Absolute Session Timeout
Absolute session timeout is the maximum total lifetime of a session before it must end or require reauthentication, regardless of user activity....
Read definition →Cybersecurity Encyclopedia
Browse CyberExperts' glossary of cybersecurity terms, threats, controls, and defensive concepts. This archive is designed to help readers quickly understand common security language and connect related topics across modern cyber risk, compliance, and incident response.
Use the search box or jump by letter to find definitions for topics like malware, phishing, supply chain attacks, cloud security, and defense-in-depth.
608 glossary entries
Focused on practical cybersecurity language
Useful for SMB buyers, practitioners, and learners
A
Acceptable Use Policy (AUP)
An acceptable use policy (AUP) defines how users are expected to use organizational systems, devices, networks, and data responsibly....
Read definition →Access Certification
Access certification is the formal review and attestation process used to confirm that users and systems still need the access they hold....
Read definition →Access Control
Access control is the process of restricting who or what can view, use, or change systems, applications, data, and physical resources....
Read definition →Access Package
An access package is a defined bundle of permissions, groups, or application access offered together for a particular user type, role, or purpose....
Read definition →Access Recertification Campaign
An access recertification campaign is a coordinated effort to review and reapprove existing access across a defined population, system, or risk area....
Read definition →Access Review
An access review is a structured check of who has access to which systems, roles, or data and whether that access is still appropriate....
Read definition →Access Risk Scoring
Access risk scoring is the evaluation of users, roles, entitlements, or sessions to estimate how much security risk a given access state creates....
Read definition →Access Token
An access token is a credential issued after authentication that allows a user, application, or service to access specific resources for a limited time....
Read definition →Account Lockout
Account lockout is a control that temporarily or permanently restricts login after repeated authentication failures....
Read definition →Account Recovery
Account recovery is the process used to restore account access when a user is locked out, loses a factor, or can no longer authenticate normally....
Read definition →Account Takeover (ATO)
Account takeover (ATO) is the unauthorized control of a user account by an attacker who gains access to the victim’s credentials or session....
Read definition →Adaptive Access Control
Adaptive access control is a security model that changes authentication or authorization requirements based on real-time context and risk signals....
Read definition →Admin Tiering
Admin tiering is the separation of administrative accounts, systems, and tasks into trust tiers to reduce privilege exposure and lateral compromise....
Read definition →Administrative Unit
An administrative unit is a defined subset of users, groups, devices, or resources that can be managed separately within a broader identity or administrative system....
Read definition →Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) is a widely used symmetric block cipher standard for protecting digital data....
Read definition →Advanced Persistent Threat
An advanced persistent threat (APT) is a stealthy, sustained intrusion campaign designed to gain access and remain undetected over time....
Read definition →Adversary Emulation
Adversary emulation is a security testing approach that recreates the tactics, techniques, and procedures of real-world threat actors in a controlled way....
Read definition →Adversary-in-the-Middle (AiTM)
An adversary-in-the-middle (AiTM) attack uses a real-time phishing proxy or interception layer to capture credentials, sessions, or tokens between a victim and a legitimate se...
Read definition →Adware
Adware is software that displays advertising, but some forms also track users, degrade privacy, or create security exposure....
Read definition →Air Gap
An air gap is a security isolation approach in which a system or network is separated from untrusted or internet-connected environments to reduce exposure....
Read definition →Alert Fatigue
Alert fatigue is the reduced effectiveness of analysts caused by large volumes of noisy, repetitive, or low-value security alerts....
Read definition →Algorithm Deprecation
Algorithm deprecation is the planned retirement of cryptographic algorithms that are no longer considered sufficiently safe, efficient, or appropriate....
Read definition →Anonymization
Anonymization is the process of transforming data so individuals are no longer identifiable in a practical and reasonably likely way....
Read definition →Anti-Tamper
Anti-tamper is the use of controls intended to detect, prevent, or complicate unauthorized modification of software or its execution state....
Read definition →Antimalware
Antimalware is security software designed to detect, block, quarantine, and remove malicious programs from devices and networks....
Read definition →API Abuse
API abuse is the misuse of an application programming interface to extract data, automate attacks, bypass controls, or cause operational harm....
Read definition →API Authentication
API authentication is the process of verifying the identity of a user, application, or service attempting to access an application programming interface....
Read definition →API Authorization
API authorization is the process of determining what an authenticated user, app, or service is allowed to do through an API....
Read definition →API Discovery
API discovery is the process of identifying known, unknown, documented, and undocumented APIs across an organization’s environment....
Read definition →API Gateway Security
API gateway security is the use of a gateway layer to enforce authentication, authorization, rate control, inspection, and policy for API traffic....
Read definition →API Inventory
API inventory is the maintained record of an organization’s APIs, endpoints, versions, owners, and exposure details....
Read definition →API Key Management
API key management is the process of issuing, storing, rotating, restricting, and revoking API keys used for service access....
Read definition →API Schema Validation
API schema validation is the process of checking whether API requests and responses match the expected structure, types, and constraints defined by the service....
Read definition →API Security
API security is the practice of protecting application programming interfaces from unauthorized access, abuse, data exposure, and logic flaws....
Read definition →API Versioning
API versioning is the practice of managing changes to an API through distinct versions so clients can evolve without immediate breakage....
Read definition →App Consent Governance
App consent governance is the set of controls used to review, restrict, approve, and monitor application permission grants in cloud and SaaS environments....
Read definition →Application Allowlisting
Application allowlisting is a security control that permits only approved software, scripts, or binaries to run on a system or within a defined environment....
Read definition →Application Reputation
Application reputation is the assessment of how trustworthy a piece of software appears based on observed behavior, origin, prevalence, signing, or threat intelligence....
Read definition →Application Sandboxing
Application sandboxing is the restriction of a software application to a controlled environment with limited access to the rest of the system....
Read definition →Application Security (AppSec)
Application security (AppSec) is the practice of designing, building, testing, and maintaining software to reduce security weaknesses and abuse....
Read definition →Argon2
Argon2 is a modern password-hashing function designed to make password cracking more expensive through configurable time, memory, and parallelism costs....
Read definition →Asset Management
Asset management is the practice of identifying, tracking, and governing systems, devices, software, and data that an organization relies on....
Read definition →Asymmetric Encryption
Asymmetric encryption is a cryptographic method that uses a public key and a private key instead of one shared secret....
Read definition →Attack Path Analysis
Attack path analysis is the process of identifying how attackers could chain together identities, systems, privileges, and weaknesses to reach a high-value target....
Read definition →Attack Surface
An attack surface is the total set of systems, services, identities, applications, and exposures that an attacker could potentially target....
Read definition →Attack Surface Management (ASM)
Attack surface management (ASM) is the ongoing practice of discovering, monitoring, and reducing internet-exposed assets and weaknesses that attackers could target....
Read definition →Attack Surface Reduction (ASR)
Attack surface reduction (ASR) is the practice of limiting the number of ways attackers can access, abuse, or move through systems and applications....
Read definition →Attack Vector
An attack vector is the path, method, or weakness an attacker uses to gain access, deliver malicious activity, or move toward a target....
Read definition →Attribute-Based Access Control (ABAC)
Attribute-Based Access Control (ABAC) is an authorization model that makes access decisions based on attributes of users, resources, actions, and context....
Read definition →Audit Logging
Audit logging is the recording of system, user, administrative, or application actions in a way that supports review, investigation, and accountability....
Read definition →Audit Trail
An audit trail is a chronological record of actions, changes, or events that supports accountability, investigation, and review....
Read definition →Authentication
Authentication is the process of verifying that a user, device, or system is genuinely who or what it claims to be....
Read definition →Authentication Assurance Level (AAL)
Authentication assurance level (AAL) is a measure of confidence in an authentication event based on the strength and security of the methods used....
Read definition →Authenticator App
An authenticator app is a mobile or desktop application that helps users generate or approve authentication factors such as one-time codes or push requests....
Read definition →Authenticator Reset
An authenticator reset is the process of removing, replacing, or re-establishing an authentication factor when the original authenticator is lost, changed, or no longer truste...
Read definition →Authority Key Identifier (AKI)
Authority Key Identifier (AKI) is a certificate extension used to reference the key associated with the issuing certificate authority....
Read definition →Authorization
Authorization is the process of deciding what an authenticated user, device, or system is allowed to access or do....
Read definition →Authorization Boundary
An authorization boundary is the defined limit around what identities, roles, or tokens are allowed to access or control within a system....
Read definition →Authorization Code Flow
Authorization code flow is an OAuth pattern in which a client first receives an authorization code and then exchanges it for tokens through a back-channel request....
Read definition →Authorization Server
An authorization server is the component that authenticates, evaluates consent or policy, and issues tokens to clients in OAuth or OIDC-based systems....
Read definition →B
Backup and Recovery
Backup and recovery is the practice of copying, protecting, and restoring data and systems after loss, corruption, or disruption....
Read definition →Backup Code
A backup code is a one-time recovery code a user can store and later use if their normal authentication factor is unavailable....
Read definition →Backup Integrity
Backup integrity is the assurance that backup data is complete, uncorrupted, unmodified in unauthorized ways, and actually usable for recovery....
Read definition →Banner Grabbing
Banner grabbing is the practice of collecting service and software details from exposed systems to support reconnaissance and assessment....
Read definition →bcrypt
bcrypt is an adaptive password-hashing function designed to make password verification slower and more resistant to offline cracking than fast hashes....
Read definition →Behavioral Biometrics
Behavioral biometrics are patterns in how a person interacts with devices or systems that can be used as a signal for identity confidence or fraud detection....
Read definition →Birthright Access
Birthright access is the baseline set of permissions automatically granted to users based on role, department, or employment status....
Read definition →Blast Radius
Blast radius is the scope of systems, identities, data, or operations that can be affected when a security control fails or an attacker gains access....
Read definition →Block Cipher
A block cipher is a symmetric encryption method that encrypts data in fixed-size blocks using a secret key....
Read definition →Boot Integrity
Boot integrity is the assurance that a system started using expected, authorized, and untampered startup components....
Read definition →Bot Mitigation
Bot mitigation is the set of controls used to detect, limit, and block harmful automated traffic or scripted abuse....
Read definition →Botnet
A botnet is a network of compromised devices that attackers remotely control to launch coordinated malicious activity at scale....
Read definition →Breach and Attack Simulation (BAS)
Breach and attack simulation (BAS) is the controlled testing of security defenses using simulated attacker behavior to validate whether protections and detections work as expe...
Read definition →Breach Password Screening
Breach password screening is the practice of checking whether a password appears in known breach datasets and blocking or flagging it if it does....
