Vocab Flashcards
Acceptable Use Policy (AUP)
Policy governing an employees’ use of company equipment and Internet services.
ISPs may also apply AUPs to customers.
Access Badge
Authentication mechanism allowing a user to present a smart card to operate an entry system.
Access Control List (ACL)
Collection of access control entries (ACEs) determining which subjects are allowed or denied access to an object, with specified privileges.
Access Control Vestibule
Secure entry system with two gateways, only one open at a time.
(ex. being the section in-between the external and internal doors at a bank)
Access Point (AP)
Device connecting wireless devices and wired networks, implementing infrastructure mode WLAN.
Account Lockout
Policy preventing account access after excessive failed authentication attempts.
Account Policies
Rules governing user security information, such as password expiration and uniqueness.
Accounting
A log resource of some sort that tracks what a user has done.
Alerts when unauthorized use is detected or attempted.
(What did you do)
Acquisition/Procurement
Policies ensuring purchases and contracts are secure, authorized, and meet business goals.
Active Reconnaissance
Penetration testing techniques interacting directly with target systems.
Active Security Control
Detective and preventive security controls using agents or configurations to monitor hosts.
Ad Hoc Network
A wireless network where connected devices communicate directly with one another.
Address Resolution Protocol (ARP)
A broadcast mechanism matching a hardware MAC address to an IP address on a local network.
Advanced Persistent Threat (APT)
Attacker’s ability to maintain and diversify access to network systems using exploits and malware.
Adware
Software recording a user’s habits, often acknowledged by the user.
AES Galois Counter Mode Protocol (GCMP)
High-performance symmetric encryption mode offering authenticated encryption with associated data (AEAD).
Air-Gapped
Network isolation physically separating a host or network from others.
Alert Tuning
Process of adjusting detection rules to reduce false positives and low-priority alerts.
Algorithm
Operations that transform plaintext into ciphertext with cryptographic properties.
Allow Listing
Security configuration denying access unless the entity is on an allow list.
Amplification Attack
Network attack increasing bandwidth sent to a victim during a DDoS attack.
Analysis
Incident response process assessing indicators for validity, impact, and category.
Annualized Loss Expectancy (ALE)
Total annual cost of risk, calculated by multiplying SLE by ARO.
ARO X SLE = ALE
SLE (Single Loss Expectancy)
ARO (Annual Rate of Occurrence)
Annualized Rate of Occurrence (ARO)
Probability of a risk occurring, expressed as occurrences per year.
Anomalous Behavior Recognition
Systems detecting deviations from expected behavior or encouraging employees to report abnormalities.
Antivirus
Tools inspecting traffic to locate and block viruses.
Antivirus Scan (A-V)
Software detecting and removing viruses and other malware like worms, Trojans, and rootkits.
Anything as a Service
The concept that most types of IT requirements can be deployed as a cloud service model.
Appliance Firewall
A standalone hardware device performing only firewall functions, embedded in the appliance’s firmware.
Application Programming Interface (API)
Methods exposed by scripts or programs allowing other scripts or programs to use their functions, like accessing TCP/IP stack functions.
Application Virtualization
A software delivery model where code runs on a server and is streamed to a client.
Arbitrary Code Execution
A vulnerability enabling an attacker to run their code or exploit such vulnerabilities.
ARP Poisoning
A network attack redirecting an IP address to the MAC address of an unintended computer to perform various attacks.
Artificial Intelligence (AI)
The science of creating machines capable of developing problem-solving and analysis strategies without significant human intervention.
Asset
A thing of economic value, classified as tangible/intangible or short-term/long-term, and managed via asset management processes.
Asymmetric Algorithm
A cipher using mathematically linked public and private keys, such as RSA or ECC, where private keys can’t be derived from public ones.
RSA (Rivest-Shamir-Adleman)
ECC (Elliptic Curve Cryptography)
Attack Surface
Points where external connections or inputs/outputs could allow a threat actor to exploit a network or application.
Attack Vector
A specific path used by a threat actor to gain unauthorized system access.
Attestation
The capability of an authenticator or cryptographic module to prove it’s a trustworthy platform.
Attribute-Based Access Control (ABAC)
An access control method evaluating a subject’s attributes to determine access rights.
Authentication
A process of validating an entity’s or individual’s unique credentials.
(Who are you)
Authentication, Authorization, and Accounting (AAA)
A security concept verifying identification, ensuring relevant permissions, and logging actions for audit trails.
Authentication Header
An IPSec protocol providing data origin authentication, integrity, and replay attack protection.
Authenticator
A PNAC switch or router that activates EAPoL and passes authentication data to a server, like a RADIUS server.
Authorized
A hacker performing authorized penetration testing or security consultancy.
Authorization
The process determining what rights and privileges an entity has.
(What are you able to do)
Availability
Ensuring systems operate continuously, and authorized persons can access necessary data.
Backdoor
A mechanism for gaining access to a computer while bypassing normal authentication methods.
Backup
A security copy of production data, made to removable media, with various types like full, incremental, and differential.
Backup Power Generator
A standby power supply fueled by diesel or propane that provides power during outages, requiring a UPS (Uninterruptible Power Supply) for transition.
Baseline Configuration
A collection of security and configuration settings applied to a system or network within an organization.
Behavior-Based Detection
A network monitoring system identifying abnormal changes in normal operating data sequences.
Biometric Authentication
An authentication mechanism using physical characteristics, like fingerprints or facial patterns, to verify identity.
Birthday Attack
A password attack exploiting weaknesses in encryption algorithms to find matching outputs for different inputs.
Blackmail
Demanding payment to prevent the release of sensitive or damaging information.
Block List
A security configuration that permits access unless explicitly prohibited by being listed.
Blockchain
A public ledger where transactional records are secured using cryptography, forming an expanding list.
Blocked Content
An indicator of malicious activity, shown in logs as unauthorized attempts to access data.
Bluejacking
Sending unsolicited messages or pictures via a Bluetooth connection.
Bluesnarfing
A wireless attack to gain unauthorized access to data using a Bluetooth connection.
Bollards
Sturdy posts designed to prevent unauthorized vehicle access and ram-raiding attacks.
Botnet
A group of infected devices controlled by attackers to perform malicious activities.
Bring Your Own Device (BYOD)
A framework enabling secure use of personal devices for accessing corporate data and networks.
Brute Force Attack
A password attack trying all possible combinations to crack encrypted passwords.
Buffer Overflow
An attack causing data to exceed its buffer boundary, corrupting memory and potentially enabling arbitrary code execution.
Bug Bounty
A reward program encouraging individuals to report vulnerabilities in software or web services.
Business Continuity (BC)
Processes ensuring an organization maintains normal operations during adverse events.
Business Email Compromise (BEC)
An impersonation attack where an attacker uses a compromised employee account for fraudulent actions.
Business Impact Analysis (BIA)
Identifying organizational risks and their effects on mission-critical operations.
Business Partnership Agreement (BPA)
An agreement between companies to collaborate closely, such as IT partnerships with resellers.
Cable Lock
A physical device securing equipment against theft, often with additional lockable faceplates for extra protection.
Caching Engine
A proxy server feature retaining copies of frequently requested web pages to improve access speed.
Call List
A document listing authorized contacts for notification during security incidents.
Canonicalization Attack
An attack encoding input characters to bypass vulnerable input validation measures.
Capacity Planning
Estimating future requirements for personnel, hardware, software, and other IT resources.
Card Cloning
Creating a duplicate of a contactless access card.
