Recently updated

Additional or alternative systems, sub systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub system, asset, or process.

A colloquial term for penetration test or penetration testing.

A list of entities that are blocked or denied privileges or access.

The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.

A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.

A technique to breach the security of a network or information system in violation of security policy.

In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Office

an intelligence hub for the company, gathering data from across the organization's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritize and respond to potential cybersecurity threats

A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application

an individual who participates in cyberwarfare, motivated either by personal, patriotic, or religious reasons, but not due to professional requirement

a category of malware designed to suspend operations within a target through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data

An electronic information and communications systems and services and the information contained therein.

clues and evidence of a data breach

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

To revoke the authentication of; to cause no longer to be authenticated.

a technique allowing to locate a web user based on their IP address

a high speed, low latency interconnect standard used in high performance computing (HPC), supercomputers, and AI data centers

The automated, on the fly changes of an information system's characteristics to thwart actions of an adversary.

Blockchain is a decentralized ledger that records and verifies transactions across a network of computers. It's a database that stores data in blocks that are linked together in a chain.

an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle

an attack is a method that uses trial and error to crack passwords, login credentials, and encryption keys

Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.

Neuromorphic computing is a method of computing that uses artificial neurons to mimic the human brain's structure and function. The word "neuromorphic" means "characteristic of the shape of the brain or neurons"

obtain (information or input into a particular task or project) by enlisting the services of a large number of people, either paid or unpaid, typically via the internet.

a form of testing that is performed with no knowledge of a target system's internals

A discussion based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.

the spectrum of possible cybersecurity threats

A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

is malware that encrypts data on the targets device and demands a ransom to restore it

the practice of monitoring computer networks and systems for threats, while surveillance is the act of observing them. In the context of cybersecurity, "surveillance" refers to the continuous monitoring of a network to detect and respond to cyberattacks

to provide someone, such as an employee, with more advanced skills through additional education and training

An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

To convert into a Trojan

A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

that the app has reached the end of its useful life. It may mean that a new version is available that supersedes the existing product or that the product is no longer supported.

the process where hackers familiarize themselves with their targets in order to obtain credentials based on their activity

A bootkit is a type of malware that infects a computer's boot process, giving the attacker control over the system. Bootkits are a major security threat because they can bypass standard security measures and remain hidden.

monitoring other competitor organizations and nations to gather information

an anonymous proxy is a tool that attempts to make activity on the Internet untraceable

a design and programming philosophy that focuses on formally correct and verifiable input handling throughout all phases of the software development lifecycle

Doxxing can be illegal, but its legality depends on the specific circumstances, such as the intent behind it and the jurisdiction. While doxxing itself isn't always explicitly illegal everywhere, it often falls under existing laws like those against harassment, stalking, and incitement to violence, and new anti doxxing laws are being enacted in various places. The act is often considered a crime when it involves sharing personal information with the intent to cause harm, threats, or incite illegal actions.

Repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS

the process of finding, fixing, and preventing security vulnerabilities at the application level, as part of the software development processes

a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers

to develop an exploit against a vulnerability into an attack tool that can be deployed against a target

is data that looks attractive to cyber criminals but is actually false or of no value

The ability of two or more systems or components to exchange information and to use the information that has been exchanged.

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.