Everything You Need to Know About

The CyberCompare Cybersecurity Glossary

CyberCompare provides you with explanations on principles of cybersecurity

You Need An Explanation?


Anomaly Detection refers to the process of identifying unusual or baseline deviating patterns in network traffic, system behavior or user activity such as file access that could indicate potential security risks or attacks. Typically, the baseline (i.e., a threshold range considered normal) is recorded in an initial observation phase.

An Audit is a detailed review of security measures, policies and protocols to identify vulnerabilities and ensure that security standards are being met.

Authentication refers to the process of verifying a user's identity to ensure that they are authorized and allowed to access a system or application. This can be done through passwords, biometrics, two-factor authentication and other methods.

Awareness & Phishing Training courses are training measures aimed at increasing employees' security awareness and training them to recognize and avoid phishing attacks.


Biometric Authentication is a security method that uses a person's unique physical characteristics, such as fingerprints or facial recognition, to confirm their identity and control access to systems or data.

A Botnet is a network of private computers that have been infected with malware without the owners' knowledge and are remotely controlled to carry out malicious activities, such as sending spam emails or Distributed Denial of Service (DDoS) attacks.

A Breach in cybersecurity refers to unauthorized access to sensitive data or systems. This can occur through hacking, phishing or malware and leads to potentially serious consequences such as financial loss and reputational damage. Preventive measures are crucial to avoid security breaches.

A Brute-Force Attack is an attack in which an attacker systematically tries all possible combinations of passwords or keys in order to gain access to a protected system.


CEO Fraud is a form of fraud in which cybercriminals pretend to be executives of a company, in particular the CEO (Chief Executive Officer). They send fake emails or engage in fraudulent communications to trick employees into transferring money, disclosing confidential information or performing other malicious acts. The fraudsters often use convincing details and psychological tricks to create urgency and get victims to take rash actions.

The CISO is the Chief Information Security Officer of a company. This executive is responsible for developing and implementing security strategies to protect information systems from cyber threats.

A Cipher, also known as an encryption algorithm, is a method of converting readable data into unreadable form to ensure the confidentiality and security of information.

Cloud Infrastructure refers to a virtual environment that provides resources such as computing power, storage and networks via the internet. Companies use cloud infrastructure to obtain flexible and scalable resources without having to operate physical hardware on site. Security in the cloud infrastructure is crucial to protect data from threats and ensure the integrity of the systems. Cloud infrastructure is operated in various forms (IaaS, PaaS, SaaS) by service providers - in contrast to "on premise" infrastructure, which is operated by customers themselves. The best-known cloud service providers are, of course, the hyperscalers Microsoft (Azure), Amazon (AWS) and Google (GCP).

Cloud Security refers to the implementation of security measures and protocols to protect data, applications and infrastructure in cloud environments from cyber threats.

Crypto Locker is a special form of ransomware that encrypts files on a computer or network. Victims are blackmailed into paying a ransom to get the decrypted data back.

A Crypto Virus is a type of ransomware that aims to encrypt files on a computer. The attacker then demands a ransom to provide the decryption keys and release the data.

A Cyber Attack is a targeted, unauthorized intrusion into computer systems, networks or devices with the aim of stealing data, damaging systems, disrupting operations or carrying out other harmful actions.

Cybercrime refers to crimes committed using computers or the internet. This can include identity theft, fraud, data manipulation and other illegal activities.

Cyber Insurance is a type of insurance that protects businesses against financial loss and liability associated with cyberattacks and data breaches. It typically covers costs for recovery, liability and business interruption.

Cybersecurity refers to the practices and technologies developed to protect computer systems, networks and data from cyber threats. This includes protective measures such as firewalls, antivirus software, encryption and more.

Cybersecurity Risk Management deals with the identification, assessment and treatment of risks to information systems.


A Data Breach occurs when unauthorized persons access, exfiltrate or otherwise compromise sensitive or confidential information. This can lead to data leaks and significant consequences for the individuals or companies affected.

Data Classification is the process of categorizing data based on its sensitivity and importance. This enables organizations to take appropriate security measures and control access to data accordingly.

Data Encryption is a method of protecting data by converting it into an unreadable code that can only be decrypted with a key or password.

Data Governance refers to the formal process and control over the collection, storage, use and security of data in an organization. An effective data governance framework ensures that data is managed efficiently and securely.

