Authentication

Verifying the identity of a user or system. This is done using various methods such as passwords, biometric data or tokens. Authentication ensures that only authorized users have access to certain resources.

Authorization

Successful authentication is followed by authorization. It determines which actions a user or system is allowed to perform. Authorization controls access to resources such as files, data and applications based on the privileges assigned to the user.

Anomaly detection

This is a security mechanism that identifies unusual or deviating patterns in network or system behavior. Anomaly detection is based on machine learning or is controlled by defined rules and threshold values. It can be used to detect potential security breaches at an early stage.

Asymmetric encryption:

Asymmetric encryption is an encryption method in which two different keys are used: a public key for encrypting data and a private key for decrypting it. This enables secure data exchange without both parties having to share the same key in advance.

Audit (in the cybersecurity context):

The audit is a systematic review of systems, applications and processes. It is intended to ensure compliance with security guidelines and standards. Audits can be carried out by internal or external bodies and are used to identify weaknesses and make recommendations for improvements.

Advanced Persistent Threat (APT)

An APT is a long-term and often highly targeted cyber attack. It is usually carried out by well-financed and organized attackers such as state actors. APTs are complex and use a combination of techniques to gain a foothold in networks and steal data or cause damage.

Backdoor

Backdooring is a method of accessing a computer system or network without going through the normal authentication processes. Backdoors can be intentionally installed for maintenance purposes or placed by attackers to allow unauthorized access.

Botnet

A botnet is a network of compromised computers. They are controlled by a central actor. Bots can be used for a variety of malicious activities. Examples are DDoS attacks, sending spam or cryptomining.

Brute force attack

This is an attempt at brute force, so to speak. It involves gaining access to a system by repeatedly trying out all possible passwords or keys. Due to the high number of attempts, this method is often time-consuming and inefficient.

Black Hat

A „black hat“ is an individual who breaches computer or network systems without authorization - often with malicious intent. The term stands in contrast to „white hat“, a hacker who finds security vulnerabilities in order to fix them.

Business Continuity

This is a planning and preparation process. It ensures that an organization can maintain its critical business functions in the event of an outage or disaster. This includes contingency plans, data recovery and organizational structures.

BYOD (Bring Your Own Device)

A policy where employees are allowed to use their personal devices such as smartphones, tablets or laptops for work-related tasks. While BYOD can increase flexibility, it also poses potential security risks and requires strict security guidelines.

Cloud security

This is about the protection of data, applications and services stored in your cloud. It includes a range of policies and technologies that secure data, ensure data protection and meet compliance requirements.

Cookie

A small piece of data that is stored on your computer by a website. Cookies store user information and enable a personalized website experience. However, they also harbor data protection risks.

Cybercrime

Includes all illegal activities that are carried out online. Examples include data theft, fraud and identity theft. It can affect individuals and organizations alike. Therefore, specialized techniques for prevention and response are appropriate.

CSRF (Cross-Site Request Forgery)

An attack in which an attacker uses an authenticated session of another user. The attacker performs unauthorized actions in the user's name. This can lead to sensitive data being accessed or manipulated.

Ciphertext

This is an encrypted text that is created by applying an encryption algorithm to plain text. The ciphertext is usually unreadable until it is converted back into readable plaintext using a suitable key.

Certificate Authority

This is a trustworthy organization that issues and manages digital certificates. These certificates confirm the identity of websites and enable secure communication via the Internet.

CISO (Chief Information Security Officer)

The CISO is the person in an organization who is responsible for information security strategy and policies. The CISO often works closely with the IT department to minimize security risks and ensure compliance.

Compliance

This refers to compliance with legal requirements, standards or internal guidelines. In the context of cybersecurity, compliance often refers to adherence to data protection regulations and security standards.

CAPTCHA

This is a test that is often used on websites. It is intended to ensure that the user is human. CAPTCHAs are designed to prevent automated bots from filling out forms or misusing services.

DDoS attack

An attack with several systems - for example via a botnet. An attempt is made to paralyze a network or service by flooding it with requests. The aim is to overload the service or network in order to cause it to collapse.

Digital signature

A cryptographic tool used to verify the authenticity of a digital message or document. The digital signature ensures that the message or document has not been altered and that the sender is legitimate.

DMZ (Demilitarized Zone)

A physical or logical part of a network that serves as a buffer zone. It is located between the internal, protected network and external, potentially insecure networks such as the Internet. Services such as web servers and mail servers, which should also be accessible externally, often run in the DMZ.

Data Breach

This is an incident in which unauthorized persons gain access to sensitive, protected or confidential data. Such a data leak can occur through various methods such as hacking, insider threats or negligence.

