Resources
This glossary defines common cybersecurity, phishing, and human risk terms in plain language so school and district teams can make faster, safer decisions.
These terms focus on malicious software and endpoint behavior. Endpoint protection is critical in K-12 because devices are widely distributed.
Malware is malicious software designed to damage systems, steal information, disrupt operations, or gain unauthorized control.
Why it matters for schools: A single infected staff or student device can spread risk across shared district services.
Related terms
Ransomware is malware that encrypts files or systems and demands payment to restore access.
Why it matters for schools: Ransomware can halt instruction, transportation, payroll, and critical school operations.
Related terms
Spyware is malware that silently collects user activity, credentials, or other sensitive information.
Why it matters for schools: Undetected surveillance can expose student data, staff accounts, and administrative workflows.
Related terms
A trojan is malware disguised as legitimate software to trick users into installing it.
Why it matters for schools: Users may install fake tools or updates that create hidden access for attackers.
Related terms
A keylogger is software or hardware that records keystrokes to capture passwords and sensitive information.
Why it matters for schools: Captured credentials can allow attackers into grade systems, email accounts, and finance platforms.
EDR is a security capability that monitors endpoint activity to detect suspicious behavior and support rapid response.
Why it matters for schools: EDR helps school IT teams find and contain threats before they spread across the district.
Attack surface is the total number of possible entry points an attacker can target across people, devices, apps, and networks.
Why it matters for schools: K-12 environments have large attack surfaces due to many users, locations, and connected systems.
Related terms
An IOC is forensic evidence that suggests a system may be compromised, such as unusual IP addresses, file hashes, or domains.
Why it matters for schools: IOCs guide school IT investigations and speed up containment decisions.
Patch management is the process of testing, prioritizing, and applying software updates that fix vulnerabilities.
Why it matters for schools: Unpatched systems are a common path for school breaches and ransomware outbreaks.
Related terms
These terms govern who can access what and under which conditions. Strong identity controls reduce account abuse and lateral movement.
MFA requires two or more verification factors, such as password plus a code or authenticator app, to access an account.
Why it matters for schools: MFA blocks many account takeovers even when passwords are exposed.
Related terms
SSO allows users to access multiple applications with one authenticated login session.
Why it matters for schools: Schools simplify user access while improving centralized access control and auditing.
Least privilege is the security principle of giving users only the minimum access needed to perform their tasks.
Why it matters for schools: Limiting permissions reduces the impact of compromised accounts in district systems.
Related terms
A privileged account has elevated permissions that can change system settings, users, or security controls.
Why it matters for schools: Compromise of admin-level accounts can affect the entire school environment.
Credential stuffing is an automated attack that tests stolen username-password pairs against multiple services.
Why it matters for schools: Password reuse by staff or students can lead to fast account compromise across school tools.
A brute-force attack repeatedly guesses login credentials until it finds a valid combination.
Why it matters for schools: Weak passwords and missing lockout policies increase risk for school-facing portals.
Session hijacking occurs when an attacker steals or reuses a valid session token to impersonate an authenticated user.
Why it matters for schools: Attackers may bypass password checks and access school systems as legitimate users.
Related terms
A digital signature uses cryptography to verify that a message or document is authentic and has not been altered.
Why it matters for schools: Integrity checks help schools trust sensitive communications and official records.
Related terms
Hashing transforms data into a fixed-length value used for integrity checks and secure credential storage.
Why it matters for schools: Proper hashing helps protect passwords and supports verification in security workflows.
Zero trust is a security model that continuously verifies users and devices instead of assuming trust by default.
Why it matters for schools: Districts can reduce movement between systems by validating access context at every step.
These terms cover controls that protect traffic, email flow, and systems at the infrastructure layer.
DNS translates domain names into IP addresses so devices can find websites and network services.
Why it matters for schools: Malicious DNS activity can redirect users to fake sites and support phishing campaigns.
Related terms
A firewall filters network traffic based on policy rules to block unauthorized or risky connections.
Why it matters for schools: Firewalls are a core defense for school networks, especially across multiple campuses.
A VPN creates an encrypted tunnel between a user and network resources over untrusted connections.
Why it matters for schools: Remote staff and vendors need secure access when working outside district facilities.
Related terms
Network segmentation separates network zones to limit access and contain potential compromise.
Why it matters for schools: Segmentation can prevent an issue in one school system from spreading district-wide.
Related terms
An IDS monitors traffic and alerts when it detects suspicious patterns or known attack signatures.
Why it matters for schools: Early warning helps school IT teams investigate threats before major disruption occurs.
An IPS inspects traffic and can automatically block or drop malicious activity in real time.
Why it matters for schools: Automated prevention reduces exposure when staff resources are limited.
