Techniques used to regulate who or what can view or use resources in a computing environment.

Refers to the unintended release or disclosure of confidential, sensitive, or private information to unauthorized individuals or entities. Accidental exposure can occur through human error, system malfunction, or inadequate security measures, posing significant risks to organizations.

Cryptographic keys currently used to encrypt and decrypt information in digital security and encryption. Active keys play a vital role in maintaining data confidentiality and integrity by securing communications and protecting sensitive information from unauthorized access.

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.

A proactive approach to integrating AI into systems and processes to enhance efficiency and accuracy, particularly in cybersecurity.

Refers to the protective measures and protocols implemented to secure software agents and their operating environments. Agent security involves safeguarding against unauthorized access, manipulation, or attacks on software agents that perform tasks on behalf of users or systems.

A critical process in managing and monitoring Application Programming Interfaces (APIs), where details of API transactions, including requests and responses, are recorded. API logging helps ensure security, compliance, and performance by tracking interactions and identifying potential issues.

Protecting APIs from malicious attacks and misuse, ensuring that data is exchanged securely between applications.

The simulation of human intelligence in machines designed to think and act like humans, often used in cybersecurity for threat detection and response.

A method or pathway used by cybercriminals to gain unauthorized access to a system.

The process of verifying the identity of a user, device, or other entity in a computer system.

The process of giving someone the permission to do or have something in a system.

Strategies and processes for making copies of data to protect against data loss and recovering data in case of loss.

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, often used to send spam or attack networks.

The process of creating systems of prevention and recovery to deal with potential threats to a company, ensuring that operations can continue during and after a disaster.

A type of cybercrime where an attacker gains access to a business email account and uses it to trick employees into making fraudulent transactions.

A disruption in business operations due to unexpected events, leading to loss of income and increased expenses.

A model designed to guide policies for information security within an organization, focusing on confidentiality, integrity, and availability.

The protection of data, applications, and infrastructures involved in cloud computing from threats.

The process of saving changes to a codebase in a version control system, enabling developers to track and manage changes.

The process in software development where changes or additions made to a codebase are saved and integrated into the main project repository. Code commits are critical for version control, enabling teams to track changes, collaborate effectively, and maintain the integrity of software projects.

Adherence to laws, regulations, guidelines, and specifications relevant to an organization's business processes, particularly in data protection and privacy.

Ensuring that sensitive information is accessed only by authorized individuals and kept private.

Specific situations or conditions outlined in an insurance policy where coverage is not provided.

The practice of secure communication in the presence of third parties by converting information into a secure format.

An event that threatens the security, integrity, or availability of information systems or networks.

A type of insurance designed to protect businesses against internet-based risks and risks relating to information technology infrastructure and activities.

Legal and financial responsibility for a data breach or cyber attack that affects third-party data or systems.

The process of identifying, assessing, and mitigating risks related to cybersecurity threats and vulnerabilities.

Formalized rules and guidelines established by an organization to protect its information technology and information assets from various cyber threats. These policies outline acceptable use, security measures, and response protocols to safeguard against cyber incidents and data breaches.

The unauthorized access and retrieval of sensitive, confidential, or protected data from a system.

The process of converting data into a code to prevent unauthorized access, ensuring data confidentiality.

The accuracy, completeness, and consistency of data throughout its lifecycle.

A strategy for ensuring that sensitive data is not lost, misused, or accessed by unauthorized users.

Techniques and tools used to resist or mitigate the impact of distributed denial-of-service (DDoS) attacks.

A cyberattack that aims to make a machine or network resource unavailable to its intended users by overwhelming it with a flood of traffic.

A set of procedures and strategies for recovering and protecting a business IT infrastructure in the event of a disaster.

Stands for Disaster Recovery Planning in Cyber Security, a strategic approach and set of procedures designed to prepare for, respond to, and recover from cyber incidents. DRP ensures business continuity by minimizing downtime and data loss through effective planning and recovery strategies.

The process of converting plaintext into ciphertext to prevent unauthorized access.

Security solutions that protect endpoints, such as desktops, laptops, and mobile devices, from threats.

The practice of securing endpoints or entry points of end-user devices like desktops, laptops, and mobile devices from cyber threats.

The unauthorized transfer of data from a computer.

A network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.

Insurance coverage that compensates the policyholder for losses or damages to their property or assets.

Unauthorized access to or control over computer network security systems for some illicit purpose.

A framework of policies and technologies for ensuring that the right individuals have access to the right resources in an organization.

The process of addressing and managing the aftermath of a cybersecurity breach or attack to limit damage and reduce recovery time and costs.

The practice of managing information-related risks and ensuring the availability, integrity, authentication, confidentiality, and non-repudiation of information and data.

The practice of protecting information by mitigating information risks, ensuring data confidentiality, integrity, and availability.

Short for information security, refers to practices and processes designed to protect confidential, private, and sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction. Infosec encompasses various strategies to safeguard data across formats and platforms.

