Vocab Flashcards
(677 cards)
1
Q
Acceptable Use Policy (AUP)
A
Policy governing an employees’ use of company equipment and Internet services.
ISPs may also apply AUPs to customers.
2
Q
Access Badge
A
Authentication mechanism allowing a user to present a smart card to operate an entry system.
3
Q
Access Control List (ACL)
A
Collection of access control entries (ACEs) determining which subjects are allowed or denied access to an object, with specified privileges.
4
Q
Access Control Vestibule
A
Secure entry system with two gateways, only one open at a time.
(ex. being the section in-between the external and internal doors at a bank)
5
Q
Access Point (AP)
A
Device connecting wireless devices and wired networks, implementing infrastructure mode WLAN.
6
Q
Account Lockout
A
Policy preventing account access after excessive failed authentication attempts.
7
Q
Account Policies
A
Rules governing user security information, such as password expiration and uniqueness.
8
Q
Accounting
A
A log resource of some sort that tracks what a user has done.
Alerts when unauthorized use is detected or attempted.
(What did you do)
9
Q
Acquisition/Procurement
A
Policies ensuring purchases and contracts are secure, authorized, and meet business goals.
10
Q
Active Reconnaissance
A
Penetration testing techniques interacting directly with target systems.
11
Q
Active Security Control
A
Detective and preventive security controls using agents or configurations to monitor hosts.
12
Q
Ad Hoc Network
A
A wireless network where connected devices communicate directly with one another.
13
Q
Address Resolution Protocol (ARP)
A
A broadcast mechanism matching a hardware MAC address to an IP address on a local network.
14
Q
Advanced Persistent Threat (APT)
A
Attacker’s ability to maintain and diversify access to network systems using exploits and malware.
15
Q
Adware
A
Software recording a user’s habits, often acknowledged by the user.
16
Q
AES Galois Counter Mode Protocol (GCMP)
A
High-performance symmetric encryption mode offering authenticated encryption with associated data (AEAD).
17
Q
Air-Gapped
A
Network isolation physically separating a host or network from others.
18
Q
Alert Tuning
A
Process of adjusting detection rules to reduce false positives and low-priority alerts.
19
Q
Algorithm
A
Operations that transform plaintext into ciphertext with cryptographic properties.
20
Q
Allow Listing
A
Security configuration denying access unless the entity is on an allow list.
21
Q
Amplification Attack
A
Network attack increasing bandwidth sent to a victim during a DDoS attack.
22
Q
Analysis
A
Incident response process assessing indicators for validity, impact, and category.
23
Q
Annualized Loss Expectancy (ALE)
A
Total annual cost of risk, calculated by multiplying SLE by ARO.
ARO X SLE = ALE
SLE (Single Loss Expectancy)
ARO (Annual Rate of Occurrence)
24
Q
Annualized Rate of Occurrence (ARO)
A
Probability of a risk occurring, expressed as occurrences per year.
25
Anomalous Behavior Recognition
Systems detecting deviations from expected behavior or encouraging employees to report abnormalities.
26
Antivirus
Tools inspecting traffic to locate and block viruses.
27
Antivirus Scan (A-V)
Software detecting and removing viruses and other malware like worms, Trojans, and rootkits.
28
Anything as a Service
The concept that most types of IT requirements can be deployed as a cloud service model.
29
Appliance Firewall
A standalone hardware device performing only firewall functions, embedded in the appliance's firmware.
30
Application Programming Interface (API)
Methods exposed by scripts or programs allowing other scripts or programs to use their functions, like accessing TCP/IP stack functions.
31
Application Virtualization
A software delivery model where code runs on a server and is streamed to a client.
32
Arbitrary Code Execution
A vulnerability enabling an attacker to run their code or exploit such vulnerabilities.
33
ARP Poisoning
A network attack redirecting an IP address to the MAC address of an unintended computer to perform various attacks.
34
Artificial Intelligence (AI)
The science of creating machines capable of developing problem-solving and analysis strategies without significant human intervention.
35
Asset
A thing of economic value, classified as tangible/intangible or short-term/long-term, and managed via asset management processes.
36
Asymmetric Algorithm
A cipher using mathematically linked public and private keys, such as RSA or ECC, where private keys can't be derived from public ones.
RSA (Rivest-Shamir-Adleman)
ECC (Elliptic Curve Cryptography)
37
Attack Surface
Points where external connections or inputs/outputs could allow a threat actor to exploit a network or application.
38
Attack Vector
A specific path used by a threat actor to gain unauthorized system access.
39
Attestation
The capability of an authenticator or cryptographic module to prove it's a trustworthy platform.
40
Attribute-Based Access Control (ABAC)
An access control method evaluating a subject's attributes to determine access rights.
41
Authentication
A process of validating an entity's or individual's unique credentials.
(Who are you)
42
Authentication, Authorization, and Accounting (AAA)
A security concept verifying identification, ensuring relevant permissions, and logging actions for audit trails.
43
Authentication Header
An IPSec protocol providing data origin authentication, integrity, and replay attack protection.
44
Authenticator
A PNAC switch or router that activates EAPoL and passes authentication data to a server, like a RADIUS server.
45
Authorized
A hacker performing authorized penetration testing or security consultancy.
46
Authorization
The process determining what rights and privileges an entity has.
(What are you able to do)
47
Availability
Ensuring systems operate continuously, and authorized persons can access necessary data.
48
Backdoor
A mechanism for gaining access to a computer while bypassing normal authentication methods.
49
Backup
A security copy of production data, made to removable media, with various types like full, incremental, and differential.
50
Backup Power Generator
A standby power supply fueled by diesel or propane that provides power during outages, requiring a UPS (Uninterruptible Power Supply) for transition.
51
Baseline Configuration
A collection of security and configuration settings applied to a system or network within an organization.
52
Behavior-Based Detection
A network monitoring system identifying abnormal changes in normal operating data sequences.
53
Biometric Authentication
An authentication mechanism using physical characteristics, like fingerprints or facial patterns, to verify identity.
54
Birthday Attack
A password attack exploiting weaknesses in encryption algorithms to find matching outputs for different inputs.
55
Blackmail
Demanding payment to prevent the release of sensitive or damaging information.
56
Block List
A security configuration that permits access unless explicitly prohibited by being listed.
57
Blockchain
A public ledger where transactional records are secured using cryptography, forming an expanding list.
58
Blocked Content
An indicator of malicious activity, shown in logs as unauthorized attempts to access data.
59
Bluejacking
Sending unsolicited messages or pictures via a Bluetooth connection.
60
Bluesnarfing
A wireless attack to gain unauthorized access to data using a Bluetooth connection.
61
Bollards
Sturdy posts designed to prevent unauthorized vehicle access and ram-raiding attacks.
62
Botnet
A group of infected devices controlled by attackers to perform malicious activities.
63
Bring Your Own Device (BYOD)
A framework enabling secure use of personal devices for accessing corporate data and networks.
64
Brute Force Attack
A password attack trying all possible combinations to crack encrypted passwords.
65
Buffer Overflow
An attack causing data to exceed its buffer boundary, corrupting memory and potentially enabling arbitrary code execution.
66
Bug Bounty
A reward program encouraging individuals to report vulnerabilities in software or web services.
67
Business Continuity (BC)
Processes ensuring an organization maintains normal operations during adverse events.
68
Business Email Compromise (BEC)
An impersonation attack where an attacker uses a compromised employee account for fraudulent actions.
69
Business Impact Analysis (BIA)
Identifying organizational risks and their effects on mission-critical operations.
70
Business Partnership Agreement (BPA)
An agreement between companies to collaborate closely, such as IT partnerships with resellers.
71
Cable Lock
A physical device securing equipment against theft, often with additional lockable faceplates for extra protection.
72
Caching Engine
A proxy server feature retaining copies of frequently requested web pages to improve access speed.
73
Call List
A document listing authorized contacts for notification during security incidents.
74
Canonicalization Attack
An attack encoding input characters to bypass vulnerable input validation measures.
