Episode 14: CySA+ Glossary Episode 1
The glossary is not just a reference. It is a critical component of the exam and a foundational tool for anyone performing cybersecurity analysis. Each term represents a piece of the technical language analysts use daily, and understanding that language is essential for reading alerts, writing reports, and answering questions on the test. In this episode, we begin with a set of terms that start with the letter I. These concepts cover network protocols, security systems, and threat detection. Knowing what they mean and how they are used gives you a strong base for both certification success and real-world readiness.
I C M P stands for Internet Control Message Protocol. It is used by network devices to send error messages and operational updates, primarily when services are unavailable or unreachable. This protocol is vital for troubleshooting tools like ping and traceroute, which help determine if a host is reachable and where delays may be occurring. On the exam, I C M P often appears in questions related to network scanning, path analysis, or identifying potentially suspicious communication.
I C S stands for Industrial Control System. These systems are used to operate and monitor industrial environments such as power stations, manufacturing plants, and water treatment facilities. Unlike traditional information systems, industrial control systems are built for reliability and continuous uptime, which means security changes can be difficult to implement without disrupting operations. The exam may ask you to identify the challenges of protecting I C S environments or to choose appropriate security controls for them.
I D S refers to Intrusion Detection System. This type of system monitors network traffic or host activity for signs of malicious behavior. It works by comparing traffic patterns against known signatures or expected baselines. When unusual activity is detected, the I D S generates an alert. Importantly, it does not block traffic—that function belongs to a different system. On the certification, you should be able to describe the role of an I D S, its placement in a network, and how it differs from active prevention tools.
I O C means Indicator of Compromise. This is a technical clue or artifact that suggests a system has been breached or a threat is present. Common examples of an I O C include an unexpected file hash, a known malicious domain, or unexplained network behavior. Analysts use I O C data to detect and respond to attacks quickly. In testing scenarios, you may need to recognize valid I O C examples or explain how they are collected and used in threat intelligence workflows.
I P stands for Internet Protocol. It is the fundamental system that identifies devices on a network and ensures that data is routed to the correct destination. Every device is assigned an I P address, and these addresses are used in logging, filtering, and packet inspection. The two main versions, I P version four and I P version six, differ in length and structure, but both serve the same purpose. Understanding how I P works is essential for identifying source and destination information in a security context.
I P S stands for Intrusion Prevention System. It is similar in function to an intrusion detection system, but with one key difference. While an intrusion detection system only observes and alerts, an intrusion prevention system actively blocks detected threats in real time. It sits inline with network traffic and stops packets that match known malicious patterns or behaviors. The exam often contrasts I P S with I D S, and you should understand how each one fits into a defense-in-depth strategy. Knowing where to place an I P S and how it integrates with other security tools is a vital part of the analyst role.
I R refers to Incident Response. This is the formalized process of identifying, containing, eradicating, and recovering from security incidents. A strong I R program involves not just technical tools, but also procedures, roles, and communication plans. The certification covers each phase of the incident response lifecycle, including preparation, detection, analysis, containment, recovery, and lessons learned. As an exam topic, I R appears frequently in scenarios where you must select the best response action based on timing, impact, or scope.
ISO stands for International Organization for Standardization. It is a global entity that publishes standards across many industries, including cybersecurity. In the context of the certification, ISO is most relevant through its two seven thousand series, which define information security management practices. Standards like ISO twenty seven thousand one provide frameworks for risk management, controls, and auditing. Understanding ISO is important for governance and compliance questions, especially when dealing with regulatory alignment or security baselines.
I S P stands for Internet Service Provider. This is the company or entity that delivers internet connectivity to homes and businesses. In cybersecurity analysis, the I S P may be mentioned in the context of network boundaries, D N S resolution, or external traffic filtering. Some exam questions may involve logs that contain I P addresses from different I S P, and you may need to interpret that data to identify unusual behavior or geolocation mismatches. While the term may seem basic, it often plays a role in identifying external connections during investigations.