Encryption converts readable data into protected ciphertext so only authorized parties can decode it.
Why it matters for schools: Encryption protects student and employee data in transit and at rest.
A sandbox environment is an isolated space used to safely test files, code, or behavior without affecting production systems.
Why it matters for schools: Security teams can analyze suspicious files with lower risk to school operations.
A secure email gateway filters and analyzes inbound and outbound email for spam, malware, and policy violations.
Why it matters for schools: Email is a primary attack vector in K-12, so filtering is a key preventive control.
DMARC is an email authentication policy that tells receiving servers how to handle messages that fail domain checks.
Why it matters for schools: DMARC helps reduce domain spoofing and brand impersonation attacks against schools.
SPF is a DNS-based email control that identifies which mail servers are authorized to send email for a domain.
Why it matters for schools: SPF helps receiving systems identify unauthorized senders using district domains.
Related terms
DKIM adds a cryptographic signature to email so recipients can verify the message was authorized and not altered.
Why it matters for schools: DKIM supports trusted district communications and strengthens anti-spoofing controls.
Related terms
These terms focus on behavior, culture, and user-level resilience. Human risk is often the deciding factor in real incidents.
Security awareness training teaches users how to recognize and respond to threats such as phishing, social engineering, and unsafe data handling.
Why it matters for schools: Consistent training improves decisions by staff and students during real attacks.
Human risk management measures and reduces security risk created by user behavior, not just technical vulnerabilities.
Why it matters for schools: District leaders can prioritize support based on behavior data, not assumptions.
Security culture is the shared mindset and habits that influence how people handle security decisions every day.
Why it matters for schools: A strong culture makes safe behavior normal and improves reporting of suspicious activity.
An insider threat program identifies and manages risk from trusted users whose actions, intentional or accidental, may harm the organization.
Why it matters for schools: Schools need clear processes for risky behavior, account misuse, and policy violations.
An acceptable use policy defines allowed and prohibited use of district devices, accounts, networks, and data.
Why it matters for schools: Clear expectations help staff and students make safer decisions and support enforcement consistency.
Related terms
These terms focus on legal obligations, incident handling, and continuity planning for school operations.
A security incident is an event that threatens the confidentiality, integrity, or availability of information or systems.
Why it matters for schools: Rapid identification and escalation reduce disruption and potential data loss.
An incident response plan is a documented process for detecting, containing, investigating, and recovering from security incidents.
Why it matters for schools: Schools need predefined roles and workflows to respond quickly during active incidents.
A data breach is unauthorized access, exposure, or disclosure of sensitive data.
Why it matters for schools: Breaches involving student or employee records can trigger legal obligations and loss of trust.
DLP is a set of tools and policies that detect and prevent unauthorized sharing or transfer of sensitive data.
Why it matters for schools: DLP can reduce accidental exposure of student information across email, cloud storage, and endpoints.
PII is data that can identify an individual, such as full name, address, ID numbers, or contact details.
Why it matters for schools: School districts must protect PII to meet legal, ethical, and operational requirements.
Related terms
FERPA is a U.S. federal law that protects the privacy of student education records and governs how schools disclose that data.
Why it matters for schools: Security controls and staff behavior must align with FERPA obligations for student information handling.
Business continuity is the capability to keep essential services running during and after disruptive events.
Why it matters for schools: Schools must maintain instruction, communications, and critical operations during cyber incidents.
Related terms
A tabletop exercise is a discussion-based simulation where teams practice incident response decisions in a realistic scenario.
Why it matters for schools: Practice improves coordination across IT, leadership, legal, communications, and school operations.
Phishing is broad and can target anyone. Spear phishing is tailored to a specific person or role. Whaling is spear phishing focused on high-value leaders such as superintendents or finance leaders.
These controls help prevent domain spoofing and improve email trust. Together, they reduce impersonation attacks that target staff, families, and district finance workflows.
Human risk is the security risk created by everyday user behavior, such as clicking suspicious links or sharing sensitive data in unsafe ways. Managing human risk complements technical controls.
No. Security awareness training supports technical controls like filtering, endpoint protection, and access management. Effective programs combine both people-focused and technology-focused defenses.
Many schools run simulations on a recurring cadence, such as every 30 to 90 days, with follow-up education for risky behavior. The best cadence balances training impact and operational capacity.
A plan should define roles, escalation paths, communication procedures, containment steps, recovery actions, and post-incident review responsibilities across IT and leadership teams.
They let teams rehearse incident decisions before a real event. This exposes gaps in communication, roles, and process while stress is low and fixes are easier.
Use this glossary as a baseline for shared language, then turn it into action through ongoing training, simulations, and reporting.