75
Capacity Planning
Estimating future requirements for personnel, hardware, software, and other IT resources.
76
Card Cloning
Creating a duplicate of a contactless access card.
77
Cellular
Data standards over cellular networks, ranging from 2G (48 Kb/s) to 5G (300 Mb/s) under LTE standards.
78
Centralized Computing Architecture
A model where all data processing and storage are performed in a single location.
79
Certificate Chaining
Validating a certificate by tracing its chain of trust back to the root CA (Certificate Authority).
80
Certificate Revocation List (CRL)
A list of certificates revoked before their expiration date.
81
Certificate Signing Request (CSR)
A Base64 ASCII file sent by a subject to a CA (Certificate Authority) to obtain a certificate.
82
Certification
An asset disposal process using third-party data sanitization or destruction, with documented proof.
83
Chain of Custody
A record tracking the handling of evidence from collection to disposal.
84
Change Control
The process of documenting and approving necessary changes in an organization.
85
Change Management
The process of implementing changes to information systems as part of an organization's configuration management efforts.
86
Chief Information Officer (CIO)
Company officer responsible for managing information technology assets and procedures.
87
Chief Security Officer (CSO)
The person responsible for information assurance and systems security, often referred to as Chief Information Security Officer (CISO).
88
Chief Technology Officer (CTO)
Company officer focusing on effective use of new and emerging computing platforms and innovations.
89
chmod Command
Linux command used to manage file permissions.
90
Choose Your Own Device (CYOD)
A provisioning model where employees select from corporate devices for work and optional private use.
91
CIA Triad
Three principles of security: Confidentiality, Integrity, and Availability; also called the information security triad.
92
Cipher Suite
Lists of cryptographic algorithms used by a server and client to negotiate a secure connection.
93
Ciphertext
Data that has been enciphered and cannot be read without the appropriate cipher key.
94
Clean Desk Policy
Policy mandating employee work areas remain free of sensitive information to prevent unauthorized access.
95
Cloning
Process of quickly duplicating a virtual machine's configuration for immediate use.
96
Closed/Proprietary
Software or research remaining the developer's property and used under specific license conditions.
97
Cloud Computing
Computing architecture offering on-demand resources billed to customers based on metered use.
98
Cloud Deployment Model
Classification of cloud ownership/management as public, private, community, or hybrid.
99
Cloud Service Model
Classification of cloud services, such as software, platform, or infrastructure, defining provider responsibility limits.
100
Cloud Service Provider (CSP)
Organization offering infrastructure, application, and/or storage services via subscription-based cloud solutions.
101
Clustering
A load balancing technique where multiple servers work together as a unit to provide network services.
102
Code of Conduct
Ethical standards outlining professional behavior, such as honesty and fairness, for employees or professions.
103
Code Signing
Using digital signatures to ensure the source and integrity of programming code.
104
Cold Site
A predetermined alternate location for rebuilding a network after a disaster.
105
Collision
In cryptography, two different plaintext inputs producing identical ciphertext output.
106
Command and Control (C2)
Infrastructure of hosts/services attackers use to control malware over botnets.
107
Command Injection
An attack allowing a threat actor to execute arbitrary shell commands via a vulnerable web application.
108
Common Name (CN)
An X500 attribute identifying a host or user, often used as a digital certificate's subject identifier.
109
Common Vulnerabilities and Exposures (CVE)
A scheme identifying vulnerabilities, developed by MITRE and adopted by NIST.
110
Common Vulnerability Scoring System (CVSS)
A system quantifying vulnerability risk and assessing its impact on different systems.
111
Community Cloud
A cloud deployed for shared use by cooperating tenants.
112
Compensating Control
A security measure mitigating risk when a primary control fails or underperforms.
113
Compute
Processing, memory, storage, and networking resources enabling hosts or appliances to handle workloads.
114
Computer Incident Response Team (CIRT)
A team responsible for incident response, with expertise across business domains like IT, HR, and legal.
115
Computer-Based Training (CBT)
Training programs delivered via computer devices and e-learning platforms.
116
Concurrent Session Usage
Indicator of possible malicious activity where an account initiates multiple sessions on one or more hosts.
117
Confidentiality
The security goal of keeping information private and protected from unauthorized access.
118
Configuration Baseline
Settings for services and policy configurations specific to network appliances or server roles.
119
Configuration Management
Process maintaining controlled and compliant states of information system components.
120
Conflict of Interest
When investments or obligations compromise an individual or organization's objectivity or impartiality.
121
Containerization
OS virtualization deployment containing everything needed to run a service or application.
122
Containment
Incident response process constraining affected systems using isolation, segmentation, and quarantine.
123
Continuity of Operations Plan (COOP)
Plan ensuring processing redundancy to support workflows during disruptions.
124
Control Plane
Functions defining policy and determining access decisions in zero trust architecture.
125
Cookie
A text file storing information about a user's visit to a website, often supporting user sessions.
126
Corporate Owned, Business Only (COBO)
A provisioning model where devices are company-owned, and personal use is prohibited.
127
Corporate Owned, Personally Enabled (COPE)
A provisioning model where devices are company-owned but allow certain personal use.
128
Corrective Control
A security measure acting after an incident to minimize or eliminate its impact.
129
Correlation
Log analysis function linking data to identify patterns logged or alerted as events.
130
Covert Channel
An attack subverting network security to transfer data without authorization or detection.
131
Credential Harvesting
Social engineering techniques for gathering valid credentials to gain unauthorized access.
132
Credential Replay
An attack using a captured authentication token to start an unauthorized session without needing the plaintext password.
133
Credentialed Scan
A scan using credentials (e.g., usernames/passwords) to provide a deeper vulnerability audit with more detailed results.
134
Crossover Error Rate (CER)
Biometric evaluation factor indicating the point at which False Acceptance Rate (FAR) and False Rejection Rate (FRR) are equal, with a low CER signaling better performance.
135
Cross-Site Request Forgery (CSRF)
A malicious script hosted on an attacker's site exploiting a session on another site in the same browser.
136
Cross-Site Scripting (XSS)
A malicious script injected into a trusted site or link, compromising clients and bypassing browser security zones.
137
Cryptanalysis
The science, art, and practice of breaking codes and ciphers.
138
Cryptographic Primitive
A single hash function, symmetric cipher, or asymmetric cipher.
139
Cryptography
The science and practice of altering data to make it unintelligible to unauthorized parties.
140
Cryptominer
Malware that hijacks computer resources to generate cryptocurrency.
141
Cyber Threat Intelligence (CTI)
The process of gathering, analyzing, and disseminating information about emerging threats and sources.
142
Cybersecurity Framework (CSF)
Standards, best practices, and guidelines for effective security risk management, general or industry-specific.
143
Dark Web
Internet resources anonymized and encrypted for privacy, inaccessible through standard web browsers.
144
Dashboard
A console presenting information in an easily digestible format, often using visualizations.
145
Data Acquisition
Creating a forensically sound copy of data from a source device in digital forensics.
146
Data at Rest
Information stored on specific media rather than being transmitted or processed.
147
Data Breach
Unauthorized access, copying, or modification of confidential data, often requiring notifications and reporting.
148
Data Classification
Applying confidentiality and privacy labels to information.
149
Data Controller
The entity determining why and how personal data is collected, stored, and used, per privacy regulations.
150
Data Custodian
Individual managing systems storing data assets, ensuring access control, encryption, and backups.
151
Data Exfiltration
The process of an attacker moving stored data from a private network to an external network.
152
Data Exposure
A vulnerability enabling unauthorized access to confidential or sensitive data in a file system or database.
153
Data Historian
Software aggregating and cataloging data from industrial control system sources.
154
Data in Transit
Information being transmitted between hosts over private networks or the Internet.
155
Data in Use
Information present in volatile memory, such as system memory or cache.
156
Data Inventory
A list of classified data or information stored or processed by a system.
