security - Concepts

Explore concepts tagged with "security"

Total concepts: 84

Concepts

Zero Trust - Security model that requires strict verification for every user and device, regardless of network location
Watering Hole Attack - An attack that compromises websites frequently visited by a target group to infect their systems.
End-to-End Encryption - Encryption where only communicating parties can read messages, not even service providers.
Man-in-the-Middle Attack - An attack where the attacker secretly intercepts and potentially alters communication between two parties
Social Engineering - Psychological manipulation of people into performing actions or divulging confidential information.
Multi-Factor Authentication - A security method requiring two or more verification factors to prove identity before granting access.
Need-to-Know Principle - Security principle restricting information access to only those who require it for their specific duties
Data Confidentiality - Protecting data from unauthorized access and ensuring only authorized parties can view it.
CIA Triad - The foundational security model comprising Confidentiality, Integrity, and Availability
Business Email Compromise - A sophisticated scam targeting businesses to trick employees into transferring money or sensitive data.
Trojan Horse - Malware disguised as legitimate software that performs malicious actions once installed
Red Teaming - An adversarial testing practice where a dedicated team attempts to find vulnerabilities, flaws, or failure modes in a system by simulating attacks or misuse scenarios.
Spyware - Malware that secretly monitors user activity and collects sensitive information without consent
Firewall - A network security system that monitors and controls incoming and outgoing traffic based on security rules.
Data Minimization - The principle of collecting and retaining only the data that is necessary for a specific purpose.
Incident Response - The organized approach to detecting, containing, and recovering from security breaches.
Threat Modeling - A structured approach to identifying, quantifying, and addressing security threats to a system.
Privacy by Design - Building privacy protections into systems from the start rather than adding them later.
Encryption - The process of encoding data so only authorized parties with the correct key can read it.
Defense in Depth - A layered security approach using multiple protective measures so failure of one doesn't compromise the system
Role-Based Access Control - Access control method that assigns permissions to roles rather than individuals, simplifying security management
Fifth Column - A group of people who secretly work to undermine an organization or nation from within.
Mulder Effect - The tendency to believe extraordinary claims without sufficient evidence, named after the X-Files character.
Authorization - The process of determining what actions or resources an authenticated entity is permitted to access
Cryptojacking - Unauthorized use of computing resources to mine cryptocurrency without the owner's knowledge
Computer Worm - Self-replicating malware that spreads across networks without requiring user action or host programs
Least Privilege - The principle of giving users and systems only the minimum access rights needed to perform their tasks
Disaster Recovery - The process and strategies for restoring IT systems and data after a catastrophic event.
Data Retention Policy - A set of rules defining how long different types of data should be kept and when they should be deleted.
Adware - Software that automatically displays or downloads unwanted advertisements, often bundled with free programs
Phishing - Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communications.
Vulnerability Assessment - The systematic process of identifying, quantifying, and prioritizing security weaknesses in systems.
Air-Gapped Backup - A backup stored on media physically disconnected from networks, protecting against remote attacks.
Typosquatting - Registering domains with common misspellings of popular websites to deceive users into visiting malicious sites.
Zero Knowledge - A principle where service providers cannot access user data, even if they wanted to.
SQL Injection - An attack that inserts malicious SQL code into application queries to manipulate databases
Digital Hygiene - The routine practice of maintaining digital security, privacy, and organization through regular habits like updating software, managing passwords, cleaning data, and reviewing permissions.
Pseudonymization - Replacing personal identifiers with artificial pseudonyms while maintaining the ability to re-identify when needed
Data Integrity - The accuracy, consistency, and reliability of data throughout its lifecycle.
Vishing - Voice phishing - using phone calls to deceive victims into revealing sensitive information or taking harmful actions.
Botnet - A network of compromised computers controlled remotely to perform coordinated malicious activities
Confused Deputy - A security vulnerability where a trusted program is tricked into misusing its authority on behalf of an attacker.
