Comptia Security+ (SY0-601)
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
A 128 bit hash algorithm that uses two different and independent parallel chains of computation and then combines the result at the end of the process.
Initialization Vector (IV)
A 24-bit value that changes each time a packet is encrypted.
Updated Sequence Numbers (USN)
A 64-bit number in Active Directory that increases as changes occur.
Port Security
A Cisco switch feature in which the switch watches Ethernet frames that come in an interface (a port), tracks the source MAC addresses to control access.
Counter Mode (CTR)
A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream.
Common Access Card (CAC)
A Department of Defense (DoD) smart card used for identification for active-duty and reserve military personnel along with civilian employees and special contractors.
Elliptic Curve Diffie-Hellman (ECDH)
A Diffie-Hellman key exchange that uses elliptic curve cryptography instead of prime numbers in its computation.
File Checksum Integrity Verifier (FCIV)
A Microsoft system, that checks system files have not been modified.
Wildcard Certificate
A PKI certificate that is applied to a specific domain but also covers all of the subdomains.
Desired State Configuration (DSC)
A Powershell extension for automation.
Ifconfig
A TCP/IP configuration and management utility used with UNIX and Linux systems.
Internet Control Message Protocol (ICMP)
A TCP/IP protocol that is used by devices to communicate updates or error information to other devices.
Netstat
A TCP/IP utility that shows the status of each active connection.
Remote Access Trojan (RAT)
A Trojan that also gives the threat agent unauthorized remote access to the victim's computer by using specially configured communication protocols.
Children's Online Privacy Protection Act (COPPA)
A U.S. federal act that requires operators of online services or Web sites directed at children under the age of 13 to obtain parental consent prior to the collection, use, disclosure, or display of a child's personal information.
Federal Information Security Management Act (FISMA)
A U.S. federal law that requires U.S. government agencies to protect citizens' private data and have proper security controls in place.
Secure Boot
A UEFI feature that prevents a system from booting up with drivers or an OS that are not digitally signed and trusted by the motherboard or computer manufacturer.
Measured Boot
A UEFI firmware feature that logs the startup process.
Secure Shell (SSH)
A UNIX-based command interface and protocol for securely accessing a remote computer.
Malicious Universal Serial Bus Cable (Malicious USB Cable)
A USB cable designed to infect connected devices with malware.
Family Educational Rights and Privacy Act (FERPA)
A United States federal law that governs student confidentiality in schools.
Glass-Steagall Act (GLBA)
A United States federal law that requires financial institutions to explain how they share and protect their customers' private information.
Sarbanes-Oxley Act (SOX)
A United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms.
Split Tunneling
A VPN feature that allows you to select certain connections to run through your VPN, but not others.
Always-on VPN
A VPN that allows the user to always stay connected instead of connecting and disconnecting from it.
On-Demand VPN
A VPN that opens and drops connections on demand.
Cold Site
A backup facility that does not have any computer equipment, but is a place where employees can move after a disaster
Warm Site
A backup facility with computer equipment that requires installation and configuration.
Hot Site
A backup, fully equipped facility where the company can move immediately after a disaster and resume business
Iris Scan
A biometric authentication method that uses the colored part of the eye to authenticate.
Retinal Scan
A biometric authentication that uses unique patterns on a person's retina blood vessels.
Facial Recognition
A biometric technology that looks for unique measurements in an individual's face.
Script Kiddie
A black-hat "penetration tester" with limited computer science knowledge that uses instructions and tools from other people to exploit vulnerable computer systems.
Galios/Counter Mode
A block cipher mode that uses universal hashing over a binary Galios field to provide authentication encryption.
Cable Lock
A cable with a lock at the end, to stop people from stealing devices.
Address Resolution Protocol Cache (ARP Cache)
A cache that stores a mapping of IP addresses to MAC Addresses.
Pass the Ticket Attack
A category of post-exploitation attacks involving the theft and re-use of a Kerberos ticket to authenticate to systems in a compromised environment.
User Certificate
A certificate that authenticates a user.
Computer/Machine Certificate
A certificate that identifies a computer within a domain.
Self-Signed Certificate
A certificate that is issued by the same entity that is using it and doesn't have a certificate revocation list.
Domain-Validated Certificate (DV)
A certificate that proves the ownership of a domain name.
Subject Alternative Name (SAN)
A certificate with that allows for use on multiple domains.
Playbook
A checklist of actions to perform to detect and respond to a specific type of incident.
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
Block Cipher
A cipher that manipulates an entire block of plaintext at one time.
Mandatory Access Control (MAC)
A classification of data based on how much damage it could cause.
Right-to-Audit Clause
A clause where the auditor can audit without notice.
Serverless Architecture
A cloud computing execution model in which the cloud provider allocates machine resources on demand, taking care of the servers on behalf of their customers.
Vault
A cloud server that stores encrypted data.
Structure Query Language Injection (SQL Injection)
A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Journalctl
A command for Unix-like operating systems that view logs collected by systemd.
Telnet
A command protocol that transmits data in clear text.
Curl
A command-line tool used to transfer data.
dd
A command-line utility for Unix and Unix-like operating systems, the primary purpose of which is to convert and copy files.
Authentication, Authorisation and Accounting (AAA)
A common security framework for mediating network and application access.
Managed Cloud Service Provider (MCSP)
A company that manages cloud services for other companies.
Managed Security Service Provider (MSSP)
A company that monitors, manages, and maintains computer and network security for other organizations.
Aircrack-ng
A complete suite of wireless security assessment and exploitation tools that includes monitoring, attacking, testing, and cracking of wireless networks.
Bootstrap Protocol (BOOTP)
A component of TCP/IP that allows computers to discover and receive an IP address from a DHCP server prior to booting the OS.
Reverse Proxy
A computer or an application program that routes incoming requests to the correct server.
Compiler
A computer program created to read an entire program and convert it into a lower-level language and ultimately to assembly language used by the processor.
Logic Bomb
A computer program or part of a program that lies dormant until it is triggered by a specific logical event.
Zombie
A computer that is controlled by a command and control (C2) server and it a part of a botnet.
Air Gap
A computer with no network connections.
Integer Overflow
A condition that occurs when a very large integer exceeds its storage capacity.
Conduit
A container to secure cables from tampering or being destroyed.
Master Service Agreement (MSA)
A contract that defines terms of future contracts.
Discretionary Access Control (DAC)
A control system, that the user is only given access, that they need to perform their job.
Forensic Copy
A copy of data made for forensics to keep the original intact.
Identity Theft
A crime that involves someone pretending to be another person in order to steal money or obtain benefits.
Diffie-Hellman Ephemeral (DHE)
A cryptographic method of establishing a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.
FTK Imager
A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis is required.
Redundant Array of Independent Disks (RAID)
A data storage scheme that uses multiple hard drives to share or replicate data among the drives
Time Stamp
A date and time used to specify when data was created, modified or accessed.
Load Balancer
A dedicated network device that can direct requests to different servers based on a variety of factors.
Generic Account
A default account that comes with the system.
Object Identifier (OID)
A designator made up of a series of numbers separated with a dot which names an object or entity.
Worm
A destructive computer program that bores its way through a computer's files or through a computer's network.
Power Distribution Unit (PDU)
A device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center.
USB Data Blocker
A device that blocks the data pins on a USB device.
Smart Card
A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing.
Pluggable Authentication Module (PAM)
A device that looks like a USB thumb drive and is used as a software key in cryptography.
Surge Protector
A device that protects computers and other electronic devices from power surges.
Line Conditioner
A device that regulates, or conditions power, providing continuous voltage during brownouts and spikes.
Screen Filter
A device which prevents people from viewing your screen, while they are walking past.
Key Fob
A device, such as a type of smart card, that can fit conveniently on a key chain.
Wireless Heat Map
A diagram showing the wireless signal strength in a structure.
Privacy Enhanced Mail Certificate (PEM)
A digital certificate that uses a Bas64 format, with a .pem file extension.
Distinguished Encoding Rules Certificate (DER)
A digital certificate that uses a Base64 format with the .der file extension.
Forensic Process 19
A digital forensic process made up of: Collection, Examination, Analysis and Reporting.
Risk Register
A document in which the results of risk analysis and risk response planning are recorded.
Request for Comments (RFC)
A document published by the IETF that details information about standardized Internet protocols and those in various development stages.
Data Sharing and Use Agreement (DSUA)
A document that states, that personal data can only be collected for a specific purpose.
A Record
A domain name system record for IPv4.
AAAA Record
A domain name system record for IPv6.
MX Record
A domain name system record for mail servers.
SRV Record
A domain name system record for services.
CNAME Record
A domain name system record that is an alias.
Shimming
A driver manipulation method. It uses additional code to modify the behavior of a driver.
