Absolute Session Timeout
Absolute session timeout is the maximum total lifetime of a session before it must end or require reauthentication, regardless of user activity....
Read definition →Cybersecurity Encyclopedia
Browse CyberExperts' glossary of cybersecurity terms, threats, controls, and defensive concepts. This archive is designed to help readers quickly understand common security language and connect related topics across modern cyber risk, compliance, and incident response.
Use the search box or jump by letter to find definitions for topics like malware, phishing, supply chain attacks, cloud security, and defense-in-depth.
345 glossary entries
Focused on practical cybersecurity language
Useful for SMB buyers, practitioners, and learners
A
Acceptable Use Policy (AUP)
An acceptable use policy (AUP) defines how users are expected to use organizational systems, devices, networks, and data responsibly....
Read definition →Access Certification
Access certification is the formal review and attestation process used to confirm that users and systems still need the access they hold....
Read definition →Access Control
Access control is the process of restricting who or what can view, use, or change systems, applications, data, and physical resources....
Read definition →Access Review
An access review is a structured check of who has access to which systems, roles, or data and whether that access is still appropriate....
Read definition →Access Token
An access token is a credential issued after authentication that allows a user, application, or service to access specific resources for a limited time....
Read definition →Account Recovery
Account recovery is the process used to restore account access when a user is locked out, loses a factor, or can no longer authenticate normally....
Read definition →Account Takeover (ATO)
Account takeover (ATO) is the unauthorized control of a user account by an attacker who gains access to the victim’s credentials or session....
Read definition →Adaptive Access Control
Adaptive access control is a security model that changes authentication or authorization requirements based on real-time context and risk signals....
Read definition →Admin Tiering
Admin tiering is the separation of administrative accounts, systems, and tasks into trust tiers to reduce privilege exposure and lateral compromise....
Read definition →Advanced Persistent Threat
An advanced persistent threat (APT) is a stealthy, sustained intrusion campaign designed to gain access and remain undetected over time....
Read definition →Adversary Emulation
Adversary emulation is a security testing approach that recreates the tactics, techniques, and procedures of real-world threat actors in a controlled way....
Read definition →Adversary-in-the-Middle (AiTM)
An adversary-in-the-middle (AiTM) attack uses a real-time phishing proxy or interception layer to capture credentials, sessions, or tokens between a victim and a legitimate se...
Read definition →Adware
Adware is software that displays advertising, but some forms also track users, degrade privacy, or create security exposure....
Read definition →Air Gap
An air gap is a security isolation approach in which a system or network is separated from untrusted or internet-connected environments to reduce exposure....
Read definition →Alert Fatigue
Alert fatigue is the reduced effectiveness of analysts caused by large volumes of noisy, repetitive, or low-value security alerts....
Read definition →Antimalware
Antimalware is security software designed to detect, block, quarantine, and remove malicious programs from devices and networks....
Read definition →API Abuse
API abuse is the misuse of an application programming interface to extract data, automate attacks, bypass controls, or cause operational harm....
Read definition →API Authentication
API authentication is the process of verifying the identity of a user, application, or service attempting to access an application programming interface....
Read definition →API Authorization
API authorization is the process of determining what an authenticated user, app, or service is allowed to do through an API....
Read definition →API Discovery
API discovery is the process of identifying known, unknown, documented, and undocumented APIs across an organization’s environment....
Read definition →API Gateway Security
API gateway security is the use of a gateway layer to enforce authentication, authorization, rate control, inspection, and policy for API traffic....
Read definition →API Inventory
API inventory is the maintained record of an organization’s APIs, endpoints, versions, owners, and exposure details....
Read definition →API Key Management
API key management is the process of issuing, storing, rotating, restricting, and revoking API keys used for service access....
Read definition →API Schema Validation
API schema validation is the process of checking whether API requests and responses match the expected structure, types, and constraints defined by the service....
Read definition →API Security
API security is the practice of protecting application programming interfaces from unauthorized access, abuse, data exposure, and logic flaws....
Read definition →API Versioning
API versioning is the practice of managing changes to an API through distinct versions so clients can evolve without immediate breakage....
Read definition →App Consent Governance
App consent governance is the set of controls used to review, restrict, approve, and monitor application permission grants in cloud and SaaS environments....
Read definition →Application Allowlisting
Application allowlisting is a security control that permits only approved software, scripts, or binaries to run on a system or within a defined environment....
Read definition →Application Security (AppSec)
Application security (AppSec) is the practice of designing, building, testing, and maintaining software to reduce security weaknesses and abuse....
Read definition →Asset Management
Asset management is the practice of identifying, tracking, and governing systems, devices, software, and data that an organization relies on....
