A
Adware
Adware operates behind the scenes, discreetly displaying or downloading ads, often without a user’s direct approval. Its primary mission is to boost its developer’s revenue by placing those ads front and centre for the user.
Cyber Lexicon
Breaking down cyber terms for a safer, shared digital experience.
B
Brute-Force Attack
Brute force is a hacking method, often automated, that systematically tries different credential combinations to gain unauthorized access to a system or account.
C
CEO Fraud
CEO fraud is a cyberattack method where cybercriminals impersonate CEOs or other business executives to trick employees into disclosing sensitive information or completing fraudulent transactions.
CIS Controls: Prioritising cyber defence for modern security architectures
CIS controls rank 18 measures by their proven effectiveness against real-world attacks, helping organisations see what strengthens defence most.
COBIT framework explained: aligning IT governance with business strategy
If you want to seamlessly combine IT security and business objectives, you need clear structures. The COBIT framework minimises risks and creates measurable added value.
Cyber Resilience Act explained: requirements, timeline and scope
The Cyber Resilience Act introduces EU-wide cybersecurity requirements for products with digital elements. This article explains what changes, when key obligations apply, and which organisations across the EU need to act. Contents Summary: what the Cyber Resilience Act regulates The Cyber Resilience Act (CRA) is an EU regulation. It sets common cybersecurity requirements for products […]
D
Data Leak Protection for IT Decision-Makers: Strategies, Solutions and Best Practices
Data leak protection, data leak prevention and data loss prevention sound similar, but mean different things. We clarify the terms and present strategies for CISOs.
DDoS Attacks
Distributed Denial-of-Service attacks (DDoS) are a potent weapon in a hacker’s arsenal designed to disrupt normal business activity by flooding systems with unnecessary traffic, overwhelming servers and websites.
DORA
The Digital Operational Resilience Act is legislation introduced by the European Union whose purpose is to improve the cyber defences of the financial sector. DORA sets clear operational standards to help businesses reduce digital disruptions and better protect themselves from cyberthreats.
Doxxing
Doxxing is a malicious online scheme that involves exposing private information about individuals or organisations in the digital arena, setting the stage for security breaches and relentless harassment.
H
Human Firewall: the Key to Cyber Resilience
Technology alone is not enough to protect you. Instead, people are the first line of defence against cyberattacks. A strong Human Firewall detects attacks early and can therefore prevent damage.
Human Risk Management
HRM is a holistic approach to security that focuses on identifying, quantifying, actively managing, and ultimately reducing your human risk. An approach that prioritises outcomes and behavioural drivers to foster a security culture where safe behaviour becomes second nature.
I
ISO 27001 certification: process, costs and requirements
ISO 27001 certification helps make information security measurable and verifiable. This article explains the certification process, what it involves and the business value of pursuing it. Contents Key takeaways: ISO 27001 certification What is ISO 27001 certification and what is assessed? Our guide to the ISO 27001 framework covers the structure and requirements of the […]
ISO 27001:2022 explained: requirements, key changes and implementation strategies
ISO 27001:2022 is one of the most widely recognised international standards for information security. Discover how to implement the framework effectively in your organisation.
M
Malware
Malware is a blanket term for any type of malicious software designed by cybercriminals to infiltrate a system. From viruses and worms to ransomware and trojans, malware can take many forms and have very diverse consequences on your devices.
Man-in-the-Middle Attack
In man-in-the-middle (MitM) attacks, a malicious actor intercepts communication between two parties without their knowledge or consent, which allows the attacker to eavesdrop on the conversation, altering or stealing information exchanged between the two parties.
MFA Fatigue Attack
An MFA fatigue attack is a tactic where attackers flood a user with repeated multi-factor authentication requests, exploiting the user’s decreasing alertness due to exhaustion. This vulnerability is then used to breach an account or system.
Multi-Factor Authentication
Multi-factor authentication (MFA) is a security method in which users have to provide two or more forms of verification to access a system or account. It can rely on three different types of identifiers: something the user knows, something the user has, and something the user is.
N
NIS2 checklist: key steps for structured implementation
A NIS2 checklist gives teams a practical way to organize the work ahead. It helps clarify who is responsible for which tasks, which measures need to be documented, and where evidence may be needed for reviews or audits.
NIS2 compliance: how to build it effectively
Clear processes are essential for establishing robust NIS2 compliance within organisations. Find out how organisations can minimise liability risks.
