Methods used to restrict and manage who can view or use resources in a computing environment.
Antivirus
Software designed to detect, prevent, and remove malicious software (malware) from computers and networks.
Authentication
The process of verifying the identity of a user, device, or other entity in a computer system.
Advanced Persistent Threat (APT)
A prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period of time.
Adware
Software that automatically displays or downloads advertisements, often without the user's consent, and sometimes gathers user data.
Attack Surface
The total number of points where an unauthorized user can try to enter data to or extract data from an environment.
Authentication Token
A physical or digital item used to prove the identity of a user, such as a security key, smart card, or a generated code.
Backdoor
A hidden method for bypassing normal authentication or security controls to gain access to a system.
Botnet
A network of infected computers (bots) controlled by an attacker, often used to launch large-scale cyber attacks like Distributed Denial of Service (DDoS).
Brute Force Attack
A method used to gain access to accounts or systems by trying many combinations of passwords or encryption keys until the correct one is found.
Behavioral Analytics
Tools and techniques that analyze users' behavior patterns to detect abnormal activity that may indicate a security threat.
Black Hat
A term used to describe hackers who engage in malicious or illegal activities.
Bug Bounty
A program that rewards individuals for finding and reporting security vulnerabilities in software or systems.
Cryptography
The practice of securing information by converting it into a format that is unreadable to unauthorized users, often using encryption.
Certificate Authority (CA)
An organization that issues and manages digital certificates, which are used to verify the identity of websites and other entities on the internet.
Clickjacking
A technique used by attackers to trick users into clicking on something different from what they perceive, often to hijack actions or steal information.
Data Breach
An incident where sensitive, protected, or confidential data is accessed, used, or disclosed without authorization.
Distributed Denial of Service (DDoS)
An advanced form of DoS attack where multiple compromised devices are used to flood a target with traffic, making it difficult to defend against. Learn more
Data Encryption Standard (DES)
An older encryption algorithm that was widely used for secure data transmission but has been largely replaced by more secure methods.
Digital Signature
An electronic signature that verifies the authenticity and integrity of a digital message or document.
Domain Name System (DNS) Spoofing
An attack where DNS records are altered to redirect users to fraudulent websites without their knowledge.
Encryption
The process of converting data into a coded format that is unreadable to anyone who does not have the key to decode it.
Encryption Key
A piece of information, usually a string of characters, used by an encryption algorithm to transform plain text into ciphertext or vice versa.
Exploit
A piece of software, data, or sequence of commands that takes advantage of a vulnerability in a system to cause unintended behavior.
Firewall
A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
False Positive
An incorrect alert in a security system that indicates a threat when none actually exists.
Hashing
The process of converting data into a fixed-size string of characters, which is typically a hash value, used for verifying data integrity.
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.
Man-in-the-Middle (MitM) Attack
An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.
Multi-Factor Authentication (MFA)
A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity.
Patch Management
The process of managing software updates to fix vulnerabilities and improve functionality in a computer system or network.
Penetration Testing (Pen Testing)
A simulated cyber attack against your system to check for exploitable vulnerabilities.
Phishing
A type of social engineering attack where attackers impersonate legitimate entities via email, phone, or text message to steal sensitive information.
Ransomware
A type of malware that encrypts the victim's files, with the attacker demanding a ransom to restore access to the data.
Security Information and Event Management (SIEM)
A set of tools and services that provide a holistic view of an organization's information security by collecting, analyzing, and responding to security-related data.
Session Hijacking
An attack in which an attacker takes over a session between a client and server, typically by stealing session tokens.
Social Engineering
A tactic used by attackers to manipulate individuals into divulging confidential information or performing actions that compromise security.
Spoofing
An attack where a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.
SQL Injection
An attack where malicious SQL statements are inserted into an entry field for execution, potentially allowing the attacker to interact with the database.
Spyware
Malware that secretly monitors and collects information about a user's activities without their knowledge.
Trojan Horse
A type of malware that appears to be a legitimate program but, when executed, carries out malicious actions.
Two-Factor Authentication (2FA)
A security process in which the user provides two different authentication factors to verify themselves.
Virtual Private Network (VPN)
A service that creates a secure, encrypted connection over a less secure network, such as the internet, to protect data privacy.
Vulnerability
A weakness in a system, software, or network that can be exploited by an attacker to gain unauthorized access or cause harm. Learn more
White Hat
Ethical hackers who use their skills to find and fix security vulnerabilities, often working with organizations to improve security.
Zero-Day Exploit
A cyber attack that occurs on the same day a vulnerability is discovered in software, before the developer has had a chance to fix it.