Automated Private IP Address (APIPA)
A feature of Windows-based operating systems that enables a computer to automatically assign itself an IP address when there is no Dynamic Host Configuration Protocol (DHCP) server available.
Flood Guard
A feature that controls a device's tolerance for unanswered service requests and helps to prevent a DoS or DDoS attack.
Screen Saver
A feature that logs computers off when they are idle.
Health Insurance Portability and Accountability Act (HIPAA)
A federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.
Open ID Connect
A federation technology that provides user authentication information.
Honeyfiles
A file pretending to be legitimate, in order to detect malicious activity.
Dump File
A file that is created after a system has crashed, that stores everything that was in memory.
Privacy Screen
A filter placed on a monitor to decrease the viewing angle of a monitor. This prevents the monitor from being viewed from the side and can help prevent shoulder surfing.
FM-200
A fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire.
Stateless Firewall
A firewall capable only of examining packets individually. Stateless firewalls perform more quickly than stateful firewalls, but are not as sophisticated.
Unified Threat Management (UTM)
A firewall or gateway that attempts to bundle multiple security functions into a single physical or logical device.
Firmware Over-The-Air (OTA)
A firmware update that is transmitted over a wireless network.
Stateful Firewall
A flrewall that monitors communication paths and data flow on the network.
Rogue Anti-Virus (Rogue AV)
A form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool.
White Box Penetration Testing
A form of penetration testing where the tester has a lot of information about the system.
Gray Box Penetration Test
A form of penetration testing where the tester has partial knowledge of the system.
Black Box Penetration Testing
A form of penetration testing where the tester is not given any system credentials.
Sandboxing
A form of software virtualization that lets programs and processes run in their own isolated virtual environment.
Diamond Model of Intrusion
A framework and process for identifying groups of related events on an organization's systems. By identifying events and linking them into activity threads, an analyst gains information regarding what occurred during an attack.
Extensible Authentication Protocol (EAP)
A framework for transporting authentication protocols that defines the format of the messages.
Lockheed Martin Cyber Kill Chain
A framework that a general life cycle description of how attacks occur but do not deal with the specifics of how to mitigate.
Mitre Att&ck Framework
A framework that provides explicit pseudo-code examples for detecting or mitigating a given threat within a network and ties specific behaviors back to individual actors.
One-Way Function
A function like multiplying two large prime numbers that takes a small amount of time to compute an output from an input but a large amount of time to recover an input from the output.
Hash
A function that converts one value to another.
Personal Identity Verification (PIV)
A government standard for smart cards that covers all government employees.
Red Team
A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture.
Blue Team
A group of people authorized and organized to emulate protecting a network from exploitation against an enterprise's security posture.
Remote Access Service (RAS)
A grouping of different hardware and software platforms to allow remote access to another computer or network device.
Man-in-the-Middle Attack (MITM)
A hacker placing himself between a client and a host to intercept network traffic; also called session hijacking.
Black Hat Hacker
A hacker who uses his knowledge to destroy information or for illegal gain.
Simultaneous Authentication of Equals (SAE)
A handshake protects against offline brute-force attacks.
Write-Once Read-Many Drive (WORM)
A hard drive that can only be written to once, but read many times.
Jumpbox
A hardened server that provides access to other hosts.
Hardware Write-Blocker
A hardware device that blocks media storage from being written to.
Key Stretching
A hashing algorithm which appends random characters to a password, making it stronger.
Bastion Host
A heavily secured server located on a special perimeter network between the company's secure internal network and its firewall.
Password History
A history of past passwords that prevents reuse.
JavaScript Object Notation Web Token (JWT)
A internet standard for authentication that a server signs with a private key.
Password-Based Key Derivation Function 2 (PBKDF2)
A key derivation function that stores passwords using a random salt and hash-based message authentication code.
Virtual Machine Sprawl (VM Sprawl)
A large amount of virtual machines on your network without the proper IT management or control.
Right to Audit
A legal agreement allowing a party to audit a system without explicit permission.
Non-Disclosure Agreement (NDA)
A legal contract between parties detailing the restrictions and requirements borne by each party with respect to confidentiality issues pertaining to information to be shared.
Network Access Control List (NACL)
A list of allowed or denied connections for subnets.
Call/Escalation List
A list should detail who should be called, what order, and how high up the organizational leadership chart a particular issue would reach.
Certificate Revocation List (CRL)
A list that keeps of track of whether a digital certificate is valid.
DNS Round Robin
A load-balancing technique in which you create an individual resource record for each terminal server in the server farm using the server's IP address and the name of the farm.
Eletronic Lock
A lock that uses a PIN code to allow access.
Biometric Lock
A lock that uses biometric authentication.
Botnet
A logical computer network of zombies under the control of an attacker.
Subnet
A logical subset of a larger network, created by an administrator to improve network performance or to provide security.
Degausser
A machine that removes the magnetic field of a magnetic media storage device, removing any data on it.
Watering Hole Attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
Cross-Site Request Forgery (CSRF/XSRF)
A malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
Cuckoo
A malware analysing tool that creates a sandbox environment.
Risk Matrix
A matrix that lists an organization's vulnerabilities, with ratings that assess each one in terms of likelihood and impact on business operations, reputation, and other areas.
Digital Signature
A means of electronically signing a document with data that cannot be forged.
Admissibility
A measure of whether a piece of evidence is relevant or legally acquired.
False Acceptance Rate (FAR)
A measurement of the percentage of invalid users that will be falsely accepted by the system.
False Rejection Rate (FRR)
A measurement of valid users that will be falsely rejected by the system.
Hash-based Message Authentication Code (HMAC)
A message authentication code that uses a cryptographic key in conjunction with a hash function.
Faraday Cage
A metal structure that blocks wireless or cellular signals.
Pretty Good Privacy (PGP)
A method of encrypting and decrypting e-mail messages. It can also be used to encrypt a digital signature.
Continuous Delivery
A methodology that focuses on making sure software is always in a releasable state throughout its lifecycle.
Electronic Code Book (ECB)
A mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value, and vice versa
Network Tap
A monitoring device installed inline with network traffic.
Statement of Work (SOW)
A narrative description of products, services, or results to be delivered by the project.
Ad Hoc Network
A network created when two wireless devices connect to each other directly.
Transit Gateway
A network hub that acts as a regional virtual router to connect networks.
Local Area Network (LAN)
A network in which the nodes are located within a small geographic area.
Service Set Identifier (SSID)
A network name that wireless routers use to identify themselves.
Honeynet
A network or decoy servers or systems to gather information on intruders or attackers.
Cellular Network
A network that can be used when a wireless network must cover a wide area. The network is made up of cells, each controlled by a base station. Also called a cellular WAN.
Wide Area Network (WAN)
A network that connects devices in geographically separated areas.
Nmap
A network utility designed to scan a network and create a map. Frequently used as a vulnerability scanner.
Netcat
A network utility program that reads from and writes to network connections.
Transparent Data Encryption (TDE)
A newer encryption method used in SQL Server 2008 and later that provides protection for the entire database at rest without affecting existing applications by encrypting the entire database.
Logical Unit Number (LUN)
A number assigned to a logical device (such as a tray in a CD changer) that is part of a physical SCSI device, which is assigned a SCSI ID.
Time-Based One-Time Password (TOTP)
A one-time password that changes after a set period of time.
HMAC-Based One-Time Password (HOTP)
A one-time password that changes when a specific event occurs.
Ticket-Granting Ticket (TGT)
A part of the Kerberos authentication system that is used to prove identity when requesting service tickets.
Hybrid Attack
A password attack that slightly alters dictionary words by adding numbers to the end of the password, spelling words backward, slightly misspelling words, or including special characters.
Cognitive Password Attack
A password attack that uses public knowledge-based authentication, like secret questions.
John The Ripper
A password cracking software tool named after a famous serial killer.
Bcrypt
A password hashing algorithm based on a Blowfish cipher that uses key stretching.
Cain and Abel
A password recovery tool for Microsoft Windows.
Representational State Transfer (REST)
A pattern for interacting with content on remote systems, typically using HTTP.
Exact Data Match (EDM)
A pattern matching technique that uses a structured database of string values to detect matches.
Passive Reconnaissance
A penetration testing method used to collect information without alerting the target.
Active Reconnaissance
A penetration testing method used to collect information. It sends data to systems and analyzes responses to gain information.
Browser Exploitation Framework (BeEF)
A penetration testing tool that focuses on the web browser.
Sn1per
A penetration testing tool that looks for vulnerabilities.
Metasploit
A penetration-testing tool that combines known scanning techniques and exploits to explore potentially new types of exploits.
Whaling
A phishing attack that targets only wealthy individuals.
Credential Harvesting
A phishing attack that targets user credentials.