Read definition →Attack Path Analysis
Attack path analysis is the process of identifying how attackers could chain together identities, systems, privileges, and weaknesses to reach a high-value target....
Read definition →Attack Surface
An attack surface is the total set of systems, services, identities, applications, and exposures that an attacker could potentially target....
Read definition →Attack Surface Management (ASM)
Attack surface management (ASM) is the ongoing practice of discovering, monitoring, and reducing internet-exposed assets and weaknesses that attackers could target....
Read definition →Attack Surface Reduction (ASR)
Attack surface reduction (ASR) is the practice of limiting the number of ways attackers can access, abuse, or move through systems and applications....
Read definition →Attack Vector
An attack vector is the path, method, or weakness an attacker uses to gain access, deliver malicious activity, or move toward a target....
Read definition →Attribute-Based Access Control (ABAC)
Attribute-Based Access Control (ABAC) is an authorization model that makes access decisions based on attributes of users, resources, actions, and context....
Read definition →Audit Logging
Audit logging is the recording of system, user, administrative, or application actions in a way that supports review, investigation, and accountability....
Read definition →Audit Trail
An audit trail is a chronological record of actions, changes, or events that supports accountability, investigation, and review....
Read definition →Authentication
Authentication is the process of verifying that a user, device, or system is genuinely who or what it claims to be....
Read definition →Authentication Assurance Level (AAL)
Authentication assurance level (AAL) is a measure of confidence in an authentication event based on the strength and security of the methods used....
Read definition →Authorization
Authorization is the process of deciding what an authenticated user, device, or system is allowed to access or do....
Read definition →Authorization Code Flow
Authorization code flow is an OAuth pattern in which a client first receives an authorization code and then exchanges it for tokens through a back-channel request....
Read definition →Authorization Server
An authorization server is the component that authenticates, evaluates consent or policy, and issues tokens to clients in OAuth or OIDC-based systems....
Read definition →B
Backup and Recovery
Backup and recovery is the practice of copying, protecting, and restoring data and systems after loss, corruption, or disruption....
Read definition →Backup Integrity
Backup integrity is the assurance that backup data is complete, uncorrupted, unmodified in unauthorized ways, and actually usable for recovery....
Read definition →Banner Grabbing
Banner grabbing is the practice of collecting service and software details from exposed systems to support reconnaissance and assessment....
Read definition →Behavioral Biometrics
Behavioral biometrics are patterns in how a person interacts with devices or systems that can be used as a signal for identity confidence or fraud detection....
Read definition →Birthright Access
Birthright access is the baseline set of permissions automatically granted to users based on role, department, or employment status....
Read definition →Blast Radius
Blast radius is the scope of systems, identities, data, or operations that can be affected when a security control fails or an attacker gains access....
Read definition →Bot Mitigation
Bot mitigation is the set of controls used to detect, limit, and block harmful automated traffic or scripted abuse....
Read definition →Botnet
A botnet is a network of compromised devices that attackers remotely control to launch coordinated malicious activity at scale....
Read definition →Breach and Attack Simulation (BAS)
Breach and attack simulation (BAS) is the controlled testing of security defenses using simulated attacker behavior to validate whether protections and detections work as expe...
Read definition →Breach Password Screening
Breach password screening is the practice of checking whether a password appears in known breach datasets and blocking or flagging it if it does....
Read definition →Break Glass Account
A break glass account is an emergency-access account reserved for exceptional situations when normal administrative access is unavailable or unsuitable....
Read definition →Break-Fix Access
Break-fix access is temporary elevated access granted to troubleshoot, repair, or restore a system during an operational issue or outage....
Read definition →Broken Object Level Authorization (BOLA)
Broken Object Level Authorization (BOLA) is an API security flaw where a system fails to enforce whether a user can access a specific object or record....
Read definition →Browser Security
Browser security is the practice of protecting web browsers, browser data, and browsing activity from malicious content, abuse, and exploitation....
Read definition →Brute Force Attack
A brute force attack is an attempt to gain access by systematically guessing passwords, keys, or login combinations until one works....
Read definition →Bug Bounty Program
A bug bounty program is a security initiative that rewards eligible researchers for finding and responsibly reporting vulnerabilities in defined systems or applications....
Read definition →Business Continuity
Business continuity is the capability to keep critical operations running during and after disruption through planning, resilience, and coordinated response....
Read definition →Business Email Compromise (BEC)
Business email compromise (BEC) is a fraud tactic that uses deceptive email or account compromise to trick people into sending money, data, or sensitive information....
