By David X Martin

The question isn’t if a cyber attack will occur, but when.

Most companies’ cybersecurity strategy is reactive – triage to contain damage — and that’s not sufficient to survive in business, let alone thrive. The risk of cyber attacks for businesses, and their employees (personally and professionally), is ever expanding. Just as the health industry has shifted from simply treating disease to preventing it, so, too, must organizations and individuals become proactive about cybersecurity to ensure they can go about business successfully.

Understanding cybersecurity concepts and the lingo is a great start to forming a strategy for the prevention, defense, response, and recovery cycle. Here’s a collection of common terms and phrases used in cyber risk management and the security concerns of running a business. In addition to the definition, context and considerations for major concepts are covered.

Major Concepts

  1. Cyber Attacks
    A cyber attack (or cyberattack) is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. An attack can maliciously disable computers, steal or change data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods, including malware, phishing, ransomware, denial of service (DOS), cybercrime, botnets, identity theft, cyberstalking, potentially unwanted programs (PUPs), and exploit kits. One needs only to read the news to see the fallout from breaches, from governments like Georgia to companies like British Airways and Equifax. Read more on Cyber Attacks

  2. Cyber Crime
    This occurs when a computer is the object of the crime or is used as a tool to commit an offense. A cyber criminal may use a device to access a user’s personal information, confidential business information, government information, or to disable a device. It is also a cyber crime to sell or elicit the above information online. There are three major categories of cyber crime: individual, property and government. Identity theft and cyberstalking are among the methods criminals use. Read more on Cyber Crime

  3. Cybersecurity
    Cybersecurity (or “cyber security”) is defined as the practice of defending computers, servers, mobile devices, electronic and operational systems, networks, and data from cyber attacks. The term applies to a variety of contexts, from business to mobile computing. It’s important to realize that cybersecurity cannot be guaranteed, but a timely and appropriate reaction can, so it’s important to be prepared for what-if scenarios. Also, cybersecurity is also not a problem to be solved – it’s an ongoing risk to be managed. Read more on Cybersecurity

  4. CyberWellness
    CyberWellness is a proactive strategy to manage cyber security risk. It’s a paradigm for business management that takes a holistic view toward ensuring people, processes and products are in sync for prevention, defense, response, resilience, and other aspects of tech breaches. A CyberWellness program is advised for all businesses, regardless of size, because new threats are emerging as technology continues to get embedded in personal lifestyles and workplaces. Read more on CyberWellness

Terms by topic

Types of Breaches
Broken or misconfigured access controls
Denial of Service (DoS)
SQL Injection (SQLI)

Types of Cybersecurity
Application Security
Data Security
Information Assurance and Security Management
Information Systems
Network Security
Security Controls
Related: Security Solutions

Types of Data
Business Information
Classified Information
Sensitive Data (Sensitive Information)
Personally Identifiable Information (PII)

Security by Design*
The asterisked terms below are considerations for a comprehensive approach to Cybersecurity and Cyber Wellness.

All terms in alphabetical order

Access Controls
Application Security
Breach (data breach)
Business Information
Chief Information Security Officer (CISO)
Classified Information
Cyber Attack (cyberattack)
Cyber Crime (cybercrime)
Cybersecurity (cyber security)
Data Security
Denial of Service (DoS attack)
Disaster Recovery
Identity Theft
Incident Response Plan
Information Assurance & Security
Information Systems
Intrusion Prevention System (IPS)
Network Security
Personally Identifiable Information (PII)
Potentially Unwanted Programs (PUPs)
Security Awareness*
Security Controls*
Security Management*
Security Officer (CSO)*
Security Operations Center (SOC)*
Security Policy*
Security Risk Assessment*
Security Strategy*
Security Training (for employees)
Security Threats
Sensitive Data (sensitive information)
Social Engineering
SQL Injection (SQLI)
Vulnerabilities (Hping, Nmap, Nessus, pOf)