Read definition →Break Glass Account
A break glass account is an emergency-access account reserved for exceptional situations when normal administrative access is unavailable or unsuitable....
Read definition →Break-Fix Access
Break-fix access is temporary elevated access granted to troubleshoot, repair, or restore a system during an operational issue or outage....
Read definition →Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD) is a work model where employees use personal devices to access organizational systems or data....
Read definition →Broken Object Level Authorization (BOLA)
Broken Object Level Authorization (BOLA) is an API security flaw where a system fails to enforce whether a user can access a specific object or record....
Read definition →Browser Extension Risk
Browser extension risk is the security exposure created by add-ons that can read, modify, or inject content into browser sessions and pages....
Read definition →Browser Fingerprinting
Browser fingerprinting is the collection and comparison of browser and device characteristics to help recognize or distinguish client contexts....
Read definition →Browser Isolation
Browser isolation is the separation of web browsing activity from the main endpoint so risky web content cannot interact directly with the local device....
Read definition →Browser Security
Browser security is the practice of protecting web browsers, browser data, and browsing activity from malicious content, abuse, and exploitation....
Read definition →Browser Session Isolation
Browser session isolation is the separation of web sessions or browsing contexts so activity in one context is less able to affect another....
Read definition →Brute Force Attack
A brute force attack is an attempt to gain access by systematically guessing passwords, keys, or login combinations until one works....
Read definition →Bug Bounty Program
A bug bounty program is a security initiative that rewards eligible researchers for finding and responsibly reporting vulnerabilities in defined systems or applications....
Read definition →Business Continuity
Business continuity is the capability to keep critical operations running during and after disruption through planning, resilience, and coordinated response....
Read definition →Business Email Compromise (BEC)
Business email compromise (BEC) is a fraud tactic that uses deceptive email or account compromise to trick people into sending money, data, or sensitive information....
Read definition →Business Impact Analysis (BIA)
A business impact analysis (BIA) is a structured assessment of which business processes matter most and what happens if they are disrupted....
Read definition →Business Logic Flaw
A business logic flaw is a weakness in how an application’s intended workflow, rules, or decision logic can be manipulated to achieve unauthorized outcomes....
Read definition →C
Canary Token
A canary token is a planted digital artifact designed to trigger an alert when someone accesses, moves, or uses it unexpectedly....
Read definition →Case Management
Case management is the structured tracking of security investigations, incidents, tasks, evidence, ownership, and decisions from intake through closure....
Read definition →Certificate Authority (CA)
A Certificate Authority (CA) is a trusted entity that issues and signs digital certificates binding identities to public keys....
Read definition →Certificate Chain
A certificate chain is the ordered path of certificates linking an end certificate back to a trusted root....
Read definition →Certificate Expiration
Certificate expiration is the point at which a digital certificate’s defined validity period ends and it should no longer be trusted....
Read definition →Certificate Fingerprint
A certificate fingerprint is a hash-derived identifier used to refer to and compare a specific certificate....
Read definition →Certificate Inventory
Certificate inventory is the maintained record of where certificates exist, what they protect, who owns them, and when they expire....
Read definition →Certificate Lifecycle Management
Certificate lifecycle management is the operational control of how certificates are requested, issued, deployed, monitored, rotated, and retired....
Read definition →Certificate Management
Certificate management is the process of issuing, tracking, renewing, rotating, and revoking digital certificates used for identity and encryption....
Read definition →Certificate Misissuance
Certificate misissuance is the incorrect issuance of a digital certificate to the wrong entity, for the wrong identity, or under improper validation conditions....
Read definition →Certificate Path Validation
Certificate path validation is the process of verifying that a presented certificate chains correctly to a trusted anchor under all relevant signatures, policies, and constrai...
Read definition →Certificate Pinning
Certificate pinning is the practice of restricting trust to a specific certificate, public key, or expected trust set rather than any broadly trusted issuer....
Read definition →Certificate Policy
A certificate policy is a formal statement that defines the rules, assurance expectations, and acceptable uses for certificates issued under a PKI program....
Read definition →Certificate Practice Statement (CPS)
A Certificate Practice Statement (CPS) is a document describing how a certificate authority actually implements and operates its certificate services....
Read definition →Certificate Rekey
Certificate rekey is the process of replacing the key pair associated with a certificate while issuing a new certificate for the same or similar identity....
Read definition →Certificate Renewal
Certificate renewal is the process of replacing or reissuing a certificate before or when it reaches the end of its validity period....
Read definition →Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a published list of certificates that a certificate authority has declared no longer trustworthy before their normal expiration....
Read definition →Certificate Rotation
Certificate rotation is the planned replacement of a certificate with a new one before or at the end of its useful trust period....
Read definition →Certificate Signing Request (CSR)
A Certificate Signing Request (CSR) is a structured request sent to a certificate authority to obtain a signed digital certificate....
Read definition →Certificate Subject
A certificate subject is the identity information represented by a certificate, typically describing the entity the certificate belongs to....
Read definition →Certificate Thumbprint
A certificate thumbprint is a hash-based identifier used to refer to a specific certificate instance succinctly....
Read definition →Certificate Transparency
Certificate transparency is a framework for publicly logging issued certificates so unauthorized or suspicious issuance can be detected....
Read definition →Chain of Custody
Chain of custody is the documented record of how evidence is collected, handled, transferred, stored, and accessed over time....
Read definition →Challenge-Response Authentication
Challenge-response authentication is a method in which the verifier presents a challenge and the claimant proves identity by producing a valid response....
Read definition →Clickjacking
Clickjacking is an attack that tricks a user into clicking or interacting with hidden or disguised elements from another page or application....
Read definition →Client Certificate Authentication
Client certificate authentication is a method in which a device, user, or application proves identity using a certificate and associated private key....
Read definition →Client Credentials Flow
Client credentials flow is an OAuth pattern in which a client authenticates as itself to obtain tokens for machine-to-machine access....
Read definition →Client-Side Session Storage
Client-side session storage is the practice of keeping some portion of session state or related authentication data in the user’s browser or client environment....
Read definition →Cloud Access Security Broker (CASB)
A cloud access security broker (CASB) is a security control layer that helps organizations monitor and enforce policy across cloud applications and services....
Read definition →Cloud Detection and Response (CDR)
Cloud detection and response (CDR) is a security capability focused on detecting, investigating, and responding to threats in cloud environments....
Read definition →Cloud Security
Cloud security refers to the controls, policies, and technologies used to protect data, workloads, and identities in cloud environments....
Read definition →Cloud Security Posture Management (CSPM)
Cloud security posture management (CSPM) is the practice of finding and reducing misconfigurations, policy drift, and exposure in cloud environments....
Read definition →Cloud Workload Protection Platform (CWPP)
A cloud workload protection platform (CWPP) is a security approach for protecting workloads such as virtual machines, containers, and cloud-hosted servers....
Read definition →Cloud-Native Application Protection Platform (CNAPP)
A cloud-native application protection platform (CNAPP) is a security approach that combines multiple cloud security capabilities to protect applications and workloads across t...
Read definition →Code Integrity
Code integrity is the assurance that software or scripts running on a system are approved, untampered, and consistent with expected trust policy....
Read definition →Code Signing
Code signing is the practice of digitally signing software, scripts, or binaries so recipients can verify the publisher and detect tampering....
Read definition →Code Signing Certificate
A code signing certificate is a certificate used to bind digital signatures to software so recipients can verify origin and integrity....
Read definition →Common Name (CN)
Common Name (CN) is a traditional certificate subject field that historically identified the primary name associated with a certificate....
Read definition →Compensating Control
A compensating control is an alternative safeguard used to reduce risk when the preferred or standard control cannot be implemented directly....
Read definition →Conditional Access
Conditional access is a policy-based identity control that allows, blocks, or limits access based on factors such as user, device, location, risk, or application context....
Read definition →Confidential Client
A confidential client is an OAuth or OIDC client that can securely protect long-term credentials such as a client secret or private key....
Read definition →Confidential Computing
Confidential computing is an approach that protects data while it is actively being processed, often using hardware-based isolated execution environments....
Read definition →Configuration Drift
Configuration drift is the gradual divergence of systems or services from their intended, approved, or secure configuration state over time....
Read definition →Consent Management
Consent management is the process of collecting, recording, updating, and honoring user choices about certain data uses....
Read definition →Container Security
Container security is the practice of protecting container images, runtimes, orchestration environments, and supporting pipelines from compromise and misuse....
Read definition →Content Security Policy (CSP)
Content Security Policy (CSP) is a browser security mechanism that restricts which sources of content a web page is allowed to load or execute....
Read definition →Context-Aware Access
Context-aware access is an access control approach that evaluates signals such as user, device, location, risk, and behavior before allowing or limiting access....
Read definition →Continuous Access Evaluation
Continuous access evaluation is the real-time reassessment of whether an active session or token should continue to grant access as conditions change....
Read definition →Continuous Authentication
Continuous authentication is the ongoing reassessment of trust during a user or system session rather than relying only on the initial login event....
Read definition →Continuous Threat Exposure Management (CTEM)
Continuous threat exposure management (CTEM) is an ongoing security approach for discovering, validating, prioritizing, and reducing exposures that attackers could exploit....
Read definition →Control Framework
A control framework is an organized set of control objectives, requirements, and practices used to structure security and risk management efforts....
Read definition →Control Plane Security
Control plane security is the protection of the administrative, orchestration, and management layers that govern systems, cloud services, and platforms....
Read definition →Cookie Replay
Cookie replay is the reuse of a captured browser cookie to gain unauthorized access or continue an existing session....
Read definition →Cookie Theft
Cookie theft is the unauthorized capture of browser cookies, especially session cookies, so an attacker can reuse them for access or tracking....
Read definition →Corporate-Owned, Personally Enabled (COPE)
Corporate-Owned, Personally Enabled (COPE) is a device model where the organization owns and manages the device but allows some limited personal use....
Read definition →Credential Enrollment
Credential enrollment is the process of registering a new authentication factor, secret, token, or key for future identity verification....
Read definition →Credential Hygiene
Credential hygiene is the practice of creating, storing, rotating, and protecting passwords, keys, and tokens in ways that reduce misuse and exposure....
Read definition →Credential Rotation
Credential rotation is the process of replacing passwords, keys, tokens, certificates, or other secrets on a controlled schedule or after a risk event....
Read definition →Credential Stuffing
Credential stuffing is an attack in which stolen username-password pairs are automatically tested across many sites and services....
