The Alternative Guide To Cyber Security

We've put together this alternative guide to cyber security terms to provide a plain English and relatable resource for those who are outside of the industry. If you're looking for the real definitions look away now, if you're looking for some basic explanations littered with a few Gifs and Memes read on.....



Access Control

Keeping things on lock down. This is a way of ensuring only authorised users (or automated systems) can access data or services.


Active Cyber Defence

Services from the NCSC designed to reduce high-volume commodity cyber attacks

Advanced Persistent Threat / APT

Advanced cyber criminals playing a sneaky long game to infiltrate their target for the information they want. Think Ahab never giving up on Moby Dick.


Pop up, close. Pop up, close. 

Adware is responsible for all those annoying pop ups you get and you have no idea where they have come from or why they even exist.

Angler Exploit Kit

A real nasty piece of kit. 

Anonymizing proxy

Browse whatever you want, wherever you are. Get passed and access to any censored internet content. It’s like going to a masquerade ball, third parties won’t know who you are. 


A bunch of software programs that can detect and remove malware like anti-bac spray keeps your kitchen work top clean.


Basically, blockin out da haters. 


This helps stop DDoS (distributed Denial-of-Service) Attacks by identifying fake or the same IP addresses.

Antispyware software

Certain websites will try to get you to download stuff so they can spy on you and try to get personal information. Anti spyware blocks that just like...

Artificial Intelligence 

Cybernet. Arnold Swhazenegger. The End Of The World. Okay we’re probably not there yet, in real terms this is software which looks for complex patterns in data and uses these to form rules on which decisions can be made.

Antivirus software

Norton, McAfee, Kasperksy these all provide anti-virus software you can install on your computer. They are designed to protect you against all types of online dangers, from ransomware to phishing attacks. It’s basically the swiss army knife of cyber security.



You're just logging in using your using name and password. Or it could be a fingerprint, pin number, biometric scan, your mother's maiden name. Anything that can prove it is in fact you logging in.

Autorun worm

If you’ve ever plugged in a USB device in autorun would have started. If that USB had the autorun worm on, that malware would have started as well.



Backdoor Trojan

Just like that pesky wooden horse this type of Malware pretends to be legit. Once a link is clicked or a program downloaded those trojans jump straight of that horse and can access your data.


Storing things as they currently are to protect your files and system resources from any unpredictable attacks in the future. It’s essentially a reset switch.

Baseline security

This ensures the basics are done in any organisation.



Blackhat hacker

A black hat could be worn but is not mandatory. These are hackers that generally have bad intentions, they look to steal personal information (emails & passwords), financial information (credit card and bank account data) and sensitive company data.


Again, Blockin Out Da Haters. A blacklist could be a set of programs or applications or even IP addresses that you want nothing to do with.


Blended Threat

This type of attack comes from all fronts. Imagine your trying to defend against the sea, the air and land. This type of attack uses worms, trojans, viruses and more.



Software programs that perform automated tasks. The internet is absolutely full of them, most are harmless but they can be used with malicious intent.


A network of infected computers that can all “talk” together and allow coordinated attacks remotely.

Browser hijacking

If you notice your default browser has changed and you can't change it back, you could have been hijacked. Most people notice this if Internet Explorer loads*. Who uses that willingly?

*not factually based

Brute force attack

This type of attack tries to guess your password by simply testing a high number of possible combinations. This is the number one reason you need to set strong passwords.

Bulk Data

Term used to describe large quantities of (often personal) data that needs special protection.


Bulk Encryption

A set of security protocols that allow encryption and decryption of data transmissions.


Business Impact Analysis (BIA)

This process involves finding a company's weak spots and forecasting how likely and how much it could impact like business. Then the company determines how to address them to minimize those risks.



Sadly not to be confused with Bring Your Own Beer. This stands for Bring Your Own Device. It’s a company policy that allows employees to bring laptops, phones they personally own into work. 




You’ve all seen or heard of the TV program. This mainly involves one person pretending to be someone they are not in order to exploit someone for financial gain.


If you thought phone contracts were bad! This is normally associated with adult websites. Users are manipulated into signing up with unclear T&Cs that can overcharge and are difficult to get out of.

