Basic Cybersecurity Terms and Types That You Should Know!

In this article, we’ll be explaining a glossary of cybersecurity terms or concepts used widely among people. As cyber-attacks are increasing, it is now more critical for everyone to understand cybersecurity for their personal or business security, so understanding cyber security terminology will be a great first step.

Cybersecurity Key Terms


It is the process and technologies used to implement various security mechanisms to help protect data and different assets such as networks and devices.


A term used to identify a cybercriminal who uses his cyber security skills to perform malicious and unauthorized activities.

Penetration Test

It is the process of testing a target to reveal its vulnerabilities or weak points and then exploit it to reach restricted data or resources.


Malicious software that does harmful things or performs malicious actions on computers.

Social Engineering

It is the art of deceiving people to gain sensitive and valuable information about them.


The process of transforming the data from one shape to another using a scheme and it is easy to reverse.


The process of re-representing data in other forms using a key known as an encryption key.

Distributed Denial of Service (DDoS)

It is a well-known form of cyber-attacks, and an attempt to overwhelm a server with a huge amount of requests coming from different systems that attackers control to result in the shutdown of the server.

Cloud Computing

It is the on-demand delivery of computing resources like storage, networking, databases all over the internet and you only pay for what you use.

Main Types of Cybersecurity

1. Critical Infrastructure Cybersecurity:

Critical infrastructure security aims to help in securing physical and cyber systems assets that are vital to countries and would make a huge impact on economics and public safety.

Examples of Critical Infrastructure:

Public health facilities

Power systems


Water suppliers

Renewable energy

As it is vital for society’s safety, organizations should perform security mechanisms and controls to protect their infrastructure and business from cyber-attacks and to also perform an evaluation to attack risks and how to mitigate them.

2. Network Security

Network security is the type of cyber security that aims to protect computer networks most efficiently by applying both software and hardware technologies.

Network security layers should be considered when dealing with any kind of attacks, network security policies must have a design pattern that matches with each layer, the most common layers are Technical, Physical, and Administrative layers.

Network Security Implementations:

Network applications security

Constant monitoring

Many factors authentication

3. Application Security

Application security is the process of developing secure software by adding different security features and applying the best practice in developing various applications and software.


The main phase of application security is testing, there are different approaches to test an application for example:

Application design review

Whitebox testing: Manually reviewing the application’s source code to identify flaws

Blackbox auditing: No source code involved

4. Cloud Security

Most organizations are now heading towards using advanced technologies to improve their productivity and operations efficiency, as the amount of required data for organizations set-up is increasing the usage of cloud technologies is required.

Customers are expecting strict layers of security associated with the cloud capabilities, there must be a broad set of technologies and policies to secure virtual services and infrastructure.

Now, What are the 5 C's of Cybersecurity?


Compliance means applying strict risk controls to help protect accessibility, integrity, and availability of data transferred or stored. The lack of compliance will result in breaches or exposure that will affect the organization financially.


As organizations are facing constantly changing pressures (threats, regulations, technologies) there must be a corresponding change of technologies, policies, business models, also a powerful infrastructure that is capable of quickly responding to different changes. The improvement in change management helps organizations to be more competitive.


Organizations must address carefully the cost of their operational services and also the technologies that are being acquired or accomplished.


Coverage or insurance is mainly focused on mitigating exposures and data breaches and ensuring the integrity of data.


The continuity planning is to ensure that the whole system is recovered in case of any cyber attack coming and to design powerful plans to maintain the productivity of the system. 

And, Here is a Glossary of Some Security Terms:



Common Security Terms

Access Control: Ensuring that the controlled resources are only accessible to authorized users.

Authentication: Ensuring or confirming the identity of the user.

Authorization: Ensuring that the data is only accessed to who has the access rights or privileges.

Asset: Any kind of valuable resources like people, information, facilities.

Penetration Test

Enumeration: The process of extracting sensitive information about a target.

Scanning: Inspecting for potential weak points.

Vulnerability: Some kind of weakness in the system.

Exploit: A code that takes advantage of system vulnerabilities to perform restricted actions.

Payload: The malicious part of the exploit.

Brute-Force Attack: Trying to get access to a system by guessing the credentials through trying a lot of passphrases.

Network Security

Domain: A group of connected devices to a network or multiple private networks.

IP Address: A unique numeric number that identifies a device on wide or local networks.

VPN (Virtual Private Network): A private network that makes a tunneling connection between connected devices over public networks.

Firewall: A network device or could be a software, it monitors incoming and outgoing traffic and decides what to allow and what to block.

IPS (intrusion prevention system): It is a network technology that monitors traffic and prevents malicious traffic.

Proxy: A server that falls in the middle of a client to server request and is mostly used for filtering traffic.


Confidentiality: Ensuring that the information is only shown to authorized users.

Integrity: Ensuring that the information is not modified or deleted improperly.

Availability: Ensuring that the system is constantly available.


Trojan: It is a computer program that fools users into thinking that it is a legitimate program but inside it holds malicious code.

Worm: A self-replicating type of malware that moves quickly between connected devices by exploiting vulnerabilities.

Spyware: A type of malicious software designed to gather information about a person or an organization.

Adware: A type of software that aims to display user interface advertisements when it is installed on the system.

Keylogger: Malicious software that logs and captures keystrokes on the system.

Ransomware: The most famous type of malware, ransomware is malicious software that once installed encrypted all data on the system and asks for a ransom to decrypt the data.