Security Glossary

Software that automatically displays or downloads advertising material, often without the user's consent. While not alwa...

Phishing attacks that leverage artificial intelligence and large language models to generate highly convincing, personal...

A security measure that physically isolates a computer or network from unsecured networks, including the internet. Air-g...

A social media-based phishing attack where criminals create fake customer support accounts to intercept complaints or in...

Practices and technologies for protecting application programming interfaces from abuse, data leaks, and attacks. API se...

An attack where an attacker sends falsified ARP messages to link their MAC address with the IP address of a legitimate d...

The total number of possible entry points where an unauthorized user can attempt to enter or extract data from a system....

A hidden method of bypassing normal authentication or security controls to gain remote access to a system. Backdoors can...

The process of creating copies of data to protect against loss from hardware failure, ransomware, accidental deletion, o...

A social engineering attack that uses a tempting offer or item to lure victims. This can involve leaving infected USB dr...

An attack where malicious actors announce illegitimate BGP routes to redirect internet traffic through their infrastruct...

Authentication methods that use unique physical or behavioral characteristics such as fingerprints, facial recognition,...

The defensive security team responsible for detecting, preventing, and responding to attacks. Blue teams monitor systems...

A network of compromised computers (bots or zombies) controlled remotely by an attacker. Botnets are used for DDoS attac...

The legal requirement to inform affected individuals and regulatory authorities about a data breach within specified tim...

An attack method that systematically tries every possible combination of characters to crack passwords or encryption key...

A documented plan outlining how an organization will continue operating during and after a disruptive event. BCPs cover...

A sophisticated scam targeting businesses that regularly perform wire transfers or handle sensitive data. Attackers comp...

The fraudulent use of a company's identity to obtain credit, goods, or services. Attackers may file fake documents, crea...

A phishing technique where the email contains no malicious links or attachments but instead includes a phone number for...

California Consumer Privacy Act. A privacy law giving California residents rights over their personal data, including th...

The documented process of tracking digital evidence from collection through analysis and presentation, maintaining its i...

The three fundamental principles of information security: Confidentiality (preventing unauthorized access), Integrity (e...

An attack where a legitimate, previously delivered email is copied and resent with malicious modifications. The cloned e...

A security solution that sits between cloud users and cloud applications to enforce security policies, monitor activity,...

The process of encrypting data before it is transferred to and stored in the cloud. Cloud encryption ensures data confid...

Incorrect or insecure settings in cloud services that expose data or resources to unauthorized access. Common misconfigu...

A category of tools that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and sec...

Security solutions designed to protect workloads running in cloud environments, including virtual machines, containers,...

Security approaches designed specifically for cloud-native architectures including microservices, containers, and orches...

The practice of adhering to laws, regulations, industry standards, and internal policies related to information security...

An attack where victims are tricked into granting OAuth permissions to a malicious application. Instead of stealing pass...

Security practices and tools for protecting containerized applications throughout their lifecycle, from image building t...

The process of collecting usernames, passwords, and other authentication credentials through fake login pages, keylogger...

An automated attack that uses stolen username-password pairs from data breaches to attempt login on other services. This...

The unauthorized use of someone's computing resources to mine cryptocurrency. Cryptojacking malware runs silently in the...

The basic practices and steps that users and organizations take on a regular basis to maintain system health and improve...

Insurance policies designed to cover financial losses from cyber incidents such as data breaches, ransomware attacks, an...

A framework developed by Lockheed Martin that describes the stages of a cyberattack: reconnaissance, weaponization, deli...

An organization's ability to continuously deliver intended outcomes despite adverse cyber events. Cyber resilience combi...

The process of rapidly assessing and prioritizing security alerts and incidents based on severity, scope, and potential...

An incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individua...

The process of categorizing data based on its sensitivity level and the impact of unauthorized disclosure. Common classi...

The unauthorized transfer of data from within an organization to an external destination controlled by a threat actor. E...

Technologies and strategies that detect and prevent unauthorized transmission of sensitive data outside the organization...

The process of replacing sensitive data with realistic but fictitious data to protect it during development, testing, or...

A privacy principle requiring organizations to collect and process only the minimum amount of personal data necessary fo...

Policies and practices governing how long data is stored before it is securely deleted. Data retention schedules must ba...

The concept that data is subject to the laws and regulations of the country where it is stored or processed. Data sovere...

Advanced security solutions that deploy decoys, lures, and traps throughout the network to detect and misdirect attacker...

AI-generated synthetic media where a person's likeness is convincingly replaced with someone else's. Deepfakes are incre...

