Cyber glossary

AD (Active Directory): Directory service developed by Microsoft, used to manage and organise resources on a computer network. It allows users, groups, permissions and security policies to be administered through a centralised hierarchy.

IP address: Unique identifier assigned to each device on a computer network, allowing that device to be located and identified when communicating with other systems.

ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information): French organisation responsible for cybersecurity and the protection of critical infrastructure.

Antivirus: Software used to detect, prevent and remove viruses and other malware from a network or system. It analyses files and network activity to identify signatures of known threats.

API (Application Programming Interface): A set of rules and protocols that allows different applications to communicate with each other. An API defines how developers can interact with a piece of software or platform.

APT (Advanced Persistent Threat): A continuous cyberattack modus operandi that involves conducting attacks against the same target on a regular basis over time.

Security audit: An essential process that aims to assess an organisation’s systems and networks to identify vulnerabilities and risks, thereby ensuring compliance with cybersecurity standards.

RDP attacks: Attacks that exploit the Remote Desktop Protocol (RDP).

Multi-factor authentication (MFA): A protection method that requires users to verify their identity multiple times in order to access a website, application or other online resource, using at least two factors (code via text message, code via email, etc.).

Backdoor: A backdoor is a hidden access point to a computer network or machine that is created maliciously without the knowledge of the legitimate user of the system.

Backup: The process of copying data from a system to ensure its recovery in the event of failure, accidental deletion or loss. Backups can be local or remote.

Database: A system for storing and managing data, allowing it to be organised, accessed quickly and manipulated securely.

Breach: A security breach where confidential information is stolen or disclosed to unauthorised persons.

Brute force attack: A brute force attack involves testing various passwords for a given username one after the other in order to log in to the targeted account.

Business Email Compromise: Business Email Compromise (BEC) is a form of email phishing that targets businesses in order to steal money.

CERT (Computer Emergency Response Team): Team responsible for detecting, analysing and responding to cybersecurity incidents. It helps coordinate response actions and provides recommendations to prevent future threats.

Crisis unit: Team dedicated to managing and coordinating responses when an organisation is experiencing a crisis.

CNIL (Commission Nationale de l’Informatique et des Libertés): French administrative authority responsible for personal data protection and IT security.

Credential stuffing: involves making massive authentication attempts on websites and web services using username/password pairs.

Cross-site scripting (XSS): A vulnerability that allows an attacker to inject malicious code into web pages viewed by other users, with the aim of stealing sensitive information or redirecting those users to malicious websites.

Cyberattack: A malicious attempt and intentional effort to disrupt, destroy or access computer systems without authorisation.

Cybercriminal: Groups motivated by financial gain that carry out illegal activities such as data theft, ransomware extortion, online banking fraud or identity theft to achieve their goals.

Cyber resilience: An organisation’s ability to continue to produce results despite unforeseen events, such as a cyber crisis. This resilience aims to anticipate, withstand and recover quickly from a crisis. Cyber resilience brings together three concepts: business continuity, information system security and organisational resilience.

Cybersecurity: A set of practices, technologies and processes relating to digital security and sovereignty, designed to protect IT systems, networks and data from cyber threats.

Cyber terrorist: Online groups created by terrorist organisations to spread their ideologies, destroy critical infrastructure and/or cause disruption in order to spread fear.

Website defacement: An attack aimed at illegally altering the appearance of a website following its hacking. It is a form of website hijacking for hackers.

Denial of Service (DoS): An attack aimed at making an online service unavailable by saturating its resources with a large number of requests, thereby disrupting its normal operation.

Distributed Denial of Service (DDoS): A variant of DoS, but this time the attack comes from multiple sources spread across the world instead of a single source, making detection and mitigation of the attack more complex.

DNS Spoofing: Manipulation of a server’s or computer’s DNS (Domain Name System) cache to redirect users to malicious websites without their knowledge.

Double/Triple Extortion: These are ransomware attacks in which cyber attackers use two or even three channels of pressure to obtain payment of the ransom. This attack technique combines data encryption with the threat of publication in order to increase pressure on victims.

DORA (Digital Operational Resilience Act): DORA is a European regulation aimed at increasing the digital operational resilience of organisations.

DPO (Data Protection Officer): Ensures the organisation’s compliance with personal data protection regulations. During a crisis, they assess the impact on personal data and coordinate legal notifications.

DSI (Directeur des Systèmes d’Information) : Responsable de la gestion et de l’optimisation des systèmes informatiques de l’organisation. En cas de crise, il coordonne la restauration des systèmes et la continuité d’activité informatique.

EDR (Endpoint Detection and Response): A security tool that monitors devices to detect, investigate and respond to suspicious activity in real time.

Crisis exercise: A planned simulation to train teams to manage a critical situation and test their crisis management plan. These simulations are designed to test the plan and train teams to be ready in the event of an attack.

Data exfiltration: Unauthorised transfer of data by a cyberattacker to an external location, usually in order to put pressure on the victim or to resell the data.

Firewall: A network security system that monitors and controls incoming and outgoing traffic based on predefined rules in order to protect a network from unauthorised access.

RaaS (Ransomware as a Service) group: A group that provides ransomware software to other actors who use it to extort money. These programmes can be deployed, causing widespread damage.

Hameçonnage ciblé/Spearphishing : Mode opératoire utilisé par les cybercriminels pour dérober des informations personnelles et/ou bancaire en visant des individus ou organisations spécifiques. Cette technique vise à tromper la victime et à l’inciter à communiquer ses informations dans le but d’être utilisés ou revendus pour mener des actions frauduleuses.

Hacktivist: A group or individuals who use cyberattacks to promote a political or social cause.

IDS (Intrusion Detection System): An intrusion detection system that monitors the network for suspicious or abnormal activity. When a threat is detected, the IDS sends alerts to network administrators.

