Cybersecurity Glossary A-Z: Every Key Term Explained

Contact Us

Browse cybersecurity guides, AI tutorials, certification paths, career resources, practice labs, and checklists across all topics in the Cybersanso Learn Hub.

Foundational Cybersecurity Terms: A to F

Cybersecurity has more acronyms and specialist terms than almost any other technical field. This glossary covers the terms you encounter most frequently across security, AI security, and SaaS security. Each entry explains the concept in plain language with enough context to understand how it is used in practice.

Access Control: The practice of restricting who can read, modify, or use resources in a computing environment. Access control systems combine identification, authentication, and authorisation. Role-based access control (RBAC) assigns permissions based on job function rather than to individuals directly.

Advanced Persistent Threat (APT): A sophisticated, long-term cyberattack typically carried out by nation-state groups or organised criminal organisations. APTs use low-and-slow tactics: gaining access, staying hidden, and exfiltrating data over months or years rather than launching noisy immediate attacks.

Authentication: The process of verifying identity. Methods include passwords (something you know), physical tokens (something you have), and biometrics (something you are). Multi-factor authentication (MFA) combines two or more of these factors.

Botnet: A network of computers infected with malware and controlled remotely by an attacker, often without device owners knowing. Botnets are used for DDoS attacks, spam campaigns, credential stuffing, and cryptocurrency mining.

CIA Triad: The three core principles of information security: Confidentiality (only authorised parties can access information), Integrity (information has not been tampered with), and Availability (systems are accessible when needed). Every security control exists to protect one or more of these three properties.

CVE (Common Vulnerabilities and Exposures): A standardised reference system for publicly known cybersecurity vulnerabilities, maintained by MITRE and funded by CISA. Each CVE has a unique identifier, description, CVSS severity score, and references to patches and advisories.

CVSS (Common Vulnerability Scoring System): A numerical scoring system (0.0 to 10.0) used to rate vulnerability severity. A score above 9.0 is Critical; above 7.0 is High. CVSS scores are included in every CVE entry to help teams prioritise patching.

Key Network, Attack and Security Operation Terms: D to M

DDoS (Distributed Denial of Service): An attack that floods a target server or network with traffic from multiple sources simultaneously, making it unavailable to legitimate users. The distributed nature makes it harder to block than a single-source attack.

Encryption: The process of converting readable data into an unreadable format using an algorithm and a key. Only parties with the correct decryption key can read the data. AES-256 and RSA are among the most widely used encryption standards for data at rest and in transit.

Firewall: A network security device or software that monitors and controls incoming and outgoing traffic based on predefined security rules. Next-generation firewalls (NGFW) add application awareness, intrusion prevention, and deep packet inspection beyond basic port filtering.

IAM (Identity and Access Management): A framework of policies and technologies ensuring the right people access the right resources at the right times. IAM systems manage user identities, authentication, and authorisation. Related concepts include SSO, MFA, and privileged access management (PAM).

Incident Response: The organised approach to addressing and managing the aftermath of a security breach. Standard phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Having a plan before an incident occurs significantly reduces damage.

IoC (Indicator of Compromise): Observable evidence suggesting a system may have been compromised: unusual network traffic, known malicious IP addresses, suspicious file hashes, registry changes, and anomalous user behaviour.

Malware: Malicious software designed to disrupt, damage, or gain unauthorised access to systems. Types include viruses, worms, trojans, ransomware, spyware, and rootkits. Malware is the broad category; a virus is one specific type within it.

MITRE ATT&CK: A globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Documents over 400 techniques across 14 tactics. Used for threat modelling, detection gap analysis, red team planning, and security control evaluation.

Advanced Terms: N to Z

OSINT (Open Source Intelligence): Collection and analysis of information from publicly available sources. In cybersecurity, OSINT covers DNS enumeration, WHOIS lookups, certificate transparency logs, Shodan for internet-facing infrastructure research, and dark web monitoring.

Penetration Testing: An authorised simulated cyberattack on a system to evaluate its security. Pen testers use the same tools as attackers but operate with explicit permission and defined scope. Results are documented in a report covering vulnerabilities, exploitation evidence, and remediation guidance.

Phishing: An attack that impersonates a trusted source to trick users into revealing credentials or installing malware. Variants include spear phishing (targeted), vishing (voice), smishing (SMS), and whaling (targeting executives).

Ransomware: Malware that encrypts a victim’s files and demands payment for the decryption key. Modern ransomware uses double extortion: exfiltrate data before encrypting it and threaten to publish it if the ransom is not paid.

SIEM (Security Information and Event Management): A system that collects and analyses log data from across an organisation’s IT infrastructure in real time to detect threats and support incident response by correlating events across multiple sources.

Zero Trust: A security model built on the principle of never trust, always verify. Rather than assuming everything inside the network perimeter is safe, zero trust requires continuous verification of every user, device, and request regardless of location.

No single LLM wins every category in 2025 - 2026:
• Claude (Anthropic) - best for coding (SWE-Bench) and long documents
• GPT-4o / GPT-5 (OpenAI) - best for reasoning (GPQA) and multimodal tasks
• Gemini 2.0 (Google) - best for ultra-long context (1M tokens) and video

The best LLM depends on your specific task, not the overall ranking.

Claude vs ChatGPT - key differences:
• Developer: Claude = Anthropic, ChatGPT = OpenAI (GPT-4o / GPT-5)
• Coding: Claude leads on SWE-Bench Verified (real software engineering)
• Images & tools: ChatGPT/GPT-4o is more widely integrated
• Long docs: Claude is preferred for large context window tasks
• Tone: Claude is more cautious; ChatGPT is more versatile across apps

Best LLMs for coding (2025 - 2026):
1. Claude Opus/Sonnet (Anthropic) - #1 on SWE-Bench Verified
2. GPT-4o / o3 (OpenAI) - strong debugging & explanation
3. DeepSeek-V3 / R1 - frontier-class coding at low cost
4. Llama 4 / Code Llama (Meta) - best open-weight self-hosted option
5. Qwen 3 (Alibaba) - cheap, capable, open-weight

Cheapest LLM APIs in 2025 - 2026 (per million tokens):
• Qwen 3.5 0.8B - ~$0.01 (cheapest available)
• Gemma 3n (Google) - free tier via Google AI Studio
• Mistral 7B / Mixtral - $0.05 - $0.20 via Groq / Together AI
• GPT-4o mini (OpenAI) - ~$0.15 input / $0.60 output
• Claude Haiku (Anthropic) - ~$0.25 input / $1.25 output

Open-weight models via Groq or Together AI are 5 - 10x cheaper than proprietary APIs.

Choosing open-source vs proprietary LLM - 5 factors:
1. Data privacy - self-host open-weight models (Llama, Mistral) if data can't leave your infra
2. Cost - open-weight is cheaper at high token volumes
3. Customisation - open-weight models can be fine-tuned; proprietary usually can't
4. Performance - frontier proprietary models (Claude, GPT-5) still lead on hardest tasks
5. Maintenance - proprietary APIs are managed; self-hosting needs GPU infra + DevOps

Choosing open-source vs proprietary LLM - 5 factors:
1. Data privacy - self-host open-weight models (Llama, Mistral) if data can't leave your infra
2. Cost - open-weight is cheaper at high token volumes
3. Customisation - open-weight models can be fine-tuned; proprietary usually can't
4. Performance - frontier proprietary models (Claude, GPT-5) still lead on hardest tasks
5. Maintenance - proprietary APIs are managed; self-hosting needs GPU infra + DevOps