Every cybersecurity term, acronym, and concept explained. 136 definitions and counting.
API security refers to the practice of protecting Application Programming Interfaces (APIs) from malicious attacks and misuse. It involves implementing measures...
Access control is a security technique that regulates who or what can view or use resources in a computing environment. It ensures that only authorized users ha...
An Advanced Persistent Threat (APT) is a prolonged and targeted cyberattack wherein an intruder gains access to a network and remains undetected for an extended...
An air gap is a security measure that involves physically isolating a computer or network from unsecured networks, such as the internet. This technique is used ...
Antivirus software is a program designed to detect, prevent, and remove malicious software (malware) from computer systems. It plays a critical role in cybersec...
Application security encompasses measures and practices designed to protect applications from threats throughout their lifecycle. This includes security conside...
The attack surface refers to the total number of points in a system where an unauthorized user can attempt to enter or extract data. A smaller attack surface re...
Authentication is the process of verifying the identity of a user or system before granting access to resources. It ensures that only legitimate users can acces...
Authorization is the process of determining what an authenticated user is allowed to do within a system. It defines user permissions and access levels for vario...
A backdoor is a hidden method of bypassing normal authentication or encryption in a computer system, allowing unauthorized access. Backdoors can be intentionall...
A Blue Team is a group of cybersecurity professionals tasked with defending an organization's information systems against attacks. They focus on monitoring, det...
A botnet is a network of compromised computers or devices controlled by a malicious actor, often used to carry out distributed denial-of-service (DDoS) attacks ...
A brute force attack is a method used by attackers to gain unauthorized access to a system by systematically attempting all possible combinations of passwords o...
A bug bounty program is an initiative that invites ethical hackers to discover and report vulnerabilities in an organization's software or systems, often in exc...
Business continuity refers to the processes and strategies that ensure an organization can continue operations during and after a disruptive event. It encompass...
A Cloud Access Security Broker (CASB) is a security policy enforcement point that sits between cloud service consumers and providers, ensuring secure access to ...
The CIA Triad is a foundational model in cybersecurity that emphasizes three core principles: Confidentiality, Integrity, and Availability. These principles gui...
A Chief Information Security Officer (CISO) is an executive responsible for an organization's information and data security strategy, overseeing the implementat...
The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to enhance cybersecurity practices among ...
A Cloud-Native Application Protection Platform (CNAPP) is a security solution designed to protect cloud-native applications throughout their lifecycle. It integ...
Cloud Security Posture Management (CSPM) is a security solution that continuously monitors cloud environments for compliance and security risks. CSPM helps orga...
Common Vulnerabilities and Exposures (CVE) is a publicly disclosed database of known cybersecurity vulnerabilities. Each CVE entry provides a unique identifier ...
The Common Vulnerability Scoring System (CVSS) is a framework for assessing the severity of cybersecurity vulnerabilities. It provides a standardized method for...
Cloud security refers to the set of policies, technologies, and controls designed to protect data, applications, and services hosted in the cloud. It encompasse...
Command and Control (C2) refers to the infrastructure used by attackers to maintain communication with compromised systems. C2 servers enable the remote managem...
Compliance in cybersecurity refers to adhering to laws, regulations, and industry standards that govern data protection and privacy. Organizations must implemen...
Container security refers to the measures and practices used to secure containerized applications and their underlying infrastructure. It involves protecting th...
Credential stuffing is a type of cyberattack where attackers use stolen username and password pairs to gain unauthorized access to user accounts. This attack ex...
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into webpages viewed by users. This can lead to dat...
Cryptography is the practice of securing information by transforming it into an unreadable format, accessible only to authorized users. It is fundamental for en...
The Cyber Kill Chain is a framework that outlines the stages of a cyber attack, from initial reconnaissance to the final objective. Understanding these stages h...
Cyber Threat Intelligence (CTI) refers to the collection and analysis of information about potential or current threats to an organization's cybersecurity. It e...