A Data Leak occurs when information is exposed unintentionally or as a result of a security breach. This can lead to sensitive data falling into the hands of unauthorized persons.

Data Loss Prevention (DLP) refers to strategies and technologies aimed at preventing the unintentional or unauthorized leakage of sensitive data. DLP includes policies, software and training to ensure data protection.

Data Protection refers to measures taken to ensure that personal information remains secure and private. Privacy laws and policies govern how organizations should handle personal information.

Data Theft is the unauthorized theft of sensitive information, often by cybercriminals. This can include personal identification data, financial information or other confidential data.

A Denial of Service (DoS) Attack is a type of cyber attack in which an attacker attempts to make a computer system, network or service inaccessible by overloading it with a large number of requests.

DFIR stands for Digital Forensics and Incident Response. It is an area of information security that deals with the investigation of security incidents, the forensic analysis of IT systems and the response to security incidents.

Domain Name System (DNS) - Spoofing refers to the manipulation of the DNS to influence the resolution of domain names to IP addresses and redirect users to fraudulent websites.


E-Mail Security refers to measures taken to protect email communications from threats such as phishing, malware and spam. Technologies such as encryption and authentication help to ensure the integrity of emails.

Endpoint Security refers to the protection of end devices such as computers, smartphones and tablets against cyber threats by implementing security measures and solutions on these devices. The solutions are usually referred to as antivirus, EPP (Endpoint Protection Platform) or EDR (Endpoint Detection and Response).

End-to-End Encryption is a security protocol in which data is encrypted end-to-end from its origin to its destination to ensure the confidentiality and integrity of communications and prevent access to third parties.


A Firewall is a security device that monitors and filters data traffic, for example between an internal network and the internet, in order to block unwanted or harmful activities and ensure the security of the network. Internal data flows, such as between IT and OT or within IT, are also separated and monitored with firewalls.


A Gateway is a network component that enables and controls data traffic between different networks. It can serve as a security point to monitor and filter data traffic.


A Hacker is a person who uses their technical skills to analyze, manipulate or circumvent computer systems, networks or software, either for security reasons, to uncover vulnerabilities, or for malicious purposes.

Hacking refers to the process of circumventing security measures to gain access to a computer system, network or application. Hacking can be ethical (to test security) or malicious (for criminal purposes).

Hashing is a process for converting data, such as passwords or files, into a unique string of characters of a fixed length. This character string, known as a hash, is generated by an algorithm and is used to ensure the integrity and security of the data.

A Honeypot is a security device or system designed to lure, deceive and monitor attackers. Honeypots are used to detect attacks, study attack methods and improve security measures by providing attackers with a seemingly vulnerable target.

Hypertext Transfer Protocol Secure (HTTPS) is a secure version of the Hypertext Transfer Protocol (HTTP), which is used to transfer data on the Internet. It uses an encryption layer, usually SSL/TLS, to ensure the confidentiality and integrity of the transmitted data.


Identity Management refers to the process and technologies for managing digital identities of users and resources within a system or organization to control access rights and ensure security.

Identity Theft occurs when someone uses unauthorized personal information to impersonate another person. This can lead to financial loss, reputational damage and other problems.

Incident Response is a structured process for identifying, analyzing and responding to security incidents in IT systems with the aim of limiting damage and enabling rapid recovery. It often also includes forensics to determine the point of attack and the handling of the incident, such as crisis communication, possible negotiation support and internal and external coordination.

Incident Response Management refers to the planning, organization and coordination of all activities related to the response to security incidents.

An Incident Response Retainer is an agreement with a specialized service provider that provides defined support and response in the event of a security incident with a defined response time and scope.

An Information Security Management System (ISMS) is a holistic approach to systematically managing and securing information in an organization in order to ensure the confidentiality, integrity and availability of data.

IoMT stands for "Internet of Medical Things" and refers to the networking of medical devices and technologies via the internet. These devices can have a variety of medical applications, including monitoring, diagnosis, treatment and care. IoMT encompasses a wide range of devices, from wearables such as fitness trackers to implantable medical devices and hospital equipment. The aim is to improve efficiency in healthcare, optimize patient care and create new opportunities for medical research and treatment.