Spear Phising
A phishing expedition in which the emails are carefully designed to target a particular person or organisation.
Hard Security Module (HSM)
A physical computing device that safeguards and manages digital keys
Hotspot Network
A physical location where people can access the Internet, typically using Wi-Fi, via a wireless local area network (WLAN) with a router connected to an Internet service provider.
National Institute of Standards and Technology (NIST)
A physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce
Airgap
A physical security control that provides physical isolation.
Screenshot
A picture of a system's user interface.
Virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
Disaster Recovery Plan (DRP)
A plan set out incase a disaster occurs and recovery is required.
Functional Recovery Plan
A plan that uses simulations and exercises to prepare for disaster recovery.
Offboarding Policy
A policy setup for handling departing staff members or devices.
Onboarding Policy
A policy setup for introducing new staff members or devices in to the company.
Acceptable Use Policy (AUP)
A policy that defines the actions users may perform while accessing systems and networking equipment.
Privacy Policy
A policy that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data.
Retention Policy
A policy that establishes how long data should be kept.
Mandatory Vacation Policy
A policy that mandates employees must take vacation in order to detect or stop insider threats.
Scanless
A port scanner that cannot be traced back.
Virtual Private Network (VPN)
A private data network that creates secure connections, or "tunnels," over regular Internet lines
Cipher Block Chaining (CBC)
A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.
Trojan
A program disguised as a harmless application that actually produces harmful results.
Sudo
A program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, which by default is super user.
Chown
A program for Unix-like operating systems that changes file ownership.
Chmod
A program for Unix-like operating systems that changes file permissions.
Print Working Directory (PWD)
A program for Unix-like operating systems that outputs the current directory in use.
Password Cracker
A program that attempts to solve passwords from ciphers or hashes.
Rootkit
A program that hides in a computer and allows someone from a remote location to take full control of the computer.
Decompiler
A program that reverts an executable back in to source code.
Traceroute
A program that shows the route a packet takes across a network.
Macroinstruction (Macro)
A programmable pattern which translates a certain sequence of input into a preset sequence of output.
Perfect Forward Secrecy
A property of public key cryptographic systems that ensures that any session key derived from a set of long-term keys cannot be compromised if one of the keys is compromised at a future date.
Terminal Access Controller Access Control System (TACACS)
A proprietary Cisco protocol for Remote Authentication Dial-in User Service (RADIUS).
New Technology File System (NTFS)
A proprietary file system created by Microsoft.
Lightweight Directory Access Protocol (LDAP)
A protocol for a client application to access an X.500 directory.
Address Resolution Protocol (ARP)
A protocol in the TCP/IP suite used with the command-line utility of the same name to determine the MAC address that corresponds to a particular IP address.
Internet Small Computer System Interface (iSCSI)
A protocol that enables the SCSI command set to be transported over a TCP/IP network from a client to an iSCSI-based storage system.
Online Certificate Status Protocol (OCSP)
A protocol that performs a real-time lookup of a certificate's status.
Threat Maps
A real-time cyber-attack map that shows attacks.
General Data Protection Regulation (GDPR)
A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Nessus
A remote scanning tool for finding vulnerabilities.
True Negative (TN)
A result that is correctly identified as negative.
True Positive (TP)
A result that is correctly identified as positive.
False Negative (FN)
A result that is incorrectly identified as negative.
False Positive (FP)
A result that is incorrectly identified as positive.
Risk Control Self-Assessment (RCSA)
A risk profile analysis process that identifies the risks, classifies each risk into clearly defined categories, and quantifies the risks with respect to the probability of occurrence and the impact on value and/or cash flows.
Annual Risk Assessment
A risk register where the financial director will look at all of the risks associated with money and the IT manager will look at all of the risks posed.
Risk Avoidance
A risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact.
Risk Mitigation
A risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.
Risk Acceptance
A risk response strategy whereby the project team decides to acknowledge the risk and not take any action unless the risk occurs.
Risk Transference
A risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership of the response.
Firewall Rule
A rule in the firewall specifying if a connection is allowed or denied.
Secure Hash Algorithm (SHA)
A secure hash algorithm that creates more secure hash values than Message Digest (MD) algorithms.
Password Vault
A secure store for passwords that don't require the user to remember every password.
Media Access Control Address Filtering (MAC Filtering)
A security access control method whereby the MAC address assigned to each network card is used to determine access to the network.
DHCP Snooping
A security feature on switches whereby DHCP messages on the network are checked and filtered.
Impossible Time Travel
A security feature that checks if movement between authentication locations is possible.
Clean-Desk Policy
A security policy requiring employees to keep their areas organized and free of papers. The goal is to reduce threats of security incidents by protecting sensitive data.
Next Generation Secure Web Gateway (SWG)
A security system that protects web appointments.
Relaying Party (RP)
A server providing access to a secure software application.
Proxy Server
A server that acts as an intermediary between a user and the Internet.
Certificate Authority (CA)
A server that manages digital certificates.
RADIUS Server
A server that offers centralized authentication services to a network's access server, VPN server, or wireless access point via the RADIUS protocol.
DHCP Relay Agent
A service that captures a BOOTP broadcast and forwards it through the router as a unicast transmission to a DHCP server on a remote subnet.
Indicator of Compromise (IOC)
A set of conditions or evidence that indicates a system may have been compromised.
Remediation Server
A set of resources that a non-compliant computer can access on the limited-access network.
Cloud Access Security Broker (CASB)
A set of software tools or services that resides between the enterprises' on-premises infrastructure and the cloud provider's infrastructure to ensure that the security policies of the enterprise extend to their data in the cloud.
Payment Card Industry Data Security Standard (PCI DSS)
A set of standards for handling and storing data used for card payments.
Message Digest (MD)
A short code, such as one 256 bits long, resulting from hashing a plaintext message using an algorithm.
OpenID Connect
A simple identity layer on top of the OAuth 2.0 protocol, which allows computing clients to verify the identity of an end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.
Penetration Testing
A simulated cyber attack against your computer system to check for exploitable vulnerabilities.
Single Point of Failure (SPOF)
A single weakness that is capable of bringing an entire system down.
Keylogger
A small hardware device or a program that monitors keystrokes a user types on the computer's keyboard.
Microservices/API
A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system.
Active Directory Federation Services (ADFS)
A software component developed by Microsoft that can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries
Continuous Deployment (CD)
A software development approach where an organization's developers release products, features, and updates in shorter cycles, when ready, rather than wait for centrally-managed delivery schedules.
Continuous Integration (CI)
A software development method in which code updates are tested and committed to development or build server/code repositories rapidly.
Crypto Service Provider (CSP)
A software library that provides crypto services.
System Center Configuration Manager (SCCM)
A software management suite provided by Microsoft that allows users to manage a large number of Windows based computers.
Adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
Remote Administration Tool (RAT)
A software program that gives you the ability to control another device remotely.
Microsoft Baseline Security Analyzer (MBSA)
A software tool released by Microsoft to determine the security state of a system.
Privilege Access Management (PAM)
A solution that helps protect the privilege accounts within a domain.
Processor Cache
A space in the CPU next to the processor itself that stores frequently used data and instructions.
Web Application Firewall (WAF)
A special type of firewall that looks more deeply into packets that carry HTTP traffic.
USB On-the-Go (OTG)
A specification that allows a mobile device with a USB connection to act as either a host or a peripheral used for external media access.
Fat Controller
A standalone wireless access point.
X.509 Certificate
A standard defining the format of public key certificates.
Open Authorization (OAuth)
A standard for authorization that allows users to share private resources on one site to another site without using credentials.
Remote Authentication Dial-In User Service (RADIUS)
A standard method for verifying the identity of users attempting to connect via dial-in access.
Data-in-Use
A state of data in which actions upon it are being performed.
Race Condition
A state where two subjects can access the same data without proper mediation.
Mean Time Between Failures (MTBF)
A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced.
Bollard
A stone guard to prevent damage to a wall; also a freestanding stone post to divert vehicular traffic.
Key Escrow
A store for holding private keys for their parties that are stored a Hardware Security Module.
Risk Deterrence
A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk.
Pre-boot Execution Environment (PXE)
A stub operating system that can be used to boot other things, such as an installation routine.
Virtual Private Cloud (VPC)
A subset of a public cloud that has highly restricted, secure access.
NT LAN Manager (NTLM)
A suite of Microsoft security challenge-response authentication protocols that provides authentication, integrity, and confidentiality.
Customer Relationship Management System (CRM)
A suite of applications, a database, and a set of inherent processes for managing all the interactions with the customer, from lead generation to customer service.
Advanced Encryption Standard (AES)
A symmetric block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size.
Triple Data Encryption Standard (3DES)
A symmetric block cipher similar to DES but uses a key that can be three times the size, at a 168-bit key.