Read definition →Credential Vaulting
Credential vaulting is the secure storage and controlled release of passwords, keys, and other secrets used for privileged or sensitive access....
Read definition →Cross-Border Data Transfer
Cross-border data transfer is the movement or availability of data from one jurisdiction to another....
Read definition →Cross-Certification
Cross-certification is the establishment of trust between separate certificate authorities by having one certify the public key of another....
Read definition →Cross-Device Authentication
Cross-device authentication is a sign-in pattern in which one device helps verify or complete authentication for another device or session....
Read definition →Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that tricks a user’s browser into sending an unwanted authenticated request to a web application....
Read definition →Cross-Site Scripting
Cross-site scripting (XSS) is a client-side web attack that injects malicious code into a trusted page or application....
Read definition →Cross-Tenant Access
Cross-tenant access is access granted from one organization’s identity environment into resources or applications hosted in another tenant or organizational boundary....
Read definition →Crypto-Shredding
Crypto-shredding is the practice of rendering encrypted data unreadable by destroying the key material needed to decrypt it....
Read definition →Cryptographic Agility
Cryptographic agility is the ability to change cryptographic algorithms, keys, and parameters without excessive disruption....
Read definition →Cryptographic Module
A cryptographic module is a hardware or software component that performs cryptographic operations such as encryption, decryption, signing, or key storage within a defined secu...
Read definition →Cryptoperiod
A cryptoperiod is the defined period during which a cryptographic key is considered valid for a particular use....
Read definition →CSP Nonce
A CSP nonce is a one-time value used in a Content Security Policy to allow only specific trusted inline scripts or styles to execute....
Read definition →CSRF Token
A CSRF token is a unique value included in a request so the server can verify that the request came from the legitimate application flow....
Read definition →Cyber Hygiene
Cyber hygiene is the routine practice of maintaining systems, identities, devices, and user behavior in ways that reduce common security risks over time....
Read definition →Cyber Resilience
Cyber resilience is the ability to prepare for, withstand, respond to, and recover from cyber incidents while keeping critical operations running....
Read definition →Cyber Risk Register
A cyber risk register is a structured record of identified cybersecurity risks, their status, owners, treatments, and business impact....
Read definition →Cyberattack
A cyberattack is a deliberate attempt to access, disrupt, damage, or misuse systems, networks, or digital information....
Read definition →Cybersecurity
Cybersecurity is the practice of protecting systems, networks, applications, and data from unauthorized access, disruption, and digital attacks....
Read definition →D
Data Breach
A data breach is an incident in which sensitive, confidential, or protected information is exposed, stolen, or accessed without authorization....
Read definition →Data Classification
Data classification is the practice of labeling information by sensitivity, value, or handling requirements so it can be protected appropriately....
Read definition →Data Controller
A data controller is the entity that decides why and how personal data will be processed....
Read definition →Data Deletion
Data deletion is the removal of information from a system according to policy, user request, or operational need....
Read definition →Data Destruction
Data destruction is the irreversible elimination of information so it cannot be reconstructed or recovered for meaningful use....
Read definition →Data Exfiltration
Data exfiltration is the unauthorized movement or theft of data from a system, application, cloud environment, or organization-controlled network....
Read definition →Data Governance
Data governance is the framework of policies, ownership, standards, and controls used to manage data quality, use, protection, and accountability....
Read definition →Data Labeling
Data labeling is the application of sensitivity or handling labels to information based on classification rules....
Read definition →Data Localization
Data localization is a requirement that certain data remain stored, processed, or managed within a defined national or regional boundary....
Read definition →Data Loss Prevention (DLP)
Data loss prevention (DLP) is a set of policies and technologies used to detect, monitor, and restrict sensitive data from leaving approved control....
Read definition →Data Masking
Data masking is the practice of obscuring sensitive data so it remains useful for a limited purpose without exposing the original values fully....
Read definition →Data Minimization
Data minimization is the practice of collecting, storing, sharing, and retaining only the data that is genuinely necessary for a defined purpose....
Read definition →Data Processor
A data processor is an entity that processes personal data on behalf of a controller rather than deciding the overall purpose itself....
Read definition →Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is a formal assessment of privacy and data-protection risk for planned personal-data processing, especially when the risk may be hig...
Read definition →Data Residency
Data residency is the requirement or preference that data be stored in a specific geographic location or region....
Read definition →Data Retention
Data retention is the practice of keeping information for defined periods based on business, legal, operational, and security needs....
Read definition →Data Security Posture Management (DSPM)
Data security posture management (DSPM) is the practice of identifying, classifying, and reducing the exposure of sensitive data across modern environments....
Read definition →Data Sovereignty
Data sovereignty is the principle that data is subject to the laws and governance of the jurisdiction in which it is stored or processed....
Read definition →Data Subject Request (DSR)
A Data Subject Request (DSR) is a request from an individual to exercise privacy rights related to their personal data....
Read definition →Data Subprocessor
A data subprocessor is a third party engaged by a processor to handle personal data as part of delivering the processor’s service....
Read definition →Data Tokenization
Data tokenization is the process of replacing a sensitive data value with a non-sensitive token that represents it without exposing the original value directly....
Read definition →Data-at-Rest Encryption
Data-at-rest encryption is the protection of stored data by encrypting it while it resides on disks, databases, backups, or other storage media....
Read definition →Data-in-Transit Encryption
Data-in-transit encryption protects information while it is being transmitted across networks or between systems....
Read definition →Deception Technology
Deception technology uses decoys, traps, and false assets to detect, slow, or mislead attackers inside an environment....
Read definition →Defense in Depth
Defense in depth is a layered security strategy that uses multiple controls so one failure does not expose the entire environment....
Read definition →Delegated Access
Delegated access is a model in which one user, application, or service is granted permission to act on behalf of another within defined limits....
Read definition →Delegated Administration
Delegated administration is the practice of assigning limited administrative authority to specific people or teams for defined systems, users, or tasks....
Read definition →Delegated Group Management
Delegated group management is the practice of allowing designated non-global administrators to manage membership in specific groups within a defined scope....
Read definition →Denial of Service
A denial-of-service (DoS) attack overwhelms or disrupts a system or service so legitimate users cannot access it normally....
Read definition →Deprecated Endpoint
A deprecated endpoint is an API route or interface that is still available but marked for retirement and no longer considered the preferred supported path....
Read definition →Deprovisioning
Deprovisioning is the process of removing or disabling identities, accounts, credentials, and access when they are no longer needed....
Read definition →Desktop Hardening
Desktop hardening is the strengthening of workstation security through configuration, policy, software restriction, and operational controls....
Read definition →Detection Coverage
Detection coverage is the extent to which a security program can identify relevant attacker behaviors, risks, and incident types across its environment....
Read definition →Detection Engineering
Detection engineering is the practice of designing, testing, tuning, and maintaining security detections so meaningful attacker behavior can be identified with high confidence...
Read definition →Detection Tuning
Detection tuning is the process of refining alerts, rules, thresholds, and logic so detections are more accurate, useful, and actionable....
Read definition →Deterministic Encryption
Deterministic encryption is an encryption approach where the same plaintext under the same key produces the same ciphertext every time....
Read definition →Device Attestation
Device attestation is the process of verifying security-related claims about a device, such as hardware state, integrity, or management posture....
Read definition →Device Certificate
A device certificate is a digital certificate issued to a specific device so it can prove identity and participate in trusted access or management flows....
Read definition →Device Challenge
A device challenge is an additional verification step used to confirm that a device or client context meets expected trust conditions before access continues....
Read definition →Device Code Flow
Device code flow is an OAuth pattern that lets devices with limited input capabilities obtain authorization through a separate trusted user device....
Read definition →Device Compliance
Device compliance is the state in which an endpoint meets an organization’s defined security, configuration, and management requirements....
Read definition →Device Control
Device control is the management of whether endpoints may use external hardware such as USB drives, phones, storage devices, or other peripherals....
Read definition →Device Posture
Device posture is the assessed security condition of a device based on factors such as configuration, compliance, health, and management state....
Read definition →Device Registration
Device registration is the process of enrolling a device with an identity or management system so it can be recognized and governed for access decisions....
Read definition →Device Trust
Device trust is the confidence that a device meets defined security and management requirements before it is allowed to access protected resources....
Read definition →Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange is a cryptographic method that allows two parties to establish a shared secret over an untrusted channel....
Read definition →Digital Forensics
Digital forensics is the practice of collecting, preserving, analyzing, and documenting digital evidence for investigation and response....
Read definition →Digital Signature
A digital signature is a cryptographic mechanism that proves a message or file came from the holder of a private key and was not altered afterward....
Read definition →Directory Service
A directory service is a system that stores and organizes identity information such as users, groups, devices, and related access attributes....
Read definition →Directory Synchronization
Directory synchronization is the process of keeping identity data such as users, groups, and attributes aligned between connected directory systems....
Read definition →Disaster Recovery
Disaster recovery is the process of restoring systems, applications, and data after serious disruption, failure, or destructive events....
Read definition →Discoverable Credential
A discoverable credential is an authenticator-stored credential that can be found and used without the user first typing an account identifier in the traditional way....
Read definition →Disk Encryption
Disk encryption is the encryption of an entire storage device or disk volume to protect data if the device is lost, stolen, or accessed offline....
Read definition →Distributed Denial-of-Service (DDoS)
A distributed denial-of-service (DDoS) attack overwhelms a target with traffic or requests from many systems at once to disrupt availability....
Read definition →DLL Hijacking
DLL hijacking is an attack technique where a program loads a malicious or unintended dynamic library instead of the legitimate one it expected....
Read definition →Domain Name System (DNS) Security
DNS security is the practice of protecting domain name resolution and related infrastructure from abuse, manipulation, and attack....
Read definition →Domain Validation (DV) Certificate
A Domain Validation (DV) certificate is a certificate issued after verifying control of a domain rather than a broader organizational identity....
Read definition →Dormant Account
A dormant account is an account that remains active but has not been used for a significant period of time....
Read definition →Drive-by Download
A drive-by download is the unwanted delivery or execution of malicious content when a user visits a site or interacts with web content....
Read definition →Driver Signing
Driver signing is the use of digital signatures to verify that system drivers come from a trusted source and have not been tampered with....
Read definition →Dual Control
Dual control is a security principle requiring two authorized people or two independent approvals for a sensitive action or access event....
Read definition →Dynamic Application Security Testing (DAST)
Dynamic application security testing (DAST) evaluates a running application by interacting with it from the outside to identify security weaknesses in behavior and responses....
Read definition →E
Eavesdropping
Eavesdropping is the unauthorized interception of communications between people, systems, or devices....