Cellular
Data standards over cellular networks, ranging from 2G (48 Kb/s) to 5G (300 Mb/s) under LTE standards.
Centralized Computing Architecture
A model where all data processing and storage are performed in a single location.
Certificate Chaining
Validating a certificate by tracing its chain of trust back to the root CA (Certificate Authority).
Certificate Revocation List (CRL)
A list of certificates revoked before their expiration date.
Certificate Signing Request (CSR)
A Base64 ASCII file sent by a subject to a CA (Certificate Authority) to obtain a certificate.
Certification
An asset disposal process using third-party data sanitization or destruction, with documented proof.
Chain of Custody
A record tracking the handling of evidence from collection to disposal.
Change Control
The process of documenting and approving necessary changes in an organization.
Change Management
The process of implementing changes to information systems as part of an organization’s configuration management efforts.
Chief Information Officer (CIO)
Company officer responsible for managing information technology assets and procedures.
Chief Security Officer (CSO)
The person responsible for information assurance and systems security, often referred to as Chief Information Security Officer (CISO).
Chief Technology Officer (CTO)
Company officer focusing on effective use of new and emerging computing platforms and innovations.
chmod Command
Linux command used to manage file permissions.
Choose Your Own Device (CYOD)
A provisioning model where employees select from corporate devices for work and optional private use.
CIA Triad
Three principles of security: Confidentiality, Integrity, and Availability; also called the information security triad.
Cipher Suite
Lists of cryptographic algorithms used by a server and client to negotiate a secure connection.
Ciphertext
Data that has been enciphered and cannot be read without the appropriate cipher key.
Clean Desk Policy
Policy mandating employee work areas remain free of sensitive information to prevent unauthorized access.
Cloning
Process of quickly duplicating a virtual machine’s configuration for immediate use.
Closed/Proprietary
Software or research remaining the developer’s property and used under specific license conditions.
Cloud Computing
Computing architecture offering on-demand resources billed to customers based on metered use.
Cloud Deployment Model
Classification of cloud ownership/management as public, private, community, or hybrid.
Cloud Service Model
Classification of cloud services, such as software, platform, or infrastructure, defining provider responsibility limits.
Cloud Service Provider (CSP)
Organization offering infrastructure, application, and/or storage services via subscription-based cloud solutions.
Clustering
A load balancing technique where multiple servers work together as a unit to provide network services.
Code of Conduct
Ethical standards outlining professional behavior, such as honesty and fairness, for employees or professions.
Code Signing
Using digital signatures to ensure the source and integrity of programming code.
Cold Site
A predetermined alternate location for rebuilding a network after a disaster.
Collision
In cryptography, two different plaintext inputs producing identical ciphertext output.
Command and Control (C2)
Infrastructure of hosts/services attackers use to control malware over botnets.
Command Injection
An attack allowing a threat actor to execute arbitrary shell commands via a vulnerable web application.
Common Name (CN)
An X500 attribute identifying a host or user, often used as a digital certificate’s subject identifier.
Common Vulnerabilities and Exposures (CVE)
A scheme identifying vulnerabilities, developed by MITRE and adopted by NIST.
Common Vulnerability Scoring System (CVSS)
A system quantifying vulnerability risk and assessing its impact on different systems.
Community Cloud
A cloud deployed for shared use by cooperating tenants.
Compensating Control
A security measure mitigating risk when a primary control fails or underperforms.
Compute
Processing, memory, storage, and networking resources enabling hosts or appliances to handle workloads.
Computer Incident Response Team (CIRT)
A team responsible for incident response, with expertise across business domains like IT, HR, and legal.
Computer-Based Training (CBT)
Training programs delivered via computer devices and e-learning platforms.
Concurrent Session Usage
Indicator of possible malicious activity where an account initiates multiple sessions on one or more hosts.
Confidentiality
The security goal of keeping information private and protected from unauthorized access.
Configuration Baseline
Settings for services and policy configurations specific to network appliances or server roles.
Configuration Management
Process maintaining controlled and compliant states of information system components.
Conflict of Interest
When investments or obligations compromise an individual or organization’s objectivity or impartiality.
Containerization
OS virtualization deployment containing everything needed to run a service or application.
Containment
Incident response process constraining affected systems using isolation, segmentation, and quarantine.
Continuity of Operations Plan (COOP)
Plan ensuring processing redundancy to support workflows during disruptions.
Control Plane
Functions defining policy and determining access decisions in zero trust architecture.
Cookie
A text file storing information about a user’s visit to a website, often supporting user sessions.
Corporate Owned, Business Only (COBO)
A provisioning model where devices are company-owned, and personal use is prohibited.
Corporate Owned, Personally Enabled (COPE)
A provisioning model where devices are company-owned but allow certain personal use.
Corrective Control
A security measure acting after an incident to minimize or eliminate its impact.
Correlation
Log analysis function linking data to identify patterns logged or alerted as events.
Covert Channel
An attack subverting network security to transfer data without authorization or detection.
Credential Harvesting
Social engineering techniques for gathering valid credentials to gain unauthorized access.
Credential Replay
An attack using a captured authentication token to start an unauthorized session without needing the plaintext password.
Credentialed Scan
A scan using credentials (e.g., usernames/passwords) to provide a deeper vulnerability audit with more detailed results.
Crossover Error Rate (CER)
Biometric evaluation factor indicating the point at which False Acceptance Rate (FAR) and False Rejection Rate (FRR) are equal, with a low CER signaling better performance.
Cross-Site Request Forgery (CSRF)
A malicious script hosted on an attacker’s site exploiting a session on another site in the same browser.
Cross-Site Scripting (XSS)
A malicious script injected into a trusted site or link, compromising clients and bypassing browser security zones.
Cryptanalysis
The science, art, and practice of breaking codes and ciphers.
Cryptographic Primitive
A single hash function, symmetric cipher, or asymmetric cipher.
Cryptography
The science and practice of altering data to make it unintelligible to unauthorized parties.
Cryptominer
Malware that hijacks computer resources to generate cryptocurrency.
Cyber Threat Intelligence (CTI)
The process of gathering, analyzing, and disseminating information about emerging threats and sources.
Cybersecurity Framework (CSF)
Standards, best practices, and guidelines for effective security risk management, general or industry-specific.
Dark Web
Internet resources anonymized and encrypted for privacy, inaccessible through standard web browsers.
Dashboard
A console presenting information in an easily digestible format, often using visualizations.
Data Acquisition
Creating a forensically sound copy of data from a source device in digital forensics.
Data at Rest
Information stored on specific media rather than being transmitted or processed.
Data Breach
Unauthorized access, copying, or modification of confidential data, often requiring notifications and reporting.
Data Classification
Applying confidentiality and privacy labels to information.
Data Controller
The entity determining why and how personal data is collected, stored, and used, per privacy regulations.
Data Custodian
Individual managing systems storing data assets, ensuring access control, encryption, and backups.
Data Exfiltration
The process of an attacker moving stored data from a private network to an external network.
Data Exposure
A vulnerability enabling unauthorized access to confidential or sensitive data in a file system or database.
Data Historian
Software aggregating and cataloging data from industrial control system sources.
Data in Transit
Information being transmitted between hosts over private networks or the Internet.
Data in Use
Information present in volatile memory, such as system memory or cache.
Data Inventory
A list of classified data or information stored or processed by a system.
Data Loss Prevention (DLP)
Software detecting and preventing sensitive information storage/transmission on unauthorized systems or networks.
Data Masking
A de-identification method substituting placeholders for real data while retaining its structure or format.
