Related Concepts
Ethical Hacker: A person who acts as an attacker and evaluates the security of an application, system, or computer network to minimize risk
Cyberwarfare: Using technology to penetrate and attack another nation’s computer systems and networks to cause damage or disrupt services
Hacktivists: Kind of threat actor that further their beliefs, using cybercrime as their method of attack. The most common is for political purposes
APT: Advanced Persistent Attack, multi-phase, long-term, stealthy, and advanced operation against a specific target
Risk Management: Formal process of continuously identifying and assessing risk to reduce the impact of threats and vulnerabilities
Pen-Testing: Involves using the same tools, techniques, and methodologies that someone with malicious intent to report system vulnerabilities
Offensive Security: Proactive security strategies that use the same tactics that malicious actors use in real-world attacks to strengthen the security of a system
Defensive security: Protecting an organization's network and computer systems by analyzing and securing any potential digital threats
Behavior-based security: A form of threat detection that captures and analyzes the communication between a user on a network. Any changes in normal patterns of behavior are regarded as anomalies and may indicate an attack
CSIRT: Computer Security Incident Response Team, specialized in receiving, reviewing, and responding to computer security incident reports
Security Playbook: Collection of repeatable queries or reports that outline a standardized process for incident detection and response
Vulnerability: Defect or malfunction of an application that makes it easy to attack
Exploit: Program specifically created to attack a vulnerability
PoC: Proof of Concept, technique, or tool that demonstrates the exploitation of a vulnerability
CVSS: Common Vulnerabilities Score System, an open industry standard for assessing the severity of computer system security vulnerabilities
VPR: Vulnerability Priority Rating, a modern framework in vulnerability management that focuses on the risk that could affect directly an organization
IPS: Intrusion Prevention System, uses a set of traffic signatures that match and block malicious traffic and attacks
IDS: Intrusion Detection System, detects unauthorized network and system intrusions. It will not take action and won't prevent attacks from happening just detect, log, and report
DLP: Data Loss Prevention, a system designed to stop sensitive data from being stolen from or escaping a network
SIEM: Security Information and Event Management, the system collects and analyzes security alerts, logs, and other real-time and historical data
Defense-In-Depth: Practice of putting different layers of security control together in a system to guarantee security
PIM: Privileged Identity Management, translates a user's role within an organization into an access role on a system
PAM: Privileged Access Management, management of the privileges a system's access role has
Vetting: A screening process where applicants' backgrounds are examined to establish the risk they pose to an organization
Threat modeling: Process of reviewing, improving, and testing the security protocols
Bug bounty program: Allows a company to offer a reward for anyone who discovers a security vulnerability in the company’s systems
Non-Repudiation: Allows to guarantee the participation of both parts of a communication
Malicious formatted package: Collection of data improperly formatted that an application is unable to identify causing crashing or slowing down in the functions
Cryptocurrency: Digital money that can be used to buy goods and services, using strong encryption techniques to secure online transactions
Hardening: Process of securing a system by reducing its vulnerabilities or security holes, for which it is more prone
CWE: Common Weakness Enumeration, a list of software weaknesses to create a common language to describe software security weaknesses that are the root causes of given vulnerabilities
Last updated