Read definition →Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is a family of asymmetric cryptographic techniques based on elliptic-curve mathematics....
Read definition →Elliptic Curve Diffie-Hellman (ECDH)
Elliptic Curve Diffie-Hellman (ECDH) is a key-exchange method that uses elliptic-curve cryptography to establish a shared secret....
Read definition →Elliptic Curve Digital Signature Algorithm (ECDSA)
Elliptic Curve Digital Signature Algorithm (ECDSA) is a digital-signature method built on elliptic-curve cryptography....
Read definition →Email OTP
Email OTP is an authentication method in which a one-time passcode is sent to the user’s email address for verification....
Read definition →Email Security
Email security is the set of controls, policies, and practices used to protect email accounts, messages, and users from abuse, fraud, and compromise....
Read definition →Encryption
Encryption is the process of converting readable data into protected ciphertext so only authorized parties can access it....
Read definition →Endpoint Detection and Response (EDR)
Endpoint detection and response (EDR) is a security capability that monitors endpoint activity and helps teams investigate and respond to threats....
Read definition →Endpoint Isolation
Endpoint isolation is the containment of a device by restricting its network communication so it cannot interact freely with other systems....
Read definition →Endpoint Security
Endpoint security is the practice of protecting laptops, desktops, servers, mobile devices, and other endpoints from compromise and misuse....
Read definition →Enterprise Browser Management
Enterprise browser management is the centralized administration of browser settings, extensions, updates, and security controls across an organization....
Read definition →Enterprise Mobility Management (EMM)
Enterprise Mobility Management (EMM) is a broader set of technologies and policies for securing mobile devices, applications, content, and access in enterprise environments....
Read definition →Entitlement Creep
Entitlement creep is the gradual accumulation of permissions over time as users change roles, projects, or responsibilities without losing old access....
Read definition →Entitlement Management
Entitlement management is the process of defining, granting, reviewing, and removing permissions so access stays aligned to real business need....
Read definition →Entropy Source
An entropy source is the underlying source of randomness used to generate cryptographic keys, nonces, tokens, and other security-sensitive values....
Read definition →Envelope Encryption
Envelope encryption is an encryption design in which data is encrypted with a data key, and that data key is then encrypted with a separate key-encryption key....
Read definition →Espionage
Cyber espionage is the covert theft of sensitive information or intellectual property for political, military, or commercial advantage....
Read definition →Evidence Preservation
Evidence preservation is the practice of protecting logs, files, system state, and other artifacts so they remain available and trustworthy for investigation....
Read definition →Exception Management
Exception management is the process of reviewing, approving, documenting, and tracking deviations from security policies, standards, or required controls....
Read definition →Exposure Management
Exposure management is the practice of identifying, understanding, prioritizing, and reducing the weaknesses and attack paths that create meaningful cyber risk....
Read definition →Exposure Window
An exposure window is the period during which a vulnerability, misconfiguration, stolen credential, or other weakness remains exploitable....
Read definition →Extended Detection and Response (XDR)
Extended detection and response (XDR) is a security approach that connects and analyzes telemetry across multiple control layers to detect and respond to threats more effectiv...
Read definition →Extended Key Usage (EKU)
Extended Key Usage (EKU) is a certificate extension that refines what specific applications or trust contexts a certificate is intended for....
Read definition →Extended Validation (EV) Certificate
An Extended Validation (EV) certificate is a certificate type issued under more rigorous identity validation requirements than standard DV or OV processes....
Read definition →External Identity
An external identity is an identity belonging to a person or entity outside the core workforce that is granted access to some organizational resource or service....
Read definition →F
Fallback Authentication
Fallback authentication is an alternate method used to verify identity when the primary authentication path is unavailable or fails....
Read definition →Federated Identity
Federated identity is an access model in which one trusted identity system can authenticate users for other connected applications or organizations....
Read definition →Federated Logout
Federated logout is the process of ending a user’s authenticated session across one or more connected systems in a federated identity environment....
Read definition →Federation
Federation is an identity and access model in which one trusted system authenticates users for access to another connected system....
Read definition →Federation Trust
Federation trust is the established relationship that allows one identity or service system to accept assertions or tokens from another trusted system....
Read definition →FIDO2
FIDO2 is a set of standards for strong authentication that supports phishing-resistant and passwordless login using public-key cryptography....
Read definition →File Integrity Monitoring (FIM)
File Integrity Monitoring (FIM) is the tracking of important files for unexpected or unauthorized changes....
Read definition →Fine-Grained Authorization
Fine-grained authorization is the enforcement of highly specific access decisions at the level of actions, fields, resources, or relationships....
Read definition →Firewall
A firewall is a security control that filters network traffic based on rules to allow safe communications and block suspicious activity....
Read definition →Firmware Security
Firmware security is the protection of low-level device code that initializes and controls hardware before or beneath the operating system....
Read definition →Forensic Imaging
Forensic imaging is the creation of an exact, verifiable copy of digital storage so evidence can be analyzed without altering the original source....
Read definition →Format-Preserving Encryption (FPE)
Format-Preserving Encryption (FPE) is an encryption technique that keeps the ciphertext in the same general format as the plaintext....
Read definition →Frame Ancestors Policy
Frame ancestors policy is a browser control that defines which sites are allowed to embed a page inside frames or iframes....
Read definition →Full Disk Encryption (FDE)
Full Disk Encryption (FDE) is the encryption of an entire disk or storage volume so its contents are protected if the device is lost or accessed offline....
Read definition →G
Geo-Velocity
Geo-velocity is the calculated speed implied by successive authentication events from different locations, used as a signal for suspicious activity....
Read definition →Golden Image
A golden image is a preapproved, standardized system image used as a trusted starting point for deploying new devices, servers, or workloads....
Read definition →Governance, Risk, and Compliance (GRC)
Governance, risk, and compliance (GRC) is the discipline of aligning policies, risk decisions, controls, and regulatory obligations across an organization....
Read definition →GraphQL Security
GraphQL security is the set of controls used to protect GraphQL APIs from unauthorized access, excessive queries, data exposure, and abuse....
Read definition →Guest Access Governance
Guest access governance is the control and oversight of external user access to an organization’s applications, data, or collaboration environments....
Read definition →H
Hardening Guide
A hardening guide is a documented set of recommended steps for configuring a system, application, or platform more securely....
Read definition →Hardware Root of Trust
A hardware root of trust is a root of trust implemented in dedicated hardware rather than relying only on general-purpose software....
Read definition →Hardware Security Module (HSM)
A Hardware Security Module (HSM) is a specialized hardware device designed to generate, store, and use cryptographic keys with strong tamper resistance and controlled access....
Read definition →Hash Function
A hash function is a one-way cryptographic process that turns input data into a fixed-size digest used for integrity and related security purposes....
Read definition →Homomorphic Encryption
Homomorphic encryption is a cryptographic approach that allows certain computations to be performed on encrypted data without first decrypting it....
Read definition →Honeypot
A honeypot is a decoy system, service, or resource designed to attract, detect, or study unauthorized access attempts....
Read definition →HOTP
HOTP is a counter-based one-time password method that generates verification codes from a shared secret and an incrementing counter....
Read definition →HttpOnly Cookie
An HttpOnly cookie is a browser cookie marked so that client-side scripts cannot read it directly....
Read definition →I
Identity Analytics
Identity analytics is the analysis of identity, entitlement, behavior, and lifecycle data to surface risk, anomalies, and governance issues....
Read definition →Identity and Access Management (IAM)
Identity and access management (IAM) is the set of policies, processes, and technologies used to control who can access systems, applications, and data....
Read definition →Identity Attack Surface
Identity attack surface is the collection of identity systems, accounts, credentials, permissions, and trust relationships that attackers can target or abuse....
Read definition →Identity Federation Metadata
Identity federation metadata is configuration information exchanged between identity systems so they can establish and maintain trust relationships....
Read definition →Identity Governance
Identity governance is the practice of overseeing how identities, roles, approvals, and access rights are assigned, reviewed, and managed across an organization....
Read definition →Identity Governance and Administration (IGA)
Identity governance and administration (IGA) is the discipline of managing identity lifecycle, access approvals, reviews, and policy enforcement across systems....
Read definition →Identity Hygiene
Identity hygiene is the ongoing practice of keeping identity systems, accounts, permissions, and authentication methods clean, current, and well controlled....
Read definition →Identity Inventory
Identity inventory is the maintained record of user accounts, service accounts, roles, groups, tokens, and identity systems across an environment....
Read definition →Identity Lifecycle Event
An identity lifecycle event is a meaningful change in a user or account’s status that should trigger provisioning, review, modification, or removal of access....
Read definition →Identity Lifecycle Management
Identity lifecycle management is the process of creating, updating, governing, and removing identities and access as users join, change roles, and leave an organization....
Read definition →Identity Proofing
Identity proofing is the process of verifying that a person or entity is truly who they claim to be before granting trusted access....
Read definition →Identity Provider (IdP)
An identity provider (IdP) is a system that authenticates users and provides identity assertions to applications and services....
Read definition →Identity Security Posture Management (ISPM)
Identity security posture management (ISPM) is the practice of assessing and improving the configuration, privilege, and exposure posture of identity systems and accounts....
Read definition →Identity Synchronization Drift
Identity synchronization drift is the divergence of user, group, or attribute data between connected identity systems over time....
Read definition →Identity Threat Detection and Response (ITDR)
Identity threat detection and response (ITDR) is a security approach focused on detecting, investigating, and responding to attacks against identities, authentication flows, a...
Read definition →Idle Timeout
Idle timeout is the automatic expiration of a session after a period of inactivity....
Read definition →Immutable Backup
An immutable backup is a backup copy that cannot be altered or deleted for a defined period, even by administrators under normal conditions....
Read definition →Impossible Travel
Impossible travel is a login anomaly in which a user appears to authenticate from distant locations within a time frame that is unrealistic for normal travel....
Read definition →Incident Commander
An incident commander is the person responsible for directing, coordinating, and prioritizing response activities during a security incident....
Read definition →Incident Response
Incident response is the structured process organizations use to detect, contain, investigate, and recover from cybersecurity incidents....
Read definition →Indicator of Attack (IoA)
An indicator of attack (IoA) is a sign of suspicious behavior that suggests an attacker may be actively attempting, staging, or carrying out malicious activity....
Read definition →Indicator of Compromise (IoC)
An indicator of compromise (IoC) is a piece of evidence that suggests a system, account, or environment may already have been involved in malicious activity....
