1. 2-Factor Authentication (2FA)
A security process where users must provide two or more pieces of evidence (also known as factors) to verify their identities. The evidence is a combination of any two pieces of the following types of evidence: 1) something they have (like a credit card, smartphone or token) 2) something they know (like a password, answers to secret questions or a pin number) 3) something you are (involving a biometric scanner that checks fingerprints or performs retinal scans).
An application or piece of software that displays advertisements. Users often voluntarily download items like a toolbar or a mobile app without realizing that adware is bundled in the download. Malicious adware can be downloaded without consent. These ads generate revenue for the developer and also gather data about the user’s browsing habits. Adware that tracks data without consent is a type of spyware.
3. Advanced Threat Protection (ATP)
Security solutions and controls--usually software or managed services--that defend against sophisticated malware or hacking based attacks. While the components can differ, ATP solutions usually entail some combination of malware protection systems, endpoint agents, email gateways, network devices, and a centralized defense management console.
4. Application Delivery Controller (ADC)
A hardware device or software program usually placed between the firewall and one or more application servers (an area known as the DMZ) in a data center. An ADC manages and optimizes the connections between client machines and web and enterprise application servers. While ADCs are often thought of as advanced load balancers, this is only one part of what they do. ADC features typically include OSI layer 3-7 services (including load-balancing), SSL offload, Web Application Firewall, DNS64, NAT64, and proxy/reverse proxy, among others.
5. Artificial Intelligence (AI)
This is a branch of computer science dealing with the simulation of human intelligence in computers. Processes include learning (the acquisition of information and rules for using the information), reasoning (using rules to reach approximate or definite conclusions) and self-correction.
A security assessment evaluates the current security posture of an information system or organization and identifies strengths and weaknesses. It also includes recommendations for improvement.
7. Black Hat
This is a type of hacker who infiltrates a computer system or network with malicious intent. (For example, their motive may be to disable or destroy a website, access private data, or steal financial information.)
A structure for storing data in which groups of valid transactions, called blocks, form a chronological chain, with each block cryptographically linked to the previous one. Each block includes information and data which is bundled together and verified. These blocks are then validated and strung onto the chain of transactions and information in previous blocks. These blocks of transactions are permanently recorded in the distributed ledger that is the blockchain. This is best known as the basis for cryptocurrency, but has many other potential uses, including backing up data, monitoring supply chains, and even voting.
Botnets are connected computers performing repetitive duties that keep websites functioning. They are most often used in connection with Internet Relay Chat. Botnets are generally helpful, but if some are malicious and can take control of your computer via hacking, a spider, or other means. If that happens, your computer can become part of a network of compromised computers, which is controlled by a third party and used to spread malware and spam or to launch attacks.
10. Center for Internet Security (CIS) Critical Security Controls
This is a published list of best practices for computer security. It includes specific steps to take to increase your security and prioritizes the actions by the highest pay-off. It is updated annually after industry experts study the most common attack patterns in the leading threat reports.
11. Cloud Access Security Broker (CASB)
This is an on-premises or cloud-based software that sits between cloud service users and cloud applications, monitoring all activity. A CASB also enforces security policies, in addition to offering a number of services, including monitoring user activity, warning administrators about potentially dangerous actions, enforcing security policy compliance, and automatically preventing malware.
12. Cloud-Delivered Security
Many formerly hardware-only security solutions have migrated to cloud-based security services using Software as a Service (SAAS) models. This migration has occurred because the modern way of working means that data and applications are more portable and are distributed across many networks. Cloud-based security was created to ensure only authorized personnel access secure data.
13. Configuration Management Database (CMBD)
This is a type of database that catalogs all hardware and software used by a company, along with all relevant information, including how each component relates. A CMBD is considered a best practice for IT leaders so that they can have a holistic view of the security ecosystem.
Security compliance means meeting an ever-evolving set of regulatory standards like PCI DSS, HIPAA, and ISO 27001, which help ensure that companies are making an effort to protect consumer data. Being compliant is a legal concern for companies since in some cases (for example, HIPAA), failure to achieve and maintain security compliance can result in financial and legal penalties.
15. Cyber Threat Intelligence (CTI)
This is an area of cybersecurity that collects and analyzes information about the attacks that pose the greatest risk to the safety of an organization or its assets and provides actionable steps for improvement. This intelligence lets you figure out if you’ve already been breached and, if so, how to deal with those issues. It also provides you with information about potential attacks.