NIS2 directive: requirements, deadlines and implementation in 2026
The NIS2 Directive is reshaping cybersecurity across Europe. Learn what it requires, who it applies to and how organisations can prepare.
NIS2: Who does NIS2 apply to? A clear overview for businesses
Check in minutes whether your company may be affected, and see what matters now for security and compliance.
NIST Cybersecurity Framework 2.0: governance, maturity and practical implementation
NIST 2.0 updates the NIST Cybersecurity Framework with stronger governance, supply‑chain risk coverage and measurable outcomes for security teams.
P
Phishing
Phishing is a type of cybercrime in which attackers use different channels – often fraudulent emails – to deceive individuals into revealing sensitive information.
Phishing simulation
Phishing simulations are simulated phishing attacks that educate employees on recognizing and defending against email-based threats. They help improve employee awareness, identify vulnerabilities, and cultivate a resilient cyber security culture.
Pretexting
Pretexting is a social engineering technique where an attacker fabricates a scenario and assumes a false identity to manipulate individuals into divulging confidential information or performing actions that compromise security.
Q
Quid pro quo attacks
A quid pro quo attack is a deceptive tactic employed by cybercriminals to trick individuals into providing sensitive information, granting system access, or taking specific actions under the false pretense of receiving something beneficial in return.
Quishing
Quishing involves the use of manipulated or fake QR codes by hackers to carry out fraudulent activities, such as stealing personal information and spreading malware.
S
SABSA framework: aligning security architecture with business strategy
The SABSA framework helps connect security architecture with business goals, covering the matrix, lifecycle and certification in one structured approach.
Shadow IT
Shadow IT represents the hidden side of cyber security where employees use software, hardware, or cloud services behind the scenes, without IT’s approval, inadvertently paving the way for cybercriminals.
Smishing
Smishing is a form of phishing where cybercriminals use text messages to lure recipients into disclosing sensitive information or downloading malware to their devices.
Social Engineering
Cybercriminals use social engineering techniques to manipulate their victims into disclosing sensitive information.
Spoofing
Spoofing is a deceptive practice where hackers mask their identity to emulate a trusted source as part of a fraudulent scheme. It can play out across different channels, from GPS and text messages to email, and relies on three pivotal elements: the appearance of a familiar user, the imitation of a trusted device, and the simulation of a safe location.
T
TOGAF framework: structuring enterprise architecture
The TOGAF framework gives IT architects a common language. This article looks at what the TOGAF framework is for, where it tends to be useful, and whether certification is worth considering. Contents What is TOGAF? A practical introduction The TOGAF framework, short for The Open Group Architecture Framework, is a widely used method for planning, […]
V
Virtual CISO (CISO-as-a-Service): Is the model worth it?
A Virtual CISO can professionalise security management or become an expensive subscription. This overview shows when CISO-as-a-Service makes sense and what role human risk management plays. Contents Overview: CISO-as-a-Service Tasks of a (virtual) CISO: What’s behind CISO-as-a-Service CISO-as-a-Service does not describe an additional operational role, but a leadership function. The focus is on management, prioritisation, […]
Vishing
With vishing, cybercriminals attempt to trick users into divulging sensitive information via a telephone call.
Voice cloning
Voice cloning is a deepfake deception where a cybercriminal uses AI to replicate, with high accuracy, the voice of someone the victim knows.
VPN
A VPN, or Virtual Private Network, acts as a digital cloak for your online presence. By encrypting your internet connection, it shields your data from potential snoopers and secures your online activities.
Z
Zachman framework: definition, matrix, template and examples
The Zachman framework is one of the most established models in enterprise architecture. Here's how it works, what it includes and how to apply it.
No results!
Most popular terms
Spoofing
Spoofing is a deceptive practice where hackers mask their identity to emulate a trusted source as part of a fraudulent scheme. It can play out across different channels, from GPS and text messages to email, and relies on three pivotal elements: the appearance of a familiar user, the imitation of a trusted device, and the simulation of a safe location.
Voice cloning
Voice cloning is a deepfake deception where a cybercriminal uses AI to replicate, with high accuracy, the voice of someone the victim knows.
VPN
A VPN, or Virtual Private Network, acts as a digital cloak for your online presence. By encrypting your internet connection, it shields your data from potential snoopers and secures your online activities.
Scale your security
culture with ease
Reports 
Guides 
Blog 
Glossary 
Perks 
Customer stories 
Newsletter signup 
Webinars 
Replays 
Podcast 
All events 
Signal Security Summit 
Danger Lab 
Why SoSafe 
Careers 
News & press 
Contact 