Read definition →Business Impact Analysis (BIA)
A business impact analysis (BIA) is a structured assessment of which business processes matter most and what happens if they are disrupted....
Read definition →Business Logic Flaw
A business logic flaw is a weakness in how an application’s intended workflow, rules, or decision logic can be manipulated to achieve unauthorized outcomes....
Read definition →C
Canary Token
A canary token is a planted digital artifact designed to trigger an alert when someone accesses, moves, or uses it unexpectedly....
Read definition →Case Management
Case management is the structured tracking of security investigations, incidents, tasks, evidence, ownership, and decisions from intake through closure....
Read definition →Certificate Management
Certificate management is the process of issuing, tracking, renewing, rotating, and revoking digital certificates used for identity and encryption....
Read definition →Chain of Custody
Chain of custody is the documented record of how evidence is collected, handled, transferred, stored, and accessed over time....
Read definition →Client Certificate Authentication
Client certificate authentication is a method in which a device, user, or application proves identity using a certificate and associated private key....
Read definition →Client Credentials Flow
Client credentials flow is an OAuth pattern in which a client authenticates as itself to obtain tokens for machine-to-machine access....
Read definition →Cloud Access Security Broker (CASB)
A cloud access security broker (CASB) is a security control layer that helps organizations monitor and enforce policy across cloud applications and services....
Read definition →Cloud Detection and Response (CDR)
Cloud detection and response (CDR) is a security capability focused on detecting, investigating, and responding to threats in cloud environments....
Read definition →Cloud Security
Cloud security refers to the controls, policies, and technologies used to protect data, workloads, and identities in cloud environments....
Read definition →Cloud Security Posture Management (CSPM)
Cloud security posture management (CSPM) is the practice of finding and reducing misconfigurations, policy drift, and exposure in cloud environments....
Read definition →Cloud Workload Protection Platform (CWPP)
A cloud workload protection platform (CWPP) is a security approach for protecting workloads such as virtual machines, containers, and cloud-hosted servers....
Read definition →Cloud-Native Application Protection Platform (CNAPP)
A cloud-native application protection platform (CNAPP) is a security approach that combines multiple cloud security capabilities to protect applications and workloads across t...
Read definition →Code Signing
Code signing is the practice of digitally signing software, scripts, or binaries so recipients can verify the publisher and detect tampering....
Read definition →Compensating Control
A compensating control is an alternative safeguard used to reduce risk when the preferred or standard control cannot be implemented directly....
Read definition →Conditional Access
Conditional access is a policy-based identity control that allows, blocks, or limits access based on factors such as user, device, location, risk, or application context....
Read definition →Confidential Client
A confidential client is an OAuth or OIDC client that can securely protect long-term credentials such as a client secret or private key....
Read definition →Configuration Drift
Configuration drift is the gradual divergence of systems or services from their intended, approved, or secure configuration state over time....
Read definition →Container Security
Container security is the practice of protecting container images, runtimes, orchestration environments, and supporting pipelines from compromise and misuse....
Read definition →Context-Aware Access
Context-aware access is an access control approach that evaluates signals such as user, device, location, risk, and behavior before allowing or limiting access....
Read definition →Continuous Access Evaluation
Continuous access evaluation is the real-time reassessment of whether an active session or token should continue to grant access as conditions change....
Read definition →Continuous Authentication
Continuous authentication is the ongoing reassessment of trust during a user or system session rather than relying only on the initial login event....
Read definition →Continuous Threat Exposure Management (CTEM)
Continuous threat exposure management (CTEM) is an ongoing security approach for discovering, validating, prioritizing, and reducing exposures that attackers could exploit....
Read definition →Control Framework
A control framework is an organized set of control objectives, requirements, and practices used to structure security and risk management efforts....
Read definition →Control Plane Security
Control plane security is the protection of the administrative, orchestration, and management layers that govern systems, cloud services, and platforms....
Read definition →Credential Hygiene
Credential hygiene is the practice of creating, storing, rotating, and protecting passwords, keys, and tokens in ways that reduce misuse and exposure....
Read definition →Credential Rotation
Credential rotation is the process of replacing passwords, keys, tokens, certificates, or other secrets on a controlled schedule or after a risk event....
Read definition →Credential Stuffing
Credential stuffing is an attack in which stolen username-password pairs are automatically tested across many sites and services....
Read definition →Credential Vaulting
Credential vaulting is the secure storage and controlled release of passwords, keys, and other secrets used for privileged or sensitive access....
Read definition →Cross-Site Scripting
Cross-site scripting (XSS) is a client-side web attack that injects malicious code into a trusted page or application....
Read definition →Cyber Hygiene
Cyber hygiene is the routine practice of maintaining systems, identities, devices, and user behavior in ways that reduce common security risks over time....