Data Owner
Senior role responsible for maintaining confidentiality, integrity, and availability of an information asset.
Data Plane
Functions enforcing policy decisions configured in the control plane and facilitating data transfers.
Data Processor
Entity trusted with personal data to perform storage/analysis on behalf of the data controller, under privacy laws.
Data Retention
Maintaining control over data to comply with business policies or legal regulations.
Data Subject
An individual identified by privacy data.
Database Encryption
Encrypting data at the table, field, or record level via a database management system.
dd Command
A Linux command creating bit-by-bit copies of input files, often for disk imaging.
Decentralized Computing Architecture
A model distributing data processing/storage across multiple locations or devices.
Deception and Disruption
Tools/techniques increasing the cost of attack planning for threat actors.
Deduplication
Removing duplicate copies of data; in SIEM, eliminating redundant information from monitored systems.
Defense in Depth
Security strategy layering diverse controls to enhance overall protection beyond just perimeter controls.
Defensive Penetration Testing
The defensive team’s role in penetration tests or incident response exercises.
Denial of Service Attack (DoS)
Any attack affecting the availability of a managed resource.
Dependencies
Resources/services required for another service to start or operate.
Deprovisioning
Removing an account, host, or application from production, revoking any assigned privileges.
Destruction
Disposing of assets by rendering data remnants physically inaccessible via degaussing, shredding, or incineration.
Detectability
Likelihood of detecting a risk occurrence before it impacts processes, projects, or users.
Detection
Incident response process correlating event data to determine potential indicators of an incident.
Detective Control
A security control identifying or recording an incident as it happens.
Device Placement
Positioning security controls to protect network zones and hosts, supporting defense in depth.
DevSecOps
Integrating software development, security, and operations practices to enhance overall effectiveness.
Dictionary Attack
Password attack comparing encrypted passwords against a list of possible values.
Diffie-Hellman (DH)
A cryptographic technique for secure key exchange.
Digital Certificate
X.509 format identification/authentication issued by a CA to validate a key pair’s authenticity for a subject.
Digital Signature
Message digest encrypted using a sender’s private key to authenticate the sender and ensure message integrity.
Directive Control
A control enforcing behavior through policies or contracts.
Directory Service
A network service storing identity information about users, groups, servers, and more.
Directory Traversal
An attack exploiting web application vulnerabilities to access unauthorized files or directories.
Disassociation Attack
Spoofing frames to disconnect wireless stations and obtain authentication data.
Disaster Recovery (DR)
A documented plan outlining actions and responsibilities during critical incidents.
Discretionary Access Control (DAC)
An access control model where the resource owner manages access using an access control list (ACL).
Disinformation
An attack falsifying normally trusted information resources.
Disposal/Decommissioning
Policies and procedures for removing devices/software from production networks and disposing of them through sale, donation, or waste.
Distinguished Name (DN)
A collection of attributes defining a unique identifier for a resource within an X.500-like directory.
Distributed Denial-of-Service (DDoS)
An attack using infected devices to overwhelm a target with traffic, disrupting normal server or service operations.
Distributed Reflected DoS (DRDoS)
A malicious request sent to a legitimate server that exploits server-side flaws to execute on a victim’s browser.
DNS Poisoning
An attack injecting false resource records into caches, redirecting domain names to attacker-chosen IP addresses.
DNS Sinkhole
A temporary DNS record redirecting malicious traffic to a controlled IP address.
Document Object Model (DOM)
Client-side JavaScript implementation targeted by attackers to execute malicious scripts on web apps.
Domain Name System Security Extensions (DNSSEC)
A protocol providing DNS data authentication and integrity verification.
Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
Framework ensuring proper SPF and DKIM application, with policies published as DNS records.
DomainKeys Identified Mail (DKIM)
Cryptographic mail authentication using a public key published as a DNS record.
Downgrade Attack
A cryptographic attack exploiting backward compatibility to force plaintext communication instead of encryption.
Due Diligence
Legal principle requiring reasonable care and best practices in system setup, configuration, and maintenance.
Due Process
Legal term ensuring crimes are prosecuted through fair application of the law.
Dump File
A file containing data captured from system memory.
Dynamic Analysis
Software testing during runtime to identify potential security, performance, or functional issues.
E-Discovery
Procedures and tools for collecting, preserving, and analyzing digital evidence.
Embedded System
A dedicated-function electronic system, such as a microcontroller in a medical device or control system.
Encapsulating Security Payload (ESP)
IPSec sub-protocol enabling encryption and authentication of data packet headers and payloads.
Encryption
Scrambling data to prevent unauthorized access, often using ciphers and keys for secure storage or transmission.
Encryption Level
Data-at-rest encryption granularity, ranging from fine-grained (file/row) to broad (disk/database).
Endpoint Detection and Response (EDR)
Software collecting logs and system data for early detection of threats through monitoring systems.
Endpoint Log
Logs of security-related events generated by host-based malware/intrusion detection agents.
Enterprise Authentication
Wireless network mode passing credentials to an AAA server for verification.
Enterprise Risk Management (ERM)
Comprehensive process of evaluating, measuring, and mitigating organizational risks.
Environmental Attack
Physical threat targeting power, cooling, or fire suppression systems.
Environmental Variables
Metrics influencing risk levels based on local network or host configurations.
Ephemeral Key
A cryptographic key used only within the context of a single session.
Eradication
Incident response process removing malicious tools and configurations from hosts and networks.
Escalation
Process of involving senior or expert staff for support or incident management.
Escrow
Backup key storage with a trusted third party for key management.
Event Viewer
Windows console for viewing and exporting event data in the Windows logging format.
Evil Twin
A fake wireless access point tricking users into believing it is legitimate.
Exception Handling
The way applications respond to unexpected errors, potentially creating security vulnerabilities.
Exposure Factor (EF)
Percentage of an asset’s value lost during a security incident or disaster.
Extensible Authentication Protocol (EAP)
Framework enabling authentication methods using hardware-based identifiers like smart cards or fingerprints.
Extensible Authentication Protocol over LAN (EAPoL)
PNAC mechanism enabling EAP authentication when connecting to an Ethernet switch.
eXtensible Markup Language (XML)
A document structuring system using tags to make information human- and machine-readable.
Extortion
Extortion
Factors in Authentication
Technologies implementing authentication, categorized as something you know, have, or are.
Fail-Closed
Security configuration blocking resource access when a failure occurs.
Fail-Open
Security configuration ensuring continued resource access during a failure.
Failover
Redundant component taking over failed asset functionality.
Fake Telemetry
Deception strategy returning spoofed data to network probes.
False Acceptance Rate (FAR)
Biometric metric measuring unauthorized users mistakenly granted access.
False Negative
A case not reported by security scanning when it should be.
False Positive
A case reported by security scanning when it should not be.
False Rejection Rate (FRR)
Biometric metric measuring valid users mistakenly denied access.
Fault Tolerance
Protection against system failure by providing redundant capacity and eliminating single points of failure.
Federation
A shared login capability connecting identity management services across multiple systems.
Fencing
A physical security barrier preventing unauthorized access to a site perimeter.
File Integrity Monitoring (FIM)
Software reviewing system files to ensure they haven’t been tampered with.
File Transfer Protocol (FTP)
Protocol for transferring files between hosts, with variants like Secure FTP and FTPS.
Financial Data
Information about bank accounts, investments, payroll, and taxes.
Firewall Log
Logs related to configured access rules for monitoring network security.
First Responder
The initial experienced individual or team arriving at an incident scene.
