Information Security Glossary

Authentication: Checking if someone really is who they say they are. Like when you sign in to your email with the right username and password.

  • Related: Password Manager, Two-Factor Authentication (2FA)

Baiting: Tricking people into giving personal information using a lure, like a USB drive with a company logo in a public place.


  • Related: Social Engineering, Phishing

Breach: When data is accidentally exposed or left unprotected, making it susceptible to hacking. Like the 2018 Facebook data breach, where nearly 50 million user accounts were compromised due to a security flaw.


    • Related: Cybersecurity, Incident Response

Cybersecurity: The practice of protecting systems connected to the internet, including hardware, software, and data, from cyberattacks.


    • Related: Network Security, Incident Response

Encryption: Changing data into secret codes to keep it safe. Like when you pay online, your card details become coded to keep them secure.


    • Related: Virtual Private Network (VPN), Breach

Firewall: A system that watches and manages data going in and out of a network based on rules. It can stop unauthorized access to a private network.


    • Related: Network Security, VPN

Incident Response: The method of dealing with a security breach or cyberattack, including preparation, detection, containment, eradication, and recovery stages.

Incident Response

    • Related: Breach, Cybersecurity

Malware: Harmful software made to damage or misuse computer systems, networks, or users. Ransomware and viruses are examples.


    • Related: Ransomware, Breach

Network Security: Measures taken to prevent and watch over unauthorized access, misuse, or denial of a computer network and its resources.

Network Security

    • Related: Firewall, Virtual Private Network (VPN)

Password Manager: A tool that safely saves and manages passwords for different online accounts. It helps you make and remember unique, strong passwords.

Password Manager

  • Related: Authentication, 2FA

Phishing: A type of cyberattack where an attacker pretends to be a genuine entity to steal sensitive information. This can happen through email or text scams.


  • Related: Social Engineering, Baiting

Physical Security: Measures to stop unauthorized access to facilities, equipment, and resources, and to protect people and property from damage. This can include security cameras, locks, and access control.

Physical Security

  • Related: Tailgating, Cybersecurity

Pretexting: A type of social engineering where attackers create a false story to try and steal victims’ personal information.


  • Related: Social Engineering, Baiting

Privacy Policy: A statement telling how a company collects, handles, and uses customer and visitor data. Good websites should have a privacy policy to reassure users about data protection.

Privacy Policy

Ransomware: A type of malware that locks a victim’s data and asks for money to unlock it. For example, the WannaCry attack affected many computers worldwide.


  • Related: Malware, Incident Response

Remote Working: A work style that lets people work outside a traditional office. It depends on technology for communication and coordination.

Remote Working

  • Related: Cybersecurity

Reverse Social Engineering: A technique where the attacker presents themselves as an authority or helpful person so the victim seeks them out for help.

Reverse Social Engineering

  • Related: Social Engineering, Pretexting

Social Engineering: A technique that uses human psychology to get sensitive information or access to systems.

Social Engineering

  • Related: Phishing, Baiting, Pretexting

Tailgating: A method of security breach where an unauthorized person follows an authorized person into a restricted area.


  • Related: Physical Security

Two-Factor Authentication (2FA): A security method where users have to give two different kinds of identification to access an account.

Two-Factor Authentication (2FA)

  • Related: Authentication, Password Manager

Virtual Private Network (VPN): A technology that makes a safe, secret connection between a user’s device and a far-off server. It helps protect data and privacy.

Virtual Private Network (VPN)

  • Related: Encryption, Network Security

Zero-Day Vulnerability: A new weakness in software or hardware that cybercriminals exploit before the maker has a chance to fix it.

Zero-Day Vulnerability

  • Related: Malware, Incident Response