This glossary covers the key terms you will encounter throughout the CySec Knowledge Base. Each entry includes a definition drawn directly from course material, a real-world context or example, and pointers to related concepts.

Attack Surface

Definition: The complete set of ways an attacker can interact with or send input to a system in order to try to compromise it.Context/Example: Email, USB sticks, Wi-Fi, Bluetooth, and downloaded software are all parts of a system’s attack surface. The larger your attack surface, the more entry points an attacker can probe.Related terms: Vulnerability, exposure, threat model, attack prevention & hardening

Backdoor (Hardware Backdoor)

Definition: Hidden functionality at the hardware or firmware level that gives someone secret control or access, often impossible to remove with standard software tools.Context/Example: A hardware backdoor (such as the one discovered in the Intel Management System) poses a risk even on a fully patched machine — no software update can close a door built into silicon.Related terms: Firmware, persistent access, supply-chain attack

Botnet

Definition: A network of compromised machines (bots or “zombies”) remotely controlled by an attacker.Context/Example: Botnets are infrastructure that attackers build and sometimes sell or rent. A single botnet operator can coordinate thousands of machines to launch DDoS attacks or distribute spam without the machine owners’ knowledge.Related terms: Command and Control (C2), DDoS (Distributed Denial of Service), Malware, zombie

Cyber Security

Definition: The practice of protecting computer systems, networks, and data from unauthorized access, damage, or disruption.Context/Example: Cyber security spans everything from securing your personal laptop to defending national power grids. It is the umbrella discipline that encompasses all other topics in this knowledge base.Related terms: Cyber Defense, information security, network security

Defense in Depth

Definition: A cybersecurity strategy that employs multiple layers of security controls and measures to protect systems, networks, and data. The goal is to provide redundancy so that if one layer fails, others continue to provide protection.Context/Example: An organization might combine firewalls, intrusion detection systems, encryption, strong authentication, regular software updates, and employee security training. If a phishing attack bypasses email filters, layers like endpoint protection and multi-factor authentication still stand between the attacker and sensitive data.Related terms: Layered security, access control, intrusion detection, firewalls, encryption, multi-factor authentication

Defense in Depth vs. Zero Trust

Defense in Depth and Zero Trust are complementary, not competing, strategies. Defense in Depth focuses on stacking multiple barriers; Zero Trust focuses on eliminating implicit trust at every layer. Most modern security programs use both.

IDOR (Insecure Direct Object References)

Definition: A web application vulnerability where the application grants access to objects (files, database records, etc.) based on a user-supplied URL or parameter without verifying whether the requesting user is authorized to access that object.Context/Example: Imagine a URL like /invoice?id=1042. If you change it to /invoice?id=1043 and the application returns another user’s invoice without checking your permissions, that is an IDOR vulnerability. It is a surprisingly common problem in web applications.Mitigation: Always perform server-side authorization checks — never rely on the client to enforce access control.Related terms: Access control, authorization, broken object-level authorization (BOLA), OWASP

Intrusion Detection System (IDS)

Definition: A security technology that monitors network traffic or system activities for suspicious behavior or policy violations. An IDS can alert administrators to potential threats or attacks, helping detect unauthorized access or malicious activity.Context/Example: A company may deploy an IDS to monitor incoming network traffic for patterns that match known malware signatures or unusual activity — such as repeated failed login attempts. When a potential intrusion is detected, the system generates alerts for security personnel to investigate.Related terms: Network security, Intrusion Prevention System (IPS), threat detection, malware, security monitoring, anomaly detection

Phishing

Definition: A type of cyber attack where attackers impersonate legitimate entities to deceive individuals into providing sensitive information, such as usernames, passwords, and credit card details.Context/Example: You receive an email that appears to come from your bank, asking you to verify your account by clicking a link. The link leads to a convincing fake login page designed to capture your credentials. PhishTank maintains a public database of known phishing URLs you can check.Related terms: Social engineering, spear phishing, vishing, scams

Privacy vs. Security

Privacy: Refers to an individual’s control over their personal information — setting boundaries on what data is shared, with whom, and for what purpose.Security: Involves measures taken to protect data from unauthorized access and threats, including encryption, firewalls, and access control.
Privacy and security are related but distinct. You can have security without privacy (a locked system that logs everything about you), or privacy goals without adequate security controls. Strong security is often a prerequisite for privacy, but it does not guarantee it.

Repudiation

Definition: When a user denies having performed an action, and the system cannot prove whether they did or did not perform it.Context/Example: A user claims they never approved a money transfer, and there is no reliable log to prove otherwise. Systems address repudiation risk through tamper-evident audit logs, digital signatures, and non-repudiation mechanisms.Related terms: Non-repudiation, audit logging, digital signatures, STRIDE threat model

Risk Assessment

Definition: The process of evaluating the risk to a computer system. Expressed as: Risk = Threat × Vulnerability × Cost, where:
  • Threat — who or what might attack?
  • Vulnerability — where are you weak?
  • Cost — what do you lose if it happens?
Context/Example: A development team might hold a threat-modelling session to identify the worst-case scenarios. One outcome could be “we will not store credit card numbers” — eliminating the cost factor entirely for that data type.Related terms: Threat modelling, vulnerability management, impact analysis

Vulnerability

Definition: A weakness in software, hardware, configuration, or processes that can be exploited to violate security.Context/Example: Vulnerabilities can be bought and sold (zero-days) or publicly listed in databases like the NVD and CVE. A vulnerability alone is not an attack — it becomes dangerous when an exploit targeting it exists.Related terms: Exploit, patch, CVE, NVD, risk, bug

Zero-Day Vulnerability

Definition: A vulnerability that is unknown to the vendor (or has no patch yet), and an exploit that uses it before it is fixed — on “day zero” of public awareness.Context/Example: A zero-day exploit in an operating system or network application is a risk even on a fully updated machine, because no patch exists yet. Vendors typically race to release a fix once a zero-day is reported or discovered in the wild.Related terms: Exploit, patching, CVE, responsible disclosure

Zero Trust Architecture (ZTA)

Definition: A security model built on the principle “never trust, always verify.” Every request — regardless of whether it originates inside or outside the network — must be authenticated, authorized, and encrypted. There is no implicit “trusted inside” zone.Key principles:
  • Continuous verification of users and devices
  • No inside vs. outside network distinction
  • Micro-segmentation of networks
  • Least-privilege access
  • Strong authentication (MFA)
Context/Example: The traditional “castle and moat” model assumed everything inside the perimeter was safe. Cloud computing and remote work dissolved that perimeter — Zero Trust replaces it by treating every access request as potentially hostile until proven otherwise.Related terms: Least privilege, micro-segmentation, MFA, Castle-and-Moat model, identity-aware proxy