Forensics
Gathering and submitting computer evidence while ensuring it hasn’t been tampered with.
Forgery Attack
Exploiting weak authentication to perform requests via hijacked sessions.
Fraud
Falsifying records, such as tampering with accounts in internal fraud.
FTPS
A type of FTP using TLS for confidentiality.
Full Disk Encryption (FDE)
Encrypting all data on a disk, including system files, temporary files, and the pagefile, using OS support, third-party software, or controller-level encryption.
Gap Analysis
Assessing the difference between current and desired states to determine project scope.
Geofencing
A security control enforcing virtual boundaries based on real-world geography.
Geographic Dispersion
A resiliency mechanism replicating data and processing resources between distant sites.
Geolocation
Identifying or estimating an object’s physical location, such as a mobile device or Internet-connected system.
Global Positioning System (GPS)
Technology determining a receiver’s location based on information from orbital satellites.
Governance
Creating and monitoring policies to manage assets and ensure compliance with regulations and legislation.
Governance Board
Senior executives and external stakeholders responsible for setting strategy and ensuring compliance.
Governance Committee
Leaders and subject matter experts defining policies, procedures, and standards within specific domains.
Group Account
A collection of user accounts simplifying file permissions and user rights for groups requiring the same access level.
Group Policy Object (GPO)
A Windows domain method for deploying settings like password policy, account restrictions, and firewall status.
Guidelines
Best practice recommendations for configuration items where strict policies are impractical.
Hacker
An individual who explores or breaks into computer systems; ethical hackers aim to improve security.
Hacktivist
A threat actor motivated by social or political causes.
Hard Authentication Token
Authentication token generated on hardware devices implementing an ownership factor in multifactor authentication.
Hardening
Hardening
Hash-Based Message Authentication Code (HMAC)
Method verifying message integrity and authenticity using a cryptographic hash and secret key.
Hashing
Converting an input of any length into a fixed-length output using a cryptographic function minimizing collisions.
Health Insurance Portability and Accountability Act (HIPAA)
US law protecting the storage, transmission, and access of personal healthcare data.
Heat Map
A diagram showing Wi-Fi signal strength and channel utilization at various locations.
Heat Map Risk Matrix
Graphical table assessing risk likelihood and impact for workflows, projects, or departments.
Heuristic
A method using feature comparisons instead of signature matching to identify malicious behavior.
High Availability (HA)
A metric assessing systems’ ability to ensure nearly continuous data availability with strong performance.
Honeypot
A system, file, or credential designed to lure attackers, gather intel, and protect actual assets.
Horizontal Privilege Escalation
A user accessing or modifying resources they are not entitled to.
Host-Based Firewall
Software protecting a single host by controlling inbound and outbound network traffic.
Host-Based Intrusion Detection System (HIDS)
IDS monitoring a computer for drastic system state changes or unexpected behavior.
Host-Based Intrusion Prevention System (HIPS)
Endpoint protection detecting and preventing malicious activity via signature and heuristic matching.
Hot Site
A fully configured alternate processing site for rapid disaster recovery.
HTML5 VPN
Using HTML5 to implement browser-based VPN connections without requiring separate client software.
Human-Machine Interface (HMI)
Input/output controls on a PLC allowing users to configure and monitor systems.
Human-Readable Data
Information stored in formats accessible and understandable by humans, like documents or media files.
Hybrid Cloud
A cloud deployment combining private and public cloud elements.
Hybrid Password Attack
A password attack combining dictionary, rainbow table, and brute force methods.
Identification
Issuing a user account and credentials to the correct person, also called enrollment.
Identity and Access Management (IAM)
A security process for identification, authentication, and authorization of users and entities working with organizational assets.
Identity Provider
A service in a federated network holding user accounts and performing authentication.
IDS/IPS Log
Logs tracking event data from detection and prevention rules in IDS/IPS systems.
IEEE 802.1X
Standard encapsulating EAP over LAN or WLAN for port-based authentication.
Impact
The severity of risk if realized, based on asset value or financial implications.
Impersonation
Social engineering attack where attackers pose as someone they’re not.
Implicit Deny
Principle denying access unless explicitly granted.
Impossible Travel
Potential malicious activity where authentication occurs from distant locations within a short timeframe.
Incident
An event interrupting operations or breaching security policy.
Incident Response Lifecycle
Procedures for handling security incidents: preparation, detection, analysis, containment, recovery, and lessons learned.
Incident Response Plan (IRP)
Specific procedures to execute when a particular type of event is detected.
Indicator of Compromise (IoC)
A sign that a system or network has been attacked or is under attack.
Indoor Positioning System (IPS)
Technology deriving device locations indoors via radio sources like Bluetooth or Wi-Fi.
Industrial Camouflage
Disguising buildings or parts of buildings to conceal their nature and purpose.
Industrial Control System (ICS)
Network managing embedded devices designed for dedicated functions.
Information Security Policies
Documents outlining requirements to protect technology and data from threats and misuse.
Information Sharing and Analysis Center (ISAC)
Not-for-profit group sharing sector-specific threat intelligence and best practices among members.
Information-Sharing Organization
Groups exchanging data on cybersecurity threats and vulnerabilities.
Infrastructure as a Service (IaaS)
Cloud service model provisioning virtual machines and network infrastructure.
Infrastructure as Code (IaC)
Using scripted automation and orchestration to deploy infrastructure resources.
Inherent Risk
Risk posed by an event without controls in place to mitigate it.
Injection Attack
Exploits weak request handling or input validation to run arbitrary code in a client browser or server.
Inline
Placement and configuration of a network security control within the cable path.
Input Validation
Ensures that data entered into an application field or variable is appropriately handled.
Integrated Penetration Testing
Combines various penetration testing methodologies to evaluate organizational security operations.
Integrity
Ensuring organizational information is accurate, error-free, and without unauthorized modifications.
Intelligence Fusion
Uses threat intelligence data to automate adversary IoC and TTP detection in threat hunting.
Intentional Threat
A threat actor with malicious intent or purpose.
Internal Threat
A system user causing incidents intentionally or unintentionally.
Internal/External Threats
Internal/External Threats
Internet Header
Record of email servers involved in transferring a message between sender and recipient.
Internet Key Exchange (IKE)
Framework for creating IPSec Security Associations (SAs) to establish trust and agree on secure protocols.
Internet Message Access Protocol (IMAP)
Application protocol for accessing and managing email on a remote server (IMAP4 uses TCP port 143, IMAPS uses 993).
Internet of Things (IoT)
Devices reporting state data and enabling remote management over IP networks.
Internet Protocol (IP)
TCP/IP suite protocol providing packet addressing and routing for higher-level protocols.
Internet Protocol Security (IPSec)
Suite securing data via authentication and encryption during transmission.
Internet Relay Chat (IRC)
Protocol for group communications, private messaging, and file sharing.
Intrusion Detection System (IDS)
Analyzes packet sniffer data to detect traffic violating policies or rules.
Intrusion Prevention System (IPS)
Combines detection capabilities with functions to actively block attacks.
IP Flow Information Export (IPFIX)
Standards-based implementation of the Netflow framework.
Isolation
Severely restricting communication paths to a specific device or system.
IT Infrastructure Library (ITIL)
IT best practice framework aligning IT Service Management (ITSM) with business needs.
Jailbreaking
Removes OS-specific restrictions, granting users greater control over a device.
JavaScript Object Notation (JSON)
Attribute-value pair file format that is human- and machine-readable.