Distributed Denial of Service (DDoS) is a cyber attack that aims to overwhelm a target's resources, rendering it unavailable to users. This is typically achieve...
DNS Security encompasses measures to protect the Domain Name System (DNS) from threats such as attacks, spoofing, and data breaches. It ensures the integrity an...
A data breach occurs when unauthorized individuals gain access to sensitive or confidential data, potentially leading to data theft or loss. Such incidents can ...
Data classification is the process of categorizing data based on its sensitivity and importance to the organization. This helps in applying appropriate security...
Data encryption is the process of converting plaintext into ciphertext to protect sensitive information from unauthorized access. It ensures that only authorize...
Data Loss Prevention (DLP) refers to strategies and tools designed to prevent sensitive data from being lost, misused, or accessed by unauthorized users. DLP so...
Decryption is the process of converting encrypted data back into its original plaintext form, allowing authorized users to access the information. It requires t...
Defense in Depth is a multi-layered security strategy that employs various protective measures at different levels of an organization’s IT infrastructure. This ...
DevSecOps integrates security practices within the DevOps process, ensuring that security is a shared responsibility throughout the software development lifecyc...
Digital forensics is the process of collecting, analyzing, and preserving digital evidence from electronic devices for investigations. It plays a critical role ...
Endpoint Detection and Response (EDR) is a security solution that monitors endpoint devices for suspicious activities and responds to potential threats in real-...
Email security involves measures to protect email accounts and communications from unauthorized access, phishing, and malware. It is vital for safeguarding sens...
Encryption is the process of converting data into a coded format to prevent unauthorized access. It is a fundamental security measure that ensures data confiden...
Endpoint security refers to the approach of securing endpoints or entry points of end-user devices such as laptops, desktops, and mobile devices from exploitati...
Ethical hacking involves authorized simulated attacks on computer systems to identify vulnerabilities before malicious actors can exploit them. Practiced by sec...
An exploit is a piece of software, a command, or a sequence of commands that takes advantage of a vulnerability in software or hardware to execute unintended or...
Extended Detection and Response (XDR) is a security approach that integrates multiple security products into a cohesive system for improved threat detection, in...
The Federal Information Security Management Act (FISMA) is a U.S. law that requires federal agencies to develop, document, and implement an information security...
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that provides a standardized approach to security assessment, autho...
A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a bar...
Firmware security refers to the protection of the low-level software that controls hardware devices, ensuring that it is free from vulnerabilities and unauthori...
Forensic analysis is the process of collecting, preserving, and analyzing digital evidence to investigate cyber incidents and breaches. It aims to identify the ...
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that governs how organizations collect, store, and pr...
Governance, Risk Management, and Compliance (GRC) is a structured approach to aligning IT with business objectives while managing risk and meeting compliance re...
Group Policy is a feature of Microsoft Windows that allows IT administrators to manage and configure operating system settings, applications, and user permissio...
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that establishes national standards for the protection of sensitive patient health...
HTTPS (HyperText Transfer Protocol Secure) is an extension of HTTP that uses encryption to secure data transmitted between a web server and a browser. It ensure...
Hardening refers to the process of securing a system by reducing its surface of vulnerability. This is achieved through various measures, such as disabling unne...
A hash function is a mathematical algorithm that transforms input data into a fixed-size string of characters, which is typically a digest that represents the o...
A honeypot is a cybersecurity mechanism designed to lure attackers by simulating vulnerable systems. It collects information on attack methods and helps organiz...
Identity and Access Management (IAM) refers to a framework of policies and technologies that ensure the right individuals have appropriate access to technology ...
Industrial Control Systems (ICS) Security involves protecting critical infrastructure systems that manage industrial processes. It focuses on securing hardware ...
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are security technologies designed to detect and respond to network threats. IDS monito...
ISO 27001 is an international standard for information security management systems (ISMS), providing a framework for establishing, implementing, maintaining, an...
Incident Response is a structured approach to managing and mitigating the consequences of a cybersecurity incident. It encompasses preparation, detection, analy...