Data Loss Prevention (DLP)

DLP is a strategy and technology to prevent unauthorized access and the transfer of sensitive information. DLP solutions can define rules for handling data. They also detect and block suspicious activities.

Endpoint security

An approach to network security that protects every client (endpoint) in a corporate network from attackers. This is a holistic approach to protecting servers and entire networks. Endpoint security software can provide features such as antivirus, firewall and real-time monitoring of security threats.

Exploit

A software program or a sequence of commands that exploit vulnerabilities in a system. These attempt to gain unauthorized access. Exploits can be used by cyber criminals, hackers or even security researchers for various purposes.

Encryption

The process by which data is converted into an unreadable form in order to protect it. Encryption is a fundamental component of many security protocols. It is often used for the storage and transmission of data.

Enumeration

This is a process as part of a security assessment. It involves collecting detailed information about a network or system. This can include information such as open ports, network services and user accounts and is often a step in the preparation for a more advanced attack.

Ethical hacking

The professional breaching of computer systems and networks by security experts. The aim is to identify and fix vulnerabilities before they can be exploited by malicious hackers. Ethical hacking is carried out with the owner's consent and is aimed at improving security.

Exfiltration

This is an unauthorized copying or transfer of data from a computer or network. Exfiltration is often the main target of cyberattacks and can be carried out by various methods such as malware, phishing or insider threats.

Firewall

A network security system that monitors and controls incoming and outgoing data traffic. It is based on a series of defined security rules. Firewalls can be implemented as hardware or software solutions and are used to prevent unauthorized access to networks.

Forensics

In cybersecurity, this refers to the techniques and procedures used to analyze computer systems, networks and data. This is often done to understand the nature and extent of a security incident. Cyber forensics helps to gather evidence, identify perpetrators and better defend against future attacks.

Fuzzing

Fuzzing is an automated software test that identifies vulnerabilities by inserting invalid, unexpected or random data into a program. Fuzzing is often used to find potential security vulnerabilities in software or systems that could be exploited for attacks.

File Integrity Monitoring

This is a security process that regularly checks important files to detect unauthorized changes. The system alerts administrators if there are any anomalies. These are deviations from a previously defined „baseline“ or an accepted state of the files. This could indicate a possible security incident.

Gateway

This is a network node that serves as an access point between two different networks. It is often located between an internal network and the Internet. A gateway can perform various functions, such as translating data formats or forwarding packets. It plays an important role in network security.

Global threat landscape

The overview of current and potential cyber threats and risks on a global scale. This covers a whole range of topics: From malware and hacking attacks to state actions. This overview serves as a basis for assessing an organization's cyber risks.

Grey Hat

An ethical hacker or security researcher. He penetrates systems without formal authorization. However, they have no malicious intent. Grey hats operate in an ethical gray area because they find and often disclose security vulnerabilities - but without the express permission of the system owner.

GDPR (General Data Protection Regulation)

This is the European Union's General Data Protection Regulation (GDPR). It came into force in May 2018 and regulates the protection of personal data of EU citizens. The GDPR/DSGVO has far-reaching implications for companies worldwide and imposes strict rules and penalties for data breaches.

Hashing

Hashing is a process in which an algorithm is used to convert data into a fixed, unique value. This is called a hash. Hashing is often used for quick verification, for storing passwords and for checking the integrity of files and data.

Honeypot

This is a security resource that serves as a lure or distraction for attackers to investigate their tactics, techniques and procedures. A honeypot can function as a single computer, database or network segment. It should also look as realistic as possible to attract attacks.

HTTP/HTTPS

HTTP stands for HyperText Transfer Protocol and is the protocol used to transfer web content. HTTPS is the secure version of it, which uses SSL/TLS encryption to protect the communication between the web browser/Internet user and the server.

Heuristics

Heuristics are an approach to problem solving. It involves estimating or guessing based on experience or intuition. In cybersecurity, heuristic methods are often used in antivirus and malware detection systems. Unknown threats are identified by their behavior or other characteristics.

Hardening

This is the name given to the process of improving system security through a series of measures that reduce the attack surface. This can include deactivating unnecessary services, restricting access rights and updating software.

IDS (Intrusion Detection System)

IDS is a security system that monitors network traffic and detects suspicious activity or violations of security policies. An IDS can trigger alarms or generate reports when it detects anomalies. However, it does not actively intervene to stop the attack.

IPS (Intrusion Prevention System)

IPS is a security system that works in a similar way to an IDS. In addition, it has the ability to block or modify network traffic to prevent a detected attack. IPS systems can be implemented as stand-alone devices or as an extension of an IDS.