Chief Information Officer (CIO)

The big kahuna, the big dog. This person is responsible for a company's IT infrastructure. But don’t contact them if you can’t connect to the WiFi.


This person's job is to keep out all the nasty hackers at bay and ensure IT security is on point. 



Everything is in the cloud nowadays. This is simply shared computing and storage resources are accessed as an online service, instead of hosted locally on hardware.

Code injection

This is a technique by which hackers infect legitimate websites and change the course of normal execution. Used to spread malicious software.

Command and control center

This is basically the evil lare. It’s where the decepticons meet. It’s where doctor Evil hatches his plans. It’s a bunch of infected computers under the control of hackers that can be used to launch DDoS Attacks.

Computer Forensics

The CSI of cyber security. Computer forensic collected and analysed digital data. They can tell you want someone put on a USB stick and at what time. Very handy for civil proceedings.

Computer Incident Response Team (CIRT)

The A team. These guys investigate network security incidents. Their job is to find out the how, the why, and when.


A small text file that's placed on your computer when you visit a website. Very useful for advertisers to track online revenue and the impact of their advertising.


It’s like creating a secret landing with your best mate when you’re 5. Keeping information safe by making it inaccessible/unreadable by everyone except those who have the information needed to access /read it.


Obtaining data and information which may be sold to interested parties.


It’s the big dawg again! This is basically the same as CISO. 

Cyber Assessment Framework

This a big one. 

A framework for assessing the cyber security of critical national services and systems

Cyber Attack

This is what we are defending against. A cyber attack is any type of malicious action online. Malware, DDoS attacks, they all fall under the umbrella of cyber attacks.

Cyber Essentials

A scheme launched by the UK government to help small businesses with their cyber security. Every small business should do this, and if they need some help….

Cyber First

Initiatives run by the NCSC that encourage children and young adults to consider a career in cyber security.

Cyber incident

A cyber incident is simply when a security policy has been violated.

Cyber security

The general term for organising a defence against cyber attacks. Anti-virus, Endpoint security, they are all types of cyber security.


Cyber weapon

This is next level. The term has recently come about from the military, it’s an advanced and sophisticated piece of code that can access enemy computer networks.



Dark Web

I mean, where to begin. These are websites that exist outside the reach of Google & Bing. Content is hidden, users hide their locations and identity. It’s the hub of illegal activities, including drug and crime transactions.

Data Asset

A database, a document or any type of stored information that is valuable. 


Data Integrity

Keeping that data nice and clean. No one with unauthorised access has been able to modify or alter this.


Data leakage

A data leak refers to an incident when unauthorised personnel get access to valuable data assets. 


Data loss

This is when information is destroyed by failure or neglect. HELLOOO BACKK UPPPSSS

Deep Web

Not quite the dark web but still a similar concept. You don't need to be tech savvy and its not hidden by sophisticated methods, you just need the URL.

Denial of service attack (DDoS)

This is quite a common form of cyber attack. It basically involves a cybercriminal sending loads of information requests to a company's website and servers. It’s either done to take the website down, or just to disrupt business by overloading their systems.


Think Automated Phone Jacker. But no bank account number is required. This type of spyware redirects you legitimate call to a premium number so you get charged shed loads.


Disaster Recovery Plan (DRP)

Basically, when sh*t hits the fan you need this plan. If your business has suffered a cyber attack or breach this contains a set of actions you will take across the business to limit the impact


Drive-by attack

No cars involved. This is a quick attack that either exploits a security flaw in a browser, app or operating system. Or it’s out of date. 


Dumpster diving

Rooting through your rubbish. The illegal method of obtaining passwords and other information by going through discarded media.



Eavesdropping Attack

Its the digital version of cupping a glass to a door! This nosey parker will be after passwords and other confidential info.

Email malware distribution

This is the old way of hacking. Still used these days despite it being outdated, it requires the victim to double click on an attachment to then spread the malware.


Encryption is your friend. It helps protect otherwise accessible data. We like encryption.

Enterprise Risk Management

A business with a plan is a business that can! Ensure your company has sufficient enterprise risk management in place to identify and protect against cyber security risks.

Exploit kits-as-a-service

DIY Hacking! Cyber criminals are selling kits to help those without too much knowledge enter the dark world…

External Security Testing

Erm it's security testing. Done externally.



