security - Concepts

Explore concepts tagged with "security"

Total concepts: 104

Concepts

Air-Gapped Backup - A backup stored on media physically disconnected from networks, protecting against remote attacks.
Pseudonymization - Replacing personal identifiers with artificial pseudonyms while maintaining the ability to re-identify when needed
Need-to-Know Principle - Security principle restricting information access to only those who require it for their specific duties
Data Privacy - The right and ability to control how personal information is collected, used, and shared.
Four Eyes Principle - Control mechanism requiring two people to approve critical actions, preventing unilateral decisions
AI Context Governance - Policies and practices for managing who can create, modify, and distribute AI context.
Context Isolation - Keeping contexts separated to prevent cross-contamination between different tasks or agents.
Malware - Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems
Threat Modeling - A structured approach to identifying, quantifying, and addressing security threats to a system.
Virtual Private Network (VPN) - An encrypted tunnel between devices or networks over an untrusted network that provides confidentiality, authentication, and integrity.
Mulder Effect - The tendency to believe extraordinary claims without sufficient evidence, named after the X-Files character.
Computer Virus - Self-replicating malware that spreads by inserting copies of itself into other programs or files
Offline Backup - Backup media that is not continuously connected to the system, providing protection against online threats.
Rootkit - Stealthy malware designed to hide its presence and maintain persistent privileged access to a system
Smishing - SMS phishing - using text messages to trick victims into clicking malicious links or revealing sensitive information.
Data Security - The practices, technologies, and policies that protect digital information from unauthorized access, corruption, or theft throughout its lifecycle.
Scully Effect - The tendency to dismiss or ignore important discoveries because they seem mundane or boring.
Botnet - A network of compromised computers controlled remotely to perform coordinated malicious activities
Brute Force Attack - An attack method that systematically tries all possible combinations to crack passwords or encryption
Penetration Testing - Authorized simulated attacks on systems to identify security vulnerabilities before malicious actors do.
Zero Trust - Security model that requires strict verification for every user and device, regardless of network location
Anonymization - Permanently removing or altering personal identifiers so individuals cannot be re-identified from the data
Drive-by Download - Unintentional download of malware simply by visiting a compromised or malicious website.
Fifth Column - A group of people who secretly work to undermine an organization or nation from within.
Red Teaming - An adversarial testing practice where a dedicated team attempts to find vulnerabilities, flaws, or failure modes in a system by simulating attacks or misuse scenarios.
End-to-End Encryption - Encryption where only communicating parties can read messages, not even service providers.
Software Supply Chain Security - The practices, tools, and policies that protect every stage of how software is built, distributed, and consumed
Phishing - Fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communications.
Confused Deputy - A security vulnerability where a trusted program is tricked into misusing its authority on behalf of an attacker.
Watering Hole Attack - An attack that compromises websites frequently visited by a target group to infect their systems.
Business Email Compromise - A sophisticated scam targeting businesses to trick employees into transferring money or sensitive data.
Static Analysis - The automated examination of source code without executing it to find potential bugs, vulnerabilities, and quality issues.
Whaling - Phishing attacks specifically targeting high-profile executives, senior management, and other 'big fish' in organizations.
Data Availability - The assurance that data and systems are accessible when needed by authorized users.
Slopsquatting - A supply chain attack where attackers register package names that AI models tend to hallucinate, then wait for developers to install them
Privilege Escalation - Exploiting vulnerabilities to gain higher access levels than originally authorized.
Authorization - The process of determining what actions or resources an authenticated entity is permitted to access
AI Skill Scoping - Defining clear boundaries for what an AI skill should and should not do to ensure focused, reliable, and secure behavior.
Cross-Site Scripting - An attack that injects malicious scripts into web pages viewed by other users
Session Hijacking - An attack that takes over a user's active session to gain unauthorized access to systems or data.
DDoS Attack - An attack that overwhelms systems with traffic from multiple sources to make services unavailable
Open Source Transparency - The principle that making source code publicly available creates accountability, trust, and verifiable security through community inspection.
Least Privilege - The principle of giving users and systems only the minimum access rights needed to perform their tasks
Separation of Duties - Security principle requiring multiple people to complete critical tasks, preventing fraud and errors by one individual
Data Confidentiality - Protecting data from unauthorized access and ensuring only authorized parties can view it.
DNS Spoofing - An attack that corrupts DNS data to redirect users to malicious websites without their knowledge.
WireGuard - A modern, minimal VPN protocol designed to be simpler, faster, and more secure than IPsec and OpenVPN.
Data Breach - A security incident where protected or confidential data is accessed by unauthorized parties.
Spear Phishing - Targeted phishing attacks directed at specific individuals or organizations using personalized information.
SQL Injection - An attack that inserts malicious SQL code into application queries to manipulate databases
Firewall - A network security system that monitors and controls incoming and outgoing traffic based on security rules.
Multi-Factor Authentication - A security method requiring two or more verification factors to prove identity before granting access.
Data Masking - Hiding sensitive data by replacing it with realistic but fictional values while preserving data format and usability