IOC (Indicators of Compromise)

Information or data artifacts that indicate a possible security breach. IOCs can include a variety of data points. For example: suspicious IP addresses, malware signatures or unusual system activity. They are often used in cyber forensics and threat intelligence.

IoT (Internet of Things)

The Internet of Things is a concept that describes the networking of physical devices, vehicles, buildings and other objects. For example, they are equipped with sensors, software and other technologies to collect and exchange data. IoT devices pose particular security challenges as they are often poorly protected and can serve as entry points for network attacks.

Jailbreaking

Jailbreaking is the process of bypassing software restrictions on mobile devices or other hardware. The goal is usually to gain unrestricted access to the operating system and file system structure. Although jailbreaking gives a user more control and customization, it also increases the security risk. This is because it overrides security mechanisms to achieve this goal.

JSON Web Token (JWT)

An open standard for the secure transfer of information between parties as a JSON object. JWT is often used for authentication and information exchange in web applications. It can be digitally signed or encrypted. This ensures the integrity and confidentiality of the data.

Keylogger

Software or hardware that records a user's keystrokes. This is often done without the user's knowledge. Keyloggers are often used by cyber criminals to steal sensitive information such as passwords or credit card details.

Kerberos

A network authentication protocol originally developed by MIT. It is designed to enable secure authentication over an insecure network, such as the Internet. Kerberos uses tickets and timestamps to verify the identity of users and services, relying on symmetric encryption methods.

Cryptography

The science and practice of secure communication in the presence of third parties or attackers. Cryptography uses mathematical algorithms and techniques to encrypt and decrypt information. In cybersecurity, it is used to verify the integrity of data and generate digital signatures.

Key Exchange

A process in which cryptographic keys are exchanged between two or more parties to enable secure communication. The key exchange can take place using various methods. These include public key infrastructures or Diffie-Hellman exchanges. This step is a critical step in many cryptographic protocols.

Least Privilege

A security principle in which each user or system is only granted the minimum authorizations and access rights required to perform a specific task. This minimizes the risk that an attacker can cause extensive damage by exploiting excessive authorizations.

LDAP (Lightweight Directory Access Protocol)

A protocol for querying and updating directory services. It is mainly used in corporate networks. LDAP is often used for storing user information and authorizations, authentication and resource management.

Log files

Files that contain systematic records of events, activities or communications in a computer system. Log files are of crucial importance in cybersecurity. This is because they are used for troubleshooting, monitoring system performance and detecting security breaches or unauthorized access.

Malware

A general term for malicious software. This was developed to infiltrate systems, steal data or carry out other harmful actions. Malware comes in various forms such as viruses, worms, Trojans or ransomware.

Multi-factor authentication

A security method in which two or more independent methods are used to verify a user's identity. This could be a combination of something the user knows (password), something the user has (smartphone app or hardware token) or something the user is (biometric data).

Man-in-the-middle attack

An attack in which an attacker intercepts and possibly manipulates communication between two parties without the parties involved being aware of it. This type of attack is used to steal sensitive information or to insert malicious data into the communication.

MITRE ATT&CK

A knowledge base and framework developed by MITRE. It is intended to describe the behavior of cyber attackers in various tactics, techniques and procedures. It is used as a resource for the cybersecurity community. The purpose is to better understand how attacks work and how they can be detected and defended against.

MAC address

This is a unique identifier that is assigned to each network interface controller (NIC). It is used for addressing in a local network. While IP addresses can be assigned dynamically, the MAC address is usually hard-coded in the hardware and remains unchanged.

Network monitoring

A process in which the data traffic and performance of a network are continuously monitored. This is to ensure its health and performance. Network monitoring tools are used to identify outages, bottlenecks and other problems before they have a serious impact on business or security.

Network topology

The physical or logical arrangement of devices in a network, how they are connected to each other. The choice of topology, such as star, ring or mesh, has an impact on factors such as performance, reliability and the network's ability to cope with failures.

Nonce

A random or pseudo-random number that is unique in cryptographic algorithms and is usually only used once. Nonces are often used in authentication protocols to prevent replay attacks.

NIST (National Institute of Standards and Technology)

A US federal agency that develops standards and guidelines in various scientific and technological fields - including cybersecurity. NIST is known for its publications that serve as standards and best practices for IT security.

OAuth

An open standard protocol for secure access to user data. It allows third-party applications to gain access to server resources without the user having to reveal their password. OAuth is often used in social media and online services to allow users to connect to other services without having to share their login credentials.

