Skip to content

Cybersecurity Terms Explained

1. Threats

Definition: Any potential danger that can exploit a vulnerability and cause harm.

Types of Threats:

  • Cyber Threats: Malware, phishing, ransomware, DDoS attacks.
  • Insider Threats: Employees or partners misusing access.
  • Advanced Persistent Threats (APT): Stealthy, long-term cyberattacks by skilled hackers.

2. Incidents

Definition: Security events that compromise an organization’s data, operations, or reputation.

Examples of Incidents:

  • Data breaches – Unauthorized access to sensitive information.
  • System intrusions – Hackers gaining access to IT systems.
  • Ransomware infections – Malware encrypting data and demanding payment.
  • Unauthorized access attempts – Suspicious logins or privilege escalations.

Incident Response Process:

  1. Detect – Identify suspicious activity.
  2. Analyze – Investigate the nature and impact of the incident.
  3. Contain – Prevent further spread of the attack.
  4. Eradicate – Remove the root cause and clean affected systems.
  5. Recover – Restore systems and ensure they function normally.
  6. Report – Document the incident for future prevention.

3. Reverse Engineering

Definition: The process of analyzing software, malware, or hardware to understand how it works.

Uses in Cybersecurity:

  • Malware Analysis: Studying malware behavior to develop countermeasures.
  • Exploit Detection: Identifying security flaws in software.
  • Forensics: Investigating cyber incidents by analyzing malicious code.

4. Triage

Definition: The process of analyzing and prioritizing security alerts based on their severity, impact, and urgency.

Triage Process:

  1. Alert Identification – Collect security logs from SIEM, firewalls, IDS/IPS.
  2. Classification – Determine if the alert is a false positive or a real threat.
  3. Prioritization – Rank threats based on risk level (low, medium, high, critical).
  4. Escalation – Forward critical incidents to L2/L3 analysts for deeper investigation.

5. Flag in Cybersecurity

Definition: A flag is a marker or indicator used to identify security-related events, vulnerabilities, or challenges.

Types of Flags:

  • πŸ”Ή CTF (Capture The Flag) – Cybersecurity competitions where participants find hidden "flags" (e.g., flag{this_is_a_sample_flag}).

  • πŸ”Ή Security Alerts & Indicators – Flags indicate suspicious activity in SIEM tools (e.g., a red flag for high-priority threats).

  • πŸ”Ή Vulnerability Assessment – Security scanners flag potential vulnerabilities in software or networks ("Flagged for review").

  • πŸ”Ή Network & Packet Analysis – TCP/IP flags show the state of a network connection (e.g., SYN, ACK, FIN).

- πŸ”Ή Incident Response – Flagged events in logs require further investigation (e.g., multiple failed login attempts flagged as a brute-force attack).

Cybersecurity Key Terms

  1. Attack Surface – The total number of entry points an attacker can exploit.
  2. Zero Trust – A security model where no one is trusted by default.
  3. Phishing – Fraudulent emails/messages tricking users into sharing sensitive information.
  4. Malware – Malicious software (e.g., viruses, ransomware, Trojans).
  5. Ransomware – Malware that locks data and demands payment for access.
  6. Firewall – A security barrier controlling network traffic.
  7. SIEM (Security Information and Event Management) – A tool for real-time monitoring and analysis of security events.
  8. IDS/IPS (Intrusion Detection/Prevention System) – Detects and prevents cyber threats.
  9. DDoS (Distributed Denial of Service) – An attack that floods a system to disrupt services.
  10. Endpoint Security – Protecting devices like laptops and smartphones.
  11. Encryption – Securing data by converting it into unreadable code.
  12. Penetration Testing – Ethical hacking to find security vulnerabilities.
  13. Red Team – Simulated attacks to test an organization’s defenses.
  14. Blue Team – Defensive security professionals protecting systems.
  15. Threat Intelligence – Gathering data to predict and prevent cyber threats.
  16. IAM (Identity and Access Management) – Controlling user access with MFA, RBAC, etc.
  17. Zero-Day Attack – Exploiting unknown vulnerabilities before a fix is available.
  18. Social Engineering – Manipulating people into revealing confidential data.
  19. SOC (Security Operations Center) – A team that monitors and responds to security threats.
  20. Patch Management – Regular updates to fix security vulnerabilities.