Journaling
File system method recording changes not yet made to a file system in a journal.
Jump Server
Hardened server providing access to other hosts.
Kerberos
Single sign-on authentication/authorization service using a time-sensitive ticket-granting system.
Key Distribution Center (KDC)
Kerberos component authenticating users and issuing tickets (tokens).
Key Encryption Key (KEK)
Private key encrypting the symmetric bulk Media Encryption Key (MEK) in storage encryption.
Key Exchange
Transfers cryptographic keys to enable the use of encryption algorithms.
Key Length
The size of a cryptographic key in bits; longer keys generally offer better security.
Key Management System
PKI procedures/tools centralizing cryptographic key generation and storage.
Key Risk Indicator (KRI)
Identifies and analyzes emerging risks, enabling proactive changes to avoid issues.
Key Stretching
Strengthens weak input for cryptographic key generation against brute force attacks.
Keylogger
Malicious software or hardware recording user keystrokes.
Kill Chain
Model describing stages of progression leading to a network intrusion.
Lateral Movement
Attacker’s movement from one part of a computing environment to another.
Layer 4 Firewall
Stateful inspection firewall monitoring TCP sessions and UDP traffic.
Layer 7 Firewall
Stateful firewall filtering traffic based on application protocol headers and data.
Least Privilege
Security principle of allocating the minimum necessary rights to perform a task.
Legal Data
Documents and records related to law, such as contracts, property, and regulatory filings.
Legal Hold
Preserves relevant information when litigation is anticipated.
Lessons Learned Report (LLR)
Provides insights on how to improve response and processes after an event.
Level of Sophistication/Capability
Classification of resources and expertise available to a threat actor.
Lighting
Ensures sufficient site illumination for safety and surveillance system functionality.
Lightweight Directory Access Protocol (LDAP)
Protocol for accessing network directory databases storing user, privilege, and organizational information.
Lightweight Directory Access Protocol Secure (LDAP Secure)
LDAP implementation using SSL/TLS encryption.
Likelihood
In qualitative risk analysis, the subjectively determined chance of an event occurring.
Listener/Collector
Network appliance gathering log and state data from other systems.
Load Balancer
Distributes client requests between resources for fault tolerance and improved throughput.
Log Aggregation
Parses log/security event data from multiple sources into a consistent, searchable format.
Log Data
Automatically logged OS/application events providing an audit trail and troubleshooting insights.
Logic Bomb
Malicious script or program triggered by specific conditions or events.
Logical Segmentation
Enforces network topology separating communication between segments.
Lure
Entices victims to interact with malware-concealing devices, documents, or images.
Machine Learning (ML)
AI component enabling machines to solve tasks based on labeled datasets without explicit instructions.
Malicious Process
Process executed without authorization to damage or compromise a system.
Malicious Update
Exploitable vulnerability in a software supply chain allowing threat actors to add malicious code.
Malware
Software serving a malicious purpose, typically installed without user consent or knowledge.
Mandatory Access Control (MAC)
Access control model protecting resources with inflexible, system-defined rules based on clearance levels.
Maneuver
In threat hunting, strategies where defenders or attackers use deception to gain advantage.
Master Service Agreement (MSA)
Contract establishing precedence and guidelines for business documents between two parties.
Maximum Tolerable Downtime (MTD)
Longest time a process can be inoperable without causing irreversible business failure.
Mean Time Between Failures (MTBF)
Metric predicting the expected time between failures for a device or component.
Mean Time to Repair/Replace/Recover (MTTR)
Metric measuring average time to repair, replace, or recover a failed device or component.
Media Access Control Filtering (MAC Filtering)
Access control method allowing only approved MAC addresses to connect to a switch or access point.
Memorandum of Agreement (MoA)
Legal document forming a cooperative agreement without requiring a formal contract.
Memorandum of Understanding (MoU)
Non-binding preliminary agreement expressing intent to collaborate.
Memory Injection
Vulnerability allowing malicious code to run with the same privileges as the exploited process.
Message Digest Algorithm v5 (MD5)
Cryptographic hash function producing a 128-bit output.
Metadata
Information stored as a property of an object, system state, or transaction.
Microservice
Independent, single-function module enabling frequent and reliable delivery of complex applications.
Missing Logs
Indicator of malicious activity when events or log files are tampered with or deleted.
Mission Essential Function (MEF)
Critical activity that cannot be deferred beyond a few hours.
Mobile Device Management (MDM)
Tools/processes tracking, controlling, and securing an organization’s mobile devices.
Monitoring/Asset Tracking
Tools ensuring assets comply with baselines and haven’t been tampered with or accessed unauthorizedly.
Multi-Cloud
Cloud deployment model using multiple public cloud services.
Multifactor Authentication (MFA)
Authentication scheme requiring at least two different factors, such as something you know, have, or are.
Nation-State Actor
Threat actor supported by the resources of a nation’s military and security services.
National Institute of Standards and Technology (NIST)
Organization developing computer security standards and publishing cybersecurity best practices.
Near-Field Communication (NFC)
Two-way short-range communication standard for contactless payments and similar technologies.
NetFlow
Cisco-developed framework for reporting IP traffic flow information to a structured database.
Network Access Control (NAC)
Protocols and hardware authenticating and authorizing access to a network at the device level.
Network Attack
Attacks on network infrastructure, including reconnaissance, DoS, credential harvesting, and data exfiltration.
Network Behavior Anomaly Detection (NBAD)
Tool monitoring network packets for behavior anomalies based on known signatures.
Network Functions Virtualization (NFV)
Provisioning virtual network appliances (e.g., switches, routers) using VMs and containers.
Network Log
Logs capturing system and access events from appliances like switches or routers.
Network Monitoring
Auditing software collecting status/configuration data from network devices, often using SNMP.
Next-Generation Firewall (NGFW)
Advanced firewall features, like app awareness, user-based filtering, and intrusion prevention.
Non-Credentialed Scan
A scan using fewer permissions, often finding only missing patches or updates.
Nondisclosure Agreement (NDA)
Agreement ensuring confidentiality by prohibiting unauthorized information sharing.
Non-Human-Readable Data
Data requiring specialized processors to decode, unreadable by humans directly.
Non-Repudiation
Ensuring that the sender or creator of data cannot deny their association with it.
Ex. a log / audit history
Non-Transparent Proxy
Server redirecting requests/responses for clients configured with the proxy address and port.
NT LAN Manager Authentication (NTLM Authentication)
Microsoft’s challenge-response authentication protocol.
Obfuscation
Hiding or camouflaging code or information to make it harder for unauthorized users to read.
Objective Probability
Mathematical measure of the likelihood of a risk occurring.
Offboarding
Process ensuring HR and other requirements are addressed when an employee leaves.
Offensive Penetration Testing
Simulated attacks or exercises to assess system security vulnerabilities.
Off-Site Backup
Backup stored in a separate physical location from the production system.
Onboarding
Process of integrating new employees, contractors, or suppliers into an organization.
One-Time Password (OTP)
Password valid for a single session, becoming invalid after use.
Online Certificate Status Protocol (OCSP)
Protocol allowing clients to check the revocation status of digital certificates.
On-Path Attack
Attack where a threat actor intercepts and potentially modifies traffic between victims.
On-Premises
Software or services installed on an organization’s own infrastructure rather than the cloud.
On-Premises Network
Private network owned and operated by an organization for employee use only.
On-Site Backup
Backup stored in the same physical location as the production system.
Opal
Standards for implementing storage device encryption.
