Appendix B: Glossary#
This glossary defines key terms used throughout the book. Terms are cross-referenced to the chapter where they are introduced in depth.
Access control list (ACL): An ordered set of permit and deny rules applied to network traffic or file-system permissions. (Ch. 11)
Advanced Persistent Threat (APT): A sophisticated, long-duration threat actor, typically state-sponsored, with significant resources and patience. (Ch. 1)
Air gap: Physical separation between two networks with no network connection. (Ch. 20)
Annualised Loss Expectancy (ALE): Expected monetary loss from a risk per year; ALE = SLE x ARO. (Ch. 5)
Anomaly detection: Detecting deviations from a baseline of normal behavior. (Ch. 12)
Attack surface: The total set of exploitable entry points in a system. (Ch. 1)
Authentication: Verifying the identity of a user, system, or process. (Ch. 2)
Availability: The property that systems and data are accessible when needed. (Ch. 1)
Baiting: Leaving a malicious device (USB) for a victim to use. (Ch. 4)
Bitcoin: A decentralized digital currency frequently used for ransomware payments. (Ch. 15)
Blue team: Defenders; the team responsible for protecting systems. (Ch. 6)
Botnet: A network of compromised machines under attacker control. (Ch. 15)
Buffer overflow: Writing past the end of an allocated memory buffer. (Ch. 9)
Business Email Compromise (BEC): Impersonating an executive to authorize fraudulent transactions. (Ch. 4)
CISO: Chief Information Security Officer. (Ch. 19)
CIA triad: Confidentiality, Integrity, Availability; the three core security properties. (Ch. 1)
Certificate Authority (CA): A trusted entity that issues digital certificates. (Ch. 2)
Chain of custody: Documentation of who handled evidence and when. (Ch. 13)
CVSS: Common Vulnerability Scoring System; a 0-10 severity scale for vulnerabilities. (Ch. 6)
CVE: Common Vulnerabilities and Exposures; a unique identifier for a known vulnerability. (Ch. 8)
Confidentiality: Preventing unauthorized access to information. (Ch. 1)
Cryptography: Mathematical techniques for secure communication and data protection. (Ch. 2)
Data minimization: Collecting only the personal data necessary for the stated purpose. (Ch. 18)
Defense in depth: Using multiple overlapping security layers. (Ch. 1)
Digital signature: A cryptographic proof of origin and integrity using asymmetric keys. (Ch. 2)
DMZ: Demilitarised Zone; a network segment between the internet and internal network. (Ch. 11)
DDoS: Distributed Denial of Service; overwhelming a system with traffic from many sources. (Ch. 11)
Encryption: Transforming data with a key so only key holders can reverse it. (Ch. 2)
Exploit: Code or technique that takes advantage of a vulnerability. (Ch. 1, 9)
False positive: An alert fired on benign activity. (Ch. 12)
False negative: A real attack that did not trigger an alert. (Ch. 12)
Firewall: A device or software that enforces access control between networks. (Ch. 11)
Forensic image: A bit-for-bit copy of a storage device. (Ch. 13)
GDPR: General Data Protection Regulation; EU law governing personal data. (Ch. 18)
Hash function: A one-way function producing a fixed-length digest. (Ch. 2)
HIPAA: Health Insurance Portability and Accountability Act; US healthcare privacy law. (Ch. 18)
HMAC: Hash-based Message Authentication Code. (Ch. 2)
ICS: Industrial Control System. (Ch. 20)
IDS/IPS: Intrusion Detection System / Intrusion Prevention System. (Ch. 12)
Incident: An event that jeopardises confidentiality, integrity, or availability. (Ch. 14)
Integrity: Assurance that data has not been altered without authorization. (Ch. 1)
IOC: Indicator of Compromise. (Ch. 14, 15)
Lateral movement: Moving from an initial foothold to other network systems. (Ch. 9)
Malware: Malicious software. (Ch. 15)
MTTD: Mean Time to Detect. (Ch. 12, 14)
NIST CSF: NIST Cybersecurity Framework. (Ch. 1)
OSINT: Open-Source Intelligence. (Ch. 7)
OWASP Top 10: The ten most critical web application security risk categories. (Ch. 10)
Pass-the-hash: Authenticating with a captured NTLM hash without cracking it. (Ch. 9)
PCI DSS: Payment Card Industry Data Security Standard. (Ch. 18)
Penetration test: An authorized simulated attack to identify exploitable vulnerabilities. (Ch. 6)
Phishing: Mass email impersonating a trusted entity to steal credentials. (Ch. 4)
PKI: Public Key Infrastructure. (Ch. 2)
PLC: Programmable Logic Controller. (Ch. 20)
Post-quantum cryptography: Cryptographic algorithms resistant to quantum computers. (Ch. 17)
Privilege escalation: Gaining higher access than initially obtained. (Ch. 9)
Ransomware: Malware that encrypts files and demands payment. (Ch. 15)
Red team: Attackers; the team simulating adversary behavior. (Ch. 6)
Risk: The probability that a threat exploits a vulnerability, weighted by impact. (Ch. 5)