Social engineering: All the techniques used by cybercriminals to obtain information from a person through manipulation or abuse of trust.

IPS (Intrusion Prevention System): Like the IDS, the IPS detects intrusions, but it can also take automatic measures to prevent attacks, such as blocking malicious connections.

Leak: Exposure of sensitive, confidential or protected information (personal information, bank details, medical data, etc.) about a person without their authorisation.

Man-in-the-Middle (MitM): Consists of intercepting communications between two entities without either entity knowing that the communication channel has been compromised.

Malware (Malicious software): Malicious software designed to disrupt, damage or gain unauthorised access to a computer system. This type of software includes viruses, worms, Trojan horses and other harmful software.

Logbook: A statement in which events (date, nature, location, etc.) are reported. This document allows all actions and decisions taken during an important event, such as a crisis, to be recorded in real time.

MDR (Management Detection and Response): The MDR solution combines detection technology (EDR or XDR) with managed services. It therefore offers continuous monitoring of networks and systems with cybersecurity experts who manage security incidents and respond to threats in real time.

NAT (Network Address Translation): A technique used in routers to modify the IP addresses of data packets in order to access the Internet.

NIS (Network and Information Systems Security): The NIS Directive is European legislation that establishes minimum security requirements for the networks and information systems of operators of essential services (such as energy, transport or health) in order to ensure their resilience to cyber attacks.

Pentest (Penetration Testing): A method of assessing the security of an IT system through exercises and simulated attacks, enabling identified vulnerabilities to be identified and corrected.

Business Continuity Plan (BCP): Document/process enabling an organisation to maintain or restore its functions after a crisis event, if there has been a business interruption. This plan ensures the continuity of a business and guarantees its resilience.

Disaster recovery plan (DRP): Document/process that aims to restart a company’s professional activities and help it cope with a crisis or incident.

Crisis management plan: Strategic documents detailing all the measures to be taken in the event of a crisis. They set out the roles, responsibilities and actions that everyone must undertake in a crisis situation.

Phishing: A type of fraud where an attacker pretends to be a legitimate entity or person (bank, company, authority, celebrity, etc.) in order to trick users into disclosing sensitive information (passwords, bank details, confidential information, etc.).

Process: A programme running on a computer, involving the execution of instructions and the use of system resources such as memory and the processor.

Data protection: All measures and policies aimed at ensuring the confidentiality and integrity of sensitive or personal data, guaranteeing its storage, transmission and security.

RAM (Random Access Memory): Volatile memory used by a computer to temporarily store data and instructions during execution. RAM is erased when the computer is turned off.

Ransomware: A type of malware that blocks access to files or a computer system, demanding a ransom to release access. This often includes the theft of sensitive data, which may be disclosed if the ransom is not paid.

GDPR (General Data Protection Regulation): EU regulation that also applies in the United Kingdom governing the processing of personal data. It imposes strict obligations on organisations regarding the collection, storage and security of personal data.

Rootkit: Malicious software designed to conceal an attacker’s presence in a system by hiding the malicious elements used by the attacker (files, processes, registry keys, etc.).

CISO (Chief Information Security Officer): The CISO defines and oversees the organisation’s IT security strategy. In a crisis situation, they manage the response to the incident and minimise risks to systems and data.

SaaS (Software as a Service): A software distribution model where the application is hosted in the cloud and accessible remotely via a browser, without the need for local installation on the user’s device.

SOC (Security Operations Centre): A team dedicated to real-time monitoring of security events on the network, threat detection and security incident management.

Social engineering: Psychological manipulation of individuals to induce them to disclose confidential information. Tactics such as vishing or social engineering via social networks are used for this purpose.

Spear phishing: A method used by cybercriminals to steal personal and/or banking information by targeting specific individuals or organisations. This technique aims to deceive the victim and encourage them to disclose their information so that it can be used or sold on to carry out fraudulent activities.

SQL injection: An attack that involves inserting malicious SQL code into a database query, allowing an attacker to manipulate or extract sensitive information from a website or system database.

Information system: An organised set of hardware, software and human resources used to collect, store, process and distribute information, particularly through a computer network.

Threat Intelligence: A discipline based on intelligence techniques that aims to collect and analyse all information on potential cyber threats to help prevent and/or mitigate attacks.

Transformation Digital: A phenomenon linked to the rise of digital technology, it aims to rethink an organisation’s strategy to improve its efficiency and resilience through new digital technologies.

Trojan horse: A type of malware that masquerades as legitimate software but, once installed, allows an attacker to take control of the user’s system.

VDR (Vulnerability Detection and Response): Security solution focused on detecting and managing vulnerabilities within the network or systems. It identifies exploitable weaknesses in the infrastructure and proposes corrective actions to secure them.

Virus: Malicious code that spreads by infecting files or programmes, making the system vulnerable to further attacks.

Vishing: A phishing attack via telephone, where the attacker pretends to be a legitimate entity to trick the victim into disclosing sensitive personal information. This often involves automated calls or voice messages.

VPN (Virtual Private Network): Technology that creates a secure tunnel over a public network, such as the Internet, to ensure the confidentiality and integrity of data exchanged between a device and a private network.

WAN (Wide Area Network): A computer network covering a large geographical area, often interconnecting several local networks, enabling communication between devices across significant distances.

XDR (eXtended Detection and Response): XDR is a detection and response solution that extends the capabilities of EDR to include not only endpoints (workstations, servers, etc.), but also networks and applications. It centralises security data for a broader view and more effective threat detection.

Zero-day attack: An attack that exploits a vulnerability not yet known to the manufacturer. These vulnerabilities are particularly dangerous because there is no patch or defence available until they are discovered.