I T stands for Information Technology. It refers to the use of computers, networks, storage, and other infrastructure to process and manage data. In the cybersecurity context, I T is the environment that analysts are responsible for protecting. You will see the term I T appear frequently in the exam to distinguish between different operational domains, such as I T and O T. Understanding the scope of I T systems, their common vulnerabilities, and how they are managed is a basic requirement for every candidate taking the certification.
I T I L stands for Information Technology Infrastructure Library. It is a framework that outlines best practices for managing I T services throughout their lifecycle. Originally developed by the United Kingdom government, I T I L is now used globally to improve efficiency, align services with business needs, and manage risks. In the context of cybersecurity, I T I L is important because it defines processes such as incident management, change control, and service delivery. Questions on the exam may reference I T I L concepts when discussing governance, operational continuity, or standardized workflows.
J S O N, or Jason, stands for JavaScript Object Notation. It is a lightweight data-interchange format that is easy to read and write for humans and easy to parse and generate for machines. In cybersecurity, Jason is commonly used for storing and exchanging data between systems, including logs, threat intelligence feeds, and application configurations. You may encounter Jason in the context of automation scripts, A P I calls, or threat detection platforms. The exam might include scenarios where Jason data is parsed for indicators or used as part of a security automation process.
K P I refers to Key Performance Indicator. This is a measurable value that demonstrates how effectively a specific objective is being achieved. In security operations, K P I values can track metrics such as mean time to detect, alert volume, or incident resolution rates. Understanding which K P I values align with business or operational goals is an important part of security reporting. On the certification, you may be asked to select which K P I best represents a performance improvement or to identify gaps in existing metrics.
L A N stands for Local Area Network. It describes a network of interconnected devices within a limited geographic area, such as a single building or campus. Most enterprise networks are structured around multiple L A N segments, each serving different departments or functions. Security analysts must understand how L A Ns operate because segmentation, traffic flow, and access control often depend on the underlying L A N design. The exam may ask about L A N boundaries, trust zones, or internal threat movement within a local network.
L D A P S refers to Lightweight Directory Access Protocol Secure. It is the encrypted version of LDAP, a protocol used for accessing and managing directory services like user accounts, group memberships, and authentication details. LDAPS uses Transport Layer Security to protect the communication channel between clients and directory servers. This is critical for preventing unauthorized access or interception of sensitive credentials. On the certification, you may need to identify the role of LDAPS in secure authentication workflows or understand its use in centralized user management.
L F I stands for Local File Inclusion. This is a type of web vulnerability that allows attackers to include files on a server through the web browser input. It occurs when the application accepts untrusted input and uses it in a file inclusion function without proper validation. Attackers may use L F I to read sensitive files from the server, access configuration details, or even execute malicious code under certain conditions. On the certification, you may encounter questions where you need to identify the conditions that allow L F I or how to detect its presence in logs or vulnerability scans.
L O I refers to Letter of Intent. While not a technical term, it appears in cybersecurity contexts related to agreements, contracts, or preliminary planning stages. A Letter of Intent outlines the intention to proceed with a partnership or engagement but is typically non-binding. In exam questions, L O I might be mentioned alongside other documents like Service Level Agreements or Memoranda of Understanding. Understanding where a Letter of Intent fits in the lifecycle of a project or engagement is part of governance and documentation awareness.
MAC stands for Media Access Control. It refers to the unique hardware identifier assigned to a network interface card, which allows devices to be identified at the data link layer. MAC addresses are used by switches to direct traffic within local networks, and they are essential for device-level access control. Security tools often use MAC filtering to permit or deny network access based on physical hardware. On the exam, you might need to recognize the role of a MAC address in network segmentation, identity correlation, or forensic analysis.
For more cyber related content and books, please check out cyber author dot me. Also, there are other podcasts on Cybersecurity and more at Bare Metal Cyber dot com.
The terms in this episode—starting with I C M P and ending with M A C—form a crucial set of building blocks for your cybersecurity vocabulary. These terms often appear as both standalone concepts and embedded within broader exam questions, so learning them in context strengthens your readiness across multiple domains. Every concept we covered connects to tools, protocols, or processes that analysts use daily, which means that understanding their role is essential for passing the exam and becoming a capable security professional. In the next episode, we’ll pick up right where we left off, continuing with M F A and moving deeper into key terms you need to know for your success.