A layered security strategy that uses multiple defensive mechanisms so that if one control fails, others continue to pro...

An attack designed to make a system, network, or service unavailable by overwhelming it with traffic or exploiting vulne...

A password-cracking technique that uses a precompiled list of common words, phrases, and known passwords to attempt auth...

An electronic document issued by a certificate authority that proves the ownership of a public key. Digital certificates...

The process of collecting, preserving, analyzing, and presenting digital evidence from computers, networks, and storage...

Technologies that control access to and usage of digital content and devices after sale. DRM restricts copying, sharing,...

The process and strategies for restoring IT systems, data, and operations after a major disruption such as a cyberattack...

An attack that overwhelms a target system or network with traffic from multiple sources, making it unavailable to legiti...

Domain-based Message Authentication, Reporting, and Conformance. An email authentication policy built on SPF and DKIM th...

A protocol that encrypts DNS queries by sending them over HTTPS connections. DoH prevents eavesdropping and manipulation...

A technique that encodes data within DNS queries and responses to create a covert communication channel. Attackers use D...

The internet's system for translating human-readable domain names into IP addresses. DNS is a critical infrastructure co...

An email authentication method that uses cryptographic signatures to verify that an email was sent by an authorized serv...

A type of malware designed to deliver and install other malicious payloads onto a target system. Droppers often evade de...

The practice of searching through trash or recycling to find sensitive information such as discarded documents, printout...

The forgery of an email header so the message appears to originate from a trusted source. Email spoofing is used in phis...

The process of converting plaintext data into an unreadable format (ciphertext) using mathematical algorithms and keys....

A communication system where only the communicating parties can read the messages. Data is encrypted on the sender's dev...

Security solutions that continuously monitor endpoint devices for suspicious activity, detect threats, and provide autom...

A rogue Wi-Fi access point that mimics a legitimate network to trick users into connecting. Once connected, the attacker...

A piece of code, technique, or method that takes advantage of a vulnerability to compromise a system. Exploits can be de...

An open authentication standard enabling passwordless and phishing-resistant login using hardware security keys or platf...

Malware that operates entirely in memory without writing files to disk, making it harder to detect with traditional anti...

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined securi...

A comprehensive data privacy regulation enacted by the European Union that governs how organizations collect, store, pro...

A one-way function that converts input data into a fixed-length string of characters. Unlike encryption, hashing cannot...

Health Insurance Portability and Accountability Act. A US law that establishes data protection standards for healthcare...

A technique where attackers register domain names using characters from different scripts that look visually similar to...

A social engineering technique where an attacker uses a romantic or attractive persona to lure a target into revealing c...

A decoy system designed to attract and detect attackers by mimicking real systems or services. Honeypots provide early w...

Hypertext Transfer Protocol Secure. The encrypted version of HTTP that uses TLS to secure communications between web bro...

A framework of policies and technologies for managing digital identities and controlling access to resources. IAM ensure...

A system that allows users to use the same credentials to access resources across multiple organizations or cloud servic...

The act of pretending to be another person to deceive victims into trusting the attacker. In cybersecurity, impersonatio...

A documented set of procedures for detecting, responding to, and recovering from security incidents. An effective plan i...

Observable artifacts or evidence that indicate a system has been compromised or is under attack. IOCs include unusual ne...

Coordinated efforts to manipulate public opinion, decision-making, or behavior using disinformation, propaganda, and soc...

Malware specifically designed to extract sensitive information such as login credentials, browser cookies, credit card n...

Security practices for scanning and validating infrastructure definitions (Terraform, CloudFormation, Ansible) before de...

A security risk that originates from within the organization, including current or former employees, contractors, or bus...

Network security tools that monitor traffic for suspicious activity. IDS detects and alerts on potential threats, while...

A scam where attackers send fake invoices or modify legitimate ones to redirect payments to their accounts. Often combin...

An international standard for information security management systems (ISMS). ISO 27001 provides a systematic approach t...

A network authentication protocol that uses tickets to allow nodes to prove their identity securely over non-secure netw...

Software or hardware that records keystrokes on a computer or mobile device. Keyloggers capture passwords, credit card n...

Phishing emails sent from a compromised internal account to other employees within the same organization. Because the se...

Malicious code inserted into a program that is triggered by a specific condition, such as a particular date, user action...

Malware embedded in document macros, typically in Microsoft Office files. When the user enables macros, the malicious co...

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Malware includes viruse...