Twofish
A symmetric block cipher that operates on 128-bit blocks of data and is capable of using cryptographic keys up to 256 bits in length.
Blowfish
A symmetric block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits.
Data Encryption Standard (DES)
A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks.
Rivest Cipher 4 (RC4)
A symmetric stream cipher that is 40 bits.
Identity Provider (IdP)
A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.
Public Key Infrastructure (PKI)
A system for managing digital certificates and public key encryption.
Health Agent
A system installed on the connecting device to report health to an NAC.
Jump Server
A system on a network used to access and manage devices in a separate security zone.
Bankers' Automated Clearing Service (BACS)
A system that allows the transfer of payments directly from one bank account to another.
Data Loss Prevention (DLP)
A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users.
Health Authority (HAuth)
A system that checks the health of incoming an incoming device, to ensure it is fully patched.
Global Positioning System (GPS)
A system that determines the precise position of something on Earth through a series of satellites, tracking stations, and receivers.
Clearing House Automated Payment System (CHAPS)
A system that facilitates large money transfers denominated
Security Information and Event Management (SIEM)
A system that helps collate information related to security.
Automated Indicator Sharing (AIS)
A system that provides the exchange of data about cyber-attacks.
Heating, Ventilation , and Air Conditioning (HVAC)
A system used to control environmental conditions within a building.
Network Address Translation (NAT)
A technique that allows private IP addresses to be used on the public Internet.
Secure Socket Layer Stripping (SSL Stripping)
A technique that downgrades your connection from secure HTTPS to insecure HTTP and exposes you to eavesdropping and data manipulation.
Network Access Control (NAC)
A technique that examines the current state of a system or network device before it is allowed to connect to the network.
Dynamic Link Library Injection (DLL Injection)
A technique used for running code within the address space of another process by forcing it to load a dynamic-link library.
Buffer Overflow
A technique where code is exploited by storing more data than can be held.
Diffusion
A technique where you change one character of the input, which will change multiple bits of the output.
Steganography
A technology that makes it possible to embed hidden information in documents, pictures, and music files
Ephemeral Key
A temporary key that is used only once before it is discarded.
Data Sovereignty
A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud.
End of Life (EOL)
A term used to describe the date by which the vendor or manufacturer ceases to support and provide software updates and patches for a product or software application
Thin Client
A terminal that looks like a desktop but has limited capabilities and components.
Host File
A text file that associates TCP/IP host names with IP addresses.
Dnsenum
A tool that maps DNS records.
Hierarchical Trust Model
A trust model that has a single hierarchy with one master certificate authority.
Bridge Trust Model
A trust model with one certificate authority that acts as a facilitator to interconnect all other certificate authorities.
Insider Threat
A trusted adversary who operates within an organization's boundaries.
Layer 2 Tunneling Protocol/Internet Protcol Security (L2TP/IPSec)
A tunnelling protocol that is combined with Internet Protocol Security to secure it.
Mantrap
A turnstile device used to limit one person from entering at a time.
Transitive Trust
A two-way relationship that is automatically created between parent and child domains in a Microsoft Active Directory Forest.
Ping of Death (POD)
A type of DoS that sends an oversized and/or malformed packet to another computer.
Directional Antenna
A type of antenna that concentrates the signal beam in a single direction.
Omnidirectional Antenna
A type of antenna that issues and receives wireless signals with equal strength and clarity in all directions.
Yagi Antenna
A type of antenna that sends signals in two directions.
Asymmetric Encryption
A type of cryptographic based on algorithms that use a private and public key.
Address Resolution Protocol Poisoning (ARP Poisoning)
A type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table.
Dictionary Attack
A type of password attack that automates password guessing by comparing encrypted passwords against a predetermined list of possible password values.
Memory Leak
A type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released.
Containerisation
A type of virtualization applied by a host operating system to provide an isolated execution environment for an application.
Security Set Identifier (SSID)
A unique ID that identifies a wireless access point to the wireless networking clients that send data to it.
Data Recovery Agent (DRA)
A user account that an administrator has authorized to recover BitLocker drives for an entire organization with a digital certificate on a smart card.
Nslookup
A utility that is used to test and troubleshoot domain name servers.
Ping
A utility that sends an ICMP echo request message to a host.
Background Checks
A vetting process to ensure that an individual meets security requirements.
Virtual Desktop Infrastructure (VDI)
A virtualization implementation that separates the personal computing environment from a user's physical computer.
Polymorphic Virus
A virus that can change its own code or periodically rewrites itself to avoid detection.
Fileless Virus
A virus that operates in main memory.
VM Sprawl
A vulnerability that occurs when an organization has many VMs that aren't properly managed.
Content Filter
A way of limiting access to material on the internet by examining it before it is shown to the user and deciding whether or not it is acceptable.
Wi-Fi Easy Connect
A way to connect to a wireless network with a a QR code.
Cryptographic Erase (CE)
A wiping technique that encrypts the data on a media device and destroys the encryption key.
Zero Fill
A wiping technique that sets all bits on the media to zero.
Secure Erase (SE)
A wiping technique that writes a binary one or zero over each piece of data in the drive.
Thin Controller
A wireless access point controlled by a main controller.
Evil Twin Attack
A wireless access point that pretends to be another in order to steal information.
Disassociation Attack
A wireless attack in which false de-authentication or disassociation frames are sent to an AP that appear to come from another client device, causing the client to disconnect.
Business Partnership Agreement (BPA)
A written agreement defining the terms and conditions of a business partnership.
Tainted Training Data for Machine Learning
AI programs can be sabotaged by even subtle tweaks to the data used to train them.
Guest Account
Account used for users who need temporary access to the computer.
White Team
Acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission.
Password Salting
Adding a random string of characters to a password before hashing it.
GPS Tagging
Adding geographical identification data to media such as digital photos taken on a mobile device.
Data Masking
All or part of a field's contents is redacted, by substituting all character strings with x, for example.
Bluetooth
Allows electronic devices like cell phones and computers to exchange data over short distances using radio waves
Classless Inter-Domain Routing (CIDR)
Allows network administrators to expand the number of network nodes assigned to an IP address.
Structured Query Language Injection (SQL Injection)
Allows the attacker to execute remote commands on the database server and lead to sensitive information disclosure.
Class A IP Address
An IP address that starts with 1 - 126
Class B IP Address
An IP address that starts with 128 - 191
Class C IP Address
An IP address that starts with 192 - 223
Link Local Address
An IPv6 address that is automatically assigned by an operating system to allow a node to communicate over its local subnet if a routable IP address is not available.
Structured Threat Information eXpression (STIX)
An XML structured language for expressing and sharing threat intelligence.
Security Assertion Markup Language (SAML)
An XML-based standard used to exchange authentication and authorization information.
Linux-Based Access Control (LBAC)
An access control system, which is used by Linux to determine access and uses a numeric or alpha format.
Attribute-Based Access Controls (ABAC)
An access control system, which uses account attributes to determine access.
Group-Based Access Control (GBAC)
An access control system, which uses account groups to determine access.
Role-Based Access Control (RBAC)
An access control system, which uses roles to determine access.
Rule Based Access Control (RBAC)
An access control system, which uses rules to determine access.
Password Expiration
An account enforcement policy that determines how many days a password can be used before the user is required to change it.
Password Complexity
An account enforcement policy that determines passwords must meet complexity requirements.
Sponsored Account
An account for temporary external use.
Shared Account
An account used by more than one user.
Privileged Account
An account which powerful rights, privileges, and permissions are granted so that a user could perform nearly any action.
CLOUD Act
An act to provide trans-border access to communications data in criminal law enforcement investigations.
Media Access Control (MAC)
An address for communications on the physical network segment.
Interconnection Security Agreement (ISA)
An agreement between parties intended to minimize security risks for data transmitted across a network.
Memorandum of Understanding (MOU)
An agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement.
Pseudo-Random Number Generator (PRNG)
An algorithm that generates a sequence of numbers that seems random but is actually completely predictable.
Stream Cipher
An algorithm that takes one character and replaces it with one character.
Elliptic Curve Cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys.
Digital Signature Algorithm (DSA)
An algorithm which generates a digital signature from 512 bits to 2046 bits.
Uninterruptible Power Supply (UPS)
An alternative power supply device that protects against the loss of power and fluctuations in the power level by using battery power to enable the system to operate long enough to back up critical data and safely shut down.
Real Time Protocol (RTP)
An application layer protocol that servers and the Internet use to deliver streaming audio and video data.
Trusted Automated eXchange of Indicator Information (TAXII)
An application protocol for exchanging CTI over HTTPS.
File Integrity Checker
An application that can verify that files have not been modified.
Nonce
An arbitrary number that can only be used once.