A digital medium of exchange that uses strong cryptography to secure financial transactions and control the creation of additional units. Cryptocurrencies use decentralized control based on blockchain ledgers to record and verify transactions, which differs from more traditional centralized banking systems.
Criminal activities carried out by means of computers or the Internet. The list of cybercrimes is long, but include common activities like identity theft, phishing, and pharming. A 2018 study showed that criminals’ spoils from cybercrime will likely soon surpass those from global drug trafficking.
18. Cybersecurity Ratings
Security ratings are reports that rate a business’ overall cybersecurity posture; they are often compared to personal credit ratings in that they award a score. As a result, these data-driven ratings provide a comprehensive, outside-in view of a company's overall cybersecurity posture.
19. Dark Web
The part of the World Wide Web that is only accessible by means of special software or anonymized browsers, allowing users and website operators to remain anonymous or untraceable. While some sites on the dark web are perfectly legitimate, it is a hotbed of illegal activities, with information like credit card numbers and stolen log-ins for sale.
20. Data classification
While the overarching purpose of data classification is to categorize data so it’s more easily utilized and protected, another important purpose is to drive data security based on classification label. It’s also important for risk management and compliance.
21. Data Loss Prevention
Data loss prevention software detects potential data breaches and illicit data withdrawals and prevents them. It does this by monitoring, detecting and blocking sensitive data while in-use, in-motion, and at-rest. The terms "data loss" and "data leak" are related and are often used interchangeably.
22. Database Activity Monitoring (DAM)
Database activity monitoring (DAM) is a set of tools that are used to observe, identify, and report a database's activities. Database activity monitoring tools use real-time security technology to monitor and analyze illegal/fraudulent activities without interfering with other user activities. It does this without relying on the DBMS auditing or logs.
23. Database Management System (DBMS)
DBMS is a type of software used to create and manage databases. Once a database is created, a DBMS provides a systematic way for users to create, retrieve, update and manage data. Some examples of this type of software are MySQL and Oracle.
24. Denial-of-Service Attack
This is a malicious attack meant to shut down a machine or network and render it inoperable. This is typically accomplished by overwhelming the target with traffic or sending it information that triggers a crash. These attacks are usually harmful because they result in lost traffic or business, as opposed to lost information or theft.
DevOps is a set of cultural philosophies, practices, and tools that automate processes between IT and software development, two traditionally siloed departments. The result is an organization’s increased ability to deliver applications and services more quickly than they were able to using traditional software development and infrastructure management processes. This speed makes companies more competitive by allowing them to better serve their customers.
This philosophy makes “everyone responsible for security” by integrating security practices within the DevOps process. DevSecOps involves creating a 'Security as Code' culture with ongoing, flexible collaboration between release engineers and security teams.
The process of converting information or data into a code, so only authorized users have access.
28. Endpoint Protection
Endpoint Security or Protection refers to the technology that protects a corporate network when accessed through remote or wireless devices. This helps ensure that these devices (for example, phones, laptops, and tablets) meet compliance with standards.
29. Endpoint Detection and Response
Endpoint Detection and Response (EDR) are endpoint suites which continuously monitors and responds to advanced threats to Endpoint of all types. The EDR market was at first dominated by startups which (over)used the moniker Next-Gen EndPoint Protection. Legacy EndPoint Protection Suite manufactures soon caught up and most now include an EDR component. EDR is often thought of as a subset of broader Monitor Detect and Respond (MDR) offerings.
Also called a computer exploit, this is an attack on a computer system. It’s usually targeted to take advantage of a particular vulnerability within that system. Used as a verb, exploit refers to the act of successfully making such an attack.
31. File integrity monitoring (FIM)
FIM is an effective security practice which compares a known and approved baseline of configuration files in an operating system or application and triggers an alert when those files have been accessed modified or deleted.
32. Fileless Attacks
Fileless attacks don’t drop malware on a victim’s hard disk drive in order to work, and so easily evade detection. They run simple scripts, frequently hidden in the Windows Registry and Windows Management Instrumentation (WMI), or use shellcode in memory. (For example, via Windows Power Shell.)
This network security device monitors traffic to or from your network. It allows or blocks traffic based on a defined set of security rules.
34. General Data Protection Regulation (GDPR)
GDPR is a set of rules that came into effect in 2018 and was created to give EU citizens more control over their personal data. Businesses are now obligated to not only gather data legally, but also to protect data under their care from misuse.