157
Data Loss Prevention (DLP)
Software detecting and preventing sensitive information storage/transmission on unauthorized systems or networks.
158
Data Masking
A de-identification method substituting placeholders for real data while retaining its structure or format.
159
Data Owner
Senior role responsible for maintaining confidentiality, integrity, and availability of an information asset.
160
Data Plane
Functions enforcing policy decisions configured in the control plane and facilitating data transfers.
161
Data Processor
Entity trusted with personal data to perform storage/analysis on behalf of the data controller, under privacy laws.
162
Data Retention
Maintaining control over data to comply with business policies or legal regulations.
163
Data Subject
An individual identified by privacy data.
164
Database Encryption
Encrypting data at the table, field, or record level via a database management system.
165
dd Command
A Linux command creating bit-by-bit copies of input files, often for disk imaging.
166
Decentralized Computing Architecture
A model distributing data processing/storage across multiple locations or devices.
167
Deception and Disruption
Tools/techniques increasing the cost of attack planning for threat actors.
168
Deduplication
Removing duplicate copies of data; in SIEM, eliminating redundant information from monitored systems.
169
Defense in Depth
Security strategy layering diverse controls to enhance overall protection beyond just perimeter controls.
170
Defensive Penetration Testing
The defensive team's role in penetration tests or incident response exercises.
171
Denial of Service Attack (DoS)
Any attack affecting the availability of a managed resource.
172
Dependencies
Resources/services required for another service to start or operate.
173
Deprovisioning
Removing an account, host, or application from production, revoking any assigned privileges.
174
Destruction
Disposing of assets by rendering data remnants physically inaccessible via degaussing, shredding, or incineration.
175
Detectability
Likelihood of detecting a risk occurrence before it impacts processes, projects, or users.
176
Detection
Incident response process correlating event data to determine potential indicators of an incident.
177
Detective Control
A security control identifying or recording an incident as it happens.
178
Device Placement
Positioning security controls to protect network zones and hosts, supporting defense in depth.
179
DevSecOps
Integrating software development, security, and operations practices to enhance overall effectiveness.
180
Dictionary Attack
Password attack comparing encrypted passwords against a list of possible values.
181
Diffie-Hellman (DH)
A cryptographic technique for secure key exchange.
182
Digital Certificate
X.509 format identification/authentication issued by a CA to validate a key pair's authenticity for a subject.
183
Digital Signature
Message digest encrypted using a sender's private key to authenticate the sender and ensure message integrity.
184
Directive Control
A control enforcing behavior through policies or contracts.
185
Directory Service
A network service storing identity information about users, groups, servers, and more.
186
Directory Traversal
An attack exploiting web application vulnerabilities to access unauthorized files or directories.
187
Disassociation Attack
Spoofing frames to disconnect wireless stations and obtain authentication data.
188
Disaster Recovery (DR)
A documented plan outlining actions and responsibilities during critical incidents.
189
Discretionary Access Control (DAC)
An access control model where the resource owner manages access using an access control list (ACL).
190
Disinformation
An attack falsifying normally trusted information resources.
191
Disposal/Decommissioning
Policies and procedures for removing devices/software from production networks and disposing of them through sale, donation, or waste.
192
Distinguished Name (DN)
A collection of attributes defining a unique identifier for a resource within an X.500-like directory.
193
Distributed Denial-of-Service (DDoS)
An attack using infected devices to overwhelm a target with traffic, disrupting normal server or service operations.
194
Distributed Reflected DoS (DRDoS)
A malicious request sent to a legitimate server that exploits server-side flaws to execute on a victim's browser.
195
DNS Poisoning
An attack injecting false resource records into caches, redirecting domain names to attacker-chosen IP addresses.
196
DNS Sinkhole
A temporary DNS record redirecting malicious traffic to a controlled IP address.
197
Document Object Model (DOM)
Client-side JavaScript implementation targeted by attackers to execute malicious scripts on web apps.
198
Domain Name System Security Extensions (DNSSEC)
A protocol providing DNS data authentication and integrity verification.
199
Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
Framework ensuring proper SPF and DKIM application, with policies published as DNS records.
200
DomainKeys Identified Mail (DKIM)
Cryptographic mail authentication using a public key published as a DNS record.
201
Downgrade Attack
A cryptographic attack exploiting backward compatibility to force plaintext communication instead of encryption.
202
Due Diligence
Legal principle requiring reasonable care and best practices in system setup, configuration, and maintenance.
203
Due Process
Legal term ensuring crimes are prosecuted through fair application of the law.
204
Dump File
A file containing data captured from system memory.
205
Dynamic Analysis
Software testing during runtime to identify potential security, performance, or functional issues.
206
E-Discovery
Procedures and tools for collecting, preserving, and analyzing digital evidence.
207
Embedded System
A dedicated-function electronic system, such as a microcontroller in a medical device or control system.
208
Encapsulating Security Payload (ESP)
IPSec sub-protocol enabling encryption and authentication of data packet headers and payloads.
209
Encryption
Scrambling data to prevent unauthorized access, often using ciphers and keys for secure storage or transmission.
210
Encryption Level
Data-at-rest encryption granularity, ranging from fine-grained (file/row) to broad (disk/database).
211
Endpoint Detection and Response (EDR)
Software collecting logs and system data for early detection of threats through monitoring systems.
212
Endpoint Log
Logs of security-related events generated by host-based malware/intrusion detection agents.
213
Enterprise Authentication
Wireless network mode passing credentials to an AAA server for verification.
214
Enterprise Risk Management (ERM)
Comprehensive process of evaluating, measuring, and mitigating organizational risks.
215
Environmental Attack
Physical threat targeting power, cooling, or fire suppression systems.
216
Environmental Variables
Metrics influencing risk levels based on local network or host configurations.
217
Ephemeral Key
A cryptographic key used only within the context of a single session.
218
Eradication
Incident response process removing malicious tools and configurations from hosts and networks.
219
Escalation
Process of involving senior or expert staff for support or incident management.
220
Escrow
Backup key storage with a trusted third party for key management.
221
Event Viewer
Windows console for viewing and exporting event data in the Windows logging format.
222
Evil Twin
A fake wireless access point tricking users into believing it is legitimate.
223
Exception Handling
The way applications respond to unexpected errors, potentially creating security vulnerabilities.
224
Exposure Factor (EF)
Percentage of an asset's value lost during a security incident or disaster.
225
Extensible Authentication Protocol (EAP)
Framework enabling authentication methods using hardware-based identifiers like smart cards or fingerprints.
226
Extensible Authentication Protocol over LAN (EAPoL)
PNAC mechanism enabling EAP authentication when connecting to an Ethernet switch.
227
eXtensible Markup Language (XML)
A document structuring system using tags to make information human- and machine-readable.
228
Extortion
Cyber extortion involves using digital means to extort money from individuals or organizations by threatening to release compromising information or damage their systems if a ransom isn't paid.
229
Factors in Authentication
Technologies implementing authentication, categorized as something you know, have, or are.
230
Fail-Closed
Security configuration blocking resource access when a failure occurs.
231
Fail-Open
Security configuration ensuring continued resource access during a failure.
232
Failover
Redundant component taking over failed asset functionality.
233
Fake Telemetry
Deception strategy returning spoofed data to network probes.
234
False Acceptance Rate (FAR)
Biometric metric measuring unauthorized users mistakenly granted access.
235
False Negative
A case not reported by security scanning when it should be.
236
False Positive
A case reported by security scanning when it should not be.
237
False Rejection Rate (FRR)
Biometric metric measuring valid users mistakenly denied access.
238
Fault Tolerance
Protection against system failure by providing redundant capacity and eliminating single points of failure.
239
Federation
A shared login capability connecting identity management services across multiple systems.
240
Fencing
A physical security barrier preventing unauthorized access to a site perimeter.
241
File Integrity Monitoring (FIM)
Software reviewing system files to ensure they haven't been tampered with.
242
File Transfer Protocol (FTP)
Protocol for transferring files between hosts, with variants like Secure FTP and FTPS.
