Extended Slovník
Glossary with extended content
A
Analysis
Cybersecurity analysis is the systematic process of examining data, systems, and processes to identify, assess, and understand cyber threats, vulnerabilities, and incidents, enabling informed decision-making for protective measures.Anomaly
A deviation from normal system, network, or user behavior that may indicate a security threat or operational issue.Authenticator app
An authenticator app is a software application that generates time-sensitive, one-time verification codes used to confirm a user's identity when logging into online accounts, typically as part of two-factor authentication (2FA).Authorization
Authorization is the security process that determines what an authenticated user or system is permitted to do, access, or see within a system or network, based on defined policies.
B
Behavior
In cybersecurity, behavior refers to the actions, habits, decisions, and responses of individuals—employees, users, attackers—that directly affect the security posture of an organization or system.Black hat
Black hat hacking refers to unauthorized and malicious cybersecurity activities undertaken by individuals or groups to gain illicit access to systems, steal data, disrupt services, or cause damage for personal gain or vandalism.Breach
A security incident where sensitive, protected, or confidential data is accessed, copied, transmitted, stolen, or used by an unauthorized individual.Burnout
Burnout is a state of physical, emotional, and mental exhaustion caused by prolonged or excessive stress, often exacerbated in high-pressure fields like cybersecurity due to constant threats, long hours, and the critical nature of the work.
C
Coercion
Coercion in cybersecurity refers to the use of threats, intimidation, or psychological pressure to compel individuals to bypass security protocols or compromise organisational security.Complacency
Cybersecurity complacency is a state where individuals or organizations become overconfident or negligent towards security protocols, leading to increased vulnerability to cyberattacks.Compromise
In cybersecurity, a compromise refers to the unauthorized access or infiltration of a system, network, application, or data, leading to a breach of its confidentiality, integrity, or availability.Confidentiality
Confidentiality is the principle that information should only be accessible to authorized parties and protected from unauthorized disclosure.Continuous integration
Continuous Integration CI is a software development practice where developers frequently merge their code changes into a central repository, after which automated builds and tests are run.
D
Deception
Deception technology deploys fake systems, credentials, and data decoys to lure, detect, and analyze attacker behavior, providing early warnings and enhanced threat intelligence.Delegation
Delegation in cybersecurity refers to the process of granting specific administrative rights or access permissions to designated users or systems, allowing them to perform certain tasks on behalf of a primary administrator or entity without full access to all resources.Deterrent
A measure or strategy designed to discourage attackers from initiating harmful actions by making the perceived costs or risks outweigh potential benefits.Disclosure
In cybersecurity, disclosure refers to the act of revealing information about a security vulnerability or a data breach to relevant parties, such as vendors, affected users, or the public, typically following a structured policy.Due process
Due process in cybersecurity is the legal requirement that states or private entities must respect all legal rights owed to individuals when interfering with their digital data or online activities, ensuring fairness, transparency, and accountability.
E
Early warning system
An Early Warning System (EWS) in cybersecurity detects potential threats and vulnerabilities at their earliest stages, enabling proactive defense before attacks cause significant damage.Eavesdropping
Unauthorized interception of private communications or data transmissions by a third party, often for malicious purposes such as data theft or espionage.Encapsulation
In cybersecurity and networking, encapsulation is the process of adding protocol information (headers and trailers) to data as it moves down the layers of a network stack, effectively wrapping one protocol's data within another.Enumeration
In cybersecurity, enumeration is the process of extracting detailed information about a target system, network, or application to identify potential vulnerabilities and entry points during the reconnaissance phase.Escalation
Cybersecurity incident escalation refers to the process of increasing the severity level and attention given to a security event based on predefined criteria, ensuring it is handled by appropriate personnel with adequate authority and resources.