Internet of Things (IoT) refers to networked devices that communicate with each other and exchange data. This includes intelligent household appliances, wearables, industrial technology (OT) and other networked technologies.

IoT Security refers to the measures taken to protect networked devices from cyber threats and unauthorized access. These are also referred to as product security.

IT comprises the use of computers and information systems to process, store and transfer data.

An IT Emergency Plan is a predefined process that contains measures and procedures for responding to unexpected disruptions or disasters in IT operations and ensuring the recovery of systems and data.

Information Technology Disaster Recovery (ITDR) refers to the strategies and processes that organizations implement to recover their IT systems after a major outage or disaster.

IT Security, or Information Security, refers to the entirety of strategies, technologies and measures taken to ensure the security of IT systems, data and infrastructures.

An Intrusion Detection System (IDS) is a security software or device that monitors the data traffic in the network in order to detect and draw attention to unusual activities, potential attacks or security breaches. Usually in conjunction with a firewall.


JavaScript is a scripting language used for the development of interactive and dynamic content on websites. It was originally developed for front-end web design to enable user interactions such as validating forms, changing images or loading content without reloading the entire page. Today, JavaScript is also used on servers (with Node.js) and in other environments.

Junk Data refers to irrelevant or unwanted data in a system, network or application. The presence of junk data can affect performance and increase the risk of security problems. Regular review and cleanup are important aspects of cybersecurity.


A Keylogger is software that records keystrokes. Cybercriminals use keyloggers to steal sensitive information such as passwords and credit card details.


The Least Privilege Principle is a principle in cybersecurity that states that users should only be given the minimum access rights required to perform their tasks. This minimizes the risk of unauthorized access and misuse.


Machine Learning (ML) Security refers to security measures developed specifically for machine learning and artificial intelligence to protect models from attacks, errors and misuse.

Malware, also known as malicious software, is malicious software designed to infiltrate computer systems, damage, steal or destroy data without the user's knowledge or consent.

Managed Detection and Response (MDR) - Service provides advanced monitoring, detection and response to cyber threats by an external service provider. This is often referred to as a SOC (Security Operations Center).

A Man-in-the-Middle Attack is a cyberattack in which an attacker intercepts, manipulates or monitors communication between two parties without the parties involved being aware of it.

Multi-Factor Authentication is a security method that uses multiple methods to confirm a user's identity. This can be something the user knows (e.g. a password), something the user has (e.g. a cell phone), and/or something the user is (e.g. biometric data).


National Institute of Standards and Technology (NIST) ist eine US-Bundesbehörde, die Standards und Richtlinien für Technologie und Cybersecurity entwickelt, um die Sicherheit und Interoperabilität von IT-Systemen zu fördern.

Network Access Control (NAC) is a security technology that monitors, authenticates and controls the access of devices to a network in order to enforce security policies and prevent unauthorized access.

Network Detection and Response (NDR) is a security solution that continuously monitors network activity to detect, analyze and respond to anomalies and potential threats.

Network Monitoring ist der fortlaufende Prozess der Überwachung und Analyse von Netzwerkaktivitäten, um die Leistung, Verfügbarkeit und Sicherheit von IT-Infrastrukturen sicherzustellen.

The NIS-2-Directive is the EU-wide legislation in the field of cybersecurity that has been in force since 16.01.2023. Its aim is to increase the overall level of cybersecurity in the European Union through the implementation of legal measures. The EU member states must transpose the directive into national law by October 2024.


A One-Time Password is a password that can only be used once, usually for a specific transaction or a limited period of time. OTPs offer an additional level of security as they are harder to guess or steal than static passwords.

Open Source Software is software whose source code is publicly accessible. It is often free to use, modify and redistribute, and the open source community plays an important role in the development and improvement of such software.

The OSI Model is a reference model that divides network communication into seven layers. These layers range from physical connections to applications and serve as a basis for the development and understanding of network protocols.

OT Security refers to measures for securing industrial control systems and process controls in order to identify and ward off threats and risks in production.


Penetration Tests are security checks in which IT experts - supplemented by tools - attempt to identify vulnerabilities through targeted attacks in order to eliminate them and improve security.

Phishing is a fraudulent technique in which attackers use fake emails, websites or messages to steal sensitive information such as usernames, passwords and financial data from unsuspecting victims, or to directly install malicious software ("malware").