Open Authorization (OAuth)
Federated identity management standard allowing user account sharing between resource servers.
Open Public Ledger
Distributed public record underpinning blockchain transaction integrity.
Open-Source Intelligence (OSINT)
Publicly available information aggregated and searched using specialized tools.
Order of Volatility
Sequence for recovering volatile data after a security incident.
Organized Crime
Threat actors using hacking or fraud for commercial gain.
Out-of-Band Management (OOB)
Accessing administrative interfaces via separate networks or links, like VLANs or modems.
Out-of-Cycle Logging
Malicious activity indicator when event dates/timestamps are inconsistent.
Package Monitoring
Tools addressing vulnerabilities in third-party code, like libraries or dependencies.
Packet Analysis
Examines headers and payload data in captured network traffic.
Packet Filtering Firewall
Layer 3 firewall comparing packet headers against ACLs to filter traffic.
Parallel Processing Tests
Validating backup system functionality while primary systems remain operational.
Passive Reconnaissance
Techniques gathering intelligence without directly interacting with target systems.
Passive Security Control
Scan analyzing intercepted network traffic rather than actively probing.
Password Attack
Attempts to gain unauthorized access by compromising passwords.
Password Best Practices
Guidelines for secure password management, like length, complexity, and reuse.
Password Manager
Software suggesting and storing passwords to improve security.
Password Spraying
Testing multiple user accounts with common passwords in brute force attacks.
Passwordless
MFA using ownership and biometric factors, excluding knowledge factors.
Patch
A small unit of supplemental code addressing security problems or functionality flaws in software.
Patch Management
Identifying, testing, and deploying OS and application updates, classified as critical, recommended, or optional.
Payment Card Industry Data Security Standard (PCI DSS)
Security standard for organizations processing credit or bank card payments.
Penetration Testing
Security evaluation simulating attacks to test, bypass controls, and exploit vulnerabilities.
Percent Encoding
Encoding characters as hexadecimal values with a percent sign.
Perfect Forward Secrecy (PFS)
Ensures a compromised key only affects one session and does not expose other sessions’ data.
Permissions
Security settings controlling access to files, folders, and resources.
Persistence (Load Balancing)
Maintains a client’s connection with the same server during a session, also called sticky sessions.
Personal Area Network (PAN)
Short-range wireless network connecting personal devices like smartphones and printers.
Personal Identification Number (PIN)
A number used with devices like smart cards for authentication, known only to the user.
Pharming
Redirecting users to fake websites resembling legitimate ones to steal information.
Phishing
Email-based attack tricking users into revealing private information by impersonating trusted entities.
Often trying to get users to click malicious links.
Physical Attack
Attack targeting cabling, devices, or the physical environment hosting networks.
Physical Penetration Testing
Assessment evaluating physical site security systems.
Pivoting
Using a compromised host to launch attacks on other network points.
Platform as a Service (PaaS)
Cloud service model providing platforms for app and database development.
Playbook
A checklist of actions to detect and respond to specific incidents.
Pluggable Authentication Module (PAM)
Linux framework for implementing authentication providers.
Point-to-Point Tunneling Protocol (PPTP)
A VPN protocol now considered obsolete due to password cracking vulnerabilities.
Policy
Strictly enforceable rules guiding task completion.
Port Mirroring (SPAN)
Copies communication traffic from specific switch ports for monitoring purposes.
Post Office Protocol (POP)
Enables clients to download email from a server using TCP/110 or TCP/995 (secure).
Potentially Unwanted Program (PUP)
Software that may not be malicious but is often unwanted or unchosen by the user.
Power Distribution Unit (PDU)
Advanced socket strip offering filtered voltage and remote management in some models.
Power Failure
Complete loss of power within a building.
Preparation
Incident response stage hardening systems, defining policies, and establishing communication lines.
Pre-Shared Key (PSK)
Wireless authentication using a group passphrase-derived encryption key.
Pretexting
Social engineering tactic misleading a target with partial truths or falsehoods.
Preventive Control
Security measure acting before incidents to prevent or reduce attack success.
Private Cloud
Cloud infrastructure deployed exclusively for a single entity.
Private Key
Asymmetric encryption key known only to the holder, paired with a distributable public key.
Privilege Escalation
Exploiting system flaws to gain unauthorized higher-level access.
Privileged Access Management (PAM)
Policies and tools managing accounts with administrative privileges.
Probability
In quantitative risk analysis, the likelihood of an event, expressed as a percentage.
Procedure
Detailed instructions for task completion in compliance with policies and standards.
Project Stakeholder
Someone invested in or actively involved in a project’s outcome.
Proprietary Information
Organization-created information about products or services.
Provenance
In digital forensics, the ability to trace evidence back to its source and prove tamper-free handling.
Provisioning
Deploying accounts, hosts, or applications to a production environment with credentials and permissions.
Proximity Reader
Scanner reading data from RFID or NFC tags within range.
Proxy Server
Mediator server filtering and modifying client-server communications and providing caching.
Public Cloud
Cloud infrastructure shared by multiple independent tenants.
Public Key
Asymmetric encryption key freely distributed, used with its linked private key for secure communication.
Public Key Cryptography Standards (PKCS)
Standards defining certificate authorities and digital certificate use.
Public Key Infrastructure (PKI)
Framework of cryptographic components validating subject identities.
Qualitative Risk Analysis
Using logical reasoning to assess risks when numerical data isn’t available.
Quantitative Risk Analysis
Numerical method evaluating risk probability and impact.
Questionnaires
Structured tools for vendor management enabling consistent risk analysis and comparison.
Race Condition
Software vulnerability arising from unintended execution order and timing of events.
Radio-Frequency ID (RFID)
Technology encoding data into passive tags read by radio waves from a reader.
Ransomware
Malware extorting victims by encrypting files or blocking computer access.
Reaction Time
Elapsed time between incident occurrence and response implementation.
Real-Time Operating System (RTOS)
OS prioritizing deterministic execution for time-critical tasks.
Reconnaissance
Gathering information about computer systems, software, and configurations.
Recovery
Incident response stage restoring systems to a secure baseline configuration.
Recovery Point Objective (RPO)
Longest acceptable period of unrecoverable data loss for an organization.
Recovery Time Objective (RTO)
Maximum time allowed to restore a system after a failure event.
Redundancy
Overprovisioning resources to enable failover to a working instance during a problem.
Regulated Data
Information with storage/handling compliance requirements defined by legislation or regulations.
Remote Access
Infrastructure/protocols enabling hosts to join local networks remotely or establish sessions over networks.
Remote Access Trojan (RAT)
Malware creating a backdoor for remote administration and control of infected hosts.
Remote Authentication Dial-in User Service (RADIUS)
AAA protocol managing remote and wireless authentication infrastructures.
Remote Code Execution (RCE)
Vulnerability allowing attackers to transmit and execute code on a target host.
Remote Desktop Protocol (RDP)
Protocol enabling remote graphical interface connections to hosts via TCP port 3389.
Replay Attack
Reusing intercepted authentication data to reestablish a session.
Replication
Automatically copying data between systems, either synchronously or asynchronously.
Reporting
Forensics process summarizing significant digital data using open and unbiased methods.
Representational State Transfer (REST)
Stateless architectural style for web app communication and integration.
Reputational Threat Intelligence
Reputational Threat Intelligence
Residual Risk
Risk remaining after implementing controls.
Resilience
System or network’s ability to recover quickly from failures with minimal intervention.
Resource Consumption
Indicator of malicious activity when CPU, memory, or network usage deviates from norms.
