needs to be IASME accredited in order to audit your organisation to award a Cyber Essentials certificate.

+Agent-based scanning
+Agentless scanning


Black box testing

Definition: penetration testing where an ethical hacker has no knowledge of the system they are attacking. This simulates an attempted hack that comes from outside of an organisation.

+Black hat
+Blue team
+Bring-your-own-device (BYOD)
+Brute force
+Business continuity


Certified Cloud Security Associate (CCSA)

Definition: a certification that demonstrates an individual’s ability to apply best practices to cloud security architecture, design and more.

+Certified Ethical Hacker (CEH)
+Certified Information Security Manager (CISM)
+Certifying Body
+Cloud computing
+Common Vulnerabilities and Exposures (CVE)
+Common Vulnerability Scoring System (CVSS)
+Continuous monitoring
+Council of Registered Ethical Security Testers (CREST)
+Cross Site Scripting (XSS)
+Cyber Essentials
+Cyber Essentials Plus
+Cyber security


Dark web

Definition: an area of the internet that is only accessible through software such as Tor, typically using onion or I2P domains.

+Denial of Service (DoS)
+Deny list
+Digital footprint
+Distributed Denial of Service (DDoS)
+Domain IPS Tag
+Domain name


EC-Council Certified Incident Handler (ECIH)

Definition: a certification designed for professionals who respond to and manage cybersecurity incidents.

+Essential 8
+Ethical Hacker


Financial Conduct Authority (FCA)

Definition: a regulatory body in the United Kingdom responsible for overseeing financial markets, firms, and ensuring the protection of consumers.



GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)

Definition: a certification that validates a practitioner’s ability to find and mitigate significant security flaws in systems and networks. Individuals with this certification can conduct advanced penetration tests and simulate behaviour of real attackers.

+Global Information Assurance Certification (GIAC)
+Google Endpoint Management
+Google Mobile Management
+Greenbone OpenVAS
+Grey box testing
+Grey hat



Definition: someone who uses their computer skills to gain unauthorised access to computer systems, networks, or data.

+Hypertext Transfer Protocol (HTTP)
+Hypertext Transfer Protocol Secure (HTTPS)


Information Assurance for Small and Medium Enterprises (IASME)

Definition: a cyber security standard designed to help small and medium enterprises become cyber safe.

+Information Security Management System (ISMS)
+International Accreditation Forum (IAF)
+International Association of Privacy Professionals (IAPP)
+Internet Protocol (IP) address
+Invisible Internet Project (I2P)
+ISO 17024-certificated EU GDPR practitioners
+ISO 27001
+ISO 27701 (Privacy Information Management Systems) (PIMS)



Definition: a popular programming language used in website development.



Definition: a type of malware that unknowingly records keystrokes made by the victim, often leading to theft of personal information or login credentials.



Definition: malicious software. Software that is designed to disrupt, damage or be gain unauthorised access to a computer system.

+Man-in-the-middle attacks (MITM)
+Mobile Device Management (MDM)
+Multi-factor authentication


National Institute of Standards and Technology (NIST)

Definition: part of the U.S. Department of Commerce, NIST is a United States government agency that develops and promotes standards, guidelines and best practices for cyber security.

+NHS Data Security and Protection Toolkit (DSPT)


Offensive Security Certified Professional (OSCP)

Definition: a cyber security certification that demonstrates capability in ethical hacking and penetration testing. It is sought after by many professionals and is known for its challenging assessment.

+Open source


Patch management

Definition: the process of identifying, acquiring, testing and applying software updates (patches) to fix security weaknesses. This is essential to remaining secure and requires daily scanning to ensure it remains up to date.

+Payment Card Industry Data Security Standard (PCI DSS)
+Penetration testing
+Prudential Regulation Authority (PRA)
+Purple Team



Definition: a type of malware which demands a ransom payment from the infected victim. Typically, the victim’s files are forcibly encrypted, and a payment is required to decrypt them.

+Red Team
+Remediation management
+Remote Administration Trojan (RAT)


Secure Sockets Layer (SSL) Certificate

Definition: a digital certificate that encrypts data between a web browser and a server. The certificate authenticates the identity of a website owner and establishes a secure connection. Without an SSL certificate, browsers will show warnings to users who enter your website with messages such as “your connection is not secure” or “your connection is not private”.

+SOC1 (Systems and Organisation Controls)
+SOC2 (Systems and Organisation Controls)
+Social engineering
+Social Engineering
+SQL Injection (Structured Query Language Injection) (SQLi)
+SSL certificate validity
+Structured Query Language (SQL)
+Surveillance audit


The GIAC Web Application Penetration Tester (GWAPT)

Definition: a certification that demonstrates an individual’s expertise in identifying and addressing security vulnerabilities in web applications. These individuals have demonstrated knowledge of web application exploits and penetration testing methodology.

+The Onion Router (TOR)
+Threat profile


United Kingdom Accreditation Service (UKAS)

Definition: the government-backed national accreditation body for the United Kingdom. They assess and accredits organisations providing certification, testing, inspection and calibration services against internationally agreed standards.

+User Access Control (UAC)



Definition: malware that can self-replicate and spread from one computer to another by attaching themselves to host files.

+Vulnerability scanning



Definition: high-profile individuals who are valuable targets for cyber-attacks. These individuals often have access to sensitive data, large amounts of money, or have decision-making authority.

+White box testing


Zero-day vulnerabilities

Definition: a vulnerability that has not yet been disclosed to the programmer or vendor responsible for the application.

  • Newcastle office: 0191 249 3003
  • London office: 0203 793 9679