Information Security is the practice of protecting information from unauthorized access, disclosure, alteration, and destruction. It encompasses various strateg...
An insider threat refers to a security risk that originates from within an organization, typically involving employees or contractors who misuse their access to...
IoT Security refers to the measures taken to protect Internet of Things (IoT) devices and networks from cyber threats. It encompasses securing devices, data tra...
Jailbreaking is the process of removing software restrictions imposed by an operating system, typically on mobile devices. This allows users to install unauthor...
Kerberos is a network authentication protocol designed to provide secure authentication for users and services in a distributed environment. It uses tickets to ...
Key Management refers to the processes and technologies used to create, store, distribute, and revoke cryptographic keys. It is essential for maintaining the se...
A keylogger is a type of surveillance software or hardware that records keystrokes made on a keyboard. It is often used maliciously to capture sensitive informa...
Lateral Movement refers to the techniques used by cyber attackers to move within a network after gaining initial access. It allows them to explore and exploit a...
Least Privilege is a security principle that restricts user access rights to the minimum necessary to perform their job functions. This minimizes the risk of un...
Log Management involves the collection, storage, analysis, and monitoring of log data generated by systems and applications. It is crucial for detecting securit...
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to a resource, enhancin...
MITRE ATT&CK is a comprehensive framework that catalogs adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It serves as a va...
MQTT Security refers to the measures taken to secure the MQTT (Message Queuing Telemetry Transport) protocol, which is widely used in Internet of Things (IoT) a...
Malware, or malicious software, refers to any software intentionally designed to cause damage to a computer, server, client, or network. It includes viruses, wo...
Managed Detection and Response (MDR) is a cybersecurity service that provides organizations with threat detection, incident response, and continuous monitoring ...
Mobile Security refers to the protection of smartphones, tablets, and other mobile devices from threats such as malware, data breaches, and unauthorized access....
Network Access Control (NAC) is a security solution that enforces policies for devices accessing a network, ensuring compliance with security standards and prev...
Network Detection and Response (NDR) is a security solution that monitors network traffic for suspicious activities and threats, enabling organizations to detec...
NIST Special Publication 800-53 provides a catalog of security and privacy controls for federal information systems and organizations to protect against cyberse...
The NIST Cybersecurity Framework (CSF) is a voluntary framework that provides organizations with a structured approach to managing cybersecurity risks, based on...
Network Security encompasses the policies, practices, and technologies designed to protect the integrity, confidentiality, and availability of computer networks...
OAuth is an open standard for access delegation, commonly used as a way to grant websites or applications limited access to user information without exposing pa...
Operational Technology (OT) Security involves the protection of hardware and software systems that detect or control physical devices, processes, and events in ...
The Open Web Application Security Project (OWASP) is a nonprofit organization focused on improving the security of software through community-driven open-source...
Privileged Access Management (PAM) refers to the processes and tools used to secure, control, and monitor access to an organization's critical systems and sensi...
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies accepting, processing, or storin...
Public Key Infrastructure (PKI) is a framework that enables secure communications and transactions over networks by using cryptographic key pairs for encryption...
Patch management is the process of identifying, acquiring, installing, and verifying patches for software applications and systems to fix vulnerabilities, impro...
Penetration testing is a simulated cyber attack against an organization's systems, networks, or applications to identify vulnerabilities that could be exploited...
Phishing is a cyber attack that typically involves tricking individuals into providing sensitive information, such as usernames, passwords, or credit card numbe...
Privilege escalation is a security vulnerability that allows an attacker to gain elevated access to resources that are normally protected from the user. This ca...
A Purple Team is a collaborative security team that integrates both Red Team (offensive) and Blue Team (defensive) strategies to enhance an organization's overa...
Quantum cryptography is an advanced method of securing data transmission using the principles of quantum mechanics. It offers theoretically unbreakable encrypti...
Remote Desktop Protocol (RDP) security refers to the measures and practices used to protect remote desktop connections from unauthorized access and cyber threat...