243
Financial Data
Information about bank accounts, investments, payroll, and taxes.
244
Firewall Log
Logs related to configured access rules for monitoring network security.
245
First Responder
The initial experienced individual or team arriving at an incident scene.
246
Forensics
Gathering and submitting computer evidence while ensuring it hasn't been tampered with.
247
Forgery Attack
Exploiting weak authentication to perform requests via hijacked sessions.
248
Fraud
Falsifying records, such as tampering with accounts in internal fraud.
249
FTPS
A type of FTP using TLS for confidentiality.
250
Full Disk Encryption (FDE)
Encrypting all data on a disk, including system files, temporary files, and the pagefile, using OS support, third-party software, or controller-level encryption.
251
Gap Analysis
Assessing the difference between current and desired states to determine project scope.
252
Geofencing
A security control enforcing virtual boundaries based on real-world geography.
253
Geographic Dispersion
A resiliency mechanism replicating data and processing resources between distant sites.
254
Geolocation
Identifying or estimating an object's physical location, such as a mobile device or Internet-connected system.
255
Global Positioning System (GPS)
Technology determining a receiver's location based on information from orbital satellites.
256
Governance
Creating and monitoring policies to manage assets and ensure compliance with regulations and legislation.
257
Governance Board
Senior executives and external stakeholders responsible for setting strategy and ensuring compliance.
258
Governance Committee
Leaders and subject matter experts defining policies, procedures, and standards within specific domains.
259
Group Account
A collection of user accounts simplifying file permissions and user rights for groups requiring the same access level.
260
Group Policy Object (GPO)
A Windows domain method for deploying settings like password policy, account restrictions, and firewall status.
261
Guidelines
Best practice recommendations for configuration items where strict policies are impractical.
262
Hacker
An individual who explores or breaks into computer systems; ethical hackers aim to improve security.
263
Hacktivist
A threat actor motivated by social or political causes.
264
Hard Authentication Token
Authentication token generated on hardware devices implementing an ownership factor in multifactor authentication.
265
Hardening
Hardening
266
Hash-Based Message Authentication Code (HMAC)
Method verifying message integrity and authenticity using a cryptographic hash and secret key.
267
Hashing
Converting an input of any length into a fixed-length output using a cryptographic function minimizing collisions.
268
Health Insurance Portability and Accountability Act (HIPAA)
US law protecting the storage, transmission, and access of personal healthcare data.
269
Heat Map
A diagram showing Wi-Fi signal strength and channel utilization at various locations.
270
Heat Map Risk Matrix
Graphical table assessing risk likelihood and impact for workflows, projects, or departments.
271
Heuristic
A method using feature comparisons instead of signature matching to identify malicious behavior.
272
High Availability (HA)
A metric assessing systems' ability to ensure nearly continuous data availability with strong performance.
273
Honeypot
A system, file, or credential designed to lure attackers, gather intel, and protect actual assets.
274
Horizontal Privilege Escalation
A user accessing or modifying resources they are not entitled to.
275
Host-Based Firewall
Software protecting a single host by controlling inbound and outbound network traffic.
276
Host-Based Intrusion Detection System (HIDS)
IDS monitoring a computer for drastic system state changes or unexpected behavior.
277
Host-Based Intrusion Prevention System (HIPS)
Endpoint protection detecting and preventing malicious activity via signature and heuristic matching.
278
Hot Site
A fully configured alternate processing site for rapid disaster recovery.
279
HTML5 VPN
Using HTML5 to implement browser-based VPN connections without requiring separate client software.
280
Human-Machine Interface (HMI)
Input/output controls on a PLC allowing users to configure and monitor systems.
281
Human-Readable Data
Information stored in formats accessible and understandable by humans, like documents or media files.
282
Hybrid Cloud
A cloud deployment combining private and public cloud elements.
283
Hybrid Password Attack
A password attack combining dictionary, rainbow table, and brute force methods.
284
Identification
Issuing a user account and credentials to the correct person, also called enrollment.
285
Identity and Access Management (IAM)
A security process for identification, authentication, and authorization of users and entities working with organizational assets.
286
Identity Provider
A service in a federated network holding user accounts and performing authentication.
287
IDS/IPS Log
Logs tracking event data from detection and prevention rules in IDS/IPS systems.
288
IEEE 802.1X
Standard encapsulating EAP over LAN or WLAN for port-based authentication.
289
Impact
The severity of risk if realized, based on asset value or financial implications.
290
Impersonation
Social engineering attack where attackers pose as someone they're not.
291
Implicit Deny
Principle denying access unless explicitly granted.
292
Impossible Travel
Potential malicious activity where authentication occurs from distant locations within a short timeframe.
293
Incident
An event interrupting operations or breaching security policy.
294
Incident Response Lifecycle
Procedures for handling security incidents: preparation, detection, analysis, containment, recovery, and lessons learned.
295
Incident Response Plan (IRP)
Specific procedures to execute when a particular type of event is detected.
296
Indicator of Compromise (IoC)
A sign that a system or network has been attacked or is under attack.
297
Indoor Positioning System (IPS)
Technology deriving device locations indoors via radio sources like Bluetooth or Wi-Fi.
298
Industrial Camouflage
Disguising buildings or parts of buildings to conceal their nature and purpose.
299
Industrial Control System (ICS)
Network managing embedded devices designed for dedicated functions.
300
Information Security Policies
Documents outlining requirements to protect technology and data from threats and misuse.
301
Information Sharing and Analysis Center (ISAC)
Not-for-profit group sharing sector-specific threat intelligence and best practices among members.
302
Information-Sharing Organization
Groups exchanging data on cybersecurity threats and vulnerabilities.
303
Infrastructure as a Service (IaaS)
Cloud service model provisioning virtual machines and network infrastructure.
304
Infrastructure as Code (IaC)
Using scripted automation and orchestration to deploy infrastructure resources.
305
Inherent Risk
Risk posed by an event without controls in place to mitigate it.
306
Injection Attack
Exploits weak request handling or input validation to run arbitrary code in a client browser or server.
307
Inline
Placement and configuration of a network security control within the cable path.
308
Input Validation
Ensures that data entered into an application field or variable is appropriately handled.
309
Integrated Penetration Testing
Combines various penetration testing methodologies to evaluate organizational security operations.
310
Integrity
Ensuring organizational information is accurate, error-free, and without unauthorized modifications.
311
Intelligence Fusion
Uses threat intelligence data to automate adversary IoC and TTP detection in threat hunting.
312
Intentional Threat
A threat actor with malicious intent or purpose.
313
Internal Threat
A system user causing incidents intentionally or unintentionally.
314
Internal/External Threats
Internal/External Threats
315
Internet Header
Record of email servers involved in transferring a message between sender and recipient.
316
Internet Key Exchange (IKE)
Framework for creating IPSec Security Associations (SAs) to establish trust and agree on secure protocols.
317
Internet Message Access Protocol (IMAP)
Application protocol for accessing and managing email on a remote server (IMAP4 uses TCP port 143, IMAPS uses 993).
318
Internet of Things (IoT)
Devices reporting state data and enabling remote management over IP networks.
319
Internet Protocol (IP)
TCP/IP suite protocol providing packet addressing and routing for higher-level protocols.
320
Internet Protocol Security (IPSec)
Suite securing data via authentication and encryption during transmission.
321
Internet Relay Chat (IRC)
Protocol for group communications, private messaging, and file sharing.
322
Intrusion Detection System (IDS)
Analyzes packet sniffer data to detect traffic violating policies or rules.
323
Intrusion Prevention System (IPS)
Combines detection capabilities with functions to actively block attacks.
324
IP Flow Information Export (IPFIX)
Standards-based implementation of the Netflow framework.
325
Isolation
Severely restricting communication paths to a specific device or system.
326
IT Infrastructure Library (ITIL)
IT best practice framework aligning IT Service Management (ITSM) with business needs.