F
Filtering
Filtering in cybersecurity refers to the process of controlling the flow of data traffic based on predefined rules, criteria, or policies to permit, deny, or redirect specific content or connections.Fingerprinting
In cybersecurity, fingerprinting refers to the process of gathering information about a remote system, device, or application to identify its unique characteristics, software, or operating system.Force majeure
Force majeure refers to unforeseeable circumstances that prevent someone from fulfilling a contract. In cybersecurity, it applies to extreme, uncontrollable events like widespread cyberattacks or natural disasters that disrupt digital services.Forensics
Digital forensics in cybersecurity is the process of identifying, preserving, examining, analyzing, and presenting digital evidence to investigate cyber incidents and secure information systems.Framework
A cybersecurity framework is a set of guidelines, standards, and best practices designed to help organizations manage and reduce their cybersecurity risks through a structured approach.
G
GDPR
GDPR is a comprehensive EU data privacy law that gives individuals control over their personal data and imposes strict obligations on organisations worldwide that collect or process data of EU residents.General data protection
General Data Protection refers primarily to the GDPR, a comprehensive EU law protecting personal data and privacy for all individuals within the EU and European Economic Area.Greed
In cybersecurity, greed refers to the human desire for excessive wealth, power, or gain, which cybercriminals actively exploit through various social engineering tactics and fraudulent schemes to compromise individuals and organizations.Guidance
Cybersecurity guidance refers to documented advice, recommendations, and instructions designed to help individuals and organizations protect information systems, networks, and data from cyber threats.
H
Hardware security module
A Hardware Security Module (HSM) is a dedicated physical device designed to protect cryptographic keys and perform cryptographic operations within a tamper-resistant environment.Hids
HIDS, or Host-based Intrusion Detection System, is a security tool that monitors individual computer systems for suspicious activity, policy violations, or anomalous behavior, providing alerts upon detection.Hipaa compliance
HIPAA compliance refers to adhering to the standards set by the Health Insurance Portability and Accountability Act, ensuring the privacy and security of protected health information (PHI) within the United States healthcare system.Human rights
Human rights in cybersecurity refer to the application of fundamental rights such as privacy, freedom of expression, and non-discrimination to the digital sphere and ethical considerations in cybersecurity technologies and policies.Hypervisor
A hypervisor is software, firmware, or hardware that creates and runs virtual machines, allowing a single physical host to operate multiple virtual machines with their own operating systems by sharing hardware resources.
I
Immutability
Immutability in cybersecurity refers to the property of data or systems that prevents them from being modified or deleted after creation, ensuring their integrity and tamper-proof nature.Impact
In cybersecurity, impact refers to the magnitude of harm or consequences resulting from a security incident, data breach, or cyberattack on an organization's assets, operations, or reputation.Implicit bias
Implicit bias refers to unconscious attitudes or stereotypes that affect understanding, actions, and decisions without conscious awareness, potentially impacting cybersecurity outcomes in hiring, threat assessment, and incident response.Impulsivity
In cybersecurity, impulsivity refers to making quick, often ill-considered decisions or taking actions without adequate foresight, leading to increased vulnerability to cyber threats and potential security breaches.Isolation
In cybersecurity, isolation refers to the practice of separating or containing components of a system, applications, or network segments to prevent potential threats from spreading and compromising other parts of the environment.
J
Jitter
Jitter in networking refers to the variation in the delay of received packets, which can severely impact the quality of real-time applications like voice and video calls.Journaling
In cybersecurity, journaling refers to the systematic, chronological recording of all relevant system events, user activities, network traffic, and application logs to create an immutable audit trail for security analysis, incident investigation, compliance, and threat detection.Judicial review
Judicial review is the process by which courts assess the legality of decisions and actions made by public bodies, ensuring they act within their powers, follow due process, and uphold individual rights, especially in cybersecurity and data privacy.Jump box
A hardened intermediary server used to provide controlled and secure access to other sensitive servers or network segments within an isolated security zone.Jurisprudence
The theoretical and philosophical study of law as it applies to digital environments, data, and information security, examining principles that shape cyber regulations and digital rights.