Read definition →Cyber Resilience
Cyber resilience is the ability to prepare for, withstand, respond to, and recover from cyber incidents while keeping critical operations running....
Read definition →Cyber Risk Register
A cyber risk register is a structured record of identified cybersecurity risks, their status, owners, treatments, and business impact....
Read definition →Cyberattack
A cyberattack is a deliberate attempt to access, disrupt, damage, or misuse systems, networks, or digital information....
Read definition →Cybersecurity
Cybersecurity is the practice of protecting systems, networks, applications, and data from unauthorized access, disruption, and digital attacks....
Read definition →D
Data Breach
A data breach is an incident in which sensitive, confidential, or protected information is exposed, stolen, or accessed without authorization....
Read definition →Data Classification
Data classification is the practice of labeling information by sensitivity, value, or handling requirements so it can be protected appropriately....
Read definition →Data Exfiltration
Data exfiltration is the unauthorized movement or theft of data from a system, application, cloud environment, or organization-controlled network....
Read definition →Data Governance
Data governance is the framework of policies, ownership, standards, and controls used to manage data quality, use, protection, and accountability....
Read definition →Data Loss Prevention (DLP)
Data loss prevention (DLP) is a set of policies and technologies used to detect, monitor, and restrict sensitive data from leaving approved control....
Read definition →Data Masking
Data masking is the practice of obscuring sensitive data so it remains useful for a limited purpose without exposing the original values fully....
Read definition →Data Minimization
Data minimization is the practice of collecting, storing, sharing, and retaining only the data that is genuinely necessary for a defined purpose....
Read definition →Data Retention
Data retention is the practice of keeping information for defined periods based on business, legal, operational, and security needs....
Read definition →Data Security Posture Management (DSPM)
Data security posture management (DSPM) is the practice of identifying, classifying, and reducing the exposure of sensitive data across modern environments....
Read definition →Data Tokenization
Data tokenization is the process of replacing a sensitive data value with a non-sensitive token that represents it without exposing the original value directly....
Read definition →Deception Technology
Deception technology uses decoys, traps, and false assets to detect, slow, or mislead attackers inside an environment....
Read definition →Defense in Depth
Defense in depth is a layered security strategy that uses multiple controls so one failure does not expose the entire environment....
Read definition →Delegated Administration
Delegated administration is the practice of assigning limited administrative authority to specific people or teams for defined systems, users, or tasks....
Read definition →Denial of Service
A denial-of-service (DoS) attack overwhelms or disrupts a system or service so legitimate users cannot access it normally....
Read definition →Deprecated Endpoint
A deprecated endpoint is an API route or interface that is still available but marked for retirement and no longer considered the preferred supported path....
Read definition →Deprovisioning
Deprovisioning is the process of removing or disabling identities, accounts, credentials, and access when they are no longer needed....
Read definition →Detection Coverage
Detection coverage is the extent to which a security program can identify relevant attacker behaviors, risks, and incident types across its environment....
Read definition →Detection Engineering
Detection engineering is the practice of designing, testing, tuning, and maintaining security detections so meaningful attacker behavior can be identified with high confidence...
Read definition →Detection Tuning
Detection tuning is the process of refining alerts, rules, thresholds, and logic so detections are more accurate, useful, and actionable....
Read definition →Device Attestation
Device attestation is the process of verifying security-related claims about a device, such as hardware state, integrity, or management posture....
Read definition →Device Code Flow
Device code flow is an OAuth pattern that lets devices with limited input capabilities obtain authorization through a separate trusted user device....
Read definition →Device Compliance
Device compliance is the state in which an endpoint meets an organization’s defined security, configuration, and management requirements....
Read definition →Device Posture
Device posture is the assessed security condition of a device based on factors such as configuration, compliance, health, and management state....
Read definition →Device Registration
Device registration is the process of enrolling a device with an identity or management system so it can be recognized and governed for access decisions....
Read definition →Device Trust
Device trust is the confidence that a device meets defined security and management requirements before it is allowed to access protected resources....
Read definition →Digital Forensics
Digital forensics is the practice of collecting, preserving, analyzing, and documenting digital evidence for investigation and response....
Read definition →Directory Service
A directory service is a system that stores and organizes identity information such as users, groups, devices, and related access attributes....
Read definition →Directory Synchronization
Directory synchronization is the process of keeping identity data such as users, groups, and attributes aligned between connected directory systems....
Read definition →Disaster Recovery
Disaster recovery is the process of restoring systems, applications, and data after serious disruption, failure, or destructive events....