Fake antivirus malware

Just some money grabbing punks. They’ll install fake malware that asks for money in return for its removal. But in reality, there’s no malware.


False positive

So a negative, right? Well, yeh pretty much. It's when your antivirus picks up what it thinks is a threat, but actually is harmless. Go home antivirus, your drunk.



Firewalls are here to kick some hacker ass! They’ll prevent unauthorised access to your network.

Flip button

I’m pretty sure my girlfriend has this button… In the malware world, it refers to the trick of spyware on users, making them install malicious software.


Forensic Specialist

Don’t expect your forensic specialist is going to be turning up in a white coat and blue gloves. More Cardigan and glasses. We know a decent forensic specialist...



Greyhat hacker

Like the grey man in the street, the greyhat hacker is ambiguous. They are neither good guys or bad guys. They hack for fun!




Think teenage boy in his bedroom spending far too much time on his computer. Someone who gains access when they shouldn’t.


There are good hackers (whitehat) and bad hackers (blackhat)


Fight the power. Anarchists who want to fight for political/social objectives

Heartbleed vulnerability

This one sounds serious. And it was in 2014, when information protected by SSL was exposed. This vulnerability allowed the stealing of information that would normally be protected by SSL encryption.



The Honeypot. Nope, not some seedy gentleman’s club. This fakes vulnerabilities so that it can learn an attacker’s moves.

Hybrid attack

Someday, all the Toyota Prius’ will rise up and a hybrid attack will affect us all. For now though, this refers to the use of numbers and symbols in an otherwise standard password attack.



Identity Theft


First coined back in 1964, lots of people have been a victim to this. Think seeing random bills for stuff you would never buy or signing up for a car lease in another country. It wasn’t you, it was someone pretending to be you.


Identity theft is not a joke Jim!

Inadvertent Disclosure

Everybody knows someone you just can’t trust with a secret. No matter how hard they try, they can’t help but inadvertently disclose that secret to Shirley at the Hairdressers. In this instance, you expose digital information accidentally to someone who really shouldn’t have access.

Internet of things (IoT)

To be fair, this is the future. This is how your kettle links to your fridge that links to your car that links to your TV. It’s basically technology describing the ability of everyday objects to connect to the Internet.

Incremental Backups

Beep. Beep. Beep. Beep. Back it up on a regular basis. The back up only contains files which have been altered since the last full backup.


Information Assurance (IA)

Pull up the Drawbridge. It's the cyber security equivalent of defending the castle. Protect and defend data and information systems by having these measures in place.

Information Flow Control

Like a condom for your data. An information flow control makes sure data transfers are as safe as possible.

Information Security Risk

Risk Assessments. Eurgh. BORINGGGG.


Though in this case well worth doing a risk assessment, as it can help you prepare for attacks that could steal all your vital info.


Information Systems Security (INFOSEC)

We love a good acronym in cyber security. This one relates to the protection of IT systems against unauthorised access. 


Inside Threat

 Bond, we have a mole. A rogue agent. Someone inside the organisation is sending information about our systems to hackers.


Internet worm

This sounds like the latest trend. Do the Internet worm!


Its actually from the 80s, where researchers found a reliable way to grow the internet.


Stop sticking your nose in other people’s business hackers!

IP Flood

Put out the sandbags. This flood will send so much traffic the system will fail.



Feeling your touch. Stroke those keys. Keyloggers use this creepy method to steal passwords and pins.

Likelihood of Occurrence

I mean. It's pretty obvious. It's how likely something is to happen.


She's up all night 'til the sun, I'm up all night to get some, She's up all night for good fun, I'm up all night to get locky. 

The Cyber Security Cover of Daft Punk.



Macro Virus

There’s a lot of it going around at the moment. Pretty sure I’ve had a few days off work with Macro Virus. My boss doesn’t need to know it's actually something that attaches itself to things like Word/Excel to execute a malicious code.


Malicious Applet

Apples are one of your 5 a day. Applet will download and perform an unauthorized action on your IT system.


Another reason not to click those annoying flashing ads on every site. This ad won’t sell you the latest de-ageing cream, it’ll steal your data.


Malicious software becomes Malware, as one easy to digest term for something that wants to harm your pc.