327
Jailbreaking
Removes OS-specific restrictions, granting users greater control over a device.
328
JavaScript Object Notation (JSON)
Attribute-value pair file format that is human- and machine-readable.
329
Journaling
File system method recording changes not yet made to a file system in a journal.
330
Jump Server
Hardened server providing access to other hosts.
331
Kerberos
Single sign-on authentication/authorization service using a time-sensitive ticket-granting system.
332
Key Distribution Center (KDC)
Kerberos component authenticating users and issuing tickets (tokens).
333
Key Encryption Key (KEK)
Private key encrypting the symmetric bulk Media Encryption Key (MEK) in storage encryption.
334
Key Exchange
Transfers cryptographic keys to enable the use of encryption algorithms.
335
Key Length
The size of a cryptographic key in bits; longer keys generally offer better security.
336
Key Management System
PKI procedures/tools centralizing cryptographic key generation and storage.
337
Key Risk Indicator (KRI)
Identifies and analyzes emerging risks, enabling proactive changes to avoid issues.
338
Key Stretching
Strengthens weak input for cryptographic key generation against brute force attacks.
339
Keylogger
Malicious software or hardware recording user keystrokes.
340
Kill Chain
Model describing stages of progression leading to a network intrusion.
341
Lateral Movement
Attacker's movement from one part of a computing environment to another.
342
Layer 4 Firewall
Stateful inspection firewall monitoring TCP sessions and UDP traffic.
343
Layer 7 Firewall
Stateful firewall filtering traffic based on application protocol headers and data.
344
Least Privilege
Security principle of allocating the minimum necessary rights to perform a task.
345
Legal Data
Documents and records related to law, such as contracts, property, and regulatory filings.
346
Legal Hold
Preserves relevant information when litigation is anticipated.
347
Lessons Learned Report (LLR)
Provides insights on how to improve response and processes after an event.
348
Level of Sophistication/Capability
Classification of resources and expertise available to a threat actor.
349
Lighting
Ensures sufficient site illumination for safety and surveillance system functionality.
350
Lightweight Directory Access Protocol (LDAP)
Protocol for accessing network directory databases storing user, privilege, and organizational information.
351
Lightweight Directory Access Protocol Secure (LDAP Secure)
LDAP implementation using SSL/TLS encryption.
352
Likelihood
In qualitative risk analysis, the subjectively determined chance of an event occurring.
353
Listener/Collector
Network appliance gathering log and state data from other systems.
354
Load Balancer
Distributes client requests between resources for fault tolerance and improved throughput.
355
Log Aggregation
Parses log/security event data from multiple sources into a consistent, searchable format.
356
Log Data
Automatically logged OS/application events providing an audit trail and troubleshooting insights.
357
Logic Bomb
Malicious script or program triggered by specific conditions or events.
358
Logical Segmentation
Enforces network topology separating communication between segments.
359
Lure
Entices victims to interact with malware-concealing devices, documents, or images.
360
Machine Learning (ML)
AI component enabling machines to solve tasks based on labeled datasets without explicit instructions.
361
Malicious Process
Process executed without authorization to damage or compromise a system.
362
Malicious Update
Exploitable vulnerability in a software supply chain allowing threat actors to add malicious code.
363
Malware
Software serving a malicious purpose, typically installed without user consent or knowledge.
364
Mandatory Access Control (MAC)
Access control model protecting resources with inflexible, system-defined rules based on clearance levels.
365
Maneuver
In threat hunting, strategies where defenders or attackers use deception to gain advantage.
366
Master Service Agreement (MSA)
Contract establishing precedence and guidelines for business documents between two parties.
367
Maximum Tolerable Downtime (MTD)
Longest time a process can be inoperable without causing irreversible business failure.
368
Mean Time Between Failures (MTBF)
Metric predicting the expected time between failures for a device or component.
369
Mean Time to Repair/Replace/Recover (MTTR)
Metric measuring average time to repair, replace, or recover a failed device or component.
370
Media Access Control Filtering (MAC Filtering)
Access control method allowing only approved MAC addresses to connect to a switch or access point.
371
Memorandum of Agreement (MoA)
Legal document forming a cooperative agreement without requiring a formal contract.
372
Memorandum of Understanding (MoU)
Non-binding preliminary agreement expressing intent to collaborate.
373
Memory Injection
Vulnerability allowing malicious code to run with the same privileges as the exploited process.
374
Message Digest Algorithm v5 (MD5)
Cryptographic hash function producing a 128-bit output.
375
Metadata
Information stored as a property of an object, system state, or transaction.
376
Microservice
Independent, single-function module enabling frequent and reliable delivery of complex applications.
377
Missing Logs
Indicator of malicious activity when events or log files are tampered with or deleted.
378
Mission Essential Function (MEF)
Critical activity that cannot be deferred beyond a few hours.
379
Mobile Device Management (MDM)
Tools/processes tracking, controlling, and securing an organization's mobile devices.
380
Monitoring/Asset Tracking
Tools ensuring assets comply with baselines and haven't been tampered with or accessed unauthorizedly.
381
Multi-Cloud
Cloud deployment model using multiple public cloud services.
382
Multifactor Authentication (MFA)
Authentication scheme requiring at least two different factors, such as something you know, have, or are.
383
Nation-State Actor
Threat actor supported by the resources of a nation's military and security services.
384
National Institute of Standards and Technology (NIST)
Organization developing computer security standards and publishing cybersecurity best practices.
385
Near-Field Communication (NFC)
Two-way short-range communication standard for contactless payments and similar technologies.
386
NetFlow
Cisco-developed framework for reporting IP traffic flow information to a structured database.
387
Network Access Control (NAC)
Protocols and hardware authenticating and authorizing access to a network at the device level.
388
Network Attack
Attacks on network infrastructure, including reconnaissance, DoS, credential harvesting, and data exfiltration.
389
Network Behavior Anomaly Detection (NBAD)
Tool monitoring network packets for behavior anomalies based on known signatures.
390
Network Functions Virtualization (NFV)
Provisioning virtual network appliances (e.g., switches, routers) using VMs and containers.
391
Network Log
Logs capturing system and access events from appliances like switches or routers.
392
Network Monitoring
Auditing software collecting status/configuration data from network devices, often using SNMP.
393
Next-Generation Firewall (NGFW)
Advanced firewall features, like app awareness, user-based filtering, and intrusion prevention.
394
Non-Credentialed Scan
A scan using fewer permissions, often finding only missing patches or updates.
395
Nondisclosure Agreement (NDA)
Agreement ensuring confidentiality by prohibiting unauthorized information sharing.
396
Non-Human-Readable Data
Data requiring specialized processors to decode, unreadable by humans directly.
397
Non-Repudiation
Ensuring that the sender or creator of data cannot deny their association with it.
Ex. a log / audit history
398
Non-Transparent Proxy
Server redirecting requests/responses for clients configured with the proxy address and port.
399
NT LAN Manager Authentication (NTLM Authentication)
Microsoft's challenge-response authentication protocol.
400
Obfuscation
Hiding or camouflaging code or information to make it harder for unauthorized users to read.
401
Objective Probability
Mathematical measure of the likelihood of a risk occurring.
402
Offboarding
Process ensuring HR and other requirements are addressed when an employee leaves.
403
Offensive Penetration Testing
Simulated attacks or exercises to assess system security vulnerabilities.
404
Off-Site Backup
Backup stored in a separate physical location from the production system.
405
Onboarding
Process of integrating new employees, contractors, or suppliers into an organization.
406
One-Time Password (OTP)
Password valid for a single session, becoming invalid after use.
407
Online Certificate Status Protocol (OCSP)
Protocol allowing clients to check the revocation status of digital certificates.
408
On-Path Attack
Attack where a threat actor intercepts and potentially modifies traffic between victims.
409
On-Premises
Software or services installed on an organization's own infrastructure rather than the cloud.
410
On-Premises Network
Private network owned and operated by an organization for employee use only.
411
On-Site Backup
Backup stored in the same physical location as the production system.