ROSI: Return on Security Investment. (Ch. 5)
RPO: Recovery Point Objective; maximum tolerable data loss window. (Ch. 5)
RTO: Recovery Time Objective; maximum tolerable downtime. (Ch. 5)
SCADA: Supervisory Control and Data Acquisition. (Ch. 20)
SIEM: Security Information and Event Management. (Ch. 12)
Social engineering: Manipulating people to divulge information or take actions. (Ch. 4)
SQL injection: Injecting SQL code via user input to manipulate a database. (Ch. 10)
Supply chain attack: Compromising a target by attacking a trusted vendor or dependency. (Ch. 17)
Threat actor: A person or group responsible for an attack. (Ch. 1)
TLS: Transport Layer Security; protocol securing HTTPS and other communications. (Ch. 2, 11)
Vulnerability: A weakness that can be exploited. (Ch. 1)
YARA: A pattern-matching language for malware identification. (Ch. 15)
Zero trust: Security model requiring verification for every request regardless of network location. (Ch. 11)
Zero-day: A vulnerability unknown to the vendor; no patch exists. (Ch. 17)
Cloud and Infrastructure Terminology#
The following terms recur in cloud computing and modern infrastructure (the conventions below align with major cloud providers such as Amazon Web Services and apply broadly). They complement the security-focused entries above and the networking material of Chapter 3 and the cloud-security material of Chapter 17.
Term |
Definition |
|---|---|
Access Control List (ACL) |
A list of permit/deny rules attached to a resource. In object storage (e.g., Amazon S3), an ACL defines which users may read or write a specific bucket or object; in networking, a network ACL is a stateless, subnet-level traffic filter (Ch. 3, Ch. 11). |
Authentication |
The process of proving your identity to a system (Ch. 1, Ch. 11). |
Authorization |
The process of granting permissions to an already-authenticated entity (Ch. 1, Ch. 11). |
Availability |
A property indicating whether an application, data, or service is accessible and usable on demand by an authorized entity (Ch. 1, Ch. 17). |
Availability Zone (AZ) |
A distinct, isolated location within a cloud Region, insulated from failures in other zones, with low-latency links to the others in the same Region (Ch. 17). |
Amazon Web Services (AWS) |
A large cloud service provider offering on-demand compute, storage, networking, and software services (Ch. 17). |
Application Programming Interface (API) |
The full set of operations, types, inputs, and outputs a service exposes for programmatic use (Ch. 10, Ch. 17). |
Bit |
A single binary digit, either 0 or 1, the basic unit of computing (Ch. 2, Ch. 3). |
CPU (Central Processing Unit) |
The core computational hardware component of a server or device that processes instructions and data (Ch. 1). |
Classless Inter-Domain Routing (CIDR) |
An IP address allocation and route-aggregation method using a prefix length (e.g., /24) to size networks (Ch. 3). |
Client |
A machine or application that accesses a service over a network on a user’s behalf, such as a laptop, phone, or tablet (Ch. 3). |
Client-side encryption |
Encrypting data locally, before it leaves the client, to protect it in transit and at rest (Ch. 2). |
Credentials |
The secrets a system uses to identify a caller and decide access, such as a username and password, an access key, a security key, or a one-time passcode (Ch. 11). |
Cloud Service Provider (CSP) |
A company that provides subscribers with internet-hosted compute, storage, and software services (e.g., AWS) (Ch. 17). |
Data center |
A physical facility that houses computing infrastructure, servers, storage, and network equipment (Ch. 20). |
Data (network) packet |
A unit of data packaged for travel along a network path (Ch. 3). |
Deploy |
To install or update application components onto infrastructure resources (Ch. 17). |
Device |
Hardware that provides access to applications, files, and services (phone, laptop, tablet, PC, server) (Ch. 3, Ch. 20). |
DNS (Domain Name System) |
The service that translates human-readable domain names into numeric IP addresses (Ch. 3). |
Durability |
A storage system’s ability to retain data over time despite failures (e.g., Amazon S3 is designed for 99.999999999%, “eleven nines,” durability), distinct from availability (Ch. 17). |
Edge location |
A data center at the network edge (a point of presence) used to serve content and run service operations close to users (Ch. 17). |
Elasticity |
The ability to acquire resources when needed and release them when not, ideally automatically (Ch. 17). |
Encrypt |
To transform data with a cryptographic algorithm so it is unintelligible without the key (Ch. 2). |
Entity |
An individual, organization, device, or process that can act in a system (Ch. 1). |
Failover |
Redirection of traffic from a primary system to a secondary system after a failure (Ch. 14, Ch. 17). |