Resource Inaccessibility
Indicator of malicious activity when files or services are unexpectedly unavailable.
Resources/Funding
Threat actors’ capability to acquire personnel, tools, and develop attack methods.
Responsibility Matrix
Identifies security responsibilities shared between customers and cloud service providers.
Responsible Disclosure Program
Process enabling researchers to safely disclose vulnerabilities to developers.
Responsiveness
System’s ability to process tasks within an acceptable timeframe.
Reverse Proxy
Proxy server protecting servers from direct client interactions.
Right to Be Forgotten
Privacy principle allowing data subjects to request data deletion.
Privacy principle allowing data subjects to request data deletion.
Likelihood and impact of a threat actor exploiting a vulnerability.
Vulnerability + Threat = Risk (Impact * Likelihood
Risk Acceptance
Decision that a risk is within acceptable limits, requiring no further countermeasures.
Risk Analysis
Process of qualifying or quantifying the likelihood and impact of risks.
Risk Appetite
Strategic assessment of acceptable residual risk levels for an organization.
Risk Assessment
Process of identifying, analyzing, and mitigating risks.
Risk Avoidance
Mitigation strategy ceasing activities presenting risks.
Risk Deterrence
Deploying controls to reduce the likelihood and impact of threat scenarios.
Risk Exception
Risk management accepting an alternate control to mitigate risk.
Risk Exemption
Acceptance of an unmitigated risk factor.
Risk Identification
Listing sources of risk due to threats and vulnerabilities.
Risk Management
Cyclical process of identifying, analyzing, and responding to risks.
Risk Mitigation
Reducing risks to fit within an organization’s acceptable limits.
Risk Owner
Individual accountable for developing and implementing risk response strategies.
Risk Register
Document summarizing risk assessments, often in an easily comprehensible grid format.
Risk Reporting
Periodic summary of risks, their impact, and their relevance to the organization.
Risk Threshold
Boundary separating acceptable and unacceptable risk levels.
Risk Tolerance
Threshold defining acceptable levels of risk.
Risk Transference
Sharing responsibility for risk with another entity, e.g., through insurance.
Role-Based Access Control (RBAC)
Access control assigning permissions based on job roles.
Root Cause Analysis
Technique identifying the true cause of problems to prevent recurrence.
Root Certificate Authority
PKI CA issuing certificates to intermediate CAs in a hierarchy.
Rooting
Gaining superuser-level access to Android-based devices.
Router Firewall
Router with built-in firewall functionality embedded in its firmware.
Rule-Based Access Control
Access control enforcing least privilege through operational rules.
Rules of Engagement (ROE)
Defines execution constraints and guidelines for penetration tests.
Salt
Countermeasure adding random values to inputs to mitigate precomputed hash attacks.
Sandbox
Isolated environment for safely analyzing malware or faulty software without affecting the host.
Sanitization
Thoroughly removing data from storage media to prevent recovery.
Sarbanes-Oxley Act (SOX)
U.S. law requiring proper storage and retention of financial and business operation documents.
Scalability
Property enabling computing environments to adapt to increasing resource demands.
Screened Subnet
Private network segment isolated by firewalls, accepting designated Internet connections.
Secure Access Service Edge (SASE)
Networking and security architecture combining cloud security and network services like SD-WAN.
Secure Baseline
Configuration benchmarks ensuring devices/servers are maintained securely for their roles.
Secure Enclave
CPU extensions protecting memory-stored data from untrusted processes.
Secure File Transfer Protocol (SFTP)
FTP version using SSH tunnels for secure file management.
Secure Hash Algorithm (SHA)
Cryptographic hashing algorithm addressing weaknesses in MDA; current version is SHA-2.
Secure Shell (SSH)
Protocol supporting secure tunneling, remote terminal emulation, and file copy over TCP port 22.
Security Assertion Markup Language (SAML)
XML-based format used to exchange authentication information between a client and a service.
Security Content Automation Protocol (SCAP)
NIST framework for automating vulnerability scanning using accepted practices.
Security Control
Technology or procedure ensuring confidentiality, integrity, and availability while mitigating risks.
Security Identifier (SID)
Value assigned by Windows to identify an account.
Security Information and Event Management (SIEM)
Provides near-real-time analysis of security alerts from network hardware and applications.
Security Key
Portable hardware security module (HSM) used for multifactor authentication, interfacing via USB or NFC.
Security Log
Logs access control events like user authentication and privilege use.
Security Zone
Network area or physical barrier with a unified security configuration.
Security-Enhanced Linux (SELinux)
CentOS/Red Hat default context-based permissions scheme.
Selection of Effective Controls
Choosing security controls to meet CIA goals and compliance requirements.
Self-Encrypting Drive (SED)
Disk drive with an automatic encryption controller.
Self-Signed Certificate
Digital certificate signed by the entity that issued it, not a CA.
Sender Policy Framework (SPF)
DNS record identifying authorized mail-sending hosts for a domain.
Sensor
Monitors network frames using mirror ports or TAP devices.
Sensor (Alarms)
Alarm component detecting entry via thermal, ultrasonic, or pressure changes.
Serverless
Architecture running functions in cloud containers instead of on dedicated servers.
Serverless Computing
Offloads server management to cloud providers for simplified operations.
Server-Side
Web app processes input data via server-side scripts.
Server-Side Request Forgery (SSRF)
Attack exploiting server-trusted resource access.
Service Disruption
Attack compromising asset or process availability.
Service Level Agreement (SLA)
Agreement setting expectations between a consumer and provider.
Service Set Identifier (SSID)
String identifying a wireless LAN.
Session Affinity
Load balancer scheduling approach maintaining client-server connection during a session.
Shadow IT
Unauthorized hardware, software, or services on a private network.
Shellcode
Lightweight malicious code exploiting vulnerabilities for system access.
Sideloading
Installing apps on mobile devices without using an app store.
Signature-Based Detection
Monitoring system detecting unacceptable events using predefined rules.
Simple Mail Transfer Protocol (SMTP)
Protocol sending email between hosts, using TCP/25 or secure TCP/587.
Simple Network Management Protocol (SNMP)
Protocol monitoring/managing network devices, using UDP/161 and UDP/162.
Simple Object Access Protocol (SOAP)
XML-based protocol exchanging web service messages.
Simulation (Testing)
Testing replicating real-world disaster or security incident conditions.
Simultaneous Authentication of Equals (SAE)
WPA3 Wi-Fi authentication addressing WPA-PSK vulnerabilities.
Single Loss Expectancy (SLE)
Amount lost in a single occurrence of a risk.
Single Point of Failure (SPoF)
Component/system whose failure interrupts service entirely.
Single Sign-On (SSO)
Authentication enabling users to log in once for multiple services.
Sinkhole
DoS mitigation redirecting traffic flooding a target to another network.
Site Survey
Documents location for building wireless infrastructure, identifying optimal placements and interference.
Skimming
Duplicating access card data onto a new card.
Smart Card
Authentication device storing private keys on an embedded cryptoprocessor.
SMiShing
Phishing using SMS to deceive victims into sharing information.
Snort
Open source NIDS requiring subscription for up-to-date threat rules.
Snapshot (Backup)
Full system, application, or disk copy used to restore at a specific time.
Social Engineering
Using deception to trick users into providing sensitive data or breaking security guidelines.
Soft Authentication Token
OTP sent to a number/email or generated by an app for two-step verification.
Software as a Service (SaaS)
Cloud service providing fully developed application services.