OSI model

A conceptual framework that divides the network stack into seven layers. It is designed to understand and standardize the process of communication between two endpoints in a telecommunications network. Each layer offers specific functions and works independently of the others. This facilitates the development and debugging of network applications.

OTP (One-Time Password)

A password that is only valid for a single transaction or session. OTPs are often used in multi-factor authentication and can be generated either by special hardware, a mobile app or an SMS.

Patch

A specially designed software update to fix specific problems or security vulnerabilities in a program or operating system. Patches are crucial for system security and should be applied regularly to close known vulnerabilities.

Phishing

A cyber attack in which an attacker attempts to obtain sensitive information such as usernames, passwords or credit card details. They achieve this by posing as a trustworthy entity, often via email or social media. Phishing attacks can be very sophisticated and often mimic deceptively real websites or messages.

Payload

The part of the data in a transmission that contains the actual intended message, as opposed to header or meta data. In terms of malware, payload refers to the part of the malicious software that performs the malicious action, such as stealing data.

Public Key Infrastructure (PKI)

A framework for managing digital keys and certificates that uses asymmetric cryptography. PKI enables secure electronic transmissions and is often used for authentication, digital signing or encryption.

Privilege Escalation

A process in which a user or program obtains higher access rights on a system than originally intended. Often by exploiting a vulnerability. Privilege escalation can be used to gain unauthorized access to sensitive areas.

Penetration test

A simulated cyberattack against a system, network or application. This is done to identify security gaps and vulnerabilities. Penetration tests are carried out by security experts and are intended to test a system's resistance to real attacks.

Quarantine

In the context of cyber security, quarantine refers to the isolation of suspicious or malicious files. This is to prevent them from infecting or compromising other parts of the system. These files are moved to a special, secure folder until they are manually checked or deleted.

Quantum Computing

A type of information processing that is based on the principles of quantum mechanics and enables extremely fast calculations. Although quantum computers are still in the experimental phase, they could dramatically change the future of cryptography and data security. As their computing power could enable them to break current encryption algorithms.

Query string

A part of a URL that comes after a question mark and contains additional parameters that are sent to a web server. Query strings can contain sensitive information such as user credentials or session IDs. They should therefore be included in security considerations.

Ransomware

A type of malware that encrypts data on the target computer or network and demands a ransom for decryption. Victims then often receive a ransom demand. They are often asked to pay a certain amount of cryptocurrency to restore all files.

Rootkit

A set of software tools often used by hackers to gain unauthorized access to or control over a computer system. Often while the hacker hides their presence from the user and security systems. Rootkits are particularly dangerous as they are often deeply embedded in the operating system and can be difficult to detect and remove.

RSA

An asymmetric cryptosystem. It was developed by Ron Rivest, Adi Shamir and Leonard Adleman. It is often used for secure data transfers, digital signatures and in Public Key Infrastructures (PKI).

Risk Assessment

Risk assessment is the process of identifying and evaluating risks to which a company or system is exposed. The risk assessment serves to identify and implement suitable security measures. It is an important part of the security policy.

SSL/TLS

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are cryptographic protocols. They are used to secure the transmission of data over networks such as the internet. These protocols are often used to protect sensitive transactions in web applications, such as online banking or e-commerce.

Social engineering

An attack in which the attacker uses manipulative techniques to trick people into revealing confidential information or performing certain actions. In contrast to technical hacking methods, social engineering focuses on human weaknesses, such as good-naturedness or carelessness.

Spear phishing

A specialized form of phishing. In this form, the attacker focuses their efforts on a specific target or a small group of targets. The attacks are usually well researched and contain specific information that makes them more credible.

Sandbox

A sandbox is a closed environment in which unknown or suspicious programs can be executed without affecting the main system. Sandboxes are often used to analyze potential malware in a controlled environment.

Security guidelines

A document or series of documents that define in detail the procedures required to protect the systems and data of a company or organization. They may contain rules for password creation, data access and application use.

Secure Boot

A security standard that is supported by most modern computers and ensures that only signed software is loaded during the boot process. This is intended to prevent the execution of unauthorized or malicious programs during system startup.

SIEM (Security Information and Event Management)

A comprehensive management system for security information and events. It provides real-time analysis of security alerts by collecting and aggregating log data from multiple sources. SIEM systems are often used in large organizations to respond more quickly to security incidents.

Two-Factor Authentication (2FA)

2FA is a security method where two different forms of authentication are required to gain access to a system or resource. Often, something the user knows (e.g. a password) and something they have (e.g. a cell phone that receives a one-time code) are combined to increase security.

Threat Intelligence

This is the collection and analysis of information about current and potential threats in cyberspace. Organizations use this information to forecast, prevent and respond to security incidents.

