Glossar

An Advanced Persistent Threat (APT) is an advanced and persistent threat that usually targets companies, organizations or government institutions. An APT attack is usually carried out by highly skilled cybercriminals or state actors who deliberately and continuously attempt to penetrate … Read More

Airgap is an information technology term that refers to the physical separation of a computer system or network environment from other networks or systems. This is done by introducing an air gap between the systems to prevent the exchange of … Read More

Bad bots (also known as malware bots or script bots) are automated programs used by cybercriminals to carry out malicious activities on the Internet. These bots can perform a variety of tasks, including data theft, identity theft, network overload, spamming, … Read More

With a brute force attack, a hacker aims to crack passwords. With the help of an algorithm, various character combinations are tried out in a very short time. For example, a 7-character password – consisting of one capital letter and … Read More

BSI IT-Grundschutz (Federal Office for Information Security IT-Grundschutz) is a framework for IT security in Germany. It defines the necessary steps for securing IT systems and processes and supports companies and organizations in bringing their information security to an appropriate … Read More

Business Intelligence (BI) refers to the technologies, applications and practices for collecting, integrating, analyzing and presenting company data. The aim of BI is to support the decision-making process in companies by transforming data into meaningful insights and information. BI systems … Read More

A computer virus is a type of malware that is capable of spreading itself and inserting itself into other computer programs or files. In general, a virus only becomes active when the infected code is executed. Once this happens, the … Read More

Cross-site scripting (XSS) is an attack method that specifically targets web applications in order to inject malicious code (usually JavaScript) into a website. This code is then executed unnoticed in the user’s browser when the infected page is accessed. This … Read More

Cybercrime refers to criminal offenses that are committed using computer systems, the internet or other digital technologies. These crimes can be committed by individuals, groups or organizations and can take a variety of forms, including: Phishing: The attempt to steal … Read More

Cybercrime insurance is a special insurance policy that protects companies against financial losses in connection with cybercrime. This type of insurance usually provides protection against losses that can be caused by data theft, hacker attacks, malware infections, ransomware, phishing attacks … Read More

Cyberheist is a term made up of the words “cyber” and “heist” and describes a type of criminal activity in which a thief or group of thieves hacks into a digital facility, such as a bank or financial institution, to … Read More

A data breach is the unauthorized access, loss or theft of sensitive data by a person or group who is not authorized to do so. Such a breakdown can be caused by human error, inadequate safety measures or technical faults. … Read More

Data governance is a term from information management practice that refers to the management and control of data within an organization. Data governance aims to ensure that data is properly recorded, stored, managed and used within the company. Effective data … Read More

Data literacy is the ability to understand, interpret, analyze and communicate data. It is an important part of digital literacy and the ability to navigate in today’s data-driven world. Data literacy encompasses the ability to identify, collect, store and organize … Read More

Data management is a computer science term that deals with the management of data in a company, an organization or an individual context. It covers the entire life cycle of data, from its creation and collection through to storage, processing, … Read More

Data mining is a process of discovering useful information from large amounts of data by identifying patterns and relationships that might not otherwise be obvious. It is a machine learning method that is frequently used in science, business and other … Read More

Data protection impact assessment (DPIA) is a procedure used in the field of data protection to assess and minimize the impact of data processing on the privacy of data subjects. The purpose of a DPIA is to identify potential risks … Read More

A DDoS attack (Distributed Denial of Service) is a cyber attack that aims to make a system – usually a web server or online service – inaccessible by overloading its resources. To do this, the server or network is flooded … Read More

Defense Cyber Security refers to the protective measures taken to protect government and military networks, systems and data from cyber attacks and threats. There are several options for Defence Cyber Security, including: Network monitoring and analysis to detect and prevent … Read More

DNS spoofing (also known as DNS spoofing or DNS hijacking ) is an attack technique in which attackers manipulate the Domain Name System (DNS) to direct users to fake websites. The DNS is responsible for converting web addresses such as“www.example.com” … Read More

Email spoofing refers to a practice in which an attacker inserts false information into the sender of an email to trick the recipient into believing the email is legitimate. This is often used by cybercriminals to carry out phishing attacks … Read More

A firewall is a software or hardware component that is used to protect a network or computer from unauthorized access. A firewall monitors data traffic between an internal network and the internet and blocks unwanted traffic such as malware or … Read More

Go Digital is a funding initiative of the Federal Ministry for Economic Affairs and Energy (BMWi) that supports small and medium-sized enterprises (SMEs) with digitalization. The initiative was launched in 2017 and aims to support SMEs in their transition to … Read More

A greylist (also: greylisting) is a method of combating spam in e-mail systems. An email server is temporarily placed on a “gray list” if it attempts to send an email to a recipient with whom it has not yet communicated. … Read More

A hacker is a person who is familiar with computer and information technology and uses this knowledge to solve problems, research new technologies or modify computer systems. The term “hacker” was originally used to describe a person who focuses on … Read More

ICS (Industrial Control System) and SCADA (Supervisory Control and Data Acquisition) are systems that are used in industrial plants and infrastructures to monitor and control processes. An ICS is a system that consists of a large number of hardware and … Read More

