When it comes to technology, there is a lot of terminology and for those who don’t work in IT, it can seem like a completely different language. In an effort to make tech terms easier to understand, we regularly post definitions on our Twitter but we thought it may be helpful to have everything in one place. We will update this regularly with the latest IT vocabulary so you can stay informed.

Back Door

A vulnerability that allows attackers to gain access to a computer or network.

Black Hats

Black Hats are hackers with criminal intentions. AKA: Cyberattackers

Brute Force

A trial-and-error method malware that allows malicious parties to access your computer remotely.

(HIPAA) Compliance

HIPAA compliance is the process by which a patient’s Protected Health Information (PHI) is kept secure. When it comes to IT, compliance encompasses all systems used to transmit, receive, store or alter ePHI. In order to become and remain compliant, there must be security measures in place to ensure confidentiality.

Compliance is vital – take advantage of a free compliance assessment. Click here.

Digital Forensics

The procurement, analysis and interpretation of electronic data for presentation as evidence in a court of law.

DDos Attack

A Distributed Denial-of-Service (DDos) attack is an attempt to disrupt a targeted server, network or service by flooding it with more traffic than it can handle.


Encryption is the process of securing data by making it unreadable without a key. This is done by using numerous algorithms to scramble the data.

IP Address

IP stands for Internet protocol. Every computer has a unique IP address, which allows it to be distinguished from other computers connected to the internet.


A type of spyware used to track and record keystrokes.


Malware issues stem from someone clicking on a suspicious link or email attachment. This gives attackers access to critical files, including data & applications the organization uses.


Pen-testing is short for penetration testing. During a pen-test, a simulated cyber attack is carried out to expose potential vulnerabilities.


The goal of phishing is to obtain valuable information. It occurs when employees are contacted via email or phone by someone posing as a legitimate professional.


Ransomware is a type of malware. Using encryption, attackers make critical data inaccessible and demand victims pay a ransom to have access restored.


A rootkit is a type of malware that allows malicious parties to access your computer remotely.

Secure Socket Layer (SSL)

The standard technology used to establish a secure connection between a web server and a browser.


Spyware is a type of malware that infiltrates devices to gather information about users and organizations.

Social Engineering

Social engineering is when cybercriminals use psychological manipulation to trick users into giving away sensitive information.

Threat Actor

A threat actor is a person or entity responsible for a cybersecurity incident. This could be an internal threat or an external threat.

Threat Assessment

The process of identifying and evaluating potential threats or risks.

Two-Factor Authentication

Also known as two-step authentication, it is an extra safeguard to prevent unauthorized access to websites and applications. It requires a user to take an extra step to verify their identity, such as entering a one-time code, rather than just providing their username and password.


A VPN is a tool that masks an online user’s location and encrypts traffic, allowing them to remain anonymous online.

White Hat

White Hats are hackers who leverage their skills with good intentions. They identify vulnerabilities and inform the developers so they can be addressed.

Zero-Day Attack

In a zero-day attack, there is no time between when a vulnerability is discovered by developers and when criminals begin to exploit it.

Have questions? We’re happy to help. Give us a call at 626-567-40140 (toll-free: 1-833-LA-MSSP-9 or send an email to sales@metallicit.ai. You can also reach out on Twitter and Linkedin. To claim a complimentary cybersecurity assessment, click here.