Public and private sector actors face a growing challenge in protecting the Internet and other ICT systems against malicious actors. Because ICTs are central to economic activity, human interaction, and democratic participation, cybersecurity policy can affect privacy, free expression, innovation, and the open flow of information. In order to develop effective responses to cybersecurity challenges and protect human rights, it is important first to understand that “cybersecurity” is an umbrella concept that covers a diverse range of threats and possible responses. Without unpacking the issue, policymakers are likely to develop over-broad policies that are not protective of human rights. Conversely, a clear vocabulary of cybersecurity threats and responses enables targeted, effective, and rights-respecting policies. This paper provides a starting point for such an approach by clarifying the range of issues often covered under the umbrella of cybersecurity and discussing the responses that may be put in place.