412
Opal
Standards for implementing storage device encryption.
413
Open Authorization (OAuth)
Federated identity management standard allowing user account sharing between resource servers.
414
Open Public Ledger
Distributed public record underpinning blockchain transaction integrity.
415
Open-Source Intelligence (OSINT)
Publicly available information aggregated and searched using specialized tools.
416
Order of Volatility
Sequence for recovering volatile data after a security incident.
417
Organized Crime
Threat actors using hacking or fraud for commercial gain.
418
Out-of-Band Management (OOB)
Accessing administrative interfaces via separate networks or links, like VLANs or modems.
419
Out-of-Cycle Logging
Malicious activity indicator when event dates/timestamps are inconsistent.
420
Package Monitoring
Tools addressing vulnerabilities in third-party code, like libraries or dependencies.
421
Packet Analysis
Examines headers and payload data in captured network traffic.
422
Packet Filtering Firewall
Layer 3 firewall comparing packet headers against ACLs to filter traffic.
423
Parallel Processing Tests
Validating backup system functionality while primary systems remain operational.
424
Passive Reconnaissance
Techniques gathering intelligence without directly interacting with target systems.
425
Passive Security Control
Scan analyzing intercepted network traffic rather than actively probing.
426
Password Attack
Attempts to gain unauthorized access by compromising passwords.
427
Password Best Practices
Guidelines for secure password management, like length, complexity, and reuse.
428
Password Manager
Software suggesting and storing passwords to improve security.
429
Password Spraying
Testing multiple user accounts with common passwords in brute force attacks.
430
Passwordless
MFA using ownership and biometric factors, excluding knowledge factors.
431
Patch
A small unit of supplemental code addressing security problems or functionality flaws in software.
432
Patch Management
Identifying, testing, and deploying OS and application updates, classified as critical, recommended, or optional.
433
Payment Card Industry Data Security Standard (PCI DSS)
Security standard for organizations processing credit or bank card payments.
434
Penetration Testing
Security evaluation simulating attacks to test, bypass controls, and exploit vulnerabilities.
435
Percent Encoding
Encoding characters as hexadecimal values with a percent sign.
436
Perfect Forward Secrecy (PFS)
Ensures a compromised key only affects one session and does not expose other sessions' data.
437
Permissions
Security settings controlling access to files, folders, and resources.
438
Persistence (Load Balancing)
Maintains a client's connection with the same server during a session, also called sticky sessions.
439
Personal Area Network (PAN)
Short-range wireless network connecting personal devices like smartphones and printers.
440
Personal Identification Number (PIN)
A number used with devices like smart cards for authentication, known only to the user.
441
Pharming
Redirecting users to fake websites resembling legitimate ones to steal information.
442
Phishing
Email-based attack tricking users into revealing private information by impersonating trusted entities.
Often trying to get users to click malicious links.
443
Physical Attack
Attack targeting cabling, devices, or the physical environment hosting networks.
444
Physical Penetration Testing
Assessment evaluating physical site security systems.
445
Pivoting
Using a compromised host to launch attacks on other network points.
446
Platform as a Service (PaaS)
Cloud service model providing platforms for app and database development.
447
Playbook
A checklist of actions to detect and respond to specific incidents.
448
Pluggable Authentication Module (PAM)
Linux framework for implementing authentication providers.
449
Point-to-Point Tunneling Protocol (PPTP)
A VPN protocol now considered obsolete due to password cracking vulnerabilities.
450
Policy
Strictly enforceable rules guiding task completion.
451
Port Mirroring (SPAN)
Copies communication traffic from specific switch ports for monitoring purposes.
452
Post Office Protocol (POP)
Enables clients to download email from a server using TCP/110 or TCP/995 (secure).
453
Potentially Unwanted Program (PUP)
Software that may not be malicious but is often unwanted or unchosen by the user.
454
Power Distribution Unit (PDU)
Advanced socket strip offering filtered voltage and remote management in some models.
455
Power Failure
Complete loss of power within a building.
456
Preparation
Incident response stage hardening systems, defining policies, and establishing communication lines.
457
Pre-Shared Key (PSK)
Wireless authentication using a group passphrase-derived encryption key.
458
Pretexting
Social engineering tactic misleading a target with partial truths or falsehoods.
459
Preventive Control
Security measure acting before incidents to prevent or reduce attack success.
460
Private Cloud
Cloud infrastructure deployed exclusively for a single entity.
461
Private Key
Asymmetric encryption key known only to the holder, paired with a distributable public key.
462
Privilege Escalation
Exploiting system flaws to gain unauthorized higher-level access.
463
Privileged Access Management (PAM)
Policies and tools managing accounts with administrative privileges.
464
Probability
In quantitative risk analysis, the likelihood of an event, expressed as a percentage.
465
Procedure
Detailed instructions for task completion in compliance with policies and standards.
466
Project Stakeholder
Someone invested in or actively involved in a project's outcome.
467
Proprietary Information
Organization-created information about products or services.
468
Provenance
In digital forensics, the ability to trace evidence back to its source and prove tamper-free handling.
469
Provisioning
Deploying accounts, hosts, or applications to a production environment with credentials and permissions.
470
Proximity Reader
Scanner reading data from RFID or NFC tags within range.
471
Proxy Server
Mediator server filtering and modifying client-server communications and providing caching.
472
Public Cloud
Cloud infrastructure shared by multiple independent tenants.
473
Public Key
Asymmetric encryption key freely distributed, used with its linked private key for secure communication.
474
Public Key Cryptography Standards (PKCS)
Standards defining certificate authorities and digital certificate use.
475
Public Key Infrastructure (PKI)
Framework of cryptographic components validating subject identities.
476
Qualitative Risk Analysis
Using logical reasoning to assess risks when numerical data isn't available.
477
Quantitative Risk Analysis
Numerical method evaluating risk probability and impact.
478
Questionnaires
Structured tools for vendor management enabling consistent risk analysis and comparison.
479
Race Condition
Software vulnerability arising from unintended execution order and timing of events.
480
Radio-Frequency ID (RFID)
Technology encoding data into passive tags read by radio waves from a reader.
481
Ransomware
Malware extorting victims by encrypting files or blocking computer access.
482
Reaction Time
Elapsed time between incident occurrence and response implementation.
483
Real-Time Operating System (RTOS)
OS prioritizing deterministic execution for time-critical tasks.
484
Reconnaissance
Gathering information about computer systems, software, and configurations.
485
Recovery
Incident response stage restoring systems to a secure baseline configuration.
486
Recovery Point Objective (RPO)
Longest acceptable period of unrecoverable data loss for an organization.
487
Recovery Time Objective (RTO)
Maximum time allowed to restore a system after a failure event.
488
Redundancy
Overprovisioning resources to enable failover to a working instance during a problem.
489
Regulated Data
Information with storage/handling compliance requirements defined by legislation or regulations.
490
Remote Access
Infrastructure/protocols enabling hosts to join local networks remotely or establish sessions over networks.
491
Remote Access Trojan (RAT)
Malware creating a backdoor for remote administration and control of infected hosts.
492
Remote Authentication Dial-in User Service (RADIUS)
AAA protocol managing remote and wireless authentication infrastructures.
493
Remote Code Execution (RCE)
Vulnerability allowing attackers to transmit and execute code on a target host.
494
Remote Desktop Protocol (RDP)
Protocol enabling remote graphical interface connections to hosts via TCP port 3389.
495
Replay Attack
Reusing intercepted authentication data to reestablish a session.
496
Replication
Automatically copying data between systems, either synchronously or asynchronously.
497
Reporting
Forensics process summarizing significant digital data using open and unbiased methods.
498
Representational State Transfer (REST)
Stateless architectural style for web app communication and integration.
499
Reputational Threat Intelligence
Reputational Threat Intelligence
500
Residual Risk
Risk remaining after implementing controls.
501
Resilience
System or network's ability to recover quickly from failures with minimal intervention.