Read definition →Distributed Denial-of-Service (DDoS)
A distributed denial-of-service (DDoS) attack overwhelms a target with traffic or requests from many systems at once to disrupt availability....
Read definition →Domain Name System (DNS) Security
DNS security is the practice of protecting domain name resolution and related infrastructure from abuse, manipulation, and attack....
Read definition →Drive-by Download
A drive-by download is the unwanted delivery or execution of malicious content when a user visits a site or interacts with web content....
Read definition →Dynamic Application Security Testing (DAST)
Dynamic application security testing (DAST) evaluates a running application by interacting with it from the outside to identify security weaknesses in behavior and responses....
Read definition →E
Eavesdropping
Eavesdropping is the unauthorized interception of communications between people, systems, or devices....
Read definition →Email Security
Email security is the set of controls, policies, and practices used to protect email accounts, messages, and users from abuse, fraud, and compromise....
Read definition →Encryption
Encryption is the process of converting readable data into protected ciphertext so only authorized parties can access it....
Read definition →Endpoint Detection and Response (EDR)
Endpoint detection and response (EDR) is a security capability that monitors endpoint activity and helps teams investigate and respond to threats....
Read definition →Endpoint Security
Endpoint security is the practice of protecting laptops, desktops, servers, mobile devices, and other endpoints from compromise and misuse....
Read definition →Entitlement Management
Entitlement management is the process of defining, granting, reviewing, and removing permissions so access stays aligned to real business need....
Read definition →Espionage
Cyber espionage is the covert theft of sensitive information or intellectual property for political, military, or commercial advantage....
Read definition →Evidence Preservation
Evidence preservation is the practice of protecting logs, files, system state, and other artifacts so they remain available and trustworthy for investigation....
Read definition →Exception Management
Exception management is the process of reviewing, approving, documenting, and tracking deviations from security policies, standards, or required controls....
Read definition →Exposure Management
Exposure management is the practice of identifying, understanding, prioritizing, and reducing the weaknesses and attack paths that create meaningful cyber risk....
Read definition →Exposure Window
An exposure window is the period during which a vulnerability, misconfiguration, stolen credential, or other weakness remains exploitable....
Read definition →Extended Detection and Response (XDR)
Extended detection and response (XDR) is a security approach that connects and analyzes telemetry across multiple control layers to detect and respond to threats more effectiv...
Read definition →F
Fallback Authentication
Fallback authentication is an alternate method used to verify identity when the primary authentication path is unavailable or fails....
Read definition →Federated Identity
Federated identity is an access model in which one trusted identity system can authenticate users for other connected applications or organizations....
Read definition →Federation
Federation is an identity and access model in which one trusted system authenticates users for access to another connected system....
Read definition →Fine-Grained Authorization
Fine-grained authorization is the enforcement of highly specific access decisions at the level of actions, fields, resources, or relationships....
Read definition →Firewall
A firewall is a security control that filters network traffic based on rules to allow safe communications and block suspicious activity....
Read definition →Forensic Imaging
Forensic imaging is the creation of an exact, verifiable copy of digital storage so evidence can be analyzed without altering the original source....
Read definition →G
Geo-Velocity
Geo-velocity is the calculated speed implied by successive authentication events from different locations, used as a signal for suspicious activity....
Read definition →Golden Image
A golden image is a preapproved, standardized system image used as a trusted starting point for deploying new devices, servers, or workloads....
Read definition →Governance, Risk, and Compliance (GRC)
Governance, risk, and compliance (GRC) is the discipline of aligning policies, risk decisions, controls, and regulatory obligations across an organization....
Read definition →GraphQL Security
GraphQL security is the set of controls used to protect GraphQL APIs from unauthorized access, excessive queries, data exposure, and abuse....
Read definition →H
Hardening Guide
A hardening guide is a documented set of recommended steps for configuring a system, application, or platform more securely....
Read definition →Honeypot
A honeypot is a decoy system, service, or resource designed to attract, detect, or study unauthorized access attempts....
Read definition →I
Identity and Access Management (IAM)
Identity and access management (IAM) is the set of policies, processes, and technologies used to control who can access systems, applications, and data....
Read definition →Identity Attack Surface
Identity attack surface is the collection of identity systems, accounts, credentials, permissions, and trust relationships that attackers can target or abuse....
Read definition →Identity Governance
Identity governance is the practice of overseeing how identities, roles, approvals, and access rights are assigned, reviewed, and managed across an organization....
Read definition →Identity Governance and Administration (IGA)
Identity governance and administration (IGA) is the discipline of managing identity lifecycle, access approvals, reviews, and policy enforcement across systems....