Indicators of Compromise (IOCs)
An artifact in computer systems that indicates a security breach.
Site Risk Assessment
An assessment of all risks and hazards that could happen on a construction site.
Rivest Shamir Adleman (RSA)
An asymmetric cryptographic algorithm that ranges from 1024 to 4096 bits.
Private Key
An asymmetric encryption key that decrypts data and uses the P12 format with a .pfx file extension.
Public Key
An asymmetric encryption key that encrypts data, uses a P7B format with a .cer file extension.
Session Hijacking
An attack in which an attacker attempts to impersonate the user by using their session token.
VM Escape
An attack in which the attacker "breaks out" of a VM's normally isolated state and interacts directly with the hypervisor.
Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Amplification Attack
An attack instigated using small, simple requests that trigger very large responses to the target.
Password Spraying
An attack method that takes many usernames and loops them with a single password.
Collision Attack
An attack on a hash function in which a specific input is generated to produce a hash function output that matches another input.
Brute Force Attack
An attack on passwords or encryption that tries every possible password or encryption key.
Dynamic Link Library Injection (DLL)
An attack technique where running code within an address space are forced to load a DLL file.
Smurf Attack
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
Domain Hijacking
An attack that changes the registration of a domain name without permission from the owner.
LDAP Injection Attack
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
Cross-Site Request Forgery (XSRF)
An attack that exploits the trust a website has in a user's browser in an attempt to transmit unauthorized requests to the website.
Man-in-the-Browser Attack (MITB)
An attack that intercepts communication between a browser and the underlying computer.
Replay Attack
An attack that makes a copy of the transmission for use at a later time.
Initialization Vector Attack (IV Attack)
An attack that modifies the IV of an encrypted wireless packet during transmission. Once an attacker learns the plaintext of one packet, the attacker can compute the RC4 key stream generated by the IV used.
Birthday Attack
An attack that searches for any two digests that are the same.
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information.
MAC Flooding
An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch.
DNS Poisoning
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device.
Directory Traversal
An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories.
SYN Flood Attack
An attack that uses connection establishment packets to open multiple connections and disrupt a server.
Distributed Denial of Service (DDoS)
An attack that uses many distributed computers to flood a network with enough traffic to cause it to malfunction.
Ping Flood Attack
An attack that uses the Internet Control Message Protocol (ICMP) to flood a network with traffic.
Wireless Disassociation Attack
An attack where an attacker forces the victims device off the wireless network using a de authentication frame.
SQL Injection Attack
An attack where input is used to inject malicious SQL commands into a request.
Supply Chain Attack
An attack where software or hardware is intercepted and modified maliciously by an attacker before it reaches the victim.
Integer Overflow Attack
An attack where the an arithmetic operation is used to overflow the maximum number stored in memory.
Resource Exhaustion Attack
An attack where the attacker consumes all system resources.
Bluejacking
An attack where the attacker send unsolicited messages to the device.
MAC Spoofing Attack
An attack where the attacker steals the MAC address from of another device to impersonate that device.
Bluebugging
An attack where the attacker takes control of a Bluetooth device.
SSL Striping Attack
An attack where the attackers downgrade a connection to a weaker level of SSL encryption.
Denial of Service Attack (DOS)
An attempt to make computers or any of its resources unavailable by flooding a network with traffic.
Distributed Denial of Service Attack (DDOS)
An attempt to make computers or resources unavailable by flooding a network with traffic from multiple systems.
Something You Do
An authentication factor indicating action, such as gestures on a touch screen.
Somewhere You Are
An authentication factor indicating location, often using geolocation technologies.
Multi-Factor Authentication (MFA)
An authentication method that includes multiple factors of authentication, including user, group, device, location, and authentication data.
Touch ID
An authentication method that uses finger print analysis in Apple products to authenticate.
Context-Aware Authentication
An authentication method using multiple elements to authenticate a user and a mobile device. It can include identity, geolocation, the device type, and more.
Protected Extensible Authentication Protocol (PEAP)
An authentication protocol that uses a password function based on MS-CHAPv2 with the addition of an encrypted TLS tunnel.
Terminal Access Control Access Control System (TACACS)
An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
Runbook
An automated version of a playbook used by a SOAR to have the system conduct as many steps as possible.
Security Orchestration, Automation and Response. (SOAR)
An automation tool for detecting security incidents.
Mean Time to Repair (MTTR)
An average measure of the time taken to correct a fault to restore the system to full operation.
Wired Equivalent Privacy (WEP)
An encryption algorithm designed to protect wireless transmission data.
Symmetric Encryption
An encryption method whereby the same key is used to encode and to decode the data.
Cipher Block Chaining Message Authentication Code Protocol (CCMP)
An encryption protocol designed for Wireless LAN products.
Temporary Key Integrity Protocol (TKIP)
An encryption protocol included as part of the IEEE 802.11i standard for wireless
Hping
An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities
Identify Provider (IdP)
An entity that can validate that credentials are presented are valid.
Business Impact Analysis (BIA)
An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems.
Virtual Machine Escape (VM Escape)
An exploit in which the attacker runs code on a virtual machine that allows an operating system running within it to break out and interact directly with the hypervisor.
Zero Day
An exploit that is unknown and undocumented.
Capture the Flag (CTF)
An exploit-based exercise simulating an attack.
Pass the Hash Attack
An expoit in which an attacker steals a hashed user credential and, without cracking it, reuses it to trick an authentication system into creating a new authenticated session on the same network.
Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS)
An extension of EAP sometimes used with 802.1x. It allows systems to use some older authentication methods such as PAP within a TLS tunnel. It requires a certificate on the 802.1x server but not on the clients.
Security Identifier (SID)
An identifier, that is tied to an account.
Identification (Access Controls)
An identifying piece of information such as a number or list of characters.
Site Survey
An in-depth examination and analysis of a wireless LAN site.
Private Certificate Authority
An internal digital certificate management system.
Offline Certificate Authority
An internal offline certificate authority.
Online Certificate Authority
An internal online certificate authority.
Overseas Production Act (COPOA)
An international co-operation arrangement.
International Telecommunication Union (ITU)
An international organization dedicated to creating telecommunications standards.
Container
An isolated system used for software.
Badge
An item with a photo, name and signature, used to identify someone.
Small Computer System Interface (SCSI)
An older parallel bus disk technology still used on some servers but has reached its performance limits at 640 MB/s transfer rates.
Challenge Handshake Authentication Protocol (CHAP)
An older three-way authentication handshake that is accomplished during the initial authentication and may be repeated anytime after the link has been established.
Open Indicator of Compromise (OpenIOC)
An open framework, meant for sharing threat intelligence information in a machine-readable format.
OAuth
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
GNU Privacy Guard (GPG)
An open-source version of PGP, used for encrypting and decrypting e-mail messages, that does not use patented algorithms.
Advanced Persistent Threat (APT)
An organized group of attackers who are highly motivated, skilled, and patient.
Fire Suppression System
An oxygen suppressant system that starves a fire to prevent damage to equipment.
Rogue Access Point
An unauthorized AP that allows an attacker to bypass many of the network security configurations and opens the network and its users to attacks.
Rogue Access Point (Rogue AP)
An unauthorized wireless access point (WAP) installed in a computer network.
Static Code Analysis
Analysis of source code carried out without execution of that software.
Personally Identifiable Information (PII)
Any data that can be used to identify, locate, or contact an individual.
Protect Health Information (PHI)
Any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity), and can be linked to a specific individual.
URL Filter
Appliance that blocks connections to websites that are deemed dangerous or inappropriate.
Wireshark
Application that captures and analyzes network packets.
Change Advisory Board (CAB)
Assists with the prioritisation of changes.
Zero-Day Attack
Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.
Session Replay Attack
Attacker listens to the conversation between the user and the server and captures the authentication token of the user.
Buffer Overflow Attack
Attempts to overwrite the memory buffer to send additional data into adjacent memory locations.
Account Rectification
Auditing account privileges and reporting to management.
Something You Are
Authentication factor that relies on a physical characteristic (fingerprint, face, eye, palm)
Something You Know
Authentication factor that relies on a piece of knowledge (password, PIN).
Something You Have
Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)
Industrial Camouflage
Camouflage used by buildings to obscure the building from aerial photos.
Confidential (MAC)
Causes damage.
Secret (MAC)
Causes serious damage.
Proprietary
Characteristic of an owner of property; constituting property.
Flexible Authentication via Secure Tunneling (EAP-FAST)
Cisco authentication protocol used in wireless networks and point-to-point connections to perform session authentication
Secret Internet Protocol Router Network (SIPRNet)
Classified tunnel carried over NIPRNet, provides a secure transmission of data up to the secret classification level
Fog Computing
Cloud computing that processes data from IoT devices.