Read definition →Infrastructure as Code Security
Infrastructure as code security is the practice of reviewing and protecting infrastructure definitions so insecure cloud or platform configurations are caught before deploymen...
Read definition →Initial Access Broker (IAB)
An initial access broker (IAB) is a cybercriminal actor who gains or obtains access to victim environments and then sells that access to other threat actors....
Read definition →Insider Threat
An insider threat is a security risk posed by someone with legitimate access to an organization's systems, data, or operations....
Read definition →Interactive Application Security Testing (IAST)
Interactive application security testing (IAST) uses instrumentation inside a running application to identify security weaknesses with deeper runtime context....
Read definition →Intermediate Certificate
An intermediate certificate is a certificate authority certificate that sits between a root and end-entity certificates in a trust chain....
Read definition →Intrusion Detection System (IDS)
An intrusion detection system (IDS) is a security capability that monitors activity for signs of malicious behavior or policy violations....
Read definition →Intrusion Prevention System (IPS)
An intrusion prevention system (IPS) is a security control that detects and actively blocks malicious traffic or exploit behavior....
Read definition →ISO 27001
ISO 27001 is an international standard for establishing, maintaining, and improving an information security management system (ISMS)....
Read definition →Isolation Strategy
An isolation strategy is a planned approach for separating affected systems, identities, or services to contain malicious activity and reduce spread....
Read definition →Issuing CA
An issuing CA is the certificate authority that directly signs and issues end-entity certificates to users, devices, or services....
Read definition →J
Jailbreak Detection
Jailbreak detection is the identification of iOS or similar mobile devices whose platform restrictions have been bypassed....
Read definition →Joiner Mover Leaver (JML)
Joiner mover leaver (JML) is the process for managing access when people join, change roles, or leave an organization....
Read definition →Just Enough Administration (JEA)
Just Enough Administration (JEA) is an administrative model that gives operators only the specific privileged capabilities needed for a task and nothing more....
Read definition →Just-in-Time Access (JIT)
Just-in-time access (JIT) is a security approach that grants elevated or sensitive access only when needed and only for a limited period....
Read definition →Just-in-Time Provisioning (JIT Provisioning)
Just-in-time provisioning is the creation or update of an account at the moment a user signs in rather than through prior manual setup....
Read definition →JWKS
JWKS, or JSON Web Key Set, is a standardized format for publishing the public keys that services use to verify signed tokens....
Read definition →JWT Validation
JWT validation is the process of verifying the integrity, issuer, audience, lifetime, and claims of a JSON Web Token before trusting it....
Read definition →K
Kernel-Level Security
Kernel-level security is the protection of the operating system core and the highly privileged code that controls system behavior and resources....
Read definition →Key Ceremony
A key ceremony is a formal, controlled procedure for generating, activating, splitting, rotating, or retiring high-value cryptographic keys....
Read definition →Key Compromise
Key compromise is the exposure, theft, misuse, or unauthorized control of a cryptographic key that should have remained trusted and secret....
Read definition →Key Custodian
A key custodian is a person or role entrusted with part of the governance, access, or oversight for sensitive cryptographic keys....
Read definition →Key Derivation Function (KDF)
A Key Derivation Function (KDF) is a cryptographic process used to derive one or more secure keys from a source value such as a password or master key....
Read definition →Key Destruction
Key destruction is the permanent elimination of cryptographic key material so it can no longer be used to decrypt, sign, or authenticate....
Read definition →Key Escrow
Key escrow is the practice of storing a recoverable copy or recovery path for cryptographic keys with a designated trusted authority or system....
Read definition →Key Escrow Agent
A key escrow agent is the role or system responsible for holding or controlling recovery access to escrowed cryptographic keys....
Read definition →Key Injection
Key injection is the process of securely provisioning cryptographic keys into a device, system, or module....
Read definition →Key Loading
Key loading is the act of placing cryptographic keys into a device, application, module, or operational environment for use....
Read definition →Key Management
Key management is the creation, storage, distribution, use, rotation, and retirement of cryptographic keys throughout their lifecycle....
Read definition →Key Recovery
Key recovery is the process of regaining access to cryptographic keys or the protected data they control after loss, corruption, or administrative need....
Read definition →Key Rotation
Key rotation is the replacement of an active cryptographic key with a new key on a planned schedule or in response to risk....
Read definition →Key Usage
Key usage is a certificate attribute that defines which cryptographic purposes a key is intended or permitted to support....
Read definition →Key Wrapping
Key wrapping is the process of encrypting one cryptographic key with another key so it can be stored or transported more safely....
Read definition →Keystore
A keystore is a protected storage location or container used to hold cryptographic keys, certificates, and related trust material....
Read definition →Kill Chain Analysis
Kill chain analysis is the process of examining an attack through sequential stages to understand how the adversary gained access, moved, and achieved objectives....
Read definition →Kubernetes Security
Kubernetes security is the practice of protecting clusters, control planes, workloads, identities, and configurations in Kubernetes environments....
Read definition →L
Lateral Movement
Lateral movement is the process attackers use to move from one compromised system, account, or segment to other parts of an environment....
Read definition →Lateral Movement Detection
Lateral movement detection is the practice of identifying attacker behavior that spreads from one account, host, or system to other internal targets....
Read definition →Lawful Basis
Lawful basis is the legal justification an organization relies on to process personal data under applicable privacy law....
Read definition →Least Functionality
Least functionality is the security principle of enabling only the features, services, ports, software, and capabilities that are actually needed....
Read definition →Least Privilege
Least privilege is the security principle of giving users, systems, and processes only the minimum access needed to perform their functions....
Read definition →Least Privilege Access
Least privilege access is the practice of giving users, applications, and systems only the permissions they need to perform approved tasks and nothing more....
Read definition →Legacy Authentication
Legacy authentication refers to older sign-in methods or protocols that do not support modern security controls such as MFA and conditional access well....
Read definition →Living off the Land (LotL)
Living off the land (LotL) refers to attacker behavior that uses legitimate built-in tools, trusted utilities, or native system features to carry out malicious actions....
Read definition →Load Balancer
A load balancer is a system that distributes traffic across multiple servers or services to improve performance, resilience, and availability....
Read definition →Local Storage Security
Local storage security is the protection of data stored in browser local storage, especially when that data affects authentication or sensitive application state....
Read definition →Log Management
Log management is the process of collecting, storing, organizing, and using system and application logs for security, operations, and investigation....
Read definition →Login Anomaly Detection
Login anomaly detection is the identification of unusual authentication behavior that may indicate compromise, fraud, or misuse....
Read definition →Login Reputation
Login reputation is the accumulated trust or suspicion associated with a login source, pattern, device, IP, or identity behavior over time....
Read definition →M
Machine Certificate
A machine certificate is a digital certificate assigned to a device, server, or workload so that system can authenticate itself cryptographically....
Read definition →Magic Link Authentication
Magic link authentication is a sign-in method in which a user receives a one-time login link, usually by email, instead of entering a password....
Read definition →Mailbox Delegation
Mailbox delegation is the granting of controlled access for one user or service to read, manage, or send from another mailbox under defined permissions....
Read definition →Malicious Browser Extension
A malicious browser extension is a browser add-on designed or compromised to steal data, inject content, monitor activity, or abuse browser privileges....
Read definition →Malvertising
Malvertising is the use of malicious online advertising to deliver scams, malware, redirects, or exploit content to users....
Read definition →Malware
Malware is malicious software designed to damage systems, steal information, spy on users, or enable unauthorized access....
Read definition →Malware Triage
Malware triage is the rapid initial assessment of a suspicious file or sample to determine likely risk, priority, and next investigative steps....
Read definition →Man-in-the-middle Attack
A man-in-the-middle (MITM) attack intercepts or manipulates communications between two parties without their knowledge....
Read definition →Managed Detection and Response (MDR)
Managed detection and response (MDR) is a security service that provides outsourced monitoring, detection, investigation, and response support....
Read definition →Managed Device
A managed device is an endpoint that is enrolled, configured, and monitored under an organization’s security and administration controls....
Read definition →Mean Time to Detect (MTTD)
Mean time to detect (MTTD) is the average time it takes an organization to discover that a security incident or suspicious event has occurred....
Read definition →Mean Time to Respond (MTTR)
Mean time to respond (MTTR) is the average time it takes an organization to act on, contain, remediate, or resolve a detected incident....
Read definition →Measured Boot
Measured Boot is a startup security process that records measurements of boot components so the system can later prove what loaded during startup....
Read definition →Message Authentication Code (MAC)
A Message Authentication Code (MAC) is a cryptographic value used to verify the integrity and authenticity of a message using a shared secret....
Read definition →MFA Fatigue
MFA fatigue is an attack tactic that overwhelms a user with repeated authentication prompts in the hope they will eventually approve one....
Read definition →Microsegmentation
Microsegmentation is a security approach that divides environments into smaller trust zones to limit lateral movement and reduce blast radius....
Read definition →Mobile Application Management (MAM)
Mobile Application Management (MAM) is the control of enterprise mobile apps and app data without necessarily requiring full device management....
Read definition →Mobile Device Management (MDM)
Mobile device management (MDM) is the practice of controlling, securing, and administering mobile devices used for business access and data....
Read definition →Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is a security control that requires two or more forms of verification before access is granted....
Read definition →Mutual TLS (mTLS)
Mutual TLS (mTLS) is a communication model in which both the client and the server authenticate each other using certificates....
Read definition →N
Name Constraints
Name constraints are certificate constraints that limit what subject names or identity namespaces a subordinate CA may issue certificates for....
Read definition →Network Access Control (NAC)
Network access control (NAC) is the practice of controlling which users and devices can connect to a network and under what conditions....
Read definition →Network Security
Network security is the collection of controls and practices used to protect networks and data in transit from unauthorized access or disruption....
Read definition →NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework (CSF) is a widely used framework that helps organizations organize, assess, and improve cybersecurity risk management....
Read definition →Non-Human Identity
A non-human identity is an identity used by applications, services, scripts, devices, or workloads rather than by a human user....
Read definition →Nonce
A nonce is a value intended to be used only once in a cryptographic or security-sensitive context....
Read definition →Number Matching
Number matching is an MFA mechanism that requires the user to enter or select a displayed number to confirm they initiated the login request....
Read definition →O
OAuth 2.0
OAuth 2.0 is a framework for delegated authorization that allows an application to access resources on behalf of a user or client without sharing the user’s password directl...
Read definition →OAuth Consent Phishing
OAuth consent phishing is an attack in which a user is tricked into granting a malicious or deceptive application access to data or account capabilities through an authorizati...