K
Kerberos
Kerberos is a widely used network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography, preventing unauthorized access and enabling single sign-on (SSO) capabilities.Key logger
A keylogger is a type of surveillance technology, either software or hardware, used to record every keystroke made on a specific computer or device, often without the user's knowledge or consent.Key performance indicator
Key Performance Indicators (KPIs) in cybersecurity are quantifiable metrics used to evaluate the success of an organization's security program, initiatives, or specific security controls in achieving its objectives.Keylogger
A keylogger is surveillance technology that records every keystroke made on a keyboard, often covertly, enabling attackers to capture sensitive information such as passwords and private data.Knowledge base
A cybersecurity knowledge base is a centralized repository of security-related information, policies, procedures, and best practices designed to support security teams in managing risks, responding to incidents, and maintaining compliance.
L
Leak detection
Leak detection in cybersecurity refers to the process of identifying and alerting organizations to instances where sensitive or confidential information has unintentionally or maliciously escaped controlled environments.Learned helplessness
A psychological state where individuals stop attempting to prevent or respond to security incidents after repeated exposure to overwhelming threats, even when effective actions are available.Legislation
Cybersecurity legislation refers to a body of laws and regulations designed to protect digital data, networks, and information systems from cyber threats, ensuring privacy, integrity, and availability.Likelihood
In cybersecurity, likelihood refers to the estimated probability or frequency of a specific cyber event, such as a breach or attack, occurring within a defined timeframe. It's a key component of risk assessment, alongside impact.Lure
A deceptive tactic used by attackers to trick individuals into revealing sensitive information or compromising systems, typically through social engineering attacks like phishing.
M
Machine learning
Machine learning in cybersecurity uses AI algorithms that enable systems to automatically learn from data, identify patterns, and make decisions to enhance threat detection, prevention, and response capabilities.Metrics
Cybersecurity metrics are quantifiable measures used to assess the effectiveness of an organization's security posture, identify vulnerabilities, track progress in risk reduction, and inform strategic decision-making.Mindfulness
Mindfulness in cybersecurity refers to the practice of bringing focused, non-judgmental awareness to tasks, decisions, and digital interactions within an information security context, aiming to reduce human error, enhance vigilance, and improve overall cyber resilience.Motivation
Cybersecurity motivation refers to the internal and external drivers that compel individuals to prioritize, adopt, and consistently practice secure behaviors and actively contribute to organizational cyber defense.Multi-factor authentication
Multi-Factor Authentication (MFA) is a security system that requires users to provide two or more verification factors to gain access to an application, account, or other resource, adding a crucial layer of security beyond just a username and password.
N
National intelligence
National intelligence in cybersecurity refers to the collection, analysis, and dissemination of information by governmental agencies to understand, anticipate, and counter cyber threats that could impact national security, critical infrastructure, or economic stability.Natural language processing
Natural Language Processing (NLP) is a branch of artificial intelligence that enables computers to understand, interpret, and generate human language, bridging the gap between human communication and machine comprehension.Netiquette
Netiquette is the set of unwritten rules governing respectful and appropriate behavior when communicating and interacting online, fostering a positive and secure digital environment.Network security
Network security encompasses the policies, procedures, and technologies deployed to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and its accessible resources.Non-compliance
An organization's failure to meet established legal, regulatory, or organizational standards and policies related to information security and data protection.
O
Obligation
Cybersecurity obligations refer to the mandatory duties and responsibilities organisations and individuals must uphold to protect information assets, ensure data privacy, and maintain the security of digital systems, typically enforced by laws, regulations, contracts, or internal policies.Onboarding
Secure onboarding is the systematic process of granting new users and entities secure, controlled access to an organization's systems and resources while minimizing security risks.OSI model
A conceptual framework that standardizes network communication functions into seven distinct layers, enabling different systems to communicate effectively.Oversight
Cybersecurity oversight is the systematic process of monitoring, evaluating, and guiding an organization's cybersecurity posture to ensure alignment with strategic objectives and regulatory compliance.Owner
In cybersecurity and Identity & Access Management (IAM), a data owner is an individual or entity formally accountable for specific data assets, ensuring their protection, integrity, and availability within the organization.
