Name
|
Definition
|
| Access
Control |
The process of
regulating who or what can access resources in a computing environment. |
| Accounting |
Logging and
monitoring user activities to track and analyze system access. |
| Adware |
Unwanted software
that displays advertising on a computer. |
| Antivirus
(AV) |
Software designed to
detect and remove malicious software (malware) from a computer. |
| Audit Trail |
A record of events in
a system to facilitate analysis and investigation. |
| Authentication |
Verifying the
identity of a user, system, or entity. |
| Authorization |
Granting or denying
access rights and permissions based on the authenticated identity. |
| Availability |
Ensuring that
information and systems are accessible and usable when needed. |
| Backdoor |
A hidden method of
bypassing normal authentication or encryption in a computer system. |
| Biometric
Authentication |
Using physical or
behavioral characteristics (e.g., fingerprints, retina scans) to verify
identity. |
| Botnet |
A network of
compromised computers controlled by a single entity for malicious purposes. |
| Brute Force
Attack |
A method of trying
all possible combinations to crack a password or encryption key. |
| Business
Impact Analysis |
A process that
identifies and assesses the potential effects of disruptions to critical
business operations. |
| Chain of
Custody |
The chronological
documentation and control of evidence to maintain its integrity in legal
proceedings. |
| Clean Desk
Policy |
A security measure
that requires employees to keep desks clear of sensitive information when not
in use. |
| Cloud
Security |
Measures to protect
data, applications, and infrastructure in cloud computing environments. |
| Confidentiality |
Ensuring that
information is only accessible to those who have the proper authorization. |
| Cross-Site
Request Forgery (CSRF) |
A type of attack
where a user is tricked into performing an action they did not intend. |
| Cross-Site
Scripting (XSS) |
Injecting malicious
scripts into web pages viewed by other users. |
| Cryptographic
Hash Function |
A mathematical
algorithm that converts data into a fixed-size string of characters, often
used for data integrity verification. |
| Cryptography |
Involves mathematical
and computational techniques to secure information and enable secure
communication between parties. |
| Cybersecurity
Framework |
A set of best
practices and guidelines to manage and improve an organization's
cybersecurity posture. |
| Data Breach |
Unauthorized access,
acquisition, or disclosure of sensitive information. |
| Data
Classification |
Categorizing data
based on sensitivity and importance to apply appropriate security controls. |
| Decryption |
Reversing the
encryption process to access the original data. |
| Denial of
Service (DoS) Attack |
Overloading a system
with traffic to make it unavailable to users. |
| Digital
Forensics |
Investigation and
analysis of digital evidence to identify and respond to cyber incidents. |
| Digital
Signature |
A cryptographic
technique to validate the origin and integrity of a message or document. |
| Distributed
Denial of Service (DDoS) Attack |
Overwhelming a system
with traffic from multiple sources to make it unavailable. |
| DNS (Domain
Name System) Spoofing |
Manipulating the DNS
to redirect users to malicious websites. |
| Domain Name
System (DNS) |
A system translating
domain names into IP addresses. |
| Eavesdropping |
Unauthorized
interception of private communication. |
| Edge
Computing Security |
Securing devices and
data at the edge of a network. |
| Egress
Filtering |
Controlling outbound
network traffic to prevent data leaks. |
| Encryption |
The process of
converting information into a code to prevent unauthorized access. |
| Endpoint
Security |
Protecting devices
(endpoints) such as computers and smartphones from security threats. |
| Exploit |
Taking advantage of a
vulnerability to compromise a system. |
| File
Integrity Monitoring (FIM) |
Monitoring changes to
files to detect unauthorized modifications. |
| Firewall |
A network security
device that monitors and controls incoming and outgoing network traffic. |
| Firmware |
Software embedded in
hardware, often used in device control. |
| Full Disk
Encryption (FDE) |
Encrypting the entire
contents of a disk drive. |
| Gray Hat
Hacker |
Individuals who may
perform hacking activities without malicious intent but without proper
authorization. |
| Hacker |
An individual with
advanced computer skills who explores and exploits vulnerabilities. |
| Hashing |
Converting data into
a fixed-size string of characters (hash) for verification. |
| Honeypot |
A system designed to
attract and detect attackers by simulating vulnerabilities. |
| Hypervisor |
Software that enables