Read definition →OAuth Scope
An OAuth scope is a defined permission boundary that limits what actions or resources a delegated token or client may access....
Read definition →OCSP Stapling
OCSP stapling is a method where a server provides recent certificate status information during the TLS handshake instead of making the client fetch it separately....
Read definition →Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP) is a method for checking whether a certificate is still valid or has been revoked....
Read definition →OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer built on OAuth 2.0 that enables applications to verify a user’s identity and obtain basic profile information....
Read definition →Organization Validation (OV) Certificate
An Organization Validation (OV) certificate is a certificate issued after validating both domain control and certain organization identity details....
Read definition →Origin Validation
Origin validation is the process of checking whether a web request came from an expected origin before allowing a sensitive action....
Read definition →Orphaned Account
An orphaned account is an account that remains active without a clear owner, steward, or valid business purpose....
Read definition →Out-of-Band Authentication
Out-of-band authentication is the verification of identity through a channel separate from the primary login or transaction channel....
Read definition →P
Passkey
A passkey is a modern authentication credential that uses public-key cryptography to let users sign in without relying on a traditional password....
Read definition →Password Blacklist
A password blacklist is a set of passwords that users are not allowed to choose because they are too common, too weak, or already known to attackers....
Read definition →Password Manager
A password manager is a tool that stores, generates, and helps manage passwords and other secrets more securely than manual reuse or memory alone....
Read definition →Password Policy
A password policy is a set of rules and standards that define how passwords should be created, used, protected, and changed within an organization....
Read definition →Password Reset Workflow
A password reset workflow is the defined process used to verify a user and allow them to set a new password safely after losing or changing their credential....
Read definition →Password Spraying
Password spraying is an attack in which a small number of common passwords are tried across many accounts to avoid lockouts and find weak credentials....
Read definition →Passwordless Authentication
Passwordless authentication is an access approach that verifies users without requiring a traditional reusable password as the primary login factor....
Read definition →Patch Management
Patch management is the process of testing, deploying, and tracking software and system updates to reduce security and stability risk....
Read definition →Path Length Constraint
Path length constraint is a certificate rule that limits how many subordinate CA levels may appear beneath a CA in a certificate chain....
Read definition →Penetration Testing
Penetration testing is an authorized security assessment that simulates real attack techniques to identify exploitable weaknesses....
Read definition →Perfect Forward Secrecy (PFS)
Perfect Forward Secrecy (PFS) is a property of secure communications where compromise of a long-term key does not automatically expose past session traffic....
Read definition →Persistent Cookie
A persistent cookie is a browser cookie designed to remain stored beyond a single browser session until it expires or is removed....
Read definition →Phishing
Phishing is a social engineering attack that tricks users into revealing credentials, financial information, or other sensitive data....
Read definition →Phishing-Resistant MFA
Phishing-resistant MFA is multi-factor authentication designed to resist credential phishing, replay, and real-time man-in-the-middle attacks....
Read definition →PKCE
PKCE is an OAuth security extension that protects authorization code flows from interception by binding the code exchange to the original client....
Read definition →Platform Authenticator
A platform authenticator is an authenticator built into a device or operating system rather than carried as a separate external token....
Read definition →Policy as Code
Policy as code is the practice of expressing governance and security rules in machine-readable form so they can be tested and enforced automatically....
Read definition →Policy Decision Point (PDP)
A Policy Decision Point (PDP) is the component that evaluates authorization policies and returns a decision about whether an action should be allowed....
Read definition →Policy Enforcement Point (PEP)
A Policy Enforcement Point (PEP) is the component that intercepts a request and applies the authorization decision returned by policy logic....
Read definition →Post-Exploitation
Post-exploitation refers to the actions an attacker takes after gaining initial access in order to expand control, gather data, persist, or achieve their objective....
Read definition →Post-Incident Review
A post-incident review is a structured review conducted after an incident to understand what happened, what failed, and what should improve next....
Read definition →Post-Quantum Cryptography
Post-quantum cryptography is the field of cryptographic algorithms designed to remain secure against both classical and practical quantum attacks....
Read definition →Privacy by Design
Privacy by Design is the practice of building privacy considerations into products, systems, and processes from the start rather than as a late add-on....
Read definition →Privacy Impact Assessment (PIA)
A privacy impact assessment (PIA) is a process for evaluating how a project, system, or data use may affect personal information and privacy risk....
Read definition →Private Key Protection
Private key protection is the safeguarding of cryptographic private keys against theft, misuse, unauthorized export, or accidental exposure....
Read definition →Privilege Escalation
Privilege escalation is the act of gaining higher levels of access or authority than a user or process was originally intended to have....
Read definition →Privileged Access Management (PAM)
Privileged access management (PAM) is the practice of controlling, monitoring, and securing elevated accounts and administrative access....
Read definition →Privileged Access Review
A privileged access review is a focused review of elevated permissions, admin roles, and sensitive accounts to confirm they remain necessary and appropriate....
Read definition →Privileged Identity Management (PIM)
Privileged identity management (PIM) is the practice of controlling, reviewing, and limiting elevated identity roles so privileged access is granted more safely....
Read definition →Privileged Session Management
Privileged session management is the control and monitoring of high-risk administrative sessions to reduce misuse and improve accountability....
Read definition →Privileged Task Automation
Privileged task automation is the use of controlled scripts, workflows, or platforms to perform sensitive administrative actions without broad manual standing access....
Read definition →Process Injection
Process injection is the technique of placing or executing code inside another running process....
Read definition →Prompt Bombing
Prompt bombing is an attack in which repeated MFA push requests are sent to a user in hopes they will eventually approve one out of fatigue or confusion....
Read definition →Proof of Possession (PoP) Token
A proof of possession (PoP) token is an access token that requires the holder to demonstrate possession of associated cryptographic material before it can be used....
Read definition →Proxy Server
A proxy server is an intermediary system that receives requests and forwards them on behalf of a client or service....
Read definition →Pseudonymization
Pseudonymization is the replacement of direct identifiers with alternate values so data is less directly attributable to a person without additional information....
Read definition →Public Client
A public client is an OAuth or OIDC client that cannot securely keep long-term client credentials confidential....
Read definition →Public Key Infrastructure (PKI)
Public key infrastructure (PKI) is the framework of certificates, trust relationships, and cryptographic processes used to support secure digital identity and encryption....
Read definition →Public Key Pinning
Public key pinning is the practice of restricting trust to one or more expected public keys rather than trusting any key that chains to a broadly accepted issuer....
Read definition →Purple Team Exercise
A purple team exercise is a collaborative security assessment where offensive and defensive teams work together to test and improve detection and response....
Read definition →Purple Teaming
Purple teaming is a collaborative security practice in which offensive and defensive teams work together to test, observe, and improve detection and response....
Read definition →Purpose Limitation
Purpose limitation is the principle that personal or sensitive data should be used only for specific, legitimate, and clearly defined purposes....
Read definition →Push MFA
Push MFA is a multi-factor authentication method in which a user approves or denies a login request through a push notification on another device....
Read definition →Q
Quantum-Resistant Cryptography
Quantum-resistant cryptography refers to cryptographic methods designed to remain secure even against adversaries with sufficiently capable quantum computers....
Read definition →R
Ransomware
Ransomware is a form of malware that encrypts or blocks access to systems and data until a victim pays for recovery....
Read definition →Ransomware-as-a-Service (RaaS)
Ransomware-as-a-service (RaaS) is a criminal business model in which ransomware operators provide malware, infrastructure, or support to affiliates who carry out attacks....
Read definition →Rate Limiting
Rate limiting is the practice of restricting how frequently a user, client, or system can make requests within a given period....
Read definition →Re-Identification Risk
Re-identification risk is the possibility that data believed to be de-identified can be linked back to a specific individual....
Read definition →Real-Time Revocation
Real-time revocation is the ability to invalidate tokens, sessions, or access rights immediately or near-immediately when trust changes....
Read definition →Reauthentication
Reauthentication is the requirement for a user to verify identity again after an earlier login, usually before a sensitive action or after risk changes....
Read definition →Recovery Point Objective (RPO)
Recovery point objective (RPO) is the maximum amount of data loss an organization can tolerate between the last good recovery point and a disruption....
Read definition →Recovery Time Objective (RTO)
Recovery time objective (RTO) is the target amount of time an organization can tolerate a system, service, or process being unavailable after a disruption....
Read definition →Redirect URI Validation
Redirect URI validation is the process of ensuring an OAuth or OIDC authorization response is sent only to an approved and expected redirect destination....
Read definition →Referrer Policy
Referrer policy is a browser control that determines how much referring URL information is sent along with navigation or resource requests....
Read definition →Refresh Token
A refresh token is a credential used to obtain new access tokens without requiring the user or application to authenticate again each time....
Read definition →Refresh Token Rotation
Refresh token rotation is the practice of issuing a new refresh token each time one is used and invalidating the previous token to reduce replay risk....
Read definition →Registration Authority (RA)
A Registration Authority (RA) is a PKI role that handles identity verification or enrollment approval before certificates are issued....
Read definition →Relationship-Based Access Control (ReBAC)
Relationship-Based Access Control (ReBAC) is an authorization model that grants or denies access based on the relationships between users, resources, and organizations....
Read definition →Remembered Device
A remembered device is a device or browser context the system recognizes from prior successful use and may treat with lower-friction access controls....
Read definition →Remote Access
Remote access is the ability to connect to systems, applications, or networks from outside the normal local environment....
Read definition →Remote Attestation
Remote attestation is the process of proving device or platform state to another system using integrity evidence rather than mere self-assertion....
Read definition →Remote Browser Isolation (RBI)
Remote browser isolation (RBI) is a security approach that executes web browsing activity in a separate remote environment instead of directly on the user’s device....
Read definition →Remote Wipe
Remote wipe is the ability to erase some or all data from a device through a centralized management or response action....
Read definition →Removable Media Control
Removable media control is the restriction or governance of portable storage such as USB drives, memory cards, and external disks....
Read definition →Resource Server
A resource server is the API or service that hosts protected data or functions and enforces access based on presented tokens or credentials....
Read definition →Restore Testing
Restore testing is the process of verifying that backup data can actually be recovered successfully into usable systems, files, or services....
Read definition →Revocation Checking
Revocation checking is the process of determining whether a certificate that appears valid by date has been explicitly marked untrusted before expiration....
Read definition →Revocation Reason
A revocation reason is the stated cause recorded when a certificate is revoked before its natural expiration....
Read definition →Right to Be Forgotten
The Right to Be Forgotten is a privacy right under certain legal frameworks that allows individuals to request deletion of personal data under defined conditions....