A security risk that comes from within the organization, typically involving employees or contractors who misuse their access to harm the organization.

A device or software application that monitors network or system activities for malicious activities or policy violations.

Malicious software designed to harm, exploit, or otherwise compromise computer systems or networks.

Tools and solutions used to provide real-time insights into the performance and security of IT infrastructure.

A security system that requires more than one form of verification to gain access to a resource, enhancing security.

The practice of protecting a computer network from intruders, whether targeted attackers or opportunistic malware.

Refers to the legal responsibility of an organization to protect its network and the data it stores and transmits from unauthorized access and misuse. It includes safeguarding data against unauthorized access, alteration, copying, or destruction, and protecting against malicious software.

Digital keys used in the OAuth authentication protocol to authorize users and applications to access specific resources without sharing credentials. OAuth tokens facilitate secure access management by granting temporary permissions to interact with protected resources.

A fundamental component within the framework of system observability, focusing on the collection, analysis, and storage of records generated by applications, systems, and infrastructure. Observability logs provide insights into system behavior and aid in diagnosing issues and improving performance.

A cyberattack that uses disguised emails or websites to trick users into revealing sensitive information, such as passwords or credit card numbers.

The maximum amount an insurance company will pay for a covered loss under an insurance policy.

A collection of software applications bundled together to provide users with tools for document creation, data analysis, communication, and project management. Examples include Microsoft Office and Google Workspace, which enhance productivity and collaboration within organizations.

A type of malware that encrypts the victim's files and demands a ransom payment to restore access.

A critical component in cybersecurity designed to prevent ransomware attacks, which involve malicious software that encrypts a user's files or locks them out of their device, demanding payment for access. Effective protection includes backup, detection, and recovery strategies.

A structured process to address and resolve vulnerabilities or security issues within an organization's IT environment.

Structured processes and actions designed to address and resolve vulnerabilities, compliance issues, or identified problems within an organization's IT environment, operations, or security infrastructure. Effective remediation includes identifying issues and implementing solutions.

The process of identifying, evaluating, and prioritizing risks to an organization's operations and assets.

A set of tools and services offering a holistic view of an organization's information security by analyzing and managing security data.

Errors or gaps in security settings or configurations that can be exploited by attackers.

One of the most common vulnerabilities in cybersecurity, resulting from improper setup or lack of appropriate security controls within software or hardware. Security misconfigurations can expose systems to exploitation, emphasizing the need for regular audits and configuration management.

Also known as SecOps, encompasses the procedures, practices, and tools designed to proactively monitor, assess, and defend an organization's

A centralized unit that deals with security issues on an organizational and technical level.

Involves the identification, assessment, and prioritization of risks to security, followed by the coordinated application of resources to minimize, monitor, and control the probability or impact of security threats and vulnerabilities. Effective management protects organizational assets.

Information that must be protected from unauthorized access to safeguard privacy or security, such as personal, financial, or health data.

Stands for Security Information and Event Management, an integrated approach that combines security information management (SIM) and security event management (SEM) to provide real-time analysis of security alerts and logs generated by network hardware and applications.

Short for Service Organization Control Audit, represents a framework for assessing and verifying the effectiveness of a service organization's controls related to operations and compliance. SOC audits ensure that service providers adhere to industry standards and protect customer data.

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

A program that performs automated tasks on behalf of a user or another program.

A targeted attempt to steal sensitive information such as account credentials or financial information from a specific individual, often for malicious reasons, by masquerading as a trustworthy entity or person in electronic communications.

Software that collects data about users without their knowledge or consent, often for malicious purposes.

A cyberattack that targets less-secure elements in the supply chain network to gain access to the primary target.

Sophisticated cyber threats that target vulnerabilities in an organization's supply chain network. Supply chain attacks involve malicious activities that compromise suppliers or partners to gain unauthorized access to the target organization's systems, data, or operations.

Description

Insurance that protects the insured against claims made by third parties for damages or losses caused by the insured.

The potential threat to an organization's data, operations, or finances that comes from the vendors and other external parties that provide products and services.

Information about threats and threat actors that helps organizations understand the risks they face, as well as how to prevent, detect, and respond to those threats.

The process of substituting sensitive data with non-sensitive equivalents, known as tokens, which can be used for data protection.

A type of malware disguised as legitimate software that, when executed, grants unauthorized access to the user's system.

An extra layer of security used to ensure that people trying to gain access to an online account are who they say they are, typically by requiring them to provide two different types of information.

Proprietary frameworks, tools, or systems developed by individual companies or vendors tailored to their products or services. Vendor-specific models offer specialized solutions but may require integration and compatibility considerations with existing systems and technologies.

A technology that creates a safe and encrypted connection over a less secure network, such as the Internet.

A process that identifies, quantifies, and prioritizes vulnerabilities in a system.

The process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and software.

A type of malware that replicates itself to spread to other computers, often without needing to attach to a software program.

A cyberattack that occurs on the same day a weakness is discovered in software, before a patch or fix becomes available.