The process of studying malware to understand its functionality, origin, and impact. Static analysis examines code witho...

An attack where the attacker secretly intercepts and potentially alters communications between two parties who believe t...

A key metric measuring the average time it takes to discover a security incident or breach after it occurs. Lower MTTD v...

A metric measuring the average time from detecting a security incident to fully containing and remediating it. MTTR is a...

An attack where the adversary repeatedly triggers MFA push notifications to the target's device, hoping the user will ev...

A globally accessible knowledge base of adversary tactics, techniques, and procedures based on real-world observations....

Security strategies and tools for consistently protecting workloads, data, and identities across multiple cloud service...

A security mechanism requiring two or more independent forms of verification to confirm identity. Factors include someth...

A security solution that enforces policies for devices connecting to a network by checking compliance with security requ...

The practice of dividing a network into smaller, isolated segments to limit the spread of attacks and control access bet...

The updated EU directive on Network and Information Security establishing cybersecurity requirements for essential and i...

A voluntary framework published by the National Institute of Standards and Technology providing guidelines for organizat...

An open authorization framework that enables third-party applications to access user resources without exposing password...

The practice of capturing and analyzing network packets as they travel across a network. While legitimate for network tr...

An attack technique where an attacker captures a password hash and uses it directly to authenticate without knowing the...

Software that securely stores and manages passwords in an encrypted vault. Password managers generate strong unique pass...

Authentication methods that verify user identity without traditional passwords, using methods like biometrics, security...

The process of acquiring, testing, and deploying software updates (patches) to fix vulnerabilities and improve functiona...

Payment Card Industry Data Security Standard. A set of security requirements for organizations that handle credit card d...

An authorized simulated cyberattack performed to evaluate the security of a system by actively exploiting vulnerabilitie...

A cyberattack that redirects website traffic from legitimate sites to fraudulent ones by poisoning DNS records or modify...

A cyberattack that uses fraudulent emails, text messages, or websites to trick people into revealing sensitive informati...

A security training exercise that sends simulated phishing emails to employees to test their ability to recognize and re...

Similar to tailgating but with the authorized person's knowledge and consent. An unauthorized individual follows an empl...

Malware that changes its code or signature each time it replicates, making it difficult to detect with signature-based a...

The process of probing a server or host for open ports to identify available services and potential vulnerabilities. Whi...

A structured analysis conducted after a security incident to identify root causes, evaluate response effectiveness, docu...

A social engineering technique where the attacker creates a fabricated scenario (pretext) to manipulate the victim into...

A security principle stating that users and systems should only be granted the minimum permissions necessary to perform...

An approach that integrates privacy considerations into the design and development of systems, processes, and products f...

A set of strategies and technologies for controlling, monitoring, and securing elevated access rights to critical system...

An intermediary server that sits between a client and destination server, forwarding requests on behalf of the client. P...

A data protection technique that replaces identifying information with artificial identifiers (pseudonyms) while maintai...

A framework of policies, hardware, software, and procedures for creating, managing, distributing, and revoking digital c...

A collaborative approach where red team (offense) and blue team (defense) work together to improve an organization's sec...

A phishing technique that uses QR codes to direct victims to malicious websites. QR codes in emails bypass link-scanning...

A social engineering attack where the attacker offers something in exchange for information or access. Common examples i...

A precomputed table of password hashes used to reverse hash functions and recover plaintext passwords. Rainbow tables tr...

Malware that encrypts victim files or locks systems and demands a ransom payment for decryption. Modern ransomware group...

A business model where ransomware developers sell or lease their malware toolkits to affiliates who carry out attacks. R...

A group of security professionals who simulate real-world attacks against an organization to test its security defenses....

Malware that provides an attacker with full remote control over a victim's computer. RATs can capture screenshots, recor...

A technique where the attacker creates a situation that causes the victim to seek help, then positions themselves as the...

A GDPR right allowing individuals to request the deletion of their personal data when it is no longer necessary for its...

The systematic process of identifying, analyzing, and evaluating security risks to an organization's assets. Risk assess...

A collection of tools that provides privileged access to a computer while hiding its presence from the operating system...

Security Assertion Markup Language. An XML-based standard for exchanging authentication and authorization data between i...

A security technique that isolates untrusted programs or code in a restricted environment (sandbox) to observe their beh...

Software that uses fear tactics to trick users into purchasing unnecessary or harmful software. Common examples include...

Manipulating search engine results to place malicious websites at the top of search results for popular queries. Victims...

The practice of securely storing, accessing, and managing sensitive credentials such as API keys, tokens, passwords, and...