Read definition →Risk Acceptance
Risk acceptance is the deliberate decision to tolerate a known security risk instead of fully remediating, transferring, or avoiding it....
Read definition →Risk Assessment
A risk assessment is the process of identifying threats, vulnerabilities, likelihood, and business impact to prioritize security decisions....
Read definition →Risk Engine
A risk engine is a system that evaluates signals and calculates risk levels to influence authentication, authorization, or fraud decisions....
Read definition →Risk-Based Authentication
Risk-based authentication is an adaptive login approach that changes authentication requirements based on the assessed risk of a sign-in attempt....
Read definition →Risk-Based Challenge
A risk-based challenge is an additional verification prompt triggered when a login, session, or action appears riskier than normal....
Read definition →Roaming Authenticator
A roaming authenticator is an external authentication device that can be used across multiple systems rather than being built into a single platform....
Read definition →Role Explosion
Role explosion is the excessive growth of roles in an access control system, making the role model difficult to manage, review, and govern....
Read definition →Role Mining
Role mining is the analysis of existing access patterns to identify useful role structures and reduce ad hoc permission complexity....
Read definition →Role-Based Access Control (RBAC)
Role-based access control (RBAC) is an access model that assigns permissions according to job roles or functional responsibilities....
Read definition →Root Cause Analysis
Root cause analysis is the process of identifying the underlying technical, human, or process failures that allowed an incident or security issue to occur....
Read definition →Root Certificate
A root certificate is a top-level trusted certificate that serves as a trust anchor for certificate chains....
Read definition →Root Detection
Root detection is the identification of devices whose operating-system protections have been bypassed to grant elevated or unrestricted control....
Read definition →Root of Trust
A root of trust is the foundational trusted component or assumption that other security decisions and verification chains depend on....
Read definition →RSA Encryption
RSA encryption is an asymmetric cryptographic system based on a public key and a private key....
Read definition →Runtime Application Self-Protection (RASP)
Runtime application self-protection (RASP) is a security approach in which an application or embedded component monitors and helps block malicious activity during execution....
Read definition →Runtime Integrity
Runtime integrity is the assurance that code and process behavior remain trustworthy during execution rather than only at startup or install time....
Read definition →S
SaaS Security Posture Management (SSPM)
SaaS security posture management (SSPM) is the practice of monitoring and improving the security configuration, access posture, and risk settings of SaaS applications....
Read definition →Salted Password Hash
A salted password hash is a stored password verifier created by combining a password with a unique salt before hashing it....
Read definition →SameSite Cookie
A SameSite cookie is a browser cookie configured with rules that control whether it is sent with cross-site requests....
Read definition →SAML
SAML is a federation standard used to exchange authentication and authorization information between identity providers and service providers....
Read definition →SAML Assertion
A SAML assertion is a signed statement from an identity provider that tells a service provider information about an authenticated user....
Read definition →Sandbox Analysis
Sandbox analysis is the examination of suspicious files, links, or code inside an isolated environment to observe behavior without risking production systems....
Read definition →SCIM Provisioning
SCIM provisioning is the automated creation, update, and removal of identities and groups between connected systems using the SCIM standard....
Read definition →Scoped Token
A scoped token is an access token that grants only a defined subset of permissions or resource access rather than broad unrestricted use....
Read definition →Searchable Encryption
Searchable encryption is a set of techniques that allow certain search or query operations on encrypted data without fully decrypting everything first....
Read definition →Secret Management
Secret management is the practice of securely storing, distributing, rotating, and governing sensitive values such as passwords, API keys, tokens, and certificates....
Read definition →Secret Scanning
Secret scanning is the process of searching code, repositories, logs, files, and workflows for exposed passwords, API keys, tokens, and other sensitive credentials....
Read definition →Secret Sharing
Secret sharing is a method of dividing a secret into multiple pieces so no single piece is sufficient by itself to reconstruct the full secret....
Read definition →Secret Zero
Secret zero is the initial credential or trust mechanism needed to obtain other secrets securely in a system or automation workflow....
Read definition →Secrets Management
Secrets management is the practice of securely storing, controlling, rotating, and using sensitive credentials such as API keys, tokens, and passwords....
Read definition →Secrets Sprawl
Secrets sprawl is the uncontrolled spread of passwords, API keys, tokens, certificates, and other sensitive credentials across systems, code, documents, and user workflows....
Read definition →Secure Access Service Edge (SASE)
Secure Access Service Edge (SASE) is a cloud-delivered model that combines networking and security services for distributed users, devices, and locations....
Read definition →Secure Boot
Secure Boot is a startup security mechanism that verifies whether boot components are signed and trusted before they are allowed to run....
Read definition →Secure Browser Configuration
Secure browser configuration is the hardening of browser settings, policies, and behaviors to reduce security risk during web use....
Read definition →Secure by Default
Secure by default means products, platforms, and systems should ship with baseline settings that reduce risk without requiring users to discover and enable protection on their...
Read definition →Secure by Design
Secure by design is the principle of building products, systems, and architectures so security is part of the design from the start rather than bolted on later....
Read definition →Secure Cookie
A Secure cookie is a browser cookie marked so it should be sent only over encrypted HTTPS connections....
Read definition →Secure Element
A secure element is a dedicated hardware component designed to store sensitive material and perform trusted operations in a highly isolated environment....
Read definition →Secure Enclave
A secure enclave is an isolated hardware-backed environment used to protect sensitive operations and data such as cryptographic keys or biometric verification material....
Read definition →Secure Key Storage
Secure key storage is the protection of cryptographic keys in a way that reduces unauthorized access, export, theft, or misuse....
Read definition →Secure Multiparty Computation (SMC)
Secure Multiparty Computation (SMC) is a set of techniques that let multiple parties compute a result together without revealing their full private inputs to each other....
Read definition →Secure Software Development Lifecycle (SSDLC)
A secure software development lifecycle (SSDLC) is a development approach that builds security activities into planning, design, coding, testing, release, and maintenance....
Read definition →Secure Web Gateway (SWG)
A secure web gateway (SWG) is a security control that monitors and filters web traffic to enforce policy and reduce access to malicious or risky web content....
Read definition →Security Awareness Training
Security awareness training is the process of teaching users how to recognize threats, follow security practices, and avoid risky behavior....
Read definition →Security Baseline
A security baseline is a defined set of minimum security settings and controls that systems, devices, or applications are expected to meet....
Read definition →Security Champion
A security champion is a team member embedded in a business, engineering, or operations function who helps promote and reinforce security practices locally....
Read definition →Security Data Lake
A security data lake is a centralized repository used to store large volumes of raw and processed security telemetry for analysis, investigation, and detection....
Read definition →Security Debt
Security debt is the accumulated future risk and remediation burden created by postponed security work, weak design choices, or repeated short-term tradeoffs....
Read definition →Security Information and Event Management (SIEM)
Security information and event management (SIEM) is a platform approach that collects, correlates, and analyzes security logs and events from multiple sources....
Read definition →Security Key
A security key is a hardware authentication device used to prove identity through cryptographic operations rather than reusable shared secrets....
Read definition →Security Misconfiguration
Security misconfiguration is a weakness created when systems, applications, cloud services, or security controls are set up in an unsafe or incomplete way....
Read definition →Security Operations Center (SOC)
A security operations center (SOC) is the team and operating function responsible for monitoring, detecting, investigating, and responding to security events....
Read definition →Security Orchestration
Security orchestration is the coordination of security tools, data, and workflows so tasks and responses can be executed more consistently across systems....
Read definition →Security Orchestration, Automation, and Response (SOAR)
Security orchestration, automation, and response (SOAR) is a technology and workflow approach for coordinating security tools and automating response tasks....
Read definition →Security Validation
Security validation is the practice of testing whether security controls actually work as intended against relevant threats and scenarios....
Read definition →Self-Defending Application
A self-defending application is software that includes built-in logic to detect, resist, or respond to abuse, tampering, or unsafe runtime conditions....
Read definition →Self-Signed Certificate
A self-signed certificate is a certificate signed by the same entity whose identity it represents rather than by an external certificate authority....
Read definition →Separation of Administration
Separation of administration is the practice of dividing administrative authority across different roles or teams so no single actor controls every sensitive function....
Read definition →Service Account
A service account is a non-human account used by applications, services, scripts, or automated processes to authenticate and perform tasks....
Read definition →Service Certificate
A service certificate is a certificate used by an application, API, or service to prove identity and support encrypted trusted communication....
Read definition →Service Mesh Security
Service mesh security is the set of controls used to secure communication, identity, policy, and observability between services in a microservices environment....
Read definition →Service Provider (SP)
A service provider (SP) is the application or service that relies on an external identity provider to authenticate users in a federated login flow....
Read definition →Session Binding
Session binding is the practice of tying an authenticated session to expected attributes such as device, browser, network, or cryptographic context....
Read definition →Session Continuity
Session continuity is the ability for an authenticated user or client to remain signed in and continue interacting without repeated full login prompts....
Read definition →Session Cookie
A session cookie is a browser cookie used to maintain a user’s authenticated or active session state with a web application....
Read definition →Session Fixation
Session fixation is an attack in which an attacker forces or predicts a session identifier and then waits for the victim to authenticate under that same session....
Read definition →Session Hijacking
Session hijacking is the abuse of a valid user session so an attacker can act as the user without needing the original password....
Read definition →Session Impersonation
Session impersonation is the ability for an administrator or support workflow to assume or simulate a user session for troubleshooting or operational purposes....
Read definition →Session Management
Session management is the set of controls used to create, maintain, protect, and end authenticated user sessions in applications and services....
Read definition →Session Regeneration
Session regeneration is the replacement of a session identifier with a new one after authentication or other important session-state changes....
Read definition →Session Revocation
Session revocation is the process of invalidating active authentication sessions or tokens so they can no longer be used for access....
Read definition →Session Risk Scoring
Session risk scoring is the process of evaluating an active authenticated session for suspicious signals that may justify additional controls or termination....
Read definition →Shadow API
A shadow API is an undocumented, unmanaged, forgotten, or poorly governed application interface that exists outside normal security visibility and control....
Read definition →Shadow Identity
Shadow identity is an unmanaged or poorly governed account, identity, or access path that exists outside normal security visibility and control....
Read definition →Shamir’s Secret Sharing
Shamir's Secret Sharing is a cryptographic secret-sharing method that divides a secret into multiple shares so only a required threshold of shares can reconstruct it....
Read definition →Shared Mailbox Security
Shared mailbox security is the set of controls used to protect collaborative mailboxes that multiple users or teams can access....