P
Phishing
Phishing is a type of cybercrime where attackers trick individuals into revealing sensitive information, such as usernames, passwords, and credit card details, often by disguising themselves as a trustworthy entity in electronic communication.Policy enforcement point
A Policy Enforcement Point (PEP) is a component in an access control system responsible for enforcing the access decisions made by a Policy Decision Point (PDP) regarding a user's attempt to access a protected resource.Procedure
Cybersecurity procedures are documented, step-by-step instructions that guide personnel through specific tasks to maintain security, respond to incidents, and ensure compliance within an organization's digital environment.Profile
In cybersecurity, a security profile is a comprehensive set of attributes, permissions, and characteristics associated with a user, device, application, or system, defining its identity, capabilities, and permitted actions within a network or system.Protection
Cybersecurity protection refers to the measures, technologies, and practices designed to defend computer systems, networks, programs, and data from digital attacks, damage, or unauthorized access.
Q
Qualitative data
Non-numerical information like descriptions, narratives, and observations used to understand the why and how behind security incidents and human behaviors.Quality control
Systematic processes and measures implemented throughout the software development lifecycle to ensure security requirements are met and vulnerabilities are minimized.Quality of service
Quality of Service (QoS) refers to technologies that manage network traffic to reduce packet loss, latency, and jitter, ensuring reliable performance for critical applications within secure network environments.Quarantine zone
An isolated network segment where suspicious or compromised devices, files, or processes are contained to prevent them from spreading threats to the main network.Quick fix
A temporary, often superficial solution implemented to address a security vulnerability without fully resolving its underlying root cause.
R
Redundancy
In cybersecurity and IT, redundancy refers to the duplication of critical components, systems, or data to ensure continuous operation and prevent service interruptions in the event of a failure.Remediation
Cybersecurity remediation is the process of eliminating detected security threats, vulnerabilities, or incidents from systems and networks to restore them to a secure state.Resolution
In cybersecurity, incident resolution is the process of eliminating the root cause of a security incident and restoring affected systems and services to their normal, secure operational state.Responsibility
Cybersecurity responsibility refers to the assigned duties and obligations of individuals, teams, and organizations to protect information assets, systems, and data from cyber threats.Role modeling
Role modeling in cybersecurity refers to individuals, especially leaders, consistently demonstrating secure behaviors, upholding security policies, and championing cyber hygiene to influence and educate others within an organization.
S
Self-efficacy
An individual's belief in their own capability to successfully execute the secure behaviors required to protect information systems and data.Stack overflow
A memory corruption vulnerability where a program writes more data to the call stack than allocated, potentially allowing attackers to execute malicious code.Stewardship
Data stewardship in cybersecurity refers to the responsible planning, management, and oversight of an organization's data assets to ensure their quality, integrity, security, and privacy throughout their lifecycle.Strong password
A unique, complex combination of characters including uppercase, lowercase, numbers, and symbols that is difficult to guess or crack, protecting digital accounts from unauthorized access.Subject
In cybersecurity and identity & access management (IAM), a Subject refers to any entity—such as a user, application, device, or service—that attempts to perform an action or access a resource within a system.
T
Tactics
Cybersecurity tactics are the specific methods, approaches, and actions employed by individuals, teams, or systems to achieve a particular security objective, whether defending against attacks, responding to incidents, or executing offensive operations.Tenant
In cybersecurity, a tenant refers to a dedicated and isolated environment or set of resources within a shared infrastructure, typically a cloud service or multi-tenant application, ensuring data and operations are separate for each customer or organizational unit.Training
Cybersecurity training refers to structured educational programs designed to equip individuals and employees with the knowledge and skills necessary to identify, prevent, and respond to cyber threats, thereby reducing human-related security risks within an organization.Triage
In cybersecurity, triage is the initial process of assessing and prioritizing security alerts, events, or incidents to determine their severity, impact, and the appropriate level of response required.
