Learning the vast glossary attributed to the cybersecurity domain is the focus of this topic. As an aspiring cybersecurity professional, learning the terminology of the cybersecurity field can help you identify common cyber threats and attacks. These terms are common in technical documentation, certifications, and daily conversations among professionals. You are bound to come across these words, so let's become familiar now rather than later.
Main terms in cybersecurity
If you are here, you are taking the steps to stay safe online and increase your skill sets. In today's digital world, one cannot ignore cybersecurity. Let's familiarize ourselves with some of the most common cybersecurity terms and definitions.
Malware — Any type of harmful software designed to damage a computer system.
Phishing — A cyberattack that attempts to fool users into providing sensitive information.
DDoS Attack — A distributed denial of service attack involves the use of multiple devices to flood a website or server with traffic.
CWE — Stands for Common Weakness Enumeration. It is a system that categorizes software and hardware security flaws to understand and create tools to prevent them.
Ransomware — A type of cyber attack that locks users out of their computer systems until they pay a ransom. The major keyword when it comes to this attack is encrypt. By encrypting important files on a network, victims are placed in a position to either pay the ransom to decrypt the files or risk losing business-critical data.
Encryption — A process of converting human-readable plaintext to incomprehensible test. Only authorized parties can unscramble the information.
Botnet — A network of compromised computers used to carry out cyberattacks on other systems. The originator of the attack is known as the "bot master" and zombies are computers that have been infected with malware. All three are necessary to launch a botnet attack.
CVE — Stands for Common Vulnerabilities and Exposures. It is a repository of publicly disclosed information about security issues that is used to identify and track vulnerabilities.
Zero-Day Attack — These are cyber security attacks that exploit a vulnerability in software that no one is yet aware of.
Encryption — A method of scrambling data so that only authorized users or systems can access it. Some popular forms of encryption are AES, RSA, and TDEA.
Firewall — A system designed to prevent unauthorized access to or from a computer network.
VPN — A virtual private network is a secure online service that allows users to remotely connect to another network.
Spyware — A type of malware that can collect and transmit private user information without the user's consent.
Cyberbullying — A type of online harassment in which perpetrators use digital technologies to target and intimidate victims.
IP Address — An Internet Protocol address is a unique string of numbers that identifies a device connected to the Internet. Within this definition, there are two crucial parts you must understand—Public IPs and Private IPs.
Public IP — An IPv4 address that identifies you to the wider internet. They are assigned to your network router by your internet service provider (ISP). Devices that are assigned a public address fall within a vast range. For a full list, visit The Five IPv4 Classes.
Private IP — An IPv4 address that identifies you within a private network. Your networker router assigns one to each device under the Public IP address. Devices that are assigned a private IP address all fall within these ranges: (Class A 10.0.0.0 — 10.255.255.255), (Class B 172.16.0.0 — 172.31.255.255), and (Class C 192.168.0.0 — 192.168.255.255).
We are going to stop here. The list can get very extensive because this is a huge industry. You don't need to be an SME (subject matter expert) for each term but just a general understanding of the term can take you far. If you are interested in a complete list, take a look at the NICCS' Glossary of Common Cybersecurity Words and Phrases.
The difference between CVEs and CWEs
Let's dedicate some time to explaining the difference between a CVE and a CWE. CVE is maintained by the National Vulnerability Database (NVD). This U.S. government repository holds the largest publicly available source of vulnerability intelligence. CWE is maintained by the MITRE Corporation and can be accessed free on a worldwide basis.
CVE refers to a specific instance of a vulnerability within a product or system. In contrast, CWE refers to a list of common software weaknesses. These are key differences that you should note. One example of a CWE is the CWE-352: Cross-Site Request Forgery (CSRF) This is a popular web application exploit. On the other hand, an example of a CVE is the Microsoft Outlook Elevation of Privilege Vulnerability CVE-2023-23397. This is an actively exploited zero-day vulnerability in Microsoft Outlook that allows attackers to spoof services as the victim and gain authentication.
In summary, incorporating CVE and CWE in software development aids in strengthening the security and solidity of systems and defending against possible security vulnerabilities.
Translating cybersecurity language for novices
Great, you can speak cyber! This is great for traversing through the field but you must be mindful of those who can't speak the language, yet. Cybersecurity is one department out of many within an organization. Non-security employees struggle to understand the terminology that cyber security professionals consider to be everyday language. C-Suite employees or the company's top management are put in a tough position where they have to make vital decisions without a transparent picture of the threat landscape. Due to the language barrier, upper management may not discuss the right threats in the boardroom nor invest in the right tools to protect the company against threats.
Kaspersky, a cybersecurity company, created a report titled Separated by a Common Language that details the issue above.
C-suite and non-technical employees should have some base level of technical understanding. Empowering your employees to recognize common cyber threats can be beneficial to your organization's computer security. Nevertheless, you as an aspiring cybersecurity student should understand this and showcase cyber data in business terms so that others can understand. For example, show the metrics and impact that they would typically be concerned with by comparing the revenue loss from a security breach.
Technical writing language for professionals
Even the most brilliant business ideas can go unnoticed with poor delivery. In cybersecurity, you can also communicate through documentation and writeups. Producing technical writeups in language that professionals understand helps you stand out as an expert in the field. As you progress in your new career, you will start to create niche documentation for tailored audiences. This reservoir of knowledge only comes from a large amount of research. Professionals should continue to increase their vocabulary in this field to stay competitive and resourceful.
Technical documentation like the Nist Cybersecurity Framework and the ISO/IEC 27001 are great examples of cybersecurity jargon becoming standards for businesses, public or private. They are also sets of guidelines for mitigating organizational cybersecurity risks, so don't forget to use them as supplemental material in your studies.
Conclusion
A lot was covered in this topic. So, let's recap some key points below:
learning the terminologies of the cybersecurity field can help you identify common cyber threats and attacks;
terms like malware, phishing, ransomware, and firewall are a small excerpt from the vast glossary of cybersecurity;
despite learning how to understand and speak cybersecurity, many struggle with the terminology;
help others understand the cybersecurity jargon via interpretation or analogies;
documentation like the NIST Cybersecurity Framework and ISO/IEC 27001 are great resources for cybersecurity terms and risk mitigation.
With an understanding of the cybersecurity language, you will be able to traverse through upcoming topics rather easily. Continue to utilize this skill throughout your career and you will become a model professional in the twinkling of an eye.