You can get someone to tickle you as a service. You can get someone to do your laundry. And now you can even get malware as a service, for those truly lazy hackers.


Man-in-the-middle Attack (MitM)

No middle man is good, but this middle man really is the worst. In this instance, its your web traffic that suffers.


Mazar BOT

Starting in Feb 2016, this was a nice Valentines present from those pesky hackers. Tip. Don’t click links on texts from unknown numbers!


Mobile code

Want to play a video but you haven’t got flash installed? That’s mobile code. 


Mobile phone malware

No Instagram. No Twitter. No Snapchat. Mobile Phone malware might actually get your kids talking to you…

Moderate Impact

Not too bad. Not too good. Just a moderate impact. Everything is fine.

Multifactor Authentication

Enter your password. Nope, not that one. Needs a special character. Ok now you need your cousins first wife’s first pet name. Now the 9th digit from a 10 digit code. Give up. You know your bank account has only got £1.46 in it anyway.




Basically, don’t be a d*ck. Treat everyone nice and you’ll be conforming to netiquette. It’s the correct way of using the internet.

Network Sniffing

Network sniffing is used to diagnose network problems and analyze overall network and application activity.

Big brother is watching… In the right hands, it can help make traffic more efficient. In the wrong hands…


A tool that could have been good but is instead used for evil. Will be used by attackers to deliver harmful malware.



You can’t argue with it. The ability of a system to prove that risky message you sent to your boss was from you and only you.


Nuclear Exploit Kit

The holy grail of cyber criminal tools since 2010 Flash, Silverlight, PDF reader, Internet Explorer. None of them were safe. This exploit kit has now developed to feature various obfuscation tactics to avoid detection.




Now if you read the last entry, I know what you’re thinking. What’s Obfuscation? It's some proper James Bond tactics. Well, if James Bond was a Cyber Security hacker...  It makes computer code obscure so that antivirus systems can’t understand it. And if it can’t be read, it can’t be blocked. Scary stuff.

Offline Attack

Old school hacking technique. Be careful of the creepy guy looking over your shoulder when you’re entering passwords…

Operation Tovar

Large-scale good guy effort to take down the Zeus GameOVer botnet, which distributed ransomware. All the big dogs were part of the take-down; U.S. Department of Justice, Europol, FBI, Microsoft, Symantec, Sophos.


Outside Threat

You don’t want too many of these. An outside threat is someone outside your company’s cyber security who can harm your systems, whether that’s stealing data, blocking access or even destroying it. Let’s hope Steve in IT is on top of it.



Packet Sniffer

No, it's not someone with a weird fettish for sniffing cheese and onion crisp packets. Not in this instance anyway. It's actually a cool piece of software designed to monitor traffic on a network, helping troubleshoot potential bottlenecks and other issues.


Like anything though, it can be harmful. 

Parasitic viruses

A pretty nasty file that can insert itself into another file. It will then give control back to the infected software, sitting in the background doing what it wants with the infected PC.

Passive attack

Nope, not a Trip Hop band from the 90s. It's a sly attack on confidential information. The attacker extracts without leaving a trace, so you won’t even know they have the information. 


Password sniffing

Password sniffers are always on the look out to steal passwords. So make sure you don’t enter any passwords on sites that display as ‘Not Secure’. Sniffers will target these sites to swipe your password.


To combat vulnerabilities and bugs, software manufacturers will release a patch that updates the software and fixes those issues. Hooray for patches!




Just like in transportation, payload refers to the cargo that’s being delivered. So when your passwords have been stolen or you get that weird pop-up demanding loads of money to have your laptop back, that’s the payload.



I won’t even go there. I know what you’re thinking and it's not got anything to do with that. It's when an attacker gets through a system's defences.

Penetration Testing

Look, I told you, it's nothing to do with that! This is the pre-attack before the main attack. It's a scouting mission to find out what defences a system has. 

Personal Firewall

This is your own personal firewall. Yours to keep. It only answers to you. And it defends against unauthorised access.



Cyber criminals redirecting from safe sites through to their nasty sites. Mainly used on banks and e-commerce sites when you’re putting in your bank deets.


Fishing is boring. Phishing is malicious. With phishing, you’re the fish. The criminals will bait you, then get your data, such as card details and passwords.