Read definition →Short-Lived Certificate
A short-lived certificate is a certificate with a deliberately brief validity period to reduce exposure from stale or compromised trust material....
Read definition →Signed Update
A signed update is a software or firmware update that includes a digital signature so the recipient can verify authenticity and integrity before installing it....
Read definition →Single Sign-On (SSO)
Single sign-on (SSO) is an authentication approach that lets users access multiple applications with one primary login session....
Read definition →Single-Factor Authentication
Single-factor authentication is a login method that relies on only one category of proof, such as a password, to verify identity....
Read definition →SMS OTP
SMS OTP is an authentication factor in which a one-time passcode is sent to the user by text message for verification....
Read definition →SOC 2
SOC 2 is an attestation framework used to evaluate controls relevant to security, availability, processing integrity, confidentiality, and privacy....
Read definition →Social Engineering
Social engineering is the use of deception and manipulation to trick people into revealing information or taking unsafe actions....
Read definition →Software Bill of Materials (SBOM)
A software bill of materials (SBOM) is a structured inventory of the components, libraries, and dependencies that make up a software product or application....
Read definition →Software Composition Analysis (SCA)
Software composition analysis (SCA) is the process of identifying and evaluating third-party libraries, packages, and open-source components used in software....
Read definition →Spam
Spam is unsolicited bulk messaging often used for advertising, fraud, phishing, and large-scale malicious delivery....
Read definition →Split Knowledge
Split knowledge is a security principle where no single person knows or controls the full value of a sensitive secret or credential....
Read definition →Spyware
Spyware is malware that secretly monitors users, gathers sensitive information, or tracks behavior without consent....
Read definition →SQL Injection
SQL injection is a web attack that manipulates database queries through unsafe input handling in an application....
Read definition →Static Application Security Testing (SAST)
Static application security testing (SAST) analyzes source code, bytecode, or compiled artifacts to find potential security weaknesses without running the application....
Read definition →Step-Down Access
Step-down access is the reduction of privileges or session capability after a sensitive action, elevated state, or high-trust condition is no longer justified....
Read definition →Step-Up Authentication
Step-up authentication is the requirement for stronger or additional verification when a login or action is considered higher risk....
Read definition →Stream Cipher
A stream cipher is a symmetric encryption method that encrypts data as a continuous stream rather than in fixed-size blocks....
Read definition →Subject Alternative Name (SAN)
Subject Alternative Name (SAN) is a certificate field that lists additional identities a certificate is valid for, such as hostnames or other names....
Read definition →Subject Key Identifier (SKI)
Subject Key Identifier (SKI) is a certificate extension used to identify the public key associated with that certificate....
Read definition →Subordinate CA
A subordinate CA is a certificate authority that derives its trust from a higher certificate authority rather than acting as the ultimate root....
Read definition →Subresource Integrity (SRI)
Subresource Integrity (SRI) is a browser feature that lets a page verify that a fetched script or resource matches an expected cryptographic hash....
Read definition →Supply Chain Attack
A supply chain attack is a cyberattack that compromises a target through a trusted vendor, software dependency, or outside service relationship....
Read definition →Supply Chain Integrity
Supply chain integrity is the assurance that software, hardware, firmware, or other delivered components have not been tampered with or substituted improperly....
Read definition →Symmetric Encryption
Symmetric encryption is a cryptographic method that uses the same secret key to encrypt and decrypt data....
Read definition →Syncable Authenticator
A syncable authenticator is an authenticator model in which credentials can be securely synchronized across a user’s devices rather than remaining bound to only one device....
Read definition →T
Tabletop Exercise
A tabletop exercise is a structured discussion-based simulation used to test how people, teams, and leaders would respond to a cybersecurity incident or crisis....
Read definition →Tamper Protection
Tamper protection is a security control that helps prevent unauthorized users or malware from disabling, modifying, or weakening security protections....
Read definition →Tamper-Evident Logging
Tamper-evident logging is a logging approach designed to reveal whether audit records have been altered, removed, or manipulated after creation....
Read definition →Tenant Isolation
Tenant isolation is the separation of customer data, permissions, and operations so one tenant cannot access or affect another tenant’s environment....
Read definition →Thin Client Security
Thin client security is the protection of lightweight endpoint devices that depend heavily on remote-hosted applications or desktops....
Read definition →Third-Party Due Diligence
Third-party due diligence is the process of reviewing external vendors, partners, or providers before and during a relationship to understand risk and trustworthiness....
Read definition →Third-Party Risk
Third-party risk is the security, operational, and compliance exposure created by vendors, suppliers, contractors, and other outside relationships....
Read definition →Threat Hunting
Threat hunting is the proactive practice of searching for signs of attacker activity that automated alerts may have missed....
Read definition →Threat Intelligence
Threat intelligence is collected and analyzed information about threats, threat actors, tactics, and indicators used to support better security decisions....
Read definition →Threat Intelligence Platform (TIP)
A threat intelligence platform (TIP) is a system used to collect, organize, enrich, and distribute threat intelligence for security operations and analysis....
Read definition →Threat Modeling
Threat modeling is the structured process of identifying how a system could be attacked, what matters most to protect, and which safeguards should be prioritized....
Read definition →TLS Handshake
A TLS handshake is the exchange that establishes trust parameters, cryptographic choices, and session keys before protected communication begins....
Read definition →Token Binding
Token binding is the practice of associating a token with a specific client or cryptographic context so the token is harder to reuse elsewhere....
Read definition →Token Introspection
Token introspection is the process of asking an authorization service for the current validity and metadata of a token before trusting it....
Read definition →Token Replay
Token replay is the reuse of a captured authentication token to impersonate a legitimate user or service....
Read definition →Token Storage Security
Token storage security is the practice of storing authentication and access tokens in ways that reduce theft, misuse, and unintended persistence....
Read definition →Token Theft
Token theft is the unauthorized capture or reuse of authentication or session tokens that allow access to systems or applications....
Read definition →Token Vault
A token vault is the protected system that stores the mapping between tokens and the original sensitive values they represent....
Read definition →TOTP
TOTP is a time-based one-time password method that generates short-lived verification codes from a shared secret and the current time....
Read definition →Toxic Combination of Access
A toxic combination of access is a set of permissions that should not be held together because they create excessive fraud, abuse, or control-bypass risk....
Read definition →Transaction Signing
Transaction signing is the cryptographic confirmation of a specific transaction or action so the approval is bound to the exact details being authorized....
Read definition →Transaction Verification
Transaction verification is the confirmation of a specific sensitive action, transfer, change, or approval before it is allowed to complete....
Read definition →Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol used to protect data in transit by providing encryption, integrity, and authenticated trust....
Read definition →Trojan Horse
A trojan horse is malware that disguises itself as legitimate software or content so a victim will install or run it....
Read definition →Trust Anchor
A trust anchor is the certificate or key material a relying system already trusts and uses as the starting point for validating certificate chains....
Read definition →Trust Store
A trust store is the set of root certificates or trust anchors a system uses to decide which certificate chains it will accept....
Read definition →Trusted Browser
A trusted browser is a browser context recognized by a system as meeting enough conditions to receive smoother or lower-friction access decisions....
Read definition →Trusted Device
A trusted device is an endpoint that an organization recognizes as meeting the conditions required for higher-confidence access decisions....
Read definition →Trusted Execution Environment (TEE)
A Trusted Execution Environment (TEE) is an isolated processing environment designed to protect code and data while they are in use....
Read definition →Trusted Platform Module (TPM)
A Trusted Platform Module (TPM) is a hardware security component that provides protected cryptographic functions and supports device trust and attestation....
Read definition →U
UEFI Secure Boot
UEFI Secure Boot is a firmware-based mechanism that checks whether startup components are signed and trusted before they execute....
Read definition →USB Restriction
USB restriction is the limitation or blocking of USB device access on endpoints to reduce malware and data-loss risk....
Read definition →User and Entity Behavior Analytics (UEBA)
User and entity behavior analytics (UEBA) is a detection approach that looks for abnormal or risky patterns in how users, devices, systems, or service accounts behave over tim...
Read definition →V
Vendor Risk Management
Vendor risk management is the process of evaluating, monitoring, and governing security and business risk introduced by third parties....
Read definition →Virtual Desktop Infrastructure (VDI)
Virtual Desktop Infrastructure (VDI) is the delivery of desktop environments from centralized infrastructure rather than relying entirely on local endpoint execution....
Read definition →Virtual Private Network (VPN)
A virtual private network (VPN) creates an encrypted connection that helps protect traffic, improve privacy, and secure remote access....
Read definition →Virus
A computer virus is a type of malware that attaches to files or programs and spreads when infected content is executed....
Read definition →Vulnerability
A vulnerability is a weakness in software, hardware, configuration, or process that attackers can exploit to gain access or cause harm....
Read definition →Vulnerability Disclosure Program (VDP)
A vulnerability disclosure program (VDP) is a structured process that tells security researchers how to report vulnerabilities safely and responsibly to an organization....
Read definition →Vulnerability Management
Vulnerability management is the ongoing process of identifying, assessing, prioritizing, remediating, and tracking security weaknesses over time....
Read definition →Vulnerability Scanning
Vulnerability scanning is the automated process of checking systems, applications, or environments for known weaknesses, missing patches, or insecure configurations....
Read definition →W
Watering Hole Attack
A watering hole attack compromises or imitates a website that a target group is likely to visit so the attacker can infect, monitor, or exploit those visitors....
Read definition →Web Application Firewall (WAF)
A web application firewall (WAF) is a security control that filters and monitors HTTP traffic to help protect web applications from common attacks....
Read definition →WebAuthn
WebAuthn is a web standard that enables browsers and applications to use public-key authenticators for strong user authentication....
Read definition →Wildcard Certificate
A wildcard certificate is a certificate that can secure a domain and multiple subdomains under a wildcard naming pattern....
Read definition →Workload Identity
Workload identity is the mechanism by which an application, service, or compute workload proves its identity to access other systems securely....
Read definition →Workload Identity Federation
Workload identity federation is a trust model that lets external or federated workloads obtain access without storing long-lived static credentials....
Read definition →Worm
A worm is self-replicating malware that spreads across devices or networks by exploiting vulnerabilities or weak security controls....
Read definition →Z
Zero Trust
Zero Trust is a security model that assumes no user, device, or connection should be inherently trusted without continuous verification....
Read definition →Zero-day
A zero-day vulnerability is a flaw that attackers can exploit before a vendor or defender has a reliable patch or mitigation in place....
Read definition →