Privacy by Design - Building privacy protections into systems from the start rather than adding them later.
Trojan Horse - Malware disguised as legitimate software that performs malicious actions once installed
Ransomware - Malware that encrypts victim's data and demands payment for the decryption key
Cryptojacking - Unauthorized use of computing resources to mine cryptocurrency without the owner's knowledge
Insider Threat - Security risks originating from people within an organization who misuse their authorized access.
Patch Management - The process of identifying, acquiring, testing, and installing software updates to fix security vulnerabilities.
Adware - Software that automatically displays or downloads unwanted advertisements, often bundled with free programs
Remote Access Trojan - Malware that gives an attacker unauthorized remote control over a victim's computer, operating covertly without the user's knowledge
Disaster Recovery - The process and strategies for restoring IT systems and data after a catastrophic event.
Credential Stuffing - An attack using stolen username/password pairs from data breaches to access accounts on other services
Intrusion Detection System - A system that monitors networks or hosts for malicious activity and policy violations.
Data Minimization - The principle of collecting and retaining only the data that is necessary for a specific purpose.
Package Registry Security - How package registries like npm, PyPI, and crates.io handle trust, identity verification, and defense against malicious packages
Typosquatting - Registering domains with common misspellings of popular websites to deceive users into visiting malicious sites.
Encryption - The process of encoding data so only authorized parties with the correct key can read it.
Software Composition Analysis - The automated process of identifying all open-source and third-party components in a codebase and mapping their vulnerabilities, licenses, and security risks
Two-Factor Authentication - A security process requiring exactly two different authentication factors to verify identity before granting access.
Digital Hygiene - The routine practice of maintaining digital security, privacy, and organization through regular habits like updating software, managing passwords, cleaning data, and reviewing permissions.
Jailbreaking AI - Techniques used to bypass an AI model's safety guardrails and restrictions to produce outputs it was designed to refuse.
Cross-Site Request Forgery - An attack that tricks users into performing unwanted actions on websites where they're authenticated
Shift Left - The practice of moving testing, quality checks, and security measures earlier in the software development lifecycle to catch issues sooner.
AI Skill Supply Chain Security - Protecting against malicious or compromised AI skills in shared skill ecosystems by verifying integrity, provenance, and safety.
Man-in-the-Middle Attack - An attack where the attacker secretly intercepts and potentially alters communication between two parties
Quishing - QR code phishing - using malicious QR codes to redirect victims to phishing websites or trigger harmful actions.
Zero-Day Vulnerability - A software vulnerability unknown to the vendor, exploitable before a patch is available
Namesquatting - The practice of registering names in shared namespaces like package registries with intent to exploit trust or confusion
Starjacking - A supply chain attack where a malicious package links to a popular GitHub repository to inherit its star count and perceived legitimacy
Advanced Persistent Threat - A prolonged, targeted cyberattack where intruders gain access and remain undetected for extended periods.
Computer Worm - Self-replicating malware that spreads across networks without requiring user action or host programs
Dependency Confusion - A supply chain attack where a malicious public package with the same name as an internal package tricks build systems into installing the attacker's version
Supply Chain Attack - An attack that targets less-secure elements in the supply chain to compromise the final product or service
Role-Based Access Control - Access control method that assigns permissions to roles rather than individuals, simplifying security management
Vishing - Voice phishing - using phone calls to deceive victims into revealing sensitive information or taking harmful actions.
Spyware - Malware that secretly monitors user activity and collects sensitive information without consent
CIA Triad - The foundational security model comprising Confidentiality, Integrity, and Availability
Backdoor - A hidden method of bypassing normal authentication to gain unauthorized access to a system
Incident Response - The organized approach to detecting, containing, and recovering from security breaches.
Data Integrity - The accuracy, consistency, and reliability of data throughout its lifecycle.
Differential Privacy - Mathematical framework providing provable privacy guarantees by adding calibrated noise to data or query results
Authentication - The process of verifying the identity of a user, device, or system before granting access
Data Retention Policy - A set of rules defining how long different types of data should be kept and when they should be deleted.
Security Debt - The accumulated risk from deferred security practices, unpatched vulnerabilities, and shortcuts in security implementation.
Vulnerability Assessment - The systematic process of identifying, quantifying, and prioritizing security weaknesses in systems.
Social Engineering - Psychological manipulation of people into performing actions or divulging confidential information.
Zero Knowledge - A principle where service providers cannot access user data, even if they wanted to.
Defense in Depth - A layered security approach using multiple protective measures so failure of one doesn't compromise the system
Security Audit - A systematic evaluation of an organization's security posture against established standards and policies.
Prompt Injection - A security vulnerability where malicious input causes an AI model to ignore its original instructions and follow attacker-supplied directives instead.
DevSecOps - A DevOps approach that integrates security practices throughout the entire software development lifecycle, treating security as code.
Pretexting - Creating a fabricated scenario or false identity to manipulate victims into providing information or access.
Keylogger - Software or hardware that records keystrokes to capture passwords, messages, and other sensitive data

← Back to all concepts