multiple operating systems to run on a single host. |
| Incident
Response |
The process of
managing and mitigating the impact of a security incident. |
| Incident
Response Plan (IRP) |
A documented plan
outlining the steps to take in response to a security incident. |
| Information
Security |
The practice of
protecting information from unauthorized access, disclosure, disruption,
modification, or destruction. |
| Insider
Threat |
Security risk posed
by individuals within an organization. |
| Integrity |
Maintaining the
accuracy and reliability of information and systems. |
| Intrusion
Detection System (IDS) |
Monitors network or
system activities for signs of malicious behavior. |
| Intrusion
Prevention System (IPS) |
Takes action to block
or prevent detected malicious activities. |
| IP Spoofing |
Faking an IP address
to disguise the source of network traffic. |
| IT Security
Policy |
Documented guidelines
for securing an organization's information technology. |
| Kerberos |
A network
authentication protocol for securing communications. |
| Keylogger |
Malicious software
that records keystrokes on a computer. |
| Least Common
Mechanism |
A security principle
that suggests minimizing shared resources to reduce the risk of unauthorized
access. |
| Least
Privilege |
Granting the minimum
level of access necessary for a user or system to perform its functions. |
| Logical
Access Controls |
Controls restricting
access to computer systems based on user credentials. |
| MAC Address
(Media Access Control) |
A unique identifier
assigned to a network interface for communication. |
| Malware |
Malicious software
designed to harm or exploit computers or networks. |
| Man-in-the-Middle
(MitM) Attack |
Intercepting and
possibly altering communication between two parties. |
| Managed
Security Service Provider (MSSP) |
A company providing
outsourced security services. |
| Mobile Device
Management (MDM) |
Securing and managing
mobile devices in an organization. |
| Multi-Factor
Authentication (MFA) |
Using more than one
method of authentication for enhanced security. |
| Network
Address Translation (NAT) |
A technique that
modifies network address information in packet headers while in transit. |
| Network
Security |
Measures to protect
the integrity and confidentiality of data during transmission. |
| Network
Segmentation |
Dividing a network
into segments to enhance security. |
| Non-Repudiation |
The ability to prove
the origin of a message or transaction. |
| Packet
Filtering |
Examining packets of
data and deciding whether to forward or discard them. |
| Packet
Sniffing |
Intercepting and
examining data packets on a network. |
| Patch |
A software update
designed to fix vulnerabilities or improve functionality. |
| Payload |
The malicious part of
code or data delivered by an exploit. |
| Penetration
Testing |
Simulating cyber
attacks to identify and fix vulnerabilities in a system. |
| Perimeter
Security |
Controls protecting
the boundary of a network. |
| Personal
Identification Number (PIN) |
A numeric code used
for authentication. |
| Pharming |
Redirecting website
traffic to a fraudulent site through DNS manipulation. |
| Phishing |
A fraudulent attempt
to obtain sensitive information by pretending to be a trustworthy entity. |
| Ping Sweep |
Scanning a range of
IP addresses to discover live hosts. |
| Port Scanning |
Probing a system for
open ports to identify potential vulnerabilities. |
| Port Security |
Measures to control
access to network ports. |
| Privacy
Impact Assessment (PIA) |
Assessing the impact
of a system on individual privacy. |
| Protocol |
A set of rules
governing the exchange of data in a network. |
| Proxy Server |
An intermediary
server that acts as a gateway between a user and the internet. |
| Public Key
Infrastructure (PKI) |
A system for managing
digital keys and certificates. |
| Quarantine |
Isolating potentially
malicious files or systems to prevent further spread. |
| Rainbow Table |
A precomputed table
used for cracking password hashes. |
| Ransomware |
Malware that encrypts
files and demands payment for their release. |
| Red Team |
Security
professionals who simulate attacks to test an organization's defenses. |
| Remote
Desktop Protocol (RDP) |
A protocol for
accessing the desktop of a remote computer. |
| Risk
Assessment |
Identifying and
evaluating potential security risks to an organization. |
| Root Cause
Analysis |
Investigating the
underlying cause of a security incident. |
| Rootkit |
A type of malware
that grants unauthorized access to a computer and often masks its existence |
| Router |
A device connecting
different networks and directing data traffic. |
| Secure File
Transfer Protocol (SFTP) |
A secure version of
the File Transfer Protocol (FTP) that encrypts data. |
| Secure