U
Unconscious bias
Unconscious bias refers to automatic mental shortcuts and assumptions individuals make without conscious awareness, which can affect threat perception, hiring decisions, and security effectiveness in cybersecurity.Unit testing
A software testing method where individual units or components of an application are isolated and tested to verify they perform as designed.Unmanaged switch
An unmanaged switch is a plug-and-play network device that allows multiple devices to communicate on a local area network (LAN) by forwarding data packets to their intended destinations without requiring any setup or configuration.User datagram protocol
A lightweight, connectionless network protocol operating at the transport layer, designed for fast transmission of datagrams without connection establishment or delivery guarantees.
V
Validation
In cybersecurity, validation is the process of ensuring that data, inputs, or processes conform to expected formats, types, and security policies before being processed or stored, preventing malicious exploitation and maintaining system integrity.Vault
A secure, centralized repository designed to protect sensitive digital assets like passwords, cryptographic keys, API tokens, and other secrets from unauthorized access and cyber threats.Vigilance
Cybersecurity vigilance is the continuous state of alertness and watchfulness maintained by individuals and organizations to detect, prevent, and respond to potential cyber threats and security incidents.Virtual IP
A Virtual IP (VIP) address is an IP address that represents a service or a cluster of servers rather than a specific physical network interface, providing a stable, single point of access for load balancing, failover, and high availability.Virtual machine
A virtual machine (VM) is a software-based emulation of a physical computer system, complete with its own operating system, CPU, memory, storage, and network interfaces, all running on top of a physical host machine.
W
Waiver
A formal, documented agreement to exempt a system, process, or control from a specific security policy or requirement, with acceptance of residual risk.War gaming
Cybersecurity war gaming involves simulating cyber-attacks and potential real-world scenarios to test an organisation's defences, incident response plans, and decision-making processes in a controlled environment.Weakness
In cybersecurity, a weakness refers to any inherent flaw, deficiency, or absence of a countermeasure within a system, process, or organizational structure that could potentially be exploited to compromise security.Web proxy
A web proxy is an intermediary server that sits between a user's device and the internet, forwarding requests and responses to enhance privacy, security, and access control.Wi-fi protected access
Wi-Fi Protected Access (WPA) is a security protocol and certification program developed by the Wi-Fi Alliance to secure wireless computer networks, providing stronger data encryption and user authentication than its predecessor, WEP.
X
X-Frame-Options
An HTTP response header that controls whether a browser can render a page in a frame or iframe, primarily used to prevent clickjacking attacks.X.509 certificate
An X.509 certificate is a digital document that uses the X.509 standard to bind a public key to an identity, serving as a cornerstone of Public Key Infrastructure (PKI) for secure communication and authentication.Xml external entity
An XXE vulnerability allows attackers to interfere with XML processing, potentially leading to information disclosure, SSRF, or remote code execution.Xor encryption
XOR encryption is a symmetric encryption method that applies the XOR (exclusive OR) logical operation to plaintext using a key, where the same operation with the same key decrypts the ciphertext back to plaintext.XSRF
XSRF (Cross-Site Request Forgery) is a web security vulnerability that tricks authenticated users into performing unwanted actions on trusted web applications without their knowledge or consent.
Y
Yara signature
A pattern-matching rule used by security professionals to identify and classify malware samples based on textual or binary patterns.Year-end report
A comprehensive document summarizing an organization's security posture, performance, incidents, vulnerabilities, and strategic initiatives over the past year, typically presented to stakeholders and leadership.Yearly report
A comprehensive document summarizing an organization's information security posture, activities, incidents, risks, and compliance status over a 12-month period.Yearly review
A comprehensive, systematic assessment conducted annually to evaluate an organization's security posture, compliance with regulations, effectiveness of controls, and adherence to policies.Yellow team
A Yellow Team bridges offensive and defensive security operations, focusing on security awareness, training, threat modeling, and secure development practices.
Z