The cybersecurity glossary
The key cybersecurity terms, defined simply and without needless jargon: regulations, threats, roles and best practices, explained by a CISO.
A simple rule for reliable backups: 3 copies, on 2 different media, 1 of which is kept elsewhere.
A single, monitored point of passage through which administrators access sensitive systems.
Adversary-in-the-Middle (AitM)An attack where the criminal slips in between you and the real site to steal your session, even with two-factor authentication.
ANSSIThe French state agency responsible for cybersecurity: it protects, advises and warns against cyberattacks.
APT (advanced persistent threat)A highly organised, well-funded attacker who settles in for the long term to spy or sabotage over time.
Attack surfaceThe set of possible ways in for an attacker: exposed services, accounts, devices, and even people.
The plans to keep operating during a crisis (BCP) and then to bring the systems back up afterwards (DRP).
BotnetA network of hacked machines, controlled remotely to carry out mass attacks.
BYODUsing your personal devices (phone, computer) for work, with the risks that entails.
A scam where a fraudster impersonates a director or a partner in order to obtain an urgent transfer.
CERT / CSIRTA team specialised in preventing and handling cybersecurity incidents.
CISOThe person responsible for an organisation's cybersecurity: they set the strategy and steer the protection.
CNILThe French authority that protects your personal data and enforces the GDPR.
Computer worm (worm)Malicious software that spreads on its own from one machine to another, without anyone having to click.
Credential stuffingAn attack that mass-tests passwords stolen elsewhere to open your other accounts.
Cross-site scripting (XSS)An attack that injects code into a site to trap other visitors via their browser.
CryptojackingThe hijacking of your device's power to produce cryptocurrency without your knowledge.
CVE / CVSSThe CVE gives a unique number to each known flaw; the CVSS gives it a severity score.
Cyber insuranceInsurance that covers part of the financial consequences of a cyberattack.
Cyber resilienceAn organisation's ability to keep going during a cyberattack and to recover quickly afterwards.
Cyber Resilience Act (CRA)A European regulation that imposes cybersecurity requirements on digital products sold in Europe.
When data ends up exposed or in the wrong hands, following an attack, a mistake or a misconfiguration.
Data protection impact assessment (DPIA)A mandatory study to identify and reduce the risks of a data processing operation that is sensitive for people.
Data protection officer (DPO)The person tasked with ensuring GDPR compliance in an organisation and advising on data protection.
DDoSAn attack that drowns a site under a flood of connections to make it unreachable.
DeepfakeA fake video or voice, created by artificial intelligence, imitating a real person very realistically.
Defence in depthStacking several independent protections, so that a single flaw is never enough to compromise everything.
Digital sovereigntyA country's or an organisation's ability to keep control of its data, its tools and its dependencies.
DLPTools that spot and block unauthorised sends of sensitive information out of the organisation.
DORAA European regulation that requires the financial sector to better withstand IT outages and cyberattacks.
A French method, led by ANSSI, for analysing and managing an organisation's cyber risks.
EDRMonitoring software installed on the company's computers that spots and blocks suspicious behaviour.
EncryptionMaking information unreadable without the right key, to protect its secrecy.
End-to-end encryptionA protection where only you and your recipient can read the messages, not even the service that carries them.
A filter that controls network traffic and allows or blocks connections according to rules.
The European law that protects your personal data and governs what organisations are allowed to do with it.
GRCA way of steering security as a genuine business matter: governance, risk management and compliance with the rules.
Turning a piece of data into a unique, non-reversible "fingerprint", useful for checking a file or protecting a password.
HoneypotA deliberately exposed decoy to attract attackers and spot their actions.
Human factorThe central role of human behaviour in security: most attacks go through a person first.
The set of tools that manage accounts and decide who is allowed to access what.
Indicator of compromise (IOC)A technical clue that betrays a possible attack: a known malicious address, file or domain.
InfostealerA malicious program that rummages through your device to steal passwords, cookies and banking data.
ISO/IEC 27001The international reference standard for seriously organising information security in an organisation.
ISSP (security policy)The reference document that sets an organisation's security rules, objectives and responsibilities.
A snooping tool that records everything you type on the keyboard to steal passwords and messages.
A hacker's progression from a compromised machine to others, to extend their hold on the network.
Least privilegeGiving each person only the rights strictly necessary for their work, no more, no less.
A general term for any software designed to do harm: virus, worm, Trojan horse, ransomware, spyware and so on.
MFA / 2FATwo-factor authentication: on top of the password, a second proof (code, app, key) to prove it really is you.
MITRE ATT&CKA reference catalogue that describes the methods actually used by cyberattackers.
Dividing a network into walled-off zones to stop an attack from spreading everywhere.
NIS2A European directive that imposes cybersecurity rules on many more companies and essential sectors.
The collection of information from public sources, useful to attackers and defenders alike.
A modern alternative to the password: you log in by unlocking your device, with nothing to remember or type.
Password managerA digital vault that creates and remembers strong passwords for you; you only memorise one.
Patch managementDeploying security updates on time to close known flaws.
PentestA penetration test: authorised experts play the hackers to find the flaws before the real attackers do.
PhishingA message that impersonates a trusted body (bank, tax office, boss) to trap you and steal your passwords or your money.
Privilege escalationWhen an attacker manages to grant themselves more rights than they had at the start.
Privileged access management (PAM)The set of tools that protect and monitor the most powerful accounts, such as those of administrators.
Public key infrastructure (PKI)The system that manages digital certificates, those proofs of identity behind the little padlock in your browser.
A virus that locks your files by encrypting them, then demands a ransom to give them back.
Red team / blue team / purple teamThe teams that attack (red), that defend (blue) and that make them cooperate (purple) to strengthen security.
RootkitMalicious software that takes deep control of a machine while making itself invisible.
RTO / RPOTwo recovery objectives: how long we can hold out without the service (RTO), and how much data we can lose (RPO).
An isolated space to open a suspicious file or program without risk to the real system.
Shadow ITThe tools and applications used at work without the agreement or knowledge of the IT department.
Shared responsibility modelIn the cloud, the split of security roles between the provider and the customer depending on the type of service.
SIEMA tool that gathers the logs from all systems to spot security incidents.
SOARA tool that automates the handling of security alerts to save teams time.
SOCThe team that monitors an organisation's security continuously and responds to incidents.
Social engineeringThe manipulation of people (trust, fear, urgency) to push them into doing what the attacker wants.
Spear phishingA tailored phishing attack that targets a specific person with information about them to appear credible.
SPF, DKIM and DMARCThree technical settings that prove an email really comes from the right domain, to fight against spoofing.
SpywareSoftware that quietly watches your device to collect information without your knowledge.
SQL injectionAn attack that slips hidden commands into a form to manipulate a site's database.
SSO (single sign-on)Logging in once to access several applications, without re-entering your credentials each time.
Supply chain attackAn attack that goes through a trusted supplier or piece of software to reach its customers by rebound.
Intelligence on threats: knowing the attackers and their methods in order to defend better.
Trojan horse (trojan)A booby-trapped program that hides inside normal-looking software and activates once you install it.
An encrypted tunnel that protects your connection between your device and a remote network.
A specialised firewall that protects a website from attacks such as code injection.
An evolution of the EDR that cross-references signals from workstations, the network, email and the cloud in a single tool.
A security approach that trusts no one by default and verifies every access.
Zero-dayA flaw still unknown to the vendor, and therefore with no patch: attackers can exploit it before any defence exists.

Don't miss the next analysis