Trojan horse

A type of malware that disguises itself as legitimate software or files in order to gain access to a computer system. Once in the system, the Trojan can carry out a variety of malicious actions. Examples range from data theft to complete system takeover.

TCP/IP

The Transmission Control Protocol/Internet Protocol is a set of communication protocols that make up the Internet and many private networks. TCP/IP provides the rules and procedures for transmitting and receiving data between computers over networks.

Tokenization

This is the process of converting sensitive data such as credit card numbers into a format that is useless to outsiders without the crucial „token“. Tokenization is often used to make the storage and transmission of sensitive information more secure by replacing the actual data with less sensitive placeholders.

URL filtering

This is a method of blocking access to certain websites or internet resources based on the URL of the page. URL filtering is often used in corporate networks and also in some household routers to block inappropriate or unsafe web content.

User agent

A software client, usually a web browser, that sends requests to a web server on behalf of the user. The term „user agent“ is also used to describe the text string that the browser transmits when establishing a connection with a web server. The purpose is to provide information about itself and the operating system used.

UTM (Unified Threat Management)

This is a security system that combines a variety of security features into a single solution - often including firewall, antivirus, spam filtering and URL filtering. UTMs offer a simplified way to manage network security. However, they are usually less specialized than standalone security solutions.

VPN (Virtual Private Network)

A VPN enables a secure connection via an insecure network. For example, for sensitive connections over the internet. A VPN does this by encrypting data traffic and routing it through a special server. VPNs are also often used to anonymize internet traffic, to allow access to blocked websites and to provide an extra layer of security when using public networks.

Virus scanner

A software program designed to scan a computer system or network for malware, viruses and other harmful programs. Virus scanners can work in real time to block active threats. On the other hand, they can be run manually to check stored files.

VLAN (Virtual Local Area Network)

A VLAN is a logically isolated network structure within a physical network. It makes it possible to manage network resources and data traffic without being influenced by the physical configuration of the network. VLANs are often used to increase network security. However, it can also improve performance by segmenting data traffic.

War Driving

This is the practice of driving a vehicle through areas to identify Wi-Fi networks. While war driving is often done for research purposes, it can also be used by attackers to identify insecure networks for later attacks.

WAF (Web Application Firewall)

A WAF is a specialized firewall that filters and monitors incoming and outgoing data traffic for web applications. It is used to protect web applications from various types of attacks, including cross-site scripting (XSS) and SQL injection.

Whitelist

A list of approved or trusted sources such as email addresses, IP addresses or programs. Everything that is not on the whitelist is blocked or filtered by default.

White box (test type)

A security test in which the tester has complete access to the system information. This also includes the source code, the database structures and the network architecture. The aim is to find vulnerabilities that could be known to an insider.

White Hat (test type)

An ethical hacker or security researcher. He conducts security tests with the permission or on behalf of an organization. The goal is to identify vulnerabilities and make recommendations for fixing them before a malicious attacker can exploit them.

WLAN security

Refers to the methods and technologies used to protect a wireless (Wi-Fi) network. Various security protocols such as WPA3 and complex passwords are often used to prevent unauthorized access.

Worm

A special type of malware that replicates itself and spreads from computer to computer over a network without the need for human interaction. Worms can consume network resources and in some cases deliver additional malware or malicious payloads.

XSS (Cross-Site Scripting)

An attack in which malicious code is inserted into a website. This is then executed in another user's web browser. This can lead to sensitive user data such as cookies, session tokens or other information being intercepted.

X.509

A standard for digital certificates used in many security protocols, including SSL/TLS for web security. An X.509 certificate contains the public key and information about the identity of the certificate holder. It is also signed by a Certificate Authority (CA) to confirm its authenticity.

YARA (Yet Another Recursive Acronym)

YARA is a collection of tools for detecting malware and is particularly useful for analyzing and identifying malicious code. It allows experts to create their own rules to identify binary patterns in files or memory. This makes it a flexible and extensible threat detection tool.

YAML (Yet Another Markup Language)

YAML is a human-readable data serialization language that is often used for configuration files and data transfer between languages with different data structures. Due to its simplicity and readability, it is often used for configuration management and automation tasks in software development.

Zero Day

A zero-day exploit is a security gap in software that is not yet known to the manufacturer or for which no patch yet exists. Attackers can exploit this vulnerability to gain unauthorized access to systems or carry out other malicious actions.

Certificate

A digital certificate is an electronic „ID card“ issued by a certificate authority (CA). It confirms the identity of a person, a website or a service. Certificates are often used in SSL/TLS encryption and other security protocols to ensure the authenticity and integrity of data during transmission.