Cybersecurity Glossary

Attack Vector—A method used by a hacker to breach an information system.

Bad Actor—A cybersecurity adversary that is interested in attacking information technology systems.

Binary Executable (EXE) Files—Unlike a plain text file, EXE files provide a computer operating system with a set of machine language instructions needed to perform the tasks necessary to accomplish specific objectives of a software application. For example, iTunes.exe is an executable file that conducts the features of Apple iTunes on your computer.

Cyber Risk—Threats or vulnerabilities in networks, computers, programs and data, flowing from or enabled by connection to digital infrastructure, information systems, or industrial control systems.

Cyber Threat—A possible danger that could exploit a vulnerability to breach security and therefore seek to cause harm.

Cybersecurity—The technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks. Can also be written as cyber security.

Cybersecurity Assessment—Evaluation of an organization’s cybersecurity posture to identify vulnerabilities, threats and risks.

Cybersecurity Scan—Superficial to thorough review of an organization’s computer systems, networks and devices. Assured offers the only Deep Software Scan application on the market, with its proprietary AssuredScanDKV® tool.

Cybersecurity Gaps—Security holes in an organization’s cybersecurity system that a bad actor can use to breach an information system.

Denial-of-Service (DoS) Attack—Attack to computer or network that blocks the intended user(s) from accessing their system or network capacity by flooding the system or network with dummy data.

Distributed Denial-of-Service (DDoS) Attack— A DoS attack that targets multiple compromised networks and systems.

Hacker—An individual, group or syndicate that breaches a computer system to unlawfully access data for malicious purposes and/or financial gain. There are many types of hackers, including corporate espionage marauders, ransomware bullies, hacktivists and even nation-states.

Malware—Malicious software that destroys, damages and/or steals information from a computer system. These can be Trojan horses, viruses, worms, etc.

Phishing Attack—An email from a malicious entity posing as a person or an organization which the recipient trusts or has done business with in the past. The purpose of this attack is to lure the receiver into giving the hacker sensitive information like social security numbers, PIN numbers and bank accounts.

Remediation—The process of stopping a current attack from doing further damage. It would typically be part of an Incident Response Plan.

Vulnerability—A defined defect residing in an information technology enterprise. Legacy software and systems (that are outdated and no longer supported by the vendor) are especially at risk for vulnerabilities since they no longer receive security updates and patches.

Web Application Attack—Attack that targets programs run on a web server. These include user authentication systems and web applications.

Zero Day Attack—An attack vector that has never been seen before.