Read definition →Identity Hygiene
Identity hygiene is the ongoing practice of keeping identity systems, accounts, permissions, and authentication methods clean, current, and well controlled....
Read definition →Identity Inventory
Identity inventory is the maintained record of user accounts, service accounts, roles, groups, tokens, and identity systems across an environment....
Read definition →Identity Lifecycle Management
Identity lifecycle management is the process of creating, updating, governing, and removing identities and access as users join, change roles, and leave an organization....
Read definition →Identity Proofing
Identity proofing is the process of verifying that a person or entity is truly who they claim to be before granting trusted access....
Read definition →Identity Provider (IdP)
An identity provider (IdP) is a system that authenticates users and provides identity assertions to applications and services....
Read definition →Identity Security Posture Management (ISPM)
Identity security posture management (ISPM) is the practice of assessing and improving the configuration, privilege, and exposure posture of identity systems and accounts....
Read definition →Identity Threat Detection and Response (ITDR)
Identity threat detection and response (ITDR) is a security approach focused on detecting, investigating, and responding to attacks against identities, authentication flows, a...
Read definition →Idle Timeout
Idle timeout is the automatic expiration of a session after a period of inactivity....
Read definition →Immutable Backup
An immutable backup is a backup copy that cannot be altered or deleted for a defined period, even by administrators under normal conditions....
Read definition →Impossible Travel
Impossible travel is a login anomaly in which a user appears to authenticate from distant locations within a time frame that is unrealistic for normal travel....
Read definition →Incident Commander
An incident commander is the person responsible for directing, coordinating, and prioritizing response activities during a security incident....
Read definition →Incident Response
Incident response is the structured process organizations use to detect, contain, investigate, and recover from cybersecurity incidents....
Read definition →Indicator of Attack (IoA)
An indicator of attack (IoA) is a sign of suspicious behavior that suggests an attacker may be actively attempting, staging, or carrying out malicious activity....
Read definition →Indicator of Compromise (IoC)
An indicator of compromise (IoC) is a piece of evidence that suggests a system, account, or environment may already have been involved in malicious activity....
Read definition →Infrastructure as Code Security
Infrastructure as code security is the practice of reviewing and protecting infrastructure definitions so insecure cloud or platform configurations are caught before deploymen...
Read definition →Initial Access Broker (IAB)
An initial access broker (IAB) is a cybercriminal actor who gains or obtains access to victim environments and then sells that access to other threat actors....
Read definition →Insider Threat
An insider threat is a security risk posed by someone with legitimate access to an organization's systems, data, or operations....
Read definition →Interactive Application Security Testing (IAST)
Interactive application security testing (IAST) uses instrumentation inside a running application to identify security weaknesses with deeper runtime context....
Read definition →Intrusion Detection System (IDS)
An intrusion detection system (IDS) is a security capability that monitors activity for signs of malicious behavior or policy violations....
Read definition →Intrusion Prevention System (IPS)
An intrusion prevention system (IPS) is a security control that detects and actively blocks malicious traffic or exploit behavior....
Read definition →ISO 27001
ISO 27001 is an international standard for establishing, maintaining, and improving an information security management system (ISMS)....
Read definition →Isolation Strategy
An isolation strategy is a planned approach for separating affected systems, identities, or services to contain malicious activity and reduce spread....
Read definition →J
Joiner Mover Leaver (JML)
Joiner mover leaver (JML) is the process for managing access when people join, change roles, or leave an organization....
Read definition →Just Enough Administration (JEA)
Just Enough Administration (JEA) is an administrative model that gives operators only the specific privileged capabilities needed for a task and nothing more....
Read definition →Just-in-Time Access (JIT)
Just-in-time access (JIT) is a security approach that grants elevated or sensitive access only when needed and only for a limited period....
Read definition →JWKS
JWKS, or JSON Web Key Set, is a standardized format for publishing the public keys that services use to verify signed tokens....
Read definition →JWT Validation
JWT validation is the process of verifying the integrity, issuer, audience, lifetime, and claims of a JSON Web Token before trusting it....
Read definition →K
Kill Chain Analysis
Kill chain analysis is the process of examining an attack through sequential stages to understand how the adversary gained access, moved, and achieved objectives....
Read definition →Kubernetes Security
Kubernetes security is the practice of protecting clusters, control planes, workloads, identities, and configurations in Kubernetes environments....
Read definition →L
Lateral Movement
Lateral movement is the process attackers use to move from one compromised system, account, or segment to other parts of an environment....
Read definition →Lateral Movement Detection
Lateral movement detection is the practice of identifying attacker behavior that spreads from one account, host, or system to other internal targets....