Data Breach - A security incident where protected or confidential data is accessed by unauthorized parties.
Ransomware - Malware that encrypts victim's data and demands payment for the decryption key
Whaling - Phishing attacks specifically targeting high-profile executives, senior management, and other 'big fish' in organizations.
DDoS Attack - An attack that overwhelms systems with traffic from multiple sources to make services unavailable
Session Hijacking - An attack that takes over a user's active session to gain unauthorized access to systems or data.
Penetration Testing - Authorized simulated attacks on systems to identify security vulnerabilities before malicious actors do.
Data Privacy - The right and ability to control how personal information is collected, used, and shared.
Separation of Duties - Security principle requiring multiple people to complete critical tasks, preventing fraud and errors by one individual
Brute Force Attack - An attack method that systematically tries all possible combinations to crack passwords or encryption
Rootkit - Stealthy malware designed to hide its presence and maintain persistent privileged access to a system
Security Audit - A systematic evaluation of an organization's security posture against established standards and policies.
Smishing - SMS phishing - using text messages to trick victims into clicking malicious links or revealing sensitive information.
Drive-by Download - Unintentional download of malware simply by visiting a compromised or malicious website.
Anonymization - Permanently removing or altering personal identifiers so individuals cannot be re-identified from the data
Credential Stuffing - An attack using stolen username/password pairs from data breaches to access accounts on other services
Two-Factor Authentication - A security process requiring exactly two different authentication factors to verify identity before granting access.
Advanced Persistent Threat - A prolonged, targeted cyberattack where intruders gain access and remain undetected for extended periods.
Four Eyes Principle - Control mechanism requiring two people to approve critical actions, preventing unilateral decisions
Zero-Day Vulnerability - A software vulnerability unknown to the vendor, exploitable before a patch is available
Data Masking - Hiding sensitive data by replacing it with realistic but fictional values while preserving data format and usability
Scully Effect - The tendency to dismiss or ignore important discoveries because they seem mundane or boring.
Pretexting - Creating a fabricated scenario or false identity to manipulate victims into providing information or access.
Cross-Site Request Forgery - An attack that tricks users into performing unwanted actions on websites where they're authenticated
Intrusion Detection System - A system that monitors networks or hosts for malicious activity and policy violations.
Data Security - The practices, technologies, and policies that protect digital information from unauthorized access, corruption, or theft throughout its lifecycle.
Cross-Site Scripting - An attack that injects malicious scripts into web pages viewed by other users
Computer Virus - Self-replicating malware that spreads by inserting copies of itself into other programs or files
Data Availability - The assurance that data and systems are accessible when needed by authorized users.
Offline Backup - Backup media that is not continuously connected to the system, providing protection against online threats.
Insider Threat - Security risks originating from people within an organization who misuse their authorized access.
Patch Management - The process of identifying, acquiring, testing, and installing software updates to fix security vulnerabilities.
Quishing - QR code phishing - using malicious QR codes to redirect victims to phishing websites or trigger harmful actions.
Spear Phishing - Targeted phishing attacks directed at specific individuals or organizations using personalized information.
Privilege Escalation - Exploiting vulnerabilities to gain higher access levels than originally authorized.
DevSecOps - A DevOps approach that integrates security practices throughout the entire software development lifecycle, treating security as code.
Backdoor - A hidden method of bypassing normal authentication to gain unauthorized access to a system
Differential Privacy - Mathematical framework providing provable privacy guarantees by adding calibrated noise to data or query results
Malware - Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems
Keylogger - Software or hardware that records keystrokes to capture passwords, messages, and other sensitive data
DNS Spoofing - An attack that corrupts DNS data to redirect users to malicious websites without their knowledge.
Supply Chain Attack - An attack that targets less-secure elements in the supply chain to compromise the final product or service
Authentication - The process of verifying the identity of a user, device, or system before granting access

← Back to all concepts