Sockets Layer (SSL) |
A deprecated
cryptographic protocol for secure communication. |
| Security
Architecture |
The design and
structure of an organization's security measures. |
| Security
Assessment and Testing |
Evaluating the
effectiveness of security controls through various methods like vulnerability
assessments and penetration testing. |
| Security
Awareness Training |
Education for users
to recognize and avoid security threats. |
| Security
Baseline |
The minimum level of
security measures to protect a system. |
| Security
Certificate |
A digital document
verifying the identity of a website or entity. |
| Security
Controls |
Measures to manage,
prevent, detect, or correct security risks. |
| Security
Governance |
The framework that
guides and oversees an organization's security efforts. |
| Security
Incident |
A violation or
imminent threat of violation of computer security policies. |
| Security
Information and Event Management (SIEM) |
Collects and analyzes
security data from multiple sources to detect and respond to threats. |
| Security
Metrics |
Quantitative and
qualitative measurements used to assess the effectiveness of security
measures. |
| Security
Model |
A framework that
defines how security is implemented in a system or organization. |
| Security
Operations Center (SOC) |
A centralized team
responsible for monitoring and responding to security incidents. |
| Security
Policy |
A set of rules and
practices that define how an organization protects its information assets. |
| Security
Token |
A physical or virtual
device that provides an additional layer of authentication. |
| Security
Token Service (STS) |
A service that issues
security tokens for authentication and authorization. |
| Session
Hijacking |
Unauthorized
interception of an active session to gain access. |
| Single Point
of Failure (SPOF) |
A component that, if
it fails, will cause the entire system to fail. |
| Single
Sign-On (SSO) |
Allowing a user to
access multiple systems with a single set of credentials. |
| Smishing |
Phishing attacks
conducted through SMS or text messages. |
| Social
Engineering |
Manipulating
individuals to divulge confidential information or perform actions. |
| Software as a
Service (SaaS) |
Cloud-based software
delivery model. |
| Software
Development Life Cycle (SDLC) |
The process of
developing software from planning to maintenance. |
| Spear
Phishing |
Targeted phishing
attacks directed at specific individuals. |
| Spoofing |
Faking the source of
an email, website, or network traffic to deceive users. |
| SQL Injection |
Exploiting
vulnerabilities in SQL databases to manipulate data. |
| SSL/TLS
Encryption |
Protocols for secure
communication over the internet. |
| Symmetric
Encryption |
Using the same key
for both encryption and decryption. |
| System
Hardening |
Configuring a system
to reduce its vulnerability to security threats. |
| Threat Actor |
An individual or
group carrying out a cyber attack. |
| Threat
Intelligence |
Information about
potential and current threats to help organizations defend against them. |
| Threat
Modeling |
Identifying and
assessing potential threats to a system or organization. |
| Time-Based
One-Time Password (TOTP) |
A password that
changes at regular intervals. |
| Tokenization |
Replacing sensitive
data with a token to enhance security. |
| Trojan Horse |
Malware disguised as
legitimate software to deceive users. |
| Trusted
Platform Module (TPM) |
A hardware-based
security feature for storing cryptographic keys. |
| Virtual
Private Network (VPN) |
Establishes a secure
connection over the internet to protect data in transit. |
| Virtualization
Security |
Securing virtualized
environments to prevent attacks on virtual machines. |
| Virus |
A type of malware
that attaches itself to a file and spreads when the file is executed. |
| Vulnerability |
Weakness in a system
that can be exploited to compromise security. |
| Vulnerability
Management |
The continuous
process of identifying, assessing, prioritizing, and mitigating
vulnerabilities in a system. |
| War Driving |
Searching for and
exploiting vulnerable wireless networks. |
| Web
Application Firewall (WAF) |
Protects web
applications from various security threats. |
| White Hat
Hacker |
Ethical hackers who
use their skills to identify and fix security vulnerabilities. |
| Worm |
A self-replicating
type of malware that spreads across a network without human intervention. |
| WPA/WPA2
(Wi-Fi Protected Access) |
Security protocols
for wireless networks. |
| Zero Trust
Security Model |
A security approach
that assumes no trust, even inside the network, and requires verification
from everyone. |
| Zero-Day
Vulnerability |
A security flaw in
software that is exploited before the developer releases a fix. |