Read definition →Least Functionality
Least functionality is the security principle of enabling only the features, services, ports, software, and capabilities that are actually needed....
Read definition →Least Privilege
Least privilege is the security principle of giving users, systems, and processes only the minimum access needed to perform their functions....
Read definition →Least Privilege Access
Least privilege access is the practice of giving users, applications, and systems only the permissions they need to perform approved tasks and nothing more....
Read definition →Legacy Authentication
Legacy authentication refers to older sign-in methods or protocols that do not support modern security controls such as MFA and conditional access well....
Read definition →Living off the Land (LotL)
Living off the land (LotL) refers to attacker behavior that uses legitimate built-in tools, trusted utilities, or native system features to carry out malicious actions....
Read definition →Load Balancer
A load balancer is a system that distributes traffic across multiple servers or services to improve performance, resilience, and availability....
Read definition →Log Management
Log management is the process of collecting, storing, organizing, and using system and application logs for security, operations, and investigation....
Read definition →M
Malvertising
Malvertising is the use of malicious online advertising to deliver scams, malware, redirects, or exploit content to users....
Read definition →Malware
Malware is malicious software designed to damage systems, steal information, spy on users, or enable unauthorized access....
Read definition →Malware Triage
Malware triage is the rapid initial assessment of a suspicious file or sample to determine likely risk, priority, and next investigative steps....
Read definition →Man-in-the-middle Attack
A man-in-the-middle (MITM) attack intercepts or manipulates communications between two parties without their knowledge....
Read definition →Managed Detection and Response (MDR)
Managed detection and response (MDR) is a security service that provides outsourced monitoring, detection, investigation, and response support....
Read definition →Managed Device
A managed device is an endpoint that is enrolled, configured, and monitored under an organization’s security and administration controls....
Read definition →Mean Time to Detect (MTTD)
Mean time to detect (MTTD) is the average time it takes an organization to discover that a security incident or suspicious event has occurred....
Read definition →Mean Time to Respond (MTTR)
Mean time to respond (MTTR) is the average time it takes an organization to act on, contain, remediate, or resolve a detected incident....
Read definition →MFA Fatigue
MFA fatigue is an attack tactic that overwhelms a user with repeated authentication prompts in the hope they will eventually approve one....
Read definition →Microsegmentation
Microsegmentation is a security approach that divides environments into smaller trust zones to limit lateral movement and reduce blast radius....
Read definition →Mobile Device Management (MDM)
Mobile device management (MDM) is the practice of controlling, securing, and administering mobile devices used for business access and data....
Read definition →Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is a security control that requires two or more forms of verification before access is granted....
Read definition →Mutual TLS (mTLS)
Mutual TLS (mTLS) is a communication model in which both the client and the server authenticate each other using certificates....
Read definition →N
Network Access Control (NAC)
Network access control (NAC) is the practice of controlling which users and devices can connect to a network and under what conditions....
Read definition →Network Security
Network security is the collection of controls and practices used to protect networks and data in transit from unauthorized access or disruption....
Read definition →NIST Cybersecurity Framework (CSF)
The NIST Cybersecurity Framework (CSF) is a widely used framework that helps organizations organize, assess, and improve cybersecurity risk management....
Read definition →Non-Human Identity
A non-human identity is an identity used by applications, services, scripts, devices, or workloads rather than by a human user....
Read definition →Number Matching
Number matching is an MFA mechanism that requires the user to enter or select a displayed number to confirm they initiated the login request....
Read definition →O
OAuth 2.0
OAuth 2.0 is a framework for delegated authorization that allows an application to access resources on behalf of a user or client without sharing the user’s password directl...
Read definition →OAuth Consent Phishing
OAuth consent phishing is an attack in which a user is tricked into granting a malicious or deceptive application access to data or account capabilities through an authorizati...
Read definition →OAuth Scope
An OAuth scope is a defined permission boundary that limits what actions or resources a delegated token or client may access....
Read definition →OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer built on OAuth 2.0 that enables applications to verify a user’s identity and obtain basic profile information....
Read definition →P
Passkey
A passkey is a modern authentication credential that uses public-key cryptography to let users sign in without relying on a traditional password....
Read definition →Password Manager
A password manager is a tool that stores, generates, and helps manage passwords and other secrets more securely than manual reuse or memory alone....
Read definition →Password Policy
A password policy is a set of rules and standards that define how passwords should be created, used, protected, and changed within an organization....
Read definition →Password Spraying
Password spraying is an attack in which a small number of common passwords are tried across many accounts to avoid lockouts and find weak credentials....
Read definition →Passwordless Authentication
Passwordless authentication is an access approach that verifies users without requiring a traditional reusable password as the primary login factor....