502
Resource Consumption
Indicator of malicious activity when CPU, memory, or network usage deviates from norms.
503
Resource Inaccessibility
Indicator of malicious activity when files or services are unexpectedly unavailable.
504
Resources/Funding
Threat actors' capability to acquire personnel, tools, and develop attack methods.
505
Responsibility Matrix
Identifies security responsibilities shared between customers and cloud service providers.
506
Responsible Disclosure Program
Process enabling researchers to safely disclose vulnerabilities to developers.
507
Responsiveness
System's ability to process tasks within an acceptable timeframe.
508
Reverse Proxy
Proxy server protecting servers from direct client interactions.
509
Right to Be Forgotten
Privacy principle allowing data subjects to request data deletion.
510
Privacy principle allowing data subjects to request data deletion.
Likelihood and impact of a threat actor exploiting a vulnerability.
Vulnerability + Threat = Risk (Impact * Likelihood
511
Risk Acceptance
Decision that a risk is within acceptable limits, requiring no further countermeasures.
512
Risk Analysis
Process of qualifying or quantifying the likelihood and impact of risks.
513
Risk Appetite
Strategic assessment of acceptable residual risk levels for an organization.
514
Risk Assessment
Process of identifying, analyzing, and mitigating risks.
515
Risk Avoidance
Mitigation strategy ceasing activities presenting risks.
516
Risk Deterrence
Deploying controls to reduce the likelihood and impact of threat scenarios.
517
Risk Exception
Risk management accepting an alternate control to mitigate risk.
518
Risk Exemption
Acceptance of an unmitigated risk factor.
519
Risk Identification
Listing sources of risk due to threats and vulnerabilities.
520
Risk Management
Cyclical process of identifying, analyzing, and responding to risks.
521
Risk Mitigation
Reducing risks to fit within an organization's acceptable limits.
522
Risk Owner
Individual accountable for developing and implementing risk response strategies.
523
Risk Register
Document summarizing risk assessments, often in an easily comprehensible grid format.
524
Risk Reporting
Periodic summary of risks, their impact, and their relevance to the organization.
525
Risk Threshold
Boundary separating acceptable and unacceptable risk levels.
526
Risk Tolerance
Threshold defining acceptable levels of risk.
527
Risk Transference
Sharing responsibility for risk with another entity, e.g., through insurance.
528
Role-Based Access Control (RBAC)
Access control assigning permissions based on job roles.
529
Root Cause Analysis
Technique identifying the true cause of problems to prevent recurrence.
530
Root Certificate Authority
PKI CA issuing certificates to intermediate CAs in a hierarchy.
531
Rooting
Gaining superuser-level access to Android-based devices.
532
Router Firewall
Router with built-in firewall functionality embedded in its firmware.
533
Rule-Based Access Control
Access control enforcing least privilege through operational rules.
534
Rules of Engagement (ROE)
Defines execution constraints and guidelines for penetration tests.
535
Salt
Countermeasure adding random values to inputs to mitigate precomputed hash attacks.
536
Sandbox
Isolated environment for safely analyzing malware or faulty software without affecting the host.
537
Sanitization
Thoroughly removing data from storage media to prevent recovery.
538
Sarbanes-Oxley Act (SOX)
U.S. law requiring proper storage and retention of financial and business operation documents.
539
Scalability
Property enabling computing environments to adapt to increasing resource demands.
540
Screened Subnet
Private network segment isolated by firewalls, accepting designated Internet connections.
541
Secure Access Service Edge (SASE)
Networking and security architecture combining cloud security and network services like SD-WAN.
542
Secure Baseline
Configuration benchmarks ensuring devices/servers are maintained securely for their roles.
543
Secure Enclave
CPU extensions protecting memory-stored data from untrusted processes.
544
Secure File Transfer Protocol (SFTP)
FTP version using SSH tunnels for secure file management.
545
Secure Hash Algorithm (SHA)
Cryptographic hashing algorithm addressing weaknesses in MDA; current version is SHA-2.
546
Secure Shell (SSH)
Protocol supporting secure tunneling, remote terminal emulation, and file copy over TCP port 22.
547
Security Assertion Markup Language (SAML)
XML-based format used to exchange authentication information between a client and a service.
548
Security Content Automation Protocol (SCAP)
NIST framework for automating vulnerability scanning using accepted practices.
549
Security Control
Technology or procedure ensuring confidentiality, integrity, and availability while mitigating risks.
550
Security Identifier (SID)
Value assigned by Windows to identify an account.
551
Security Information and Event Management (SIEM)
Provides near-real-time analysis of security alerts from network hardware and applications.
552
Security Key
Portable hardware security module (HSM) used for multifactor authentication, interfacing via USB or NFC.
553
Security Log
Logs access control events like user authentication and privilege use.
554
Security Zone
Network area or physical barrier with a unified security configuration.
555
Security-Enhanced Linux (SELinux)
CentOS/Red Hat default context-based permissions scheme.
556
Selection of Effective Controls
Choosing security controls to meet CIA goals and compliance requirements.
557
Self-Encrypting Drive (SED)
Disk drive with an automatic encryption controller.
558
Self-Signed Certificate
Digital certificate signed by the entity that issued it, not a CA.
559
Sender Policy Framework (SPF)
DNS record identifying authorized mail-sending hosts for a domain.
560
Sensor
Monitors network frames using mirror ports or TAP devices.
561
Sensor (Alarms)
Alarm component detecting entry via thermal, ultrasonic, or pressure changes.
562
Serverless
Architecture running functions in cloud containers instead of on dedicated servers.
563
Serverless Computing
Offloads server management to cloud providers for simplified operations.
564
Server-Side
Web app processes input data via server-side scripts.
565
Server-Side Request Forgery (SSRF)
Attack exploiting server-trusted resource access.
566
Service Disruption
Attack compromising asset or process availability.
567
Service Level Agreement (SLA)
Agreement setting expectations between a consumer and provider.
568
Service Set Identifier (SSID)
String identifying a wireless LAN.
569
Session Affinity
Load balancer scheduling approach maintaining client-server connection during a session.
570
Shadow IT
Unauthorized hardware, software, or services on a private network.
571
Shellcode
Lightweight malicious code exploiting vulnerabilities for system access.
572
Sideloading
Installing apps on mobile devices without using an app store.
573
Signature-Based Detection
Monitoring system detecting unacceptable events using predefined rules.
574
Simple Mail Transfer Protocol (SMTP)
Protocol sending email between hosts, using TCP/25 or secure TCP/587.
575
Simple Network Management Protocol (SNMP)
Protocol monitoring/managing network devices, using UDP/161 and UDP/162.
576
Simple Object Access Protocol (SOAP)
XML-based protocol exchanging web service messages.
577
Simulation (Testing)
Testing replicating real-world disaster or security incident conditions.
577
Simultaneous Authentication of Equals (SAE)
WPA3 Wi-Fi authentication addressing WPA-PSK vulnerabilities.
578
Single Loss Expectancy (SLE)
Amount lost in a single occurrence of a risk.
579
Single Point of Failure (SPoF)
Component/system whose failure interrupts service entirely.
580
Single Sign-On (SSO)
Authentication enabling users to log in once for multiple services.
581
Sinkhole
DoS mitigation redirecting traffic flooding a target to another network.
582
Site Survey
Documents location for building wireless infrastructure, identifying optimal placements and interference.
583
Skimming
Duplicating access card data onto a new card.
584
Smart Card
Authentication device storing private keys on an embedded cryptoprocessor.
585
SMiShing
Phishing using SMS to deceive victims into sharing information.
586
Snort
Open source NIDS requiring subscription for up-to-date threat rules.
586
Snapshot (Backup)
Full system, application, or disk copy used to restore at a specific time.
587
Social Engineering
Using deception to trick users into providing sensitive data or breaking security guidelines.
588
Soft Authentication Token
OTP sent to a number/email or generated by an app for two-step verification.
588
Software as a Service (SaaS)
Cloud service providing fully developed application services.