35. Governance, Risk and Compliance (GRC)
GRC is the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.
A security hacker can be anyone technical, but the term is most commonly used to mean someone breaches defenses and exploits weaknesses in a computer system or network for personal gain.
Health Insurance Portability and Accountability Act - HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:
Allows American workers and their family to transfer and continue health insurance coverage when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for electronic billing and other processes; and
Legally requires confidential handling of protected health information
38. Incident Response
This refers to the way an organization responds to and handles a data breach or cyber attack, including managing the consequences. In an ideally managed situation, damage is limited while recovery time, costs, and collateral damage are minimized.
39. Identity and Access Management
Identity and access management (IAM) is a framework for business processes that facilitates the management of electronic or digital identities. The framework includes the organizational policies for managing digital identity as well as the technologies needed to support identity management. With IAM technologies, IT managers can control user access to critical information within their organizations. Identity and access management products offer role-based access control, which lets system administrators regulate access to systems or networks based on the roles of individual users within the enterprise.
40. Information Lifecycle Management (ILM)
Certain policies which apply to effective information management. The origin of this practice came from the management of physical assets (microfilm, negatives, photographs, audio or video recordings and other assets). ILM includes every stage of a "record" from start to finish. It applies to all informational assets, although is generally applied to information that rises to the classic definition of a record.
41. Infrastructure as a Service (IaaS)
Iaas is a cloud-based infrastructure service based on highly scalable, automated computing resources. Since IaaS is cloud-based, the consumer does not manage or control the infrastructure but does have control over operating systems, storage, and deployed applications. There may be limited control of select networking components (e.g., host firewalls). IaaS lets businesses purchase resources on an as-needed basis, as opposed to committing to and buying hardware.
42. ISO 27000
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K') is a set information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO 27000 provides best practice recommendations on information security management—the management of information risks through information security controls—within the context of an overall information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series), environmental protection (the ISO 14000 series) and other management systems.
Malware, short for malicious software, is any program or file that can harm a computer or its user. Some examples are computer viruses, worms, Trojan horses and spyware. Malware is aptly named, since it seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, usually by taking some degree of control over a device.
44. Managed Detection and Response (MDR)
MDR providers work 24/7 to provide threat monitoring, detection, and lightweight response services to customers. It leverages a combination of technologies at the host and network layers, providing advanced analytics, threat intelligence, and human expertise in incident investigation and response. MDR providers not only provide incident validation, they offer remote response services, such as threat containment, and support in bringing a customer's environment back to some form of "known good."
45. Managed Security Services Provider (MSSP)
An MSSP is an outsourced service that monitors and manages security devices and systems. Capabilities commonly include managed firewall, intrusion detection, VPN, vulnerability scans and anti-virus services. MSSPs use around-the-clock security operation centers (either from their own facilities or from other data center providers) to provide services that can reduce the number of operational security personnel an enterprise needs to hire, train and retain for an acceptable security posture.
46. Multi-Factor Authentication (MFA)
An authentication method in which a computer user gains access only after successfully presenting two or more pieces of evidence (aka factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
47. Network (Cyber) Security Framework
A framework is a set of rules and regulations that teams leverage as a foundation for their own builds. In the same way, Information Security framework is a set of documented processes used to define policies and procedures while implementing or managing an organization’s information security controls. Some well-respected Cyber Security Frameworks include NIST’s CSF, COBIT, NERC, HITRUST CSF, and COSO.
48. Next-Generation Firewall
Firewall technology combines traditional stateful firewall functions like Network Address Translation (NAT), stateful packet filtering and Virtual Private Networks. It includes network filtering technologies, such as application control using in-line deep packet inspection (DPI), an intrusion detection/prevention system (IDS/IPS). It can also include TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).
49. Network Access Control (NAC)
A computer networking solution that uses protocols to define and implement a policy describing how to grant secure access to networks by devices initially attempting network access. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems. This allows network infrastructure (for example, routers, switches, and firewalls) to work with back-office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard.
50. Patch Management
Patch management is an area of IT systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. Some examples include maintaining current knowledge of available patches, deciding what patches are appropriate for particular systems, ensuring that patches are installed properly, testing systems after installation, and documenting all associated procedures, such as specific configurations required.
51. PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) arose from a need to encourage and enhance cardholder data security with uniform technical and operational requirements; it jumpstarted the broad adoption of consistent data security measures globally. PCI DSS applies to each party involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
52. Penetration Testing
A series of tests using a variety of tools that attempt to exploit points of access in a network, web applications, mobile devices or, more recently, IoT devices. The tests typically are performed using automated processes but often require manual validation by a qualified security professional.
53. Platform as a Service (PaaS)
Also referred to as application platform as a service (aPaaS). aPaaS is a broad collection of application infrastructure (middleware) services (including application platform, integration, business process management, and database services) bundled as a service. This service is 100% maintained by the provider, freeing the customer from building those complex infrastructures. On a spectrum, platform services falls somewhere between Software as a Service (SaaS) and Infrastructure as a Service.
The fraudulent practice of sending emails purporting to be from reputable companies so that individuals will reveal personal information, such as passwords and credit card numbers.
55. Privileged Access Management (PAM)
Privileged system and application user account credentials are commonly targeted by malicious actors and PAM is the process of managing those accounts. The process should include policies which define strong methods of authenticating privileged user accounts, a method to assign least privileges to normal users and storing privileged user accounts in fortified repositories. These fortified repositories can range from physical safes to applications which contain an encrypted password and a mechanism to programmatically ensure strong authentication schemes, change passwords after every use and provide APIs for automated processes to escalate privileges when needed.
Ransomware is a type of malicious software or malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
57. Secure Email Gateways
Secure email gateways (SEGs) provide basic message transfer agent functions including inbound filtering of spam, phishing, malicious and marketing emails. Many vendors also include enhanced features such as outbound data loss prevention (DLP) and email encryption.
58. Security Awareness Training Program
A Security Awareness Training Program should include a multi-pronged approach to educating staff users on aspects of information security risks. Common parts of a comprehensive Security awareness program include e-learning or instructor-led courses, campaign posters, staff newsletters, digital campaigns as well as programmatic controls built into email clients used by staff.
59. Security Analytics
Security analytics (aka threat hunting) is the analysis of raw security data to discover proactive security measures that will increase the effectiveness of a company’s cybersecurity posture
60. Security Information & Event Monitoring (SIEM)
SIEM is a platform used to collect raw data associated with information security which extends the operational health of any IT platform. A SIEM will ingest and normalize logs and events from operating systems, security controls, network devices, and applications into some form of database. The sum of this data is then used by those responsible for monitoring the environment.
61. Security Orchestration
Threat intelligence needs to provide information that an enterprise can put to work efficiently. Because of the scale of attacks and the increasing agility of attackers, a good threat feed will generate a significant amount of information, and enterprises have to sort out what’s relevant and what’s urgent. That volume of data can place a significant burden on overworked security teams that need to establish the context of the alert and determine how it might impact their environment. It’s a complex task of correlating assets, people and processes to put in motion. Sophisticated security orchestration and automation tools provide the kind of scale and speed necessary to accomplish the task and relieve teams from this potentially heavy burden.
62. Software as a Service (SaaS)
SaaS is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software" or cloud-based applications.
Structured Threat Information Expression (STIX™) is a structured language for describing cyber threat information so it can be consistently shared, stored, and analyzed. The OASIS Cyber Threat Intelligence (CTI) Technical Committee (TC) leads the ongoing development of the STIX standards.
Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. Spyware is classified as a type of malware — malicious software designed to gain access to or damage your computer, often without your knowledge.
Trusted Automated Exchange of Intelligence Information (TAXII™) is an application layer protocol for the communication of cyber threat information in a simple and scalable manner. TAXII is a protocol used to exchange cyber threat intelligence (CTI) over HTTPS. TAXII enables organizations to share CTI by defining an API that aligns with common sharing models.
This is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.
67. Web Application Firewall
This platform helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. WAFs are typically deployed as a reverse proxy, which means they intercept all communications destined for the application; this enables filters and checks to occur.
68. White Hat
The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies that ensures the security of an organization's information systems.
69. Zero-Day Vulnerability
Zero-day is a flaw in software, hardware or firmware that is unknown to the party or parties responsible for patching or otherwise fixing the flaw. The term zero day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack.
70. Vulnerability Assessment
This assessment defines, identifies, classifies and prioritizes vulnerabilities in computer systems, applications and network infrastructures. When the process is complete, the company that was assessed is given the necessary knowledge, awareness, and risk background to understand potential threats and react appropriately.