Ransomware is a type of malicious software that encrypts a victim's files or system, rendering them inaccessible until a ransom is paid to the attacker. It pose...
A Red Team is a group of security professionals who simulate real-world attacks on an organization’s systems to identify vulnerabilities and assess the effectiv...
Risk assessment is the process of identifying, analyzing, and evaluating potential risks that could negatively impact an organization’s operations and assets. I...
Risk management is the systematic process of identifying, assessing, and mitigating risks to minimize their impact on an organization. It involves developing st...
A rootkit is a collection of software tools that enables unauthorized access to a computer or network while concealing its presence. It allows attackers to main...
Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, particularly between an iden...
Secure Access Service Edge (SASE) is a network architecture that combines wide-area networking (WAN) capabilities with comprehensive security functions, deliver...
Supervisory Control and Data Acquisition (SCADA) systems are used for industrial control and monitoring processes. They gather real-time data from sensors and d...
Security Information and Event Management (SIEM) is a technology solution that aggregates and analyzes security data from across an organization’s IT infrastruc...
Security Orchestration, Automation, and Response (SOAR) refers to a set of technologies and processes that enable organizations to unify security tools and auto...
SOC 2 is a framework for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and priva...
SQL Injection is a code injection technique that exploits vulnerabilities in an application's software by inserting malicious SQL queries. This can allow attack...
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols designed to provide secure communication over a computer network. They...
Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with one set of credentials. It simplifies user experience w...
Security Awareness Training (SAT) is a program designed to educate employees about cybersecurity risks and best practices. It aims to cultivate a security-consc...
A Security Operations Center (SOC) is a centralized unit that monitors, detects, and responds to cybersecurity incidents in real-time. It typically consists of ...
Social engineering is a manipulation technique that exploits human psychology to gain confidential information or access to systems. It often involves deception...
Software Supply Chain Security refers to the practices and technologies employed to secure the entire software supply chain, from development to deployment. It ...
Spear phishing is a targeted attempt to steal sensitive information from a specific individual or organization, often for malicious reasons. It typically involv...
Threat hunting is a proactive cybersecurity practice involving the search for indicators of compromise within an organization’s network before they manifest int...
Threat intelligence refers to the collection, analysis, and dissemination of information regarding potential or current threats to an organization’s security. I...
Threat modeling is a systematic approach used to identify, assess, and prioritize potential threats to an organization's assets. It involves analyzing system ar...
Tokenization is the process of substituting sensitive data elements with non-sensitive equivalents, known as tokens, that retain certain essential information a...
Two-Factor Authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity. This adds an...
User and Entity Behavior Analytics (UEBA) is a cybersecurity approach that uses machine learning and advanced analytics to monitor user and entity behavior with...
Unified Threat Management (UTM) refers to a comprehensive security solution that integrates multiple security features and services into a single device or plat...
A Virtual Private Network (VPN) is a technology that creates a secure, encrypted connection over a less secure network, such as the Internet. VPNs are commonly ...
Vulnerability assessment is the systematic evaluation of an organization’s systems, networks, and applications to identify security weaknesses. This process hel...
Vulnerability management is the continuous process of identifying, evaluating, treating, and reporting vulnerabilities in an organization's systems and applicat...
Vulnerability scanning is an automated process that identifies security weaknesses in an organization’s systems, networks, and applications. This proactive meas...
A Web Application Firewall (WAF) is a security solution that monitors and filters HTTP traffic to and from a web application. WAFs protect applications from com...
Whaling is a type of phishing attack that specifically targets high-profile individuals within an organization, such as executives or senior management. These a...
Zero Trust Network Access (ZTNA) is a security model that requires strict identity verification for every person and device attempting to access resources on a ...
A Zero-Day vulnerability is a security flaw that is unknown to the software vendor or developer and has not yet been patched. These vulnerabilities are particul...
Zero Trust is a security model that operates on the principle of 'never trust, always verify.' It requires strict identity verification for every person and dev...