Starting with Algorithm and ending with Virus, this list features terms like Phishing and Firewall… As the symposium entitled “Are we entering a new era of cybersecurity?” is getting underway at IMT, here are 24 words to help you understand the concepts, technologies and systems used to protect people, materials and organizations from cyberattacks. This glossary was compiled with the help of Hervé Debar, a researcher at Télécom SudParis, an expert in cybersecurity and co-organizer of the symposium.
Algorithm – A sequence of instructions intended to produce a result (output data) by means of a calculation applied to input data.
Critical infrastructures – Infrastructures for which a cyberattack could have very serious consequences for the services provided, even to the point of putting lives at risk.
Cryptography – The science of secrets. Cryptography proposes algorithms that can make data unreadable for those who do not have the secret. It also makes it possible to sign digital documents.
Cyberattack – A sequence of actions that lead to the violation of the security policy. This violation often takes the form of a computer system or network malfunction (inability to connect, a service that is no longer available, or data being encrypted using ransomware). A cyberattack can also be invisible, but lead to serious consequences, such as the theft of confidential information.
Cyber defense – A country’s means of attacking and defending its computer systems and networks.
Cyber range – A training platform for cyberattacks and defense.
Denial of Service Attack (see Distributed Denial of Service Attack)
Distributed Denial of Service Attack (DDoS Attack) – An attack aimed at overloading a service provider’s resources (often related to the network), making it inaccessible.
Electromagnetic injection – An electromagnetic signal sent to disrupt the operation of an electronic component (processor, memory, chip card…).
Firewall – A network component that filters incoming and outgoing traffic on a website.
Flaw – A (software) flaw is a programming error made by the programmer that allows a hacker to run a program for a different use than what was intended. The most prevalent example is SQL injection, in which hackers use a web site’s interface to control databases they could not normally access.
Google Project Zero – A Google project aimed at finding new vulnerabilities in software.
Hacking – Computer data theft.
Intrusion – Unauthorized connection to a system.
Krack (Key Reinstallation Attacks) – Attacks against the WPA2 protocol that allow an attacker to force the reuse of an encryption key. This allows the attacker to collect a large number of packets, and therefore decrypt the network traffic more easily, without knowing the key.
Malicious software (see Malware)
Malware – A program used for a purpose that is inconsistent with the user’s expectations and violates the security policy. Malware often uses vulnerabilities to enter a system.
National Vulnerability Database – A project of the National Institute of Standards and Technology (NIST) that identifies and analyzes software flaws.
Phishing – A social engineering technique, in which an attacker convinces a victim to act without understanding the consequences. The technique often relies on emails with fraudulent content (e.g. CEO fraud scams).
Ransomware – Malicious software (malware) aimed at extorting money from a victim, often by encrypting the data on their computer’s hard disk and demanding payment in exchange for the decryption key (often these keys are useless, and purchasing them is therefore useless).
Resilience (by design) or cyber-resilience – A system’s ability to function in the event of an attack, that is, provide a service to its users in any condition, albeit at a reduced level.
Security Information and Event Management – A platform for uploading and processing alerts that allows operators to monitor their systems’ security and react in the event of an attack.
Trojan Horse – A backdoor installed on a system without the users’ and administrators’ knowledge, which allows a hacker to regularly and easily connect to the system without being seen.
Virus – Malicious software capable of entering a system and spreading to infect other systems.