Nothing fancy. Just simple old Plaintext. This means that there’s no encryption, so if a site or someone has stored your password in plaintext, it's pretty vulnerable. 

Polymorphic code

Another tactic used by cyber crims. There really are a lot of ways they can attack you. Probably best to hire a cyber security expert to help you…


Anyway, this tactic keeps the attack undetected, as it is like a chameleon and change, whilst keeping the original function.


Polymorphic engine

Its a clone machine. But instead of cute sheep called Dolly, you get vicious malware.

It can transform a program into a subsequent version that consists of different code yet operates with the same functionality.


Polymorphic packer

Would you like your malware delivered separately or in one package? If you like your attacks in one package, you’ll encounter a polymorphic packer. 

Pop-up ad

*clicks x* *clicks X again* God these ads are so annoying! Has anyone ever bought something from a pop-up ad?

Power virus

This type of virus turns up the heat on your computer. Quite literally. It’ll trigger the max heat generated by the CPUs, meaning your computer could pretty much self-destruct.

Proprietary Information (PROPIN)

This type of info relates to data that a company really doesn’t want sharing. Like the secret Coca Cola recipe. Or the herbs and spices that go into KFC Chicken. And also less important stuff like customer details, price lists, technical info...

Proxy server

Don’t miss out the middleman! Because in this case the proxy is a middleman that helps to boost cyber safety, sitting between your computer and the internet.




This type of malware blocks you from accessing your computer, with the ransomware demanding you pay in Bitcoin (what happened to that??) to release access back to your PC.


Remote access Trojan / RAT

An infestation of RATs is never a good thing. Disease carrying vermin with sharp teeth. Eurgh I hate them. And now it turns out they can infect your PC and give themselves unlimited access. God it gets worse.


Remote diagnostics / maintenance

The IT guy that messes about with your computer for a bit and seems to change nothing at all.

Residual risk

It's like that disinfectant that kills 99.9% of all bacteria. You can never 100% kill a cyber threat.

Risk assessment

This is number 2 on the boring task list. Just behind Health & safety Checks.


Having said that, it is pretty useful. Helps businesses understand the cyber security risks.


Rogue security software

When Bond goes rogue, it's usually for a good reason. However when security software goes rogue, it's probably not good. Make sure you’re dealing with agents, I mean security software, that is trusted.



Seeds, Soils, Pots. That’s what you need to grow root vegetables. But if you prefer to gain access to someone's computer, that you need the malicious software rather than your gardening gloves.




This could easily be the title of a new Stephen King novel. But it's actually a pretty shocking form of intimidation malware that makes the user buy its unwanted software. Hmm, think I’ll stick with IT. 


Sensitive information

In the age of the Snowflake, pretty much everything these days is sensitive information. Includes PINs, credit card info etc.



Sounds cute…


That’s what it wants you to think!


What it will actually do is steal your bank details. Its always the quiet ones that are the ones to watch.


It’s a banking Trojan first discovered in 2011. It focuses on a predetermined list of organisations to target and steal banking log in details using man-in-the-browser attacks.


A popular 70s ‘meat’ made up of all sorts. Confession I love spam on toast.


However I don’t love annoying people who keep selling me PPI, TLC, DNA. Leave me alone! Thank god for your spam folder!

Spear phishing

Ever got a random message from your Auntie Sue asking you to click this link urgently or send some money? Why would your Auntie Sue do that? She can’t even use email. Well anyway, that's spear phishing.



Don’t cry over spilt data. Though, actually, if you’ve moved data from a safe system to a new, less secure system, then you may provide access to information for people who shouldn’t have access to it. And that might be something to cry about.


Spoofing (Email)

Scary Movie. Scary Movie 2. Scary Movie 3. Scary Movie 4, not so much. In general, spoofs are funny! But spoof emails can gain your trust, meaning you click a link that leads to harm for your PC. That’s not funny. 



Austin Powers The Spy who collected and stole my sensitive information.

SSL / Secure Sockets Layer

Keep it safe. Keep it secure. Keep it SSL.


This establishes an encrypted link between a server and a client. Like a pinky promise.


Suspicious files and behavior

Hmm, something doesn't seem right. If you see suspicious behaviour, report it to a member of staff. Or get some decent antivirus.

