Glossary

  • ACL : Access Control List, a set of rules that determines who can access certain resources and what operations they can perform on those resources.

  • APT : Advanced Persistent Threat, a sophisticated and targeted cyberattack wherein an unauthorized user gains access to a network and remains undetected for an extended period.

  • Bait-and-Switch : A deceptive practice where a user is lured into clicking on a link or downloading software under false pretenses, often leading to unwanted software or malware.

  • Botnet : A network of infected computers controlled as a group without the owners’ knowledge, often used to launch distributed denial-of-service (DDoS) attacks or send spam.

  • Brute Force Attack : A trial-and-error method used by attackers to guess passwords or encryption keys through exhaustive effort, systematically checking all possible combinations.

  • BYOD : Bring Your Own Device, a policy that allows employees to use their personal devices (laptops, smartphones) for work-related tasks, often raising security concerns.

  • CISO : Chief Information Security Officer, an executive responsible for an organization’s information and data security strategy, planning, and implementation.

  • Cyber Hygiene : Best practices and maintenance tasks that individuals and organizations should implement to secure their networks and data against cyber threats.

  • Dark Web : A part of the internet that is not indexed by traditional search engines and requires specific software or configurations to access, often associated with illicit activities.

  • DDoS : Distributed Denial of Service, a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of traffic.

  • DNS Spoofing : A form of cyber-attack where attackers corrupt a DNS server’s cache, redirecting users frequently to fraudulent sites without their knowledge.

  • EDR : Endpoint Detection and Response, a cybersecurity technology that monitors endpoint devices to detect and respond to threats in real time.

  • Encryption : The process of converting information or data into a code to prevent unauthorized access, ensuring the confidentiality of sensitive data during transmission.

  • Firewall : A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

  • GDPR : General Data Protection Regulation, a comprehensive data privacy law in the European Union that governs how organizations handle personal data.

  • IAM : Identity and Access Management, a framework for managing user identities and access privileges across corporate networks to enhance security and ensure compliance.

  • IDS : Intrusion Detection System, a device or software application that monitors a network or systems for malicious activity or policy violations.

  • IOCs : Indicators of Compromise, pieces of forensic data that identify potentially malicious activity on a system or network.

  • IP : Internet Protocol, a set of rules governing the format of data sent over the internet or local network.

  • IPS : Intrusion Prevention System, a network security device that examines network traffic for malicious activities and works to block those threats in real-time.

  • IPv4 : Internet Protocol version 4, the fourth version of the Internet Protocol, using a 32-bit address scheme allowing for over 4 billion unique addresses.

  • Jamstack : JavaScript + API + Markup - a way of buildin and hosting websites.

  • Jekyll : A Static Site Generator (SSG) built with ruby. Widely adopted as of GitHub Pages inclusion.

  • Kubernetes : An open-source container orchestration system for automating the deployment, scaling, and management of containerized applications.

  • Malware : Malicious software, including viruses, worms, trojan horses, and more, designed to disrupt, damage, or gain unauthorized access to computer systems.

  • MFA : Multi-Factor Authentication, an additional security layer requiring not only a password and username but also something that only the user has on them.

  • MFA/2FA : Multi-Factor Authentication/Two-Factor Authentication, a security measure that requires two or more verification methods to gain access to a resource or system.

  • MITM : Man-In-The-Middle, a form of eavesdropping where the attacker inserts themselves into a conversation between two parties, either to secretly listen or manipulate the information.

  • OSINT : Open Source Intelligence, information collected from publicly available sources to be used in an intelligence context, often utilized in cybersecurity threat assessments.

  • Penetration Testing : A simulated cyber attack against a computer system or network to identify vulnerabilities that an attacker could exploit.

  • Phishing : A type of cyber-attack where attackers impersonate a trusted entity to deceive individuals into revealing sensitive information such as usernames, passwords, and credit card numbers.

  • Policy Enforcement : Mechanisms used to enforce rules and guidelines within an organization regarding secure resource use and access to ensure compliance and risk management.

  • RADIUS : Remote Authentication Dial-In User Service, a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service.

  • Ransomware : A type of malicious software that encrypts a victim’s files, with an intention to demand a ransom from the victim to restore access to their data.

  • RESTful API : A RESTful API (Representational State Transfer API) is an application programming interface that adheres to the principles of REST architecture, allowing for interaction with web services through standard HTTP methods. It enables the exchange of data between clients and servers in a stateless manner, typically using formats like JSON or XML.

  • Sandboxes : An isolated testing environment that mimics a production environment but allows developers or security teams to run experiments without risk to the larger system.

  • SIEM : Security Information and Event Management, a software solution that gathers and analyzes security data from across an organization’s technology infrastructure in real time.

  • SIEM : Security Information and Event Management, a comprehensive solution that aggregates and analyzes security data from across an organization’s IT infrastructure.

  • SOC : Security Operations Center, a centralized unit that deals with security issues on an organizational and technical level, including monitoring, detecting, and responding to security incidents.

  • SOC 2 : A compliance standard designed for service providers storing customer data in the cloud, ensuring that they manage data securely to protect the privacy of their clients.

  • SSG : A Static Site Generator compiles the website before deployment. Then the generated web content is simply retrieved as-is by the client without any code running at retrieve time.

  • SSL : Secure Sockets Layer, a standard security technology for establishing an encrypted link between a server and client, often used to secure online transactions.

  • Threat Intelligence : Information that organizations use to understand the threats that have, will, or are currently targeting them, enabling them to make informed security decisions.

  • Threat Modeling : A structured method for identifying potential risks and vulnerabilities in a system, allowing for the examination of the system’s architecture and planning for potential security issues.

  • TLS : Transport Layer Security, a cryptographic protocol designed to provide secure communication over a computer network.

  • TTP : Tactics, Techniques, and Procedures, a term used in cybersecurity to describe the behavior or modus operandi of cyber adversaries consistently across different attacks.

  • Use Case : A scenario that defines how a system will be used to fulfill specific requirements, often utilized in the analysis and design of security protocols.

  • VLAN : Virtual Local Area Network, a subnet that can group together computers from different physical networks to provide additional security and manage traffic efficiently.

  • VPN : Virtual Private Network, a technology that creates a secure connection over a less secure network, such as the Internet.

  • VPN Concentrator : A networking device that creates and manages hundreds or thousands of VPN connections and provides secure remote access to users.

  • Webhook : A webhook is a user-defined HTTP callback that is triggered by specific events, allowing one application to send real-time data to another application when an event occurs. This enables automated communication between systems without the need for constant polling.

  • XSS : Cross-Site Scripting, a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, often to steal session cookies or redirect users.

  • Zero Trust : A security model that requires strict identity verification for every person and device attempting to access resources on a network, regardless of whether they are inside or outside the network perimeter.

results matching ""

    No results matching ""