Order of Volatility
Collecting information based on how perishable it is.
E-Discovery
Collecting, reviewing, and interpreting documents on storage devices.
Random Access Memory (RAM)
Computer location where instructions and data are stored on a temporary basis. This memory is volatile.
CIA Triad
Confidentially, Integrity and Availability.
Proximity Card
Contactless card used to gain access to secure areas.
Business Continuity Plan (BCP)
Contingency planning to keep the business up and running when a disaster occurs, by identifying single points of failure.
Active Logging
Continuously monitoring and logging changes.
Time Normalisation
Convert regional time zone in to single shared time zone.
Card Skimming
Copying of information from the magnetic strip of a credit card or debit card.
Diffie-Hellman (DH)
Creates a secure tunnel for data transmission.
Capturing a System Image
Creating a file that is an exact copy of a storage device.
Metadata
Data that describes other data
Data-in-Transit
Data that is in transit across a network.
Data-at-Rest
Data that is stored on electronic media.
Honeypot
Decoy servers or systems setup to gather information regarding an attacker or intruder into your system.
Spanning Tree Protocol (STP)
Defined by the IEEE 802.1D standard, it allows a network to have redundant Layer 2 connections, while logical preventing a loop.
Subordinate Certificate Authority/Intermediary
Defines and authorises the types of certificates that can be requested from the Root Certificate Authority.
Stress Testing
Deliberately intense or thorough testing used to determine the stability of a given system, critical infrastructure or entity.
War Driving
Deliberately searching for Wi-Fi signals while driving by in a vehicle
Software as a Service (SaaS)
Delivers applications over the cloud using a pay-per-use revenue model.
Infrastructure as a Service (IaaS)
Delivers hardware networking capabilities, including the use of servers, networking, and storage, over the cloud using a pay-per-use revenue model.
Key Management
Departmental keys are signed in and out, to prevent someone from taking keys away and making copies.
Rules of Engagement (ROE)
Detailed guidelines and constraints regarding the execution of information security testing.
Non-classified Internet Protocol Router Network (NIPRNet)
DoD's unclassified but sensitive Internet Protocol Router Network
53
Domain Name System Port (DNS)
67/68
Dynamic Host Configuration Protocol Port (DHCP)
Choose Your Own Device (CYOD)
Employees choose from a limited selection of approved devices but the employee pays the upfront cost of the device while the business owns the contract.
Corporate-Owned Personally-Enabled (COPE)
Employees choose from a selection of company-approved devices.
Cross-Site Scripting (XSS)
Enables attackers to inject client-side scripts into web pages viewed by other users.
Homomorphic Encryption
Enables processing of encrypted data without the need to decrypt the data.
Data Classification
Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.
Secure Satellite Communications (SATCOM)
Equipment used by the US military to communicate with satellites.
Closed Circuit Television (CCTV)
Equipment used to record events through cameras and or sensors.
Privilege Escalation
Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
Reconnaissance
Exploration to gain knowledge or information.
989/990
FTP over TLS/SSL Port
Controlled Unclassified Information (CUI)
Federal non-classified information that must be safeguarded by implementing a uniform set of requirements and information security controls to secure sensitive government information.
21
File Transfer Protocol Port (FTP)
Capital Expenditure (CAPEX)
Funds used by a company to acquire or upgrade physical assets such as property, industrial buildings or equipment
Shoulder Surfing
Gaining sensitive information by watching someone input information.
Banner Grabbing
Gathering information from messages that a service transmits when another program connects to it.
Tabletop Exercise
Gathering the key staff of an organization and discussing their actions during a potential unwanted event.
Memorandum of Agreement (MOA)
General areas of conditional agreement between two or more parties.
Least privilege /Need-to-know basis
Giving someone the most limited access required to so they can perform their job.
Protocol Analyzer (Sniffer)
Hardware or software that captures packets to decode and analyze the contents.
Restricted (MAC)
Has an undesirable effect.
Signage
Highly visible signs warning, this is a secure area.
80
Hypertext Transfer Protocol Port (HTTP)
443
Hypertext Transfer Protocol Secure and Transport Layer Security Port (HTTPS/TLS/SSL)
User Account
Identifies resources a user can access on a computer.
Subnet Mask
In IPv4 addressing, a 32-bit number that, when combined with a device's IP address, indicates what kind of subnet the device belongs to.
Unique Local Address
In TCP/IP version 6, an address used to identify a specific site within a large organization.
Binary Large Object (BLOB)
In databases, a type of object that holds extremely large chunks of data in binary form.
Hybrid Cloud
Includes two or more private, public, or community clouds, but each cloud remains separate and is only linked by technology that enables data and application portability.
Extended Validation Certificate
Increased security over domain validation certificates due to an enhanced validation process, which requires human validation.
Common Vulnerabilities Scoring System (CVSS)
Indicates the severity of vulnerabilities.
Open-Source Intelligence (OSINT)
Information gathered from publicly available ("open") sources.
Side-Loading
Installing a mobile app by some means other than downloading it from an official app store.
Network Sniffing
Intercepting packages on a wireless or wired network and viewing the contents of these packages.
Site-to-Site VPN
Interconnects two sites, as an alternative to a leased line, at a reduced cost.
143
Internet Message Access Protocol Port (IMAP)
500
Internet Protocol Security Port (IPSec)
Dark Web
Internet content that can't be indexed by Google and other search engines.
Dumpster Diving
Involves digging through trash receptacles to find sensitive information.
Service Account
Is an account that a service on your computer uses to run under and access resources.
Firmware
Is the software used by the hardware to operate.
Artifacts
Items that not easily seen or found.
88
Kerberos Port
Rainbow Tables
Large pre-generated data sets of encrypted passwords used in password attacks.
389
Lightweight Directory Access Protocol Port (LDAP)
Data Minimization
Limiting data collection to only what is required to fulfill a specific purpose.
Data Minization
Limiting data collection to only what is required to fulfill a specific purpose.
Certificate Chaining
Linking several certificates together to establish trust between all the certificates involved.
Load Balancing Scheduling
Load balancing servers based on a schedule.
Purple Team
Made up of both the blue and red teams to work together to maximize their cyber capabilities through continuous feedback and knowledge transfer between attackers and defenders.
Beacon
Malware infects a vulnerable host, it quickly scans the host environment and initiates a command and control (C2) channel with its creator.
Command and Control Malware
Malware that controls the victim's machine from a command and control server.
Crypto Malware
Malware that encrypts all the files on the device so that they cannot be opened and hides itself.
Padding Oracle On Downgraded Legacy Encryption Attack (POODLE)
Man-in-the-middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0
Document Matching
Matching a whole document or a partial document against a signature in the DLP.
Rotate 13 (ROT 13)
Monoalphabetic cipher that shifts characters 13 characters.
Substitution/Caesar Cipher
Monoalphabetic cipher that shifts characters.
Edge Computing
Moving processing and data storage away from a centralised location to the "edges" of a network.
137 - 139
NetBIOS Port
123
Network Time Protocol Port (NTP)
Encapsulated Security Payload (ESP)
No modification of data in-transit, all data encrypted, identifies origin.
Pretexting
Occurs when someone deceives by pretending to be someone else.
Hash Collision
Occurs when the hashing algorithm creates the same hash from different text
Grey Hat Hacker
One who tries to hack a computer system to find a defect, but charges a fee to fix it.
Open Source
Online applications and resources which are available to the general public with very few restrictions.
Mission Essential Functions
Operations that are core to the success of the business.
Risk Awareness
Organizations communicate with each other to share information regarding risks.
Service Level Agreement (SLA)
Part of a service contract where the service expectations are formally defined.
Gray Box Testing
Penetration testing of a system, where the tester is provided minimal information about system.
Black Box Testing
Penetration testing of a system, where the tester is provided no information about the system.
White Box Testing
Penetration testing of a system, where the tester is supplied information about the system.
Armed Guards
People who manage physical access to a secure area.
Vishing
Phishing attacks committed using telephone calls or VoIP systems.
Smishing
Phishing attacks committed using text messages (SMS).
Demilitarised Zone/Screened Subnet (DMZ)
Physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet.
Bring Your Own Device (BYOD)
Policy that allows employees to use their personal mobile devices and computers to access enterprise data and applications.
110
Post Office Protocol version 3 Port (POP3)
Route Poisoning
Preventing networks from sending data somewhere by invalidating the packets.
Certificate Pinning
Prevents the compromise of Certificate Authorities and fraudulent certificate issuing.
Disk Striping
Process by which data is spread among multiple drives.
Disk Mirroring
Process by which data is written simultaneously to two or more disk drives.
Rooting
Process of making unauthorized modifications to operating systems and bypassing the DRM restrictions on Android in order to run unapproved software.