Privileged Access Management (PAM) is a security solution that monitors and controls access to sensitive systems and data by authorized users.


In cybersecurity, Quarantine refers to the isolated separation of infected or suspicious systems to prevent the spread of malware. This allows for more detailed investigation and security measures without putting the entire network at risk.

Quishing is a form of fraud based on phishing. Quishing involves making fraudulent phone calls instead of using fake emails or websites. The scammers often pose as legitimate organizations or companies and attempt to obtain sensitive information such as passwords, credit card numbers or personal details from victims. It's important to be suspicious and not give out sensitive information when receiving unexpected calls to protect yourself from quishing attacks.


Ransomware is a malicious attack that infects computer systems and encrypts data, whereby the data is released in exchange for a ransom payment by the attacker.

Reverse Engineering is the process of analyzing software or hardware to understand how it works without having access to the source code or design. This can be used to identify security vulnerabilities or to analyze malware.


Security Awareness Training refers to training that sensitizes and educates employees on how to protect themselves from cyber threats. This includes measures against phishing, social engineering and other attack vectors.

A Security Information and Event Management (SIEM) is a security solution that enables real-time monitoring of IT infrastructures by collecting and analyzing security events and identifying correlation patterns to respond to potential threats.

A Security Operations Center (SOC) is a specialized unit within an organization that continuously performs security monitoring, analyzes security incidents and responds to them in order to protect the IT infrastructure from cyber threats.

Social Engineering is a manipulative tactic in which attackers exploit human psychology and social interactions to gain access to sensitive information or trick users into performing certain actions that the attacker can exploit.

Spam refers to unsolicited, often mass messages that are distributed via email, social media or other communication channels. These messages often contain advertising, fraudulent offers or harmful links.

Spear Phishing is a form of cyber attack in which targeted and often very individual emails are sent to people or organizations in order to steal confidential information or infiltrate malware.


A Trojan Horse is a type of malicious software that disguises itself as a legitimate application in order to infiltrate a computer system undetected and carry out malicious activities, often without the user's knowledge.

Two-Factor Authentication (2FA) is a security method that requires a second level of authentication in addition to the password, e.g. a temporary code from the mobile device. This increases security, as stolen passwords alone are not sufficient to access an account.


User Authentication refers to the process of verifying a user's identity to ensure that only authorized persons can access a system or network. This can be done using passwords, biometric data or other authentication methods.


A Virtual Private Network (VPN) is an encrypted connection that allows users to securely access a network designated as private by redirecting their Internet connection through a remote server to ensure privacy and security.

A virus is malicious software that attaches itself to other programs and spreads by integrating itself into these programs. This type of malware can destroy data, steal information or interfere with the normal operation of a computer.

Vishing is a combination of the words "voice" and "phishing". Vishing involves making fraudulent calls to steal personal information such as passwords, account information or other confidential data from victims. The scammers often use techniques such as calling from fake phone numbers or pretending to be an official authority to deceive victims. It's important to be careful and not give out sensitive information over the phone to protect yourself from vishing attacks.

Vulnerability Management refers to the proactive process of identifying, classifying, prioritizing and eliminating security vulnerabilities in an IT infrastructure in order to minimize the risks for a company or organization.


The Web Application Firewall is a security solution designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS) and other threats. It monitors the data traffic between a web application and the Internet, identifies harmful traffic and blocks potentially dangerous requests.


Cross-Site Scripting (XSS) is an attack method in which attackers embed malicious code into websites to steal users' data or take over accounts. One effective security measure is to validate user input to prevent XSS attacks.

XDR stands for "Extended Detection and Response" and refers to an evolution of traditional Endpoint Detection and Response (EDR) solutions. XDR integrates multiple security data sources and controls across different endpoints, networks and cloud environments to provide a holistic view of cyber threats. It detects, analyzes and responds to security incidents in real time by using advanced analytics and machine learning to identify and prevent attacks.


YARA is an open source security software that is used to detect and categorize malware. It enables the creation of rules to identify certain patterns or behaviors of malware.


A Zero-Day Exploit refers to the exploitation of a vulnerability in software or an operating system before the developer has been able to provide a solution (patch).

Zero Trust is a security approach that assumes that no part of a network is considered trustworthy. Every access is strictly checked, regardless of whether it comes from inside or outside, and no default trust is granted.