A cloud-delivered framework that converges network and security functions including SD-WAN, CASB, firewall-as-a-service,...

A systematic evaluation of an organization's information security controls, policies, and procedures to assess their eff...

The knowledge and attitude employees possess regarding the protection of organizational assets from cyber threats. Secur...

Structured educational programs designed to teach employees about cybersecurity threats and safe practices. Effective pr...

An approach to software and systems development that integrates security considerations at every stage of the design and...

A solution that aggregates and analyzes security log data from across an organization's IT infrastructure to detect thre...

The practice of combining security and IT operations teams to improve collaboration and reduce risks. SecOps integrates...

A centralized unit that monitors, detects, investigates, and responds to cybersecurity incidents around the clock. SOC t...

A platform that combines security orchestration, automation, and incident response to help security teams manage and res...

A formal document that defines an organization's approach to information security, including acceptable use, access cont...

An email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails o...

Security considerations and practices specific to serverless computing environments like AWS Lambda, Azure Functions, an...

An attack where an attacker takes over a valid user session by stealing or predicting the session token. This allows the...

IT systems, software, or cloud services used within an organization without explicit approval from the IT department. Sh...

A framework defining security responsibilities between a cloud service provider and its customers. The provider secures...

The practice of spying on someone's screen, keyboard, or documents to obtain sensitive information such as passwords, PI...

An authentication method that allows users to access multiple applications with a single set of credentials. SSO reduces...

SMS phishing that uses text messages to lure victims into clicking malicious links or providing sensitive information. M...

A compliance framework developed by AICPA that evaluates an organization's controls related to security, availability, p...

The psychological manipulation of people into performing actions or divulging confidential information. Social engineeri...

A targeted phishing attack directed at specific individuals or organizations. Unlike generic phishing, spear phishing us...

Software that secretly monitors user activity and collects information without consent. Spyware can capture keystrokes,...

A man-in-the-middle attack that downgrades a secure HTTPS connection to unencrypted HTTP, allowing the attacker to inter...

An attack that targets an organization by compromising a trusted third-party vendor, supplier, or software component in...

A discussion-based exercise where key personnel walk through a simulated security incident scenario without actually act...

A physical security breach where an unauthorized person follows an authorized individual through a secured entrance with...

The process of identifying, assessing, and mitigating security risks posed by vendors, suppliers, and partners who have...

An individual, group, or nation-state that conducts cyberattacks. Threat actors are categorized by motivation: cybercrim...

The proactive process of searching for cyber threats that have evaded existing security controls. Threat hunters use hyp...

Evidence-based knowledge about existing or emerging cyber threats, including context, mechanisms, indicators, and action...

A structured process for identifying potential threats, vulnerabilities, and attack vectors in a system, and determining...

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols that provide s...

The process of replacing sensitive data with non-sensitive tokens that map back to the original data through a secure to...

Malware disguised as legitimate software that appears harmless but performs malicious actions when executed. Trojans oft...

A subset of multi-factor authentication that requires exactly two different authentication factors to verify identity. C...

Registering domain names that are common misspellings of popular websites to capture traffic from users who mistype URLs...

A technology that creates an encrypted tunnel between a device and a network, protecting data in transit from intercepti...

A type of malware that attaches itself to legitimate programs or files and replicates when the infected program is execu...

Voice phishing conducted over phone calls or voice messages. Attackers impersonate banks, government agencies, or tech s...

The use of AI to create a synthetic replica of a person's voice from audio samples. Voice cloning is increasingly used i...

A weakness in a system, application, or process that can be exploited by a threat actor to gain unauthorized access or c...

A systematic review of security weaknesses in a system or network. Unlike penetration testing, vulnerability assessments...

The process of reporting discovered security vulnerabilities to the affected vendor or organization. Responsible disclos...

A dedicated physical or virtual space where the incident response team assembles during an active security incident for...

An attack strategy where attackers compromise websites frequently visited by a specific target group. When group members...

A spear phishing attack specifically targeting high-ranking executives such as CEOs, CFOs, or board members. These attac...

Destructive malware designed to permanently erase or corrupt data on target systems, rendering them inoperable. Unlike r...

Self-replicating malware that spreads across networks without requiring user interaction or a host program. Worms exploi...

A security model based on the principle of never trust, always verify. Zero trust requires strict identity verification...

A security framework that provides remote access to applications based on defined access control policies without placin...

A previously unknown vulnerability that is exploited before the software vendor is aware of it or has released a patch....