Firewall |
A device or software that filters traffic between networks, typically at the boundary between a private network and the internet (Ch. 11). |
Gateway |
A device or node that connects two networks, often translating between protocols (Ch. 3). |
HTTP / HTTPS |
The protocol used to transmit data over the web; HTTPS is HTTP carried over TLS (Ch. 2, Ch. 3). |
IP (Internet Protocol) |
The protocol that defines addressing on a network; versions include IPv4 and IPv6 (Ch. 3). |
IP address |
A unique number identifying a device on a network. IPv4 addresses are 32 bits in dotted-decimal notation (four 0-255 octets), e.g., 192.0.2.10 (Ch. 3). |
Internet Service Provider (ISP) |
A company that provides access to the internet (Ch. 3). |
IT / Information Systems (IS) |
The function or department responsible for installing and maintaining computer hardware and software (Ch. 1, Ch. 20). |
Launch |
Installing and configuring a new virtual server or application, on premises or in the cloud (Ch. 17). |
Multi-Factor Authentication (MFA) |
Requiring two or more authentication factors (e.g., a password plus a single-use code from a device) for stronger account security (Ch. 11). |
On premises |
IT hardware and software hosted at the organization’s own location or data center, rather than in the cloud (Ch. 17). |
Operating system (OS) |
Software that mediates between hardware and the applications running on it (Ch. 1). |
Personal Computer (PC) |
A small-scale computer for individual use, such as a laptop or desktop (Ch. 1). |
Port / port number |
A logical identifier for a specific process or network service; well-known examples include 80 (HTTP), 443 (HTTPS), and 53 (DNS) (Ch. 3). |
Protocol |
A set of rules governing how data is transmitted between devices, e.g., HTTP, SMTP, TLS (Ch. 3). |
Region |
A named geographic area of cloud resources, comprising multiple (typically three or more) Availability Zones (Ch. 17). |
Regional services |
Cloud services built across multiple Availability Zones so they require only a Region and inherit zone redundancy (Ch. 17). |
Resiliency |
The ability of a system to recover from and continue operating through a disruption (clustering, redundancy, failover) (Ch. 14, Ch. 17). |
Router |
A device that forwards data packets between networks (Ch. 3). |
Routing |
Selecting a path across one or more networks and forwarding data from source to destination (Ch. 3). |
Scalability |
The ability of a service to grow (or shrink) as workload demand changes, horizontally or vertically (Ch. 17). |
TLS / SSL |
A cryptographic protocol securing internet communication; TLS is the modern successor to the deprecated SSL (Ch. 2). |
Server |
A computer or device that manages network resources (file, print, database, or network servers) (Ch. 3). |
Server-side encryption (SSE) |
Encryption of data at its destination by the service that receives it (Ch. 2, Ch. 17). |
Subnet / subnetting |
A logical subdivision of an IP network; subnetting is the process of creating subdivisions (Ch. 3). |
Subnet mask |
The bit pattern that separates the network portion of an IP address from the host portion (Ch. 3). |
Switch |
A device that forwards packets between devices within a single network; unlike a router, it is not aware of network-layer addressing (Ch. 3). |
Web Application Firewall (WAF) |
A service that filters and monitors HTTP traffic between an application and the internet (Ch. 10, Ch. 11). |
Zonal services |
Cloud services that require both a Region and a specific Availability Zone (Ch. 17). |
Reliability |
The ability of a system to perform its intended function correctly and consistently when expected (Ch. 17). |
Resiliency |
The ability of a system to recover when stressed (e.g., by load surges); distinct from reliability (Ch. 17). |
Load balancer (ALB / NLB / GWLB) |
Distributes traffic across backends; Application (L7), Network (L4), and Gateway (L3, for inline appliances) load balancers (Ch. 17). |
Content delivery network (CDN) |
Edge caches that cut latency and help absorb DDoS (Ch. 17). |
Hypervisor (Type 1 / Type 2) |
Virtualization layer: bare-metal (ESXi, Xen, KVM, Hyper-V) vs hosted (VirtualBox, VMware Workstation) (Ch. 17). |
SAST / DAST / IAST / RASP |
Static, dynamic, interactive, and runtime application security testing/protection (Ch. 10). |
Message queue / publish-subscribe / event bus |
Event-driven messaging patterns: point-to-point, one-to-many, and rule-routed event delivery (Ch. 12, Ch. 17). |
Public DNS resolver |
A shared recursive resolver such as Google (8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1) (Ch. 3). |
Vulnerability-assessment / threat-detection service |
Cloud services that scan for exploitable weaknesses (e.g., Amazon Inspector) and monitor for active threats (e.g., Amazon GuardDuty) (Ch. 17). |