IDS/IPS and firewall solutions are preventive measures for securing a network or an application. A firewall can block unwanted traffic or control access authorizations. IDS/IPS systems can recognize unusual activities and react to them by blocking the data traffic or … Read More

An IP address (Internet Protocol address) is a numerical identifier that is assigned to computers and other network devices to identify them on the Internet and in other networks. An IP address consists of a series of four numbers separated … Read More

IT compliance is a term from the field of information technology and refers to compliance with legal, regulatory and operational requirements in connection with IT systems and processes. In today’s business world, IT compliance is of great importance as companies … Read More

IT security is a broad topic that encompasses many different aspects. One important area is the protection of computer networks and infrastructures. To ensure this, there are various technologies that can be used. A firewall, for example, is an important … Read More

A keylogger is a monitoring tool that records every keystroke made by a user and thus collects detailed information about their activities. The data collected by a keylogger can include confidential information such as passwords, PINs, credit card numbers or … Read More

Malvertising is a term made up of the words “malware” and “advertising”. It refers to the use of online ads to download and execute malicious software (malware) on the user’s computer. Malvertising attacks can be carried out in various ways. … Read More

Malware is an umbrella term for malicious software that has been developed to carry out unwanted or harmful actions on IT systems. The word “malware” is derived from the English terms “malicious” and “software” and refers to a variety of … Read More

A man-in-the-middle attack (MITM) is a cyberattack method in which an attacker secretly penetrates the communication between two parties in order to intercept, manipulate or forward information. The attack usually goes unnoticed by the person affected, as the communication appears … Read More

Penetration testing simulates an attack on the system or application to see how well it is protected against real threats. Penetration Testing is often carried out by external experts and can help to assess the actual security of the system.

Pharming is a term used in information technology and refers to a form of Internet fraud in which cyber criminals attempt to steal user data such as passwords or credit card information by using manipulated websites or DNS servers. The … Read More

Phishing is a form of Internet fraud in which fraudsters attempt to steal personal and confidential information from victims. Typically, this is done through a fake email that pretends to come from a trusted source such as a bank, online … Read More

Ransomware is a form of malware that aims to make a computer system or certain data inaccessible by encrypting it. The name is derived from the word “ransom”, as attackers usually demand a large sum of money after a successful … Read More

Resilience is a term used in psychology to describe a person’s ability to cope with difficult life situations and emerge stronger from them. A person with a high level of resilience is able to overcome crises, challenges or changes in … Read More

Skimming refers to a criminal technique in which criminals electronically steal data from bank cards in order to later make unauthorized withdrawals or purchases with these cards. Skimming can be carried out in a number of ways, but typically criminals … Read More

Smishing is a term made up of the words “SMS” and “phishing” and refers to a form of fraud in which criminals attempt to steal personal data from unsuspecting users by sending fake SMS messages. Typically, a smishing message contains … Read More

Social engineering is a method of fraud or manipulation that aims to exploit human weaknesses and behaviors to gain access to information or resources that are not normally accessible. The term refers to the use of social interactions and relationships … Read More

Spam is a term that refers to unwanted and unsolicited messages that are distributed via various digital communication channels such as email, SMS, social media and instant messaging services. These messages are often sent by senders trying to promote a … Read More

  Spear Phishing ist eine Form des Phishings, bei der Angreifer gezielte E-Mails an Einzelpersonen oder Unternehmen senden, um vertrauliche Informationen zu sammeln oder Schadsoftware zu verbreiten. Im Gegensatz zu herkömmlichem Phishing, das breit gestreut und zufällig ist, zielt Spear … Read More

Spoofing is a technique in which an attacker attempts to impersonate another person, machine or entity in order to gain unauthorized access to systems or data or to carry out malicious activities. Various methods can be used in spoofing to … Read More

Spyware is a type of software that is secretly installed on a computer or mobile device to monitor user behavior and collect information. Spyware can enter a system in a number of ways, including downloads from infected websites, email attachments … Read More

SQL injection (SQLi) is an attack technique in which attackers exploit a vulnerability in the database query of a web application to inject malicious SQL commands. These commands allow the attacker to gain access to confidential data, manipulate or delete … Read More

A Trojan is a type of malware that disguises itself as a useful application in order to gain access to a computer system or carry out harmful actions. The name Trojan goes back to Greek mythology, in which the Greeks … Read More

Vishing is a form of fraud in which criminals attempt to collect sensitive information from victims through the use of voice technology and phone calls. The term vishing is derived from the English words “voice” and “phishing”. In a vishing … Read More

Vulnerability-Assessment refers to the process of identifying and evaluating security vulnerabilities in a system or application. This can be done using automated tools or manual checks. The aim is to identify potential vulnerabilities before they can be exploited by attackers.

Vulnerability management refers to the process of identifying, assessing and eliminating security gaps in an IT infrastructure or software. The aim of vulnerability management is to minimize the risk of attacks on a system by identifying and eliminating security gaps … Read More

Vulnerability management is a broader approach that includes identifying vulnerabilities, but also assessing risks, prioritizing actions and monitoring changes over time. It is therefore not only about identifying weaknesses, but also about implementing measures to eliminate risks.  

A zero-day exploit is an attack that takes advantage of a previously unknown vulnerability in a software or system. The term “zero-day” indicates that the developers or the responsible organization had no warning – in other words, there were “zero … Read More