Jailbreaking
Process of making unauthorized modifications to operating systems and bypassing the DRM restrictions on Apple iPhones and iPads in order to run unapproved software.
Domain Name System Black-holing (DNS Black-holing)
Process that uses a list of known domains/IP addresses belonging to malicious hosts and uses an internal DNS server to create a fake reply.
Potentially Unwanted Program (PUP)
Program that installs itself on a computer, typically without the user's informed consent
Public Cloud
Promotes massive, global, and industrywide applications offered to the general public.
Defence in Depth
Protecting a company's data with a series of protective layers.
Network Time Protocol (NTP)
Protocol that gives the current time.
Protected Management Frames (PMF)
Provide protection for unicast and multicast management action frames.
User Datagram Protocol (UDP)
Provides a lightweight service for connectionless data transfer without error detection and correction.
Trust Model
Provides authenticity of a certificate.
Unified Endpoint Management (UEM)
Provides management for hardware devices.
Transmission Control Protocol (TCP)
Provides reliable, ordered, and error-checked delivery of a stream of packets on the internet.
Cryptomalware
Ransomware that encrypts user's files, and demands ransom.
Full Packet Capture
Records the complete payload of every packet crossing the network.
Scalability
Refers to how well a system can adapt to increased demands and maintain resilience.
Quality of Service (QoS)
Refers to the capability of a network to provide better service to selected network traffic over various technologies.
Account Lockout
Refers to the number of incorrect logon attempts permitted before a system locks an account.
Data Retention
Refers to the policies that govern data and records management for meeting internal, legal and regulatory data archival requirements.
Implicit Deny
Rejecting access unless a condition is explicitly met.
Security through Obscurity
Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices.
3389
Remote Desktop Protocol Port (RDP)
Mobile Device Management (MDM)
Remote controls smart phones and tablets, ensuring data security.
Remote Wipe
Remotely erases all contacts, email, photos, and other data from a device to protect your privacy.
Zone-Redundant Storage (ZRS)
Replicates data three times across two to three facilities.
Geo Zone Redundant Storage (GZRS)
Replicates your data between three seperate zones.
Geo Redundant Storage (GRS)
Replicates your data synchronously three times within a single physical location in the primary region
Local Redundant Storage (LRS)
Replicates your data three times within a single data center in the primary region.
Read (LBAC)
Represented as an 'r' in LBAC permissions.
Write (LBAC)
Represented as an 'w' in LBAC permissions.
Execute (LBAC)
Represented as an 'x' in LBAC permissions.
Dual Control
Required the present of two individuals to perform a task.
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
Requires the client and server to possess PKI certificates to secure authentication traffic.
Pharming
Reroutes requests for legitimate websites to false websites
Supervisory Control and Data Acquisition (SCADA)
Responsible for acquiring real-time data from a physical system and managing the physical system or presenting the data to humans, who monitor and manage the system.
Data Steward
Responsible for ensuring the quality and fitness for purpose of the organization's data assets, including the metadata for those data assets.
Data Owner
Responsible for labeling the asset and ensuring that it is protected with appropriate controls.
Privacy Officer
Responsible for the organization's Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies
Data Custodian
Responsible for the safe custody, transport, storage of the data and implementation of business rules.
Robot Sentries
Robots used to patrol the perimeter of a secure area.
Rule of Behavior
Rules for how employees should behave.
Stored Procedures
SQL statements written and stored on the database that can be called by applications.
Controls
Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks. Made up of physical, managerial, technical and operational.
Credentialed Scan
Scan in which the scanning computer has an account on the computer being scanned that allows the scanner to do a more thorough check looking for problems that can not be seen from the network.
993
Secure IMAP and S/MIME Port
995
Secure POP 3 Port
5061
Secure Real Time Protocol Port (SRTP)
22
Secure Shell, Secure Copy Protocol, SSH File Transfer Protocol Port (SSH/SCP/SFTP)
587
Secure Simple Mail Transfer Protocol Port
Runtime Application Self-Protection (RASP)
Security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software.
Spimming
Sending unsolicited messages through Instant messaging systems.
Internal Protection
Separation of secure and non-secure areas.
Private Cloud
Server only one customer or organization and can be located on the customer's premises or off the customer's premises.
Community Cloud
Serves a specific community with common business models, security requirements, and compliance considerations
61/5060
Session Initiated Protocol Port (SIP)
25
Simple Mail Transfer Protocol Port (SMTP)
161
Simple Network Management Protocol Port (SNMP)
162
Simple Network Management Protocol Port (SNMP)
Tokens (Physical)
Small physical device used to gain access to a secure area.
Backdoor
Software code that gives access to a program or a service that circumvents normal security protections.
Intrusion Prevention System (IPS)
Software or hardware that monitors patterns in the traffic flow to identify and automatically block attacks.
Intrusion Detection System (IDS)
Software or hardware that monitors patterns to detect intrusions.
Antivirus/Antimalware
Software or hardware that protects against or removes malicious software.
Hypervisor
Software that enables a single computer to run multiple operating systems simultaneously.
Spyware
Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
The Onion Router (TOR)
Software that enables connections to the hidden network.
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it.
Harvester
Software that harvests email addresses from an organisation.
White Hat Hacker
Someone who uncovers computer weaknesses without exploiting them.
Hacktivist
Someone who uses computers and computer networks to disrupt services or share secret information in an effort to draw attention to political or social issues.
Swap/Page File
Space on a hard drive used as a temporary location to store information when random access memory (RAM) is fully utilized.
Distributive Allocation
Spreading of resources, processing, storage among multiple servers.
Structured Threat Information Exchange/Trusted Automated Exchange of Indicator Information (STIX/TAXII)
Standards that prevent cyber attacks.
Intellectual Property Theft (IP Theft)
Stealing an organization's or individual's intellectual property.
Juice Jacking
Stealing data from a machine when it's charging.
Platform as a Service (PaaS)
Supports the deployment of entire systems including hardware, networking, and applications using a pay-per-use revenue model
Insecure Direct Object Reference
Takes advantage of lack of checks to ensure a user requesting a resource actually has permissions to do so.
Time of Check/Time of Use (TOC/TOU) Attacks
Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Captive Portal
Technical solution that forces clients using web browsers to complete a specific process before it allows them access to the network.
Loop Protection
Technique to prevent broadcast storms by using the IEEE 802.1d standard spanning-tree algorithm (STA).
Social Engineering
Techniques that trick a person into disclosing confidential information.
23
Telnet Port
Log Files
Text files that record events and times that occur.
Common Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures or CVE system provides a reference method for publicly known information-security vulnerabilities and exposures.
802.1X
The IEEE standard that defines port-based security for wireless network access control
802.1x
The IEEE standard that defines port-based security for wireless network access control
Spoofing
The act of disguising a communication from an unknown source as being from a known, trusted source.
Anonymization
The act of permanently and completely removing personal identifiers from data, such as converting personally identifiable information (PII) into aggregated data.
GrammLeach Bliley Act (GBLA)
The act that protects government information and operations.
Obfuscation
The action of making something obscure, unclear, or unintelligible.
Authorisation (Access Controls)
The amount of access given to a user.
Rainbow Table Attack
The attacker uses a list of hashed data to match the cleartext version.
Extensible Markup Language Injection (XML Injection)
The attacker uses xml to create malicious requests.
Credential Stuffing
The automated injection of breached username/password pairs to gain user accounts access fraudulently.
Company-owned, Personally Enabled (COPE)
The company provides the users with a smartphone primarily for work use, but basic functions such as voice calls, messaging, and personal applications are allowed, with some controls on usage and flexibility.
Cloud Service Provider (CSP)
The company that hosts the cloud servers.
Fully Qualified Domain Name (FQDN)
The complete domain name of an Internet computer.
Identify and Access Management
The core principles made up of identify, authentication, authorisation and accounting.
Risk Appetite
The degree of uncertainty an entity is willing to take on, in anticipation of a reward.
Incident Response Plan
The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's information system(s).
Single Loss Expectancy (SLE)
The expected monetary loss every time an item is lost.
Annualized Loss Expectancy (ALE)
The expected monetary loss that can be expected for an asset due to a risk over a one-year period.
Owner (LBAC)
The first number listed in the LBAC permissions.
Information Commissioner's Office (ICO)
The government department tasked with implementing the Data Protection Act.
Anything as a Service (XaaS)
The growing diversity of services available over the Internet via cloud computing as opposed to being provided locally, or on-premises.
Top Secret (MAC)
The highest level of damage.
Shadow IT
The information systems and solutions built and developed by departments other than the information systems department.
Recovery Time Objective (RTO)
The length of time it will take to recover the data that has been backed up.
Caching
The local storage of frequently needed files that would otherwise be obtained from an external source.
