Security is a big topic.

There are many terms/phrases/acronyms/names and things mentioned within IT security that are common place. From specific attacks, to principles, concepts, technical details, types of infection, explanation of impact and a whole heap more is often either summarised or explained through terminology and a dictionary of language. In some areas it is debated, some others it is fact among all tech companies (rivals included) and IT literature all around. The number of areas included in the topic of security is so vast it has a great benefit when it is generalised, the reason being it can be implemented or understood universally.

Holding a single security qualification at the time of writing, I think back to the 6 years prior I had passed it and what definitions had to be remembered in order to pass. This list is by no means definitive and can be highly debatable, but below I’ve summarised some institutions who have provided their own glossary/terminology of security terms. This is by no means a post to help achieve any particular certification or gain any level of understanding that finely details each one of these terms.

Some of these terms cover such a broad scope that news outlets of all types (Tech and otherwise) have dedicated sections to them:

https://www.infosecurity-magazine.com/ddos/

https://www.independent.co.uk/topic/malware

https://thehackernews.com/search/label/Cyber%20Attack

(p.s these are just examples I pulled from Google, I don’t read/check/get any sponsor from any of the above for this)

So anyway, in my boredom and my hope to provide general knowledge or reference for understanding please see what I think are the most comprehensive/simple/well explained glossary’s and guides to IT security Terms. I in no way endorse the institutions and I think most importantly I need to highlight that some security qualifications/certifications and even nations may have differing definitions to some terms. There are however universal (I’ve said this already) and are worth knowing whether you work in IT or not.

Anyway here is the list:

https://www.sans.org/security-resources/glossary-of-terms
(Covers more than most)

https://www.comtact.co.uk/blog/cyber-security-glossary-of-terms-the-ultimate-list/
(Outlines slightly technical differences such as DDOS and DOS attacks)

https://www.ncsc.gov.uk/information/ncsc-glossary
(The UK National Cyber Security Centre public glossary – last reviewed 2018)

https://csrc.nist.gov/glossary
(“This Glossary consists of terms and definitions extracted verbatim from NIST’s cybersecurity- and privacy-related Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), and NIST Internal/Interagency Reports (IRs), as well as from Committee on National Security Systems (CNSS) Instruction CNSSI-4009. Only terms that are defined in final publications—not drafts—are included here.” – Let me tell you, this is huge but a treasure trove of explanations and definitions if you are interested in global cyber security.)

https://www.cybrary.it/glossary/
(The glossary provided by www.cybrary.it is easy to understand and confirmed by most of its content creators. This is one of the best online resources for security training on any topic in both a general or certification manner.)

https://scottschober.com/glossary-of-cybersecurity-terms/
(From an independent security voice)

and to be honest there are plenty more. The point of me even creating this list on a whole is to try demonstrate the differing terms even defined (those that are missed) and the wording used to explain each. Some terms have basic principles, some are vague explanations to a type of attack or theory, some highlight key differences in detail regardless of the commentator.

Understanding these differences is what helped me personally get a better grasp of security overall. Though many technical principles are rigid and universal, many security ideas/terms have to be broad due to their adaptability.

Hacking someone 5, 10, 15, 20, 25 years ago was a very different thing from now. Though there is no “requirement” to understand 100% of these terms, for anyone interested in the topic I highly suggest being aware of them at the very least. Security reports, white papers, remediation guides, how-tos and even reviews utilise these phrases/terms all the time.

I hope this helps someone and I hope to write more soon! (and I may add to this!)