System administrator / Sysadmin

Because System Administrator is too long, we need to shorten it to a word that’s even more difficult to say. It basically refers to Steve in IT who you contact when you’ve forgotten your password. For the 3rd time in a week.




Do not eat if the label has been tampered with. Similarly, be wary of a computer system that has been tampered with.


Targeted threat

This is a big one. When hackers go for the jugular and attack Governments and large financial organisations.



It's not the latest model of electric car. Its malware that targets computer games to put ransomware on your device. 

Threat assessment

This is just assessing threats. Not difficult.


Threat event

This is when a threat takes place. This section is just Cyber Security for Dummies.


Threat monitoring

Yep, you guessed it. It's when you monitor a threat.


Time bomb

Black coat, white shoes, black hat, Cadillac, Yeah, the boy's a time bomb. But unfortunately this isn’t an upbeat ska song. Nope, its malware again, but this type is designed to activate at a certain date or time. 


Tracking cookie

Mmmm cookies. This type though is tasty only for digital marketers. It tracks your browsing preferences, meaning they can target you with ads and improve websites.

Traffic analysis

Did you ever have to stand at a junction during Geography class and count traffic? Yeh, this is pretty much the same thing, but for digital traffic on a network. This can help improve that network's performance. 

Trojan (Trojan horse)

Just like the Greeks, a trojan horse is a sneaky way of getting you to install harmful files. So if you get one on your device, blame the Greeks.



Unauthorized access

Oi. Get out. You’re not welcome. How have you got in anyway?

This is basically gaining access to a server, laptop etc when you shouldn’t.

Guessing your mates facebook password also counts!

Unauthorized disclosure

Oi. You can’t have that. First you’ve gained access, now you’re seeing stuff that’s not for you. 

So you’re in their profile, now you're seeing who they are messaging.


URL injection

Everyone remembers when they got their URL jabs. Don’t you remember? It’s when a cyber criminal creates new pages on a website owned by someone else containing spam links.




It's the antidote to all the malware you’ve been reading about. Like most vaccines, more research needs to be done in this field.


Virtual Private Network / VPN

Discreet. Safe. Wrap it up, with a VPN.


A virtual private network (VPN) is a network that is constructed using public wires — usually the Internet — to connect remote users or regional offices to a company's private, internal network.



Viruses are horrible. Make sure you protect yourself with the right antivirus software and a thorough cyber security analysis. In other words, wrap up warm. There’s a lot of it going around.


Just like it would in humans a virus can spread rapidly throughout your computer infecting other programs and files.


Virus hoax

Hey, is a Mr Freely there? A Mr I.P. Freely? 


This is a little more sinister than a prank call though, and whilst not initially harmful, can lead to a subsequent attack if its not dealt with properly.




Wabbit, Wabbit, Wabbit, Wabbit, Wabbit.


If you’ve not read that in a Chas N Dave voice, then who even are you?


Now that I’ve got that song stuck in your head, I’ll tell you what it really is. It's a form of malware that repeatedly replicates a computer program on a local system.

Web content filtering software

Live in China? They love web content filtering software there. It restricts and censors content.



Like a nasty Spiderman, webattacker is the DIY of malware. 


Whitehat hacker

The good type of hacker. Often spotted wearing other coloured hats, these guys help companies by finding vulnerabilities and notifying them of such security risks.



At a party, doing the worm is a great dance move. A computer worm is like a virus and can spread via mass emails.



Zero Day


Zero hour is upon us. Prepare for attack. Because cyber criminals will use vulnerabilities that haven’t been patched and exploit them.

ZeuS / Zbot

A banking trojan that infects windows users. It tries to steal personal data. Wow, definitely more Grinch than Cat in the Hat.


Zip bomb

As if Zip bombs weren’t scary enough, it's also known as the Zip of Death. When you unzip it, it’ll expand uncontrollably, causing the system to crash and disable the antivirus software.


Scary Name. Scary malware.


Dawn of the dead. But with computers. These zombie computers will look like all is fine, but they are in fact controlled by a hacker who has remote access.


St Bride Foundation

14 Bride Lane




Free Tools

©2019 by Forensic Control  All Rights Reserved.      

This site uses cookies to enable certain functions. By using this site, you consent to the use of cookies.