589
Software Bill of Materials (SBOM)
Inventory of third-party/open-source components in an application.
589
Software Composition Analysis (SCA)
Tools identifying third-party/open-source code in development/deployment.
590
Software Defined WAN (SD-WAN)
Services creating virtual tunnels/overlay networks via routing policies.
591
Software Development Life Cycle (SDLC)
Process governing software and system development phases.
592
Standard Configurations
Automation processes ensuring consistent deployment regardless of initial state.
592
Software-Defined Networking (SDN)
APIs/hardware enabling programmable network systems/appliances.
593
Spyware
Malicious software recording user/PC information, often installed covertly.
594
Standards
Expected outcomes for tasks performed following policies and procedures.
595
Structured Exception Handler (SEH)
Mechanism accounting for unexpected errors during code execution, reducing exploit risks.
595
Stateful Inspection
Firewall technique analyzing packets to the application layer for enhanced security.
595
State Table
Firewall-gathered session information between hosts.
595
Statement of Work (SOW)
A document defining expectations for a specific business arrangement.
595
Static Analysis
Reviewing uncompiled source code manually or with automated tools.
596
Steganography
Obscuring a message by embedding it within a file or other entity.
596
Structured Query Language Injection (SQL Injection)
Injecting database queries into server input to exploit application vulnerabilities.
597
Subject Alternative Name (SAN)
Digital certificate field allowing identification by multiple host names/subdomains.
598
Supervisory Control and Data Acquisition (SCADA)
Industrial control system managing large-scale, geographically dispersed devices and equipment.
599
Supplicant
Device requesting network access in EAP architecture.
600
Supply Chain
End-to-end process of supplying, manufacturing, and distributing goods/services to customers.
601
SYN Flood
DoS attack sending excessive SYN requests to exhaust server resources and block traffic.
602
Syslog
Event-logging protocol enabling appliances to transmit logs to central servers over UDP/514.
603
System Monitor
Software tracking system health using hardware-reported metrics to alert faults like high temperatures.
604
System/Process Audit
Comprehensive assessment covering supply chain, configuration, support, monitoring, and security factors.
605
Tabletop Exercise
Simulated discussions of emergency scenarios and security incidents.
606
Tactics, Techniques, and Procedures (TTP)
Historical analysis of cyberattacks and adversary actions.
607
Technical Debt
Costs of maintaining ineffective systems instead of implementing better-engineered solutions.
608
Temporal Key Integrity Protocol (TKIP)
WPA mechanism improving wireless encryption over WEP.
609
Test Access Point (TAP)
Hardware copying cable traffic frames for analysis.
610
Tethering
Sharing mobile device data with PCs or laptops over USB, Bluetooth, or Wi-Fi hotspots.
611
Third-Party CA
Public CA issuing certificates for multiple domains, trusted by operating systems/browsers.
612
Third-Party Risks
Vulnerabilities from supplier/customer dependencies in business relationships.
613
Threat
Potential for an entity to exploit vulnerabilities.
614
Threat Actor
Individual or entity responsible for security incidents or risks.
615
Threat Feed
Automated feed of signatures/patterns to analysis platforms for detecting threats.
616
Threat Hunting
Cybersecurity technique identifying undetected threats.
617
Ticket Granting Ticket (TGT)
Kerberos token granting access to authorized application servers.
618
Timeline
Forensics tool showing chronological file system events graphically.
619
Time-of-Check to Time-of-Use (TOCTOU)
Vulnerability arising from resource state changes between validation and use.
620
Time-of-Day Restrictions
Policies limiting resource access based on time.
621
Tokenization
Substituting unique tokens for real data to de-identify it.
622
Trade Secrets
Competitive intellectual property not registered as trademarks/patents.
623
Transparent Proxy
Proxy redirecting requests/responses without client configuration.
624
Transport Layer Security (TLS)
Protocol protecting communication with authentication and encryption.
625
Transport Layer Security VPN (TLS VPN)
VPN using digital certificates for secure network traffic tunnels.
626
Transport/Communication Encryption
Encryption applied to data in motion via protocols like WPA, IPsec, or TLS.
627
Trend Analysis
Detecting patterns in datasets to predict future or understand past events.
628
Trojan
Malicious software hidden within seemingly innocuous programs.
629
Trusted Platform Module (TPM)
Specification for secure hardware-stored encryption keys and user identification.
630
Tunneling
Encapsulating data for secure transfer over another network, like the Internet.
631
Typosquatting
Registering domains with common misspellings to redirect users to malicious sites.
632
Type-Safe Programming Language
Enforces strict type-checking to prevent vulnerabilities like memory-related attacks.
633
Under-Voltage Event
Long power sags causing computer malfunctions due to insufficient supplied power.
634
Unified Threat Management (UTM)
All-in-one security combining firewall, malware scanning, IDS, DLP, and more.
635
Uniform Resource Locator (URL)
Human-readable addressing scheme identifying resources in TCP/IP, like protocol://server/file.
636
Unintentional Insider Threat
Threat caused without malicious intent by actors exposing attack vectors.
637
Uninterruptible Power Supply (UPS)
Battery-powered device supplying power during outages.
638
Unsecure Network
Network with large attack surface, like open ports, weak/no authentication, or default credentials.
639
User and Entity Behavior Analytics (UEBA)
Automated system identifying suspicious activity by users or hosts.
640
Version Control
Managing project assets to ensure controlled changes.
641
Vertical Privilege Escalation
Attacker gaining higher-role privileges normally denied to them.
642
Video Surveillance
Physical security using cameras to monitor activity.
643
Virtual Local Area Network (VLAN)
Logical network segment isolating traffic despite physical connections.
644
Virtual Network Computing (VNC)
Protocol for remote access, forming the basis of macOS screen sharing.
645
Virtual Private Cloud (VPC)
Private cloud network segment for a single consumer on public infrastructure.
646
Virtual Private Network (VPN)
Secure tunnel between endpoints over an unsecure network like the Internet.
647
Virtualization
A computing environment allowing multiple independent operating systems to run simultaneously on one hardware platform.
648
Virus
Malicious code embedded in executable files, executed to deliver payloads or infect other files.
649
Vishing
Social engineering attack extracting information through phone calls or VoIP messages.
650
Visualization
Widget displaying records or metrics in a visual format, like graphs or tables.
651
Vulnerability
A weakness that can be accidentally triggered or exploited to cause a security breach.
652
Vulnerability Feed
Synchronizable data and scripts used for vulnerability checks, also called plug-ins or NVTs.
653
Vulnerability Scanner
Hardware or software scanning for known weaknesses in host OS or applications.
654
Warm Site
Dormant or noncritical processing location quickly convertible to key operations during emergencies.
655
Watering Hole Attack
Attacker targets groups by injecting malicious code into frequently visited websites.
656
Web Application Firewall (WAF)
Firewall protecting web server software and databases from injection and DoS attacks.
657
Web Filter
Software filtering Internet content requests like web, FTP, or instant messaging.
658
Wi-Fi Protected Access (WPA)
Standards for authenticating and encrypting access to Wi-Fi networks.
659
Wi-Fi Protected Setup (WPS)
Feature allowing wireless network enrollment using an eight-digit PIN.
660
Wildcard Domain
PKI certificate matching multiple subdomains of a parent domain.
661
Wired Equivalent Privacy (WEP)
Legacy mechanism for encrypting wireless data, replaced due to vulnerabilities.
662
Work Recovery Time (WRT)
Additional time after RTO for system reintegration and testing following restoration or upgrades.
663
Workforce Multiplier
Tools or automation enhancing employee productivity to complete more tasks efficiently.
664
Worm
Malware replicating in memory and spreading across network connections.
665
Write Blocker
Forensic tool preventing modification of data on target disks or media during analysis.
666
Zero Trust
Security paradigm requiring authentication for every request, including host-to-host or container-to-container.
667
Zero-Day
A vulnerability unpatched by developers or attacks exploiting such vulnerabilities.