Recovery Point Objective (RPO)
The maximum length of time that an organization can tolerate between backups.
Mean Time to Detect (MTTD)
The mean time it takes to detect a security incident.
Security as a Service (SECaaS)
The next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services.
Requests Per Second (RPS)
The number of requests send to a computer system per second.
Federal Information Processing Standards (FIPS)
The official series of publications relating to standards and guidelines adopted.
Password Authentication Protocol (PAP)
The oldest and most basic form of authentication and also the least safe because it sends all passwords in cleartext.
Operating System Hardening
The operating system is fully patched, all unused features and services are disabled.
Wi-Fi Protected Access (WPA)
The original set of protections from the Wi-Fi Alliance designed to address both encryption and authentication.
Domain Reputation
The overall "health" of your branded domain as interpreted by mailbox providers.
Data Governance
The overall management of the availability, usability, integrity, and security of company data
Authentication (Access Controls)
The person making the request, is who they say they are.
DevSecOps
The philosophy of integrating security practices within the DevOps process.
Account Management Policy
The policy that lists procedures for adding new users to systems and removing users who have left the organization.
Information Assurance (IA)
The practice of assuring information and managing risks related to the use, processing, storage, and transmission of information.
Separation of Duties
The practice of requiring that processes should be divided between two or more individuals.
Annualized Rate of Occurrence (ARO)
The probability that a risk will occur in a particular year.
Code Signing
The process of assigning a certificate to code. The certificate includes a digital signature and validates the code.
Data Normalization
The process of decomposing relations with anomalies to produce smaller, well-structured relations.
Anomaly-Based Detection
The process of detecting attacks based on baseline attributes that have changed.
Heuristic/Behavioural-Based Detection
The process of detecting attacks based on behavioural patterns.
Signature-Based Detection
The process of detecting attacks based on known digital signatures.
Chain of Custody
The process of documenting the custody of data, ensuring no tampering.
Full Disk Encryption (FDE)
The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer's operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
Threat Intelligence
The process of investigating and collecting information about emerging threats and threat sources.
Infrastructure as Code (IaC)
The process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
Threat Hunting
The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
Legal Hold
The process of protecting evidence from being altered or destroyed.
Tokenization
The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Certificate Signing Request (CSR)
The process of requesting a new certificate.
Footprinting
The process of systematically identifying the network and its security posture.
Carrier Unlocking
The process of unlocking a mobile phone from a specific cellular provider.
Incident Response Process
The process that involves preparation, detection, analysis, containment, eradication, recovery and post-incident activities/lesson's learned.
Bug Bounty
The process where companies reward testers who find vulnerabilities.
Time Offset
The regional time offset used in multinational investigations.
Root Certificate Authority/Trust Anchor
The root certificate from which the whole chain of trust is derived.
Link Aggregation
The seamless combination of multiple network interfaces or ports to act as one logical interface.
Group (LBAC)
The second number listed in the LBAC permissions.
Non-Repudiation
The security principle of providing proof that a transaction occurred between identified parties. Repudiation occurs when one party in a transaction denies that the transaction took place.
Federation Server
The server that issues, manages, and validates requests involving identity claims. A federation server is needed in each participating forest.
Snapshot
The state of a system at a particular point in time.
Fingerprinting
The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.
All other uses (LBAC)
The third number listed in the LBAC permissions.
Mobile Application Management (MAM)
The tools and services responsible for distributing and controlling access to apps.
Bluesnarfing
The unauthorized access of information from a Bluetooth device.
Typosquatting
The unethical practice of registering domain names very similar to those of high-volume sites in hopes of receiving traffic from users seeking the high-volume site who mistakenly enter an incorrect URL in their browsers.
Geofencing
The use of GPS or RFID technology to create a virtual geographic boundary, enabling software to trigger a response when a mobile device enters or leaves a particular area.
Modify (DAC)
The user can change, read and execute data.
Read and Execute (DAC)
The user can read the data or run the program.
Read (DAC)
The user can read the data.
List Folder Contents (DAC)
The user can see the directory and its subdirectories.
Write (DAC)
The user can write to the file.
Full Control (DAC)
The user has full control.
Special Permissions (DAC)
The user has granular access.
Data Creator/Owner (DAC)
The user has permission to get permissions for other users.
Security Administrator (MAC)
The user who gives access to classified data, once approved.
Steward (MAC)
The user who labels the data.
Custodian (MAC)
The user who stores and manages classified data.
Owner (MAC)
The user who writes data and determines classification.
Ipconfig
The utility used to display TCP/IP addressing and domain name information in the Windows client operating systems.
End of Service (EOS)
The vendor officially deems the product useless and requires upgrading.
System Sprawl
The widespread proliferation of devices across an enterprise.
Public Certificate Authority
Third-party that manages digital certificates.
Sticky Session
This is the ability of the ELB to keep sending requests to a specific backend instances based on the original request.
Knowledge-Based Authentication (KBA)
This is used for fraud prevention. Consumers probably know this as the "secret question" users must answer before being granted access.
Authentication Header (AH)
This provides connectionless integrity and the authentication of data.
Tcpreplay
Tool to replay saved tcpdump or snoop files.
East-West Traffic
Traffic that moves laterally between servers.
Tethering
Transforms a smartphone or Internet-capable tablet into a portable communications device that shares its Internet access with other computers and devices wirelessly
69
Trivial File Transfer Protocol Port (TFTP)
RADIUS Client
Typically a network access server such as a Dial-up Sever, VPN server, or Wireless AP.
Data Exfiltration
Unauthorized transfer of data from an organization to a location controlled by an attacker.
Spam over Instant Messaging (SPIM)
Unsolicited messages sent over an instant messaging service.
Patching
Updating a system's software to remove vulnerabilities.
Dynamic Resource Allocation
Upgrading or downgrading cloud resources based on demand.
Jamming Attack
Use a jammer that will transmit signals that can overwhelm and deny the user of the AP by legit clients
Internet Key Exchange (IKE)
Used by IPSec to create a master key, which is in turn used to generate bulk encryption keys for encrypting data.
Fence/Gates
Used to block unauthorised physical access to a secure area.
Industrial Control Systems (ICS)
Used to control industrial processes such as manufacturing, product handling, production, and distribution.
Lighting
Used to illuminate areas, which could be used to gain unauthorised access to a secure area.
Cameras
Used to monitor the perimeter of a secure area.
Administrator Account
User account, created when the OS is first installed, that is allowed complete, unfettered access to the system without restriction.
Spraying Attack
Uses naming conventions to guess passwords or sensitive information.
Software Defined Networking (SDN)
Using a central control program separate from network devices to manage the flow of data on a network.
Software-Defined Visibility (SDV)
Using a central control program to control visibility in a network.
War Flying
Using a drone to map out local wireless networks.
Intellectual Property Theft
Using copyrighted material without permission or authorization
Invoice Scams
Using fraudulent invoices to steal from a company.
Single Sign-on/Mutual Authentication (SSO)
Using one authentication credential to access multiple accounts or applications.
Registration Authority (RA)
Validates and accepts requests for certificates.
Input Validation
Verifying a user's input to an application.
War Walking
Walking around a building, while locating wireless networks and devices.
Strategic Intelligence/Counterintelligence Gathering
When Governments exchange data about cyber criminals, so they can work together.
IP Spoofing
When a TCP/IP packet is modified, pretending to be another system.
Risky Login
When a list of devices is tracked to ensure that the connecting device is allowed.
OSCP Stapling/Certificate Stapling
When a web server bypasses the certificate revocation list to use OSCP.
Driver Shimming
When an application attempts to call an older driver, the operating system intercepts the call and redirects it to run the shim code instead.
Elicit Information
When an attacker will trick you into providing information.
Piggybacking
When an unauthorised person enters a restricted area by using an authorised person's permission.
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
Command Injection Attack
When input is used in the construction of a command that is subsequently executed by the system with the privileges of the server
Active/Passive Load Balancing
When one server in a load balancing system is active and the others are stand-by.
Data Breach
When sensitive or confidential information is copied, transmitted, or viewed by an individual who is not authorized to handle the data.
Active/Active Load Balancing
When servers in a load balancing system are all handling requests.
Disable User Accounts
When someones leaves a company, their account is disabled and password changed immediately.
Provenance
When the chain of custody has been carried out properly.
Two-Person Integrity/Control
When two people are guarding a secure area, in case one is occupied with something else.
Just Enough Administration (JEA)
When you give just enough privileges to carry out a task.
Annual Security Awareness Training
Where you are reminded about what you should be doing on a daily basis to keep the company safe.
Spear Phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organisation.
Fuzzing
a technique of penetration testing that can include providing unexpected values as input to an application to make it behave incorrectly.
Crossover Error Rate (CER)
the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.