Software Bill of Materials (SBOM)
Inventory of third-party/open-source components in an application.
Software Composition Analysis (SCA)
Tools identifying third-party/open-source code in development/deployment.
Software Defined WAN (SD-WAN)
Services creating virtual tunnels/overlay networks via routing policies.
Software Development Life Cycle (SDLC)
Process governing software and system development phases.
Standard Configurations
Automation processes ensuring consistent deployment regardless of initial state.
Software-Defined Networking (SDN)
APIs/hardware enabling programmable network systems/appliances.
Spyware
Malicious software recording user/PC information, often installed covertly.
Standards
Expected outcomes for tasks performed following policies and procedures.
Structured Exception Handler (SEH)
Mechanism accounting for unexpected errors during code execution, reducing exploit risks.
Stateful Inspection
Firewall technique analyzing packets to the application layer for enhanced security.
State Table
Firewall-gathered session information between hosts.
Statement of Work (SOW)
A document defining expectations for a specific business arrangement.
Static Analysis
Reviewing uncompiled source code manually or with automated tools.
Steganography
Obscuring a message by embedding it within a file or other entity.
Structured Query Language Injection (SQL Injection)
Injecting database queries into server input to exploit application vulnerabilities.
Subject Alternative Name (SAN)
Digital certificate field allowing identification by multiple host names/subdomains.
Supervisory Control and Data Acquisition (SCADA)
Industrial control system managing large-scale, geographically dispersed devices and equipment.
Supplicant
Device requesting network access in EAP architecture.
Supply Chain
End-to-end process of supplying, manufacturing, and distributing goods/services to customers.
SYN Flood
DoS attack sending excessive SYN requests to exhaust server resources and block traffic.
Syslog
Event-logging protocol enabling appliances to transmit logs to central servers over UDP/514.
System Monitor
Software tracking system health using hardware-reported metrics to alert faults like high temperatures.
System/Process Audit
Comprehensive assessment covering supply chain, configuration, support, monitoring, and security factors.
Tabletop Exercise
Simulated discussions of emergency scenarios and security incidents.
Tactics, Techniques, and Procedures (TTP)
Historical analysis of cyberattacks and adversary actions.
Technical Debt
Costs of maintaining ineffective systems instead of implementing better-engineered solutions.
Temporal Key Integrity Protocol (TKIP)
WPA mechanism improving wireless encryption over WEP.
Test Access Point (TAP)
Hardware copying cable traffic frames for analysis.
Tethering
Sharing mobile device data with PCs or laptops over USB, Bluetooth, or Wi-Fi hotspots.
Third-Party CA
Public CA issuing certificates for multiple domains, trusted by operating systems/browsers.
Third-Party Risks
Vulnerabilities from supplier/customer dependencies in business relationships.
Threat
Potential for an entity to exploit vulnerabilities.
Threat Actor
Individual or entity responsible for security incidents or risks.
Threat Feed
Automated feed of signatures/patterns to analysis platforms for detecting threats.
Threat Hunting
Cybersecurity technique identifying undetected threats.
Ticket Granting Ticket (TGT)
Kerberos token granting access to authorized application servers.
Timeline
Forensics tool showing chronological file system events graphically.
Time-of-Check to Time-of-Use (TOCTOU)
Vulnerability arising from resource state changes between validation and use.
Time-of-Day Restrictions
Policies limiting resource access based on time.
Tokenization
Substituting unique tokens for real data to de-identify it.
Trade Secrets
Competitive intellectual property not registered as trademarks/patents.
Transparent Proxy
Proxy redirecting requests/responses without client configuration.
Transport Layer Security (TLS)
Protocol protecting communication with authentication and encryption.
Transport Layer Security VPN (TLS VPN)
VPN using digital certificates for secure network traffic tunnels.
Transport/Communication Encryption
Encryption applied to data in motion via protocols like WPA, IPsec, or TLS.
Trend Analysis
Detecting patterns in datasets to predict future or understand past events.
Trojan
Malicious software hidden within seemingly innocuous programs.
Trusted Platform Module (TPM)
Specification for secure hardware-stored encryption keys and user identification.
Tunneling
Encapsulating data for secure transfer over another network, like the Internet.
Typosquatting
Registering domains with common misspellings to redirect users to malicious sites.
Type-Safe Programming Language
Enforces strict type-checking to prevent vulnerabilities like memory-related attacks.
Under-Voltage Event
Long power sags causing computer malfunctions due to insufficient supplied power.
Unified Threat Management (UTM)
All-in-one security combining firewall, malware scanning, IDS, DLP, and more.
Uniform Resource Locator (URL)
Human-readable addressing scheme identifying resources in TCP/IP, like protocol://server/file.
Unintentional Insider Threat
Threat caused without malicious intent by actors exposing attack vectors.
Uninterruptible Power Supply (UPS)
Battery-powered device supplying power during outages.
Unsecure Network
Network with large attack surface, like open ports, weak/no authentication, or default credentials.
User and Entity Behavior Analytics (UEBA)
Automated system identifying suspicious activity by users or hosts.
Version Control
Managing project assets to ensure controlled changes.
Vertical Privilege Escalation
Attacker gaining higher-role privileges normally denied to them.
Video Surveillance
Physical security using cameras to monitor activity.
Virtual Local Area Network (VLAN)
Logical network segment isolating traffic despite physical connections.
Virtual Network Computing (VNC)
Protocol for remote access, forming the basis of macOS screen sharing.
Virtual Private Cloud (VPC)
Private cloud network segment for a single consumer on public infrastructure.
Virtual Private Network (VPN)
Secure tunnel between endpoints over an unsecure network like the Internet.
Virtualization
A computing environment allowing multiple independent operating systems to run simultaneously on one hardware platform.
Virus
Malicious code embedded in executable files, executed to deliver payloads or infect other files.
Vishing
Social engineering attack extracting information through phone calls or VoIP messages.
Visualization
Widget displaying records or metrics in a visual format, like graphs or tables.
Vulnerability
A weakness that can be accidentally triggered or exploited to cause a security breach.
Vulnerability Feed
Synchronizable data and scripts used for vulnerability checks, also called plug-ins or NVTs.
Vulnerability Scanner
Hardware or software scanning for known weaknesses in host OS or applications.
Warm Site
Dormant or noncritical processing location quickly convertible to key operations during emergencies.
Watering Hole Attack
Attacker targets groups by injecting malicious code into frequently visited websites.
Web Application Firewall (WAF)
Firewall protecting web server software and databases from injection and DoS attacks.
Web Filter
Software filtering Internet content requests like web, FTP, or instant messaging.
Wi-Fi Protected Access (WPA)
Standards for authenticating and encrypting access to Wi-Fi networks.
Wi-Fi Protected Setup (WPS)
Feature allowing wireless network enrollment using an eight-digit PIN.
Wildcard Domain
PKI certificate matching multiple subdomains of a parent domain.
Wired Equivalent Privacy (WEP)
Legacy mechanism for encrypting wireless data, replaced due to vulnerabilities.
Work Recovery Time (WRT)
Additional time after RTO for system reintegration and testing following restoration or upgrades.
Workforce Multiplier
Tools or automation enhancing employee productivity to complete more tasks efficiently.
Worm
Malware replicating in memory and spreading across network connections.
Write Blocker
Forensic tool preventing modification of data on target disks or media during analysis.
Zero Trust
Security paradigm requiring authentication for every request, including host-to-host or container-to-container.
Zero-Day
A vulnerability unpatched by developers or attacks exploiting such vulnerabilities.
