Understand the key terms of information security, explained simply, without unnecessary jargon.
Process used to verify a user's identity before granting them access to a resource (application, database, email...).
Example: you enter your password to log in to your work email.
A system for storing and organizing information in a structured way, so it can be easily retrieved and used.
Example: customers, orders, invoices, stock — most business software relies on a database.
Transformation of data using a key, so that it can only be read by an authorized person who holds that key.
Example: stolen data that is encrypted remains unreadable to an attacker who does not have the decryption key.
A public, standardized identifier assigned to a known security vulnerability in software, hardware, or a system. The registry is maintained by the MITRE organization.
Example: CVE-2025-12345 (format CVE-year-number), a unique reference any professional can look up to understand a specific flaw.
The part of the Internet not indexed by standard search engines and accessible only through specific tools (such as Tor). Used for both legitimate and malicious purposes.
Example: credentials stolen in a data breach can be put up for sale on dark web forums.
A device or piece of software that filters network traffic: it allows legitimate connections through and blocks the rest.
Example: a misconfigured firewall can leave a database port accessible from the Internet without anyone noticing.
A technique used to trick a person, most often by email, into disclosing confidential information or clicking a malicious link.
Example: a fake "Your Office 365 session has expired" email urging the recipient to click a fraudulent link.
A general term for any malicious software designed to damage a system, steal information, or take control of it (viruses, ransomware, spyware...).
Example: a booby-trapped attachment that silently installs spyware on a workstation.
A login method that adds one or more verification steps after the password, to confirm the user's identity. Even if a password is stolen, access remains blocked without the second factor.
Example: you enter your password, then your phone asks you to confirm the login.
Malicious software that encrypts the files on a computer or server to prevent their use. Attackers then demand a ransom in exchange for a decryption key. ANSSI strongly advises against paying: it does not guarantee data recovery.
Example: an employee opens a booby-trapped attachment; within minutes, the server's files become inaccessible and a payment demand appears.
A copy of data, made regularly and ideally kept isolated from the main network, allowing restoration in the event of a failure, error, or attack.
Example: a company hit by ransomware restores its files from an offline backup without paying a ransom.
A technique used to execute malicious SQL queries when a web application does not properly validate user input.
Example: an attacker modifies a form or a URL to access data they should not be able to see.
A protocol that encrypts communications between a browser and a server, ensuring the confidentiality of the exchange. It's what shows the padlock in the address bar (HTTPS).
Example: without a valid TLS certificate, data entered on a site (form, payment) can be intercepted.
An encrypted connection that provides secure access to a remote network, as if the user were physically present on that network.
Example: a remote employee uses a VPN to securely access their company's servers.
A vulnerability still unknown to the software vendor, for which no fix exists at the time it is discovered or exploited.
Example: a zero-day flaw exploited before the vendor even has time to release a security update.
No term matches your search.