This post will serve as a quick reference guide to some of the most widely used jargon in the domain of cyber security.

What’s the difference between an allowlist and a denylist?

Allowlist: In Allowlist, everything is denied access by default. We explicitly allow items/entities to the list. 

Blocklist: In Blocklist, everything is allowed access by default. We explicitly block items/entities to the list.  

What’s the difference between an event, alert, and incident?

Event is a change that has been observed to the normal behavior of a system or process. 

Alert is a notification that a particular event has occurred, which is escalated to the person/entity who is responsible for it. 

Incident is an event that negatively affects the confidentiality, integrity, and/or availability (CIA) at an organization in a way that impacts the business. 

What’s the difference between a threat, vulnerability, and risk?

Vulnerability refers to a weakness in systems such as hardware, software, procedures, application, and so on.  It is a way the hackers could easily find their way into the system and exploit it.

Threat refers to anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. A threat is what we’re trying to protect against.

Risk refers to the potential for loss, damage, or destruction of an asset as a result of a threat exploiting a vulnerability.

What’s the difference between red, blue, and purple teams?

Red teams are on offense. They try to break into the systems.

Blue teams are on defense. They defend the systems.

Purple team integrates the red and blue teams in a way that facilitates them learning from each other and improves the security of the overall organization.

What is the difference between encoding, encryption, and hashing?

Encoding is a method for converting data from one format to another so that it can be interpreted and consumed by other systems. In encoding, there is no such thing as a “Key.” The data is decoded using the same algorithm that was used to encrypt it in the first place. As a result, if an attacker has access to the encoded data, it is relatively straightforward for them to decode it. ASCII, Unicode, Base64, and other algorithms are examples of such algorithms.

Encryption is a way of hiding a message with the intent of only allowing the intended recipient to understand the meaning of the message. It is a two-way function where information is encoded and decoded with the help of matching key(s). This is designed to protect data in transit.

Hashing is a one-way encryption technique which means that it is impossible to reverse engineer the hash value to get the plain text back. If a password is stored as a hash, the data is safe even if the computer is hacked (since the function cannot be reversed). When a user inputs a password, the computer can simply use the same hashing process to convert the password to a hash, which it can then compare to the previously stored hash to determine if they match. Message digests are created using hash functions to ensure that a message hasn’t been modified in transit.

What is salting?

Salting is the process of adding random values to the end of data.  It is an additional input to a one-way function that hashes data. Salts are used to safeguarding data, especially passwords. This is used to have protection against brute force attacks where the attackers try every possible dictionary word and number to guess the value. Salting makes it harder for the attacker to guess the value. 

What is TLS, SSL, or HTTPS?

TLS stands for Transport Layer Security. It is a cryptographic protocol that helps secure communications over a network. A primary use case of TLS is encrypting the communication between web applications and servers.

SSL stands for Secure Sockets Layer. It is the predecessor to TLS and is largely depreciated.

HTTPS stands for Hypertext Transfer Protocol Secure. It is HTTP encrypted with SSL or TLS (typically TLS, since it has largely replaced SSL).