The Human Factor in Cybersecurity

Glossary

Cybersecurity Glossary for Beginners

This glossary explains common cybersecurity terms in simple language. Use it as a quick reference while reading the guide.

Access Control

Rules that decide who is allowed to open, use, or change something, like a file, account, or system.

Adware

Software that shows unwanted ads. Sometimes it also tracks what you do online.

Antivirus

A program that helps find, block, and remove harmful software from your device.

Authentication

The process of proving you are really you, usually with a password, code, fingerprint, or app approval.

Authority Bias

When people trust someone because they seem important, like a boss, teacher, police officer, or IT worker.

Backup

A saved copy of important files. Backups help you recover if your device breaks or gets attacked.

Baiting

A trick where attackers tempt you with something interesting, like a free download or mysterious USB drive.

Botnet

A group of infected devices secretly controlled by an attacker, often used to send spam or attack websites.

Brute Force Attack

When an attacker keeps guessing passwords until they find the right one.

Business Email Compromise

A scam where attackers pretend to be a boss, vendor, or coworker to steal money or information.

Clickjacking

A trick that makes you click something different from what you think you are clicking.

Credential Theft

When someone steals login information, such as usernames, passwords, or verification codes.

Credential Stuffing

When stolen passwords from one website are used to try logging into other websites.

Cyber Hygiene

Good everyday habits that keep you safer online, like updating apps and using strong passwords.

Data Breach

When private information is exposed, stolen, or accessed by someone who should not have it.

Deepfake

Fake audio, video, or images made with AI to look or sound like a real person.

Encryption

A way of scrambling information so only the right person or system can read it.

Endpoint

Any device connected to a network, such as a phone, laptop, tablet, or desktop computer.

Firewall

A security tool that helps block unsafe traffic from entering or leaving a network.

Human Firewall

A person who helps stop cyberattacks by noticing suspicious messages and making safe choices.

Impersonation

When an attacker pretends to be someone trusted, like a friend, coworker, company, or school.

Incident Response

The steps taken after a cyber problem happens, such as reporting it, stopping damage, and recovering safely.

Insider Threat

A risk caused by someone inside an organization, either by mistake or on purpose.

Keylogger

Malware that records what you type, often to steal passwords or private messages.

Least Privilege

A rule that people should only have the access they truly need, and nothing extra.

Malware

Harmful software that can steal information, damage devices, spy on users, or give attackers access.

Man-in-the-Middle Attack

When an attacker secretly watches or changes messages between two people or systems.

Multi-Factor Authentication

A login method that asks for more than one proof, like a password and phone approval.

Patch

An update that fixes a problem or security weakness in software.

Password Manager

A tool that creates and stores strong passwords so you do not have to remember them all.

Phishing

A fake message designed to trick you into clicking a link, opening a file, or sharing information.

Pretexting

When an attacker creates a fake story to make their request seem believable.

Quishing

Phishing that uses QR codes to send people to fake or harmful websites.

Ransomware

Malware that locks your files and demands payment to unlock them.

Risk

The chance that something bad could happen because of a weakness or threat.

Scareware

Fake warnings that try to scare you into downloading something, calling a scammer, or paying money.

Security Awareness

Learning how to recognize cyber threats and make safer choices online.

Shoulder Surfing

When someone watches you type private information, like a password or PIN.

Smishing

Phishing through text messages, often pretending to be a bank, delivery service, or company.

Social Engineering

Tricking people into doing something unsafe by using psychology instead of technical hacking.

Spear Phishing

A phishing attack made for a specific person, job, school, or company.

Spoofing

Making something look like it came from a trusted source, such as an email address or phone number.

Spyware

Software that secretly watches what you do and collects information from your device.

Threat Actor

A person or group that tries to cause harm, steal data, scam people, or break into systems.

Trojan

Malware that hides inside something that looks safe, like a fake app or file.

Two-Factor Authentication

A type of MFA that uses exactly two steps, like a password plus a text code.

URL

The web address of a page. Attackers often use fake URLs that look almost real.

Vishing

Phishing by phone call, where scammers talk you into giving information or taking action.

Vulnerability

A weakness that attackers can use, like outdated software, weak passwords, or careless habits.

Zero Trust

A security idea that says no user or device should be trusted automatically. Everything must be verified.

Translate »