Security Management Terms Explained: A Cybersecurity Glossary

Make sure your entire team is on the same page when it comes to cybersecurity.

Acronyms and buzzwords frequently pop up in conversations among IT professionals, but the downside of using this industry-specific terminology is that it's an opportunity for the non-initiated to lose track.

Until recently, this has not been much of a problem outside corporate IT departments. But when IT leaders have to communicate detailed and often complex technical rules to employees throughout a company, technical jargon becomes a serious challenge.

In today’s security-centric tech environment, IT leaders must communicate with the entire organization more than ever. Use this glossary of common cybersecurity terms to bridge the information gap between your team and its dedicated cybersecurity provider.

Cybersecurity is an extraordinarily complex field—short of taking a university-level course, there is no way to comprehensively cover all of the terms that security professionals use on a daily basis.

It’s simply too much to ask of an entire organization. What business leaders and their teams need, instead, is a comfortable degree of familiarity with the terms most commonly used in a business setting.

Here’s a look at the terms most likely to come up in your next security conversation:

When cybercriminals trick unsuspecting victims into giving away sensitive information, they are phishing. These attacks come in a variety of forms—from suspicious emails claiming that you won something in a sweepstake you never entered, to urgent, unsolicited false-alarm calls from your phone company asking for personal information.

Phishing attacks often involve the creation of spoof websites. These websites are designed to look exactly like trustworthy web portals, and government websites are some of the most commonly spoofed. 

VPN stands for virtual private network. This is a more secure method to access WiFi networks, especially ones that may be unsafe. Instead of exposing your network traffic to hackers and your ISP, VPN technology encrypts that data. This makes it possible for users to hide internet traffic, keeping information secure and potentially allowing them to use services they would otherwise not have access to.

When cybercriminals exploit a built-in flaw in a security system, they are using what security professionals call a backdoor. Governments in the U.S., U.K., and Australia have even urged tech companies like Facebook to intentionally build backdoors into their platforms, and not go ahead with end-to-end encryption, saying it weakens their fight against terrorism and child abuse. 

The problem is that if governments benefit from a built-in security vulnerability, cybercriminals will almost certainly find a way to do so as well.

When cybercriminals install keylogger software, they gain access to a report of every keystroke users have typed into that computer. That includes messages, usernames, passwords—everything. Keyloggers usually embed themselves deep in the system they are installed on, making them difficult to detect.

SSL stands for secure socket layer. It is a cryptographic method for ensuring that when two computers communicate with one another, they do so securely. Any website that begins with “HTTPS” utilizes this technology. You can be sure that any data you send to an SSL-protected website cannot be redirected to a fraudulent spoof website.

2FA is shorthand for two-factor authentication. When software asks users to establish their identity using two independent sources, it is using 2FA technology. This might be a password and fingerprint combination or a password and SMS code sent to your phone. 2FA helps address the problem of users creating weak passwords because there is a backup layer of security.

Web application firewalls are devices that monitor and block data traveling to or from a web application. Firewalls work by examining data traffic and identifying which data packets are allowed to pass through. WAFs defend specifically against a feature of the business tech environment called the application layer, which cybercriminals often target.

SECaaS and SaaS are both short for security-as-a-service. These terms are typically used to refer to security providers who charge companies a regular subscription for their software and services using cloud technology. This enables smaller companies with tighter budgets to implement best-in-class security solutions without having to buy the equipment and hire security professionals.

Understanding these terms is just the first step towards cultivating a security-oriented company culture. Invest in your team by training them on security best practices and equipping them with high-quality security tools that offer proven results.

Dashlane

Dashlane is a web and mobile app that simplifies password management for people and businesses. We empower organizations to protect company and employee data, while helping everyone easily log in to the accounts they need—anytime, anywhere.

Read more