Cybersecurity Glossary
Verification of user identity through credentials or biometrics.
Granting appropriate access rights to authenticated users.
A hidden entrance into a system that allows unauthorized access.
Malicious hacker who exploits vulnerabilities for personal gain.
A decentralized, tamper-resistant digital ledger technology.
The defensive team responsible for protecting an organization's systems from cyberattacks.
An attack method that involves trying all possible combinations until the correct one is found, is often used to crack passwords.
A vulnerability that occurs when a program writes more data to a buffer than it can hold, potentially allowing an attacker to execute arbitrary code.
The acronym CIA is used to denote all three of these, which are the 3 most important foundational goals of information security. Most cybersecurity programs work, at the highest level, to protect the confidentiality, integrity, and availability of data and information.
A standardized way to identify and reference known vulnerabilities.
Best practices to maintain a healthy cybersecurity posture.
Information about potential and ongoing cybersecurity threats.
Unauthorized access and exposure of sensitive data.
The process of converting encrypted data back into its original form.
Disrupts Services making resources unavailable.
Overloads a network or server with traffic to disrupt services.
A type of brute force attack that uses a list of known words or phrases to guess a password.
The process of converting information into a code to prevent unauthorized access.
Protects devices like computers and smartphones from security threats.
The process of extracting information about a target system, such as usernames or network shares
A piece of software or code that takes advantage of a specific vulnerability to gain unauthorized access.
A collection of tools and exploits used to compromise systems.
A network security system that monitors and controls incoming/outgoing traffic to prevent unauthorized access.
A set of instructions that dictate how a firewall should handle specific types of traffic.
The process of collecting and analyzing digital evidence to investigate cybercrimes.
A hacker who operates between white hat and black hat, sometimes for personal gain but without malicious intent.
A decoy system designed to attract and monitor attackers.
Coordinated actions taken in response to a security breach.
Monitors network traffic for signs of unauthorized access or malicious activities.
Prevents unauthorized access by blocking suspicious network traffic.
Malicious software designed to harm or gain unauthorized access to systems.
A popular penetration testing framework used to develop and execute exploits.
Requires multiple forms of verification for user access.
An organization focused on improving the security of software.
A unit of data transmitted over a network.
A software update that fixes security vulnerabilities or bugs.
Applying software updates to fix vulnerabilities and improve security.
The malicious part of an exploit that performs the actual attack.
The process of delivering a malicious payload to a target system.
Simulates attacks to identify vulnerabilities in systems.
A document detailing the findings, vulnerabilities, and recommendations from a penetration test.
Security measures designed to protect the outer boundary of a network.
Deceptive attempts to obtain sensitive information through emails or messages.
Educates users to recognize and avoid phishing attacks.
The act of scanning a computer or network for open ports and services.
An intermediary server that acts as a gateway between a user and a target server.
Malware that encrypts data and demands a ransom for decryption.
A group of skilled professionals who simulate realistic cyberattacks to assess an organization's security defenses.
The evaluation of potential security risks to determine their impact and likelihood.
Malicious software that provides unauthorized access to a system while hiding its presence.
Refers to an organization's overall security strength and readiness to defend against cyber threats.
Unauthorized takeover of a user's active session.
Centralizes and analyzes security data from various sources.
Intercepting and analyzing network traffic to capture sensitive data.
Centralized unit monitoring and responding to security incidents.
Manipulating individuals to disclose confidential information.
A type of malware that disguises itself as legitimate software but carries out malicious actions.
Creates a secure connection over a public network, enhancing privacy.
Weakness in a system that could be exploited by attackers.
A firewall specifically designed to protect web applications from attacks.
Ethical hacker who tests systems for vulnerabilities to improve security.
A previously unknown software vulnerability exploited by attackers before it's patched.
Security approach that distrusts all network traffic and verifies everything.