Read definition →Patch Management
Patch management is the process of testing, deploying, and tracking software and system updates to reduce security and stability risk....
Read definition →Penetration Testing
Penetration testing is an authorized security assessment that simulates real attack techniques to identify exploitable weaknesses....
Read definition →Phishing
Phishing is a social engineering attack that tricks users into revealing credentials, financial information, or other sensitive data....
Read definition →Phishing-Resistant MFA
Phishing-resistant MFA is multi-factor authentication designed to resist credential phishing, replay, and real-time man-in-the-middle attacks....
Read definition →PKCE
PKCE is an OAuth security extension that protects authorization code flows from interception by binding the code exchange to the original client....
Read definition →Policy as Code
Policy as code is the practice of expressing governance and security rules in machine-readable form so they can be tested and enforced automatically....
Read definition →Policy Decision Point (PDP)
A Policy Decision Point (PDP) is the component that evaluates authorization policies and returns a decision about whether an action should be allowed....
Read definition →Policy Enforcement Point (PEP)
A Policy Enforcement Point (PEP) is the component that intercepts a request and applies the authorization decision returned by policy logic....
Read definition →Post-Exploitation
Post-exploitation refers to the actions an attacker takes after gaining initial access in order to expand control, gather data, persist, or achieve their objective....
Read definition →Post-Incident Review
A post-incident review is a structured review conducted after an incident to understand what happened, what failed, and what should improve next....
Read definition →Privacy Impact Assessment (PIA)
A privacy impact assessment (PIA) is a process for evaluating how a project, system, or data use may affect personal information and privacy risk....
Read definition →Privilege Escalation
Privilege escalation is the act of gaining higher levels of access or authority than a user or process was originally intended to have....
Read definition →Privileged Access Management (PAM)
Privileged access management (PAM) is the practice of controlling, monitoring, and securing elevated accounts and administrative access....
Read definition →Privileged Access Review
A privileged access review is a focused review of elevated permissions, admin roles, and sensitive accounts to confirm they remain necessary and appropriate....
Read definition →Privileged Identity Management (PIM)
Privileged identity management (PIM) is the practice of controlling, reviewing, and limiting elevated identity roles so privileged access is granted more safely....
Read definition →Privileged Session Management
Privileged session management is the control and monitoring of high-risk administrative sessions to reduce misuse and improve accountability....
Read definition →Privileged Task Automation
Privileged task automation is the use of controlled scripts, workflows, or platforms to perform sensitive administrative actions without broad manual standing access....
Read definition →Prompt Bombing
Prompt bombing is an attack in which repeated MFA push requests are sent to a user in hopes they will eventually approve one out of fatigue or confusion....
Read definition →Proof of Possession (PoP) Token
A proof of possession (PoP) token is an access token that requires the holder to demonstrate possession of associated cryptographic material before it can be used....
Read definition →Proxy Server
A proxy server is an intermediary system that receives requests and forwards them on behalf of a client or service....
Read definition →Public Client
A public client is an OAuth or OIDC client that cannot securely keep long-term client credentials confidential....
Read definition →Public Key Infrastructure (PKI)
Public key infrastructure (PKI) is the framework of certificates, trust relationships, and cryptographic processes used to support secure digital identity and encryption....
Read definition →Purple Team Exercise
A purple team exercise is a collaborative security assessment where offensive and defensive teams work together to test and improve detection and response....
Read definition →Purple Teaming
Purple teaming is a collaborative security practice in which offensive and defensive teams work together to test, observe, and improve detection and response....
Read definition →R
Ransomware
Ransomware is a form of malware that encrypts or blocks access to systems and data until a victim pays for recovery....
Read definition →Ransomware-as-a-Service (RaaS)
Ransomware-as-a-service (RaaS) is a criminal business model in which ransomware operators provide malware, infrastructure, or support to affiliates who carry out attacks....
Read definition →Rate Limiting
Rate limiting is the practice of restricting how frequently a user, client, or system can make requests within a given period....
Read definition →Real-Time Revocation
Real-time revocation is the ability to invalidate tokens, sessions, or access rights immediately or near-immediately when trust changes....
Read definition →Recovery Point Objective (RPO)
Recovery point objective (RPO) is the maximum amount of data loss an organization can tolerate between the last good recovery point and a disruption....
Read definition →Recovery Time Objective (RTO)
Recovery time objective (RTO) is the target amount of time an organization can tolerate a system, service, or process being unavailable after a disruption....
Read definition →Redirect URI Validation
Redirect URI validation is the process of ensuring an OAuth or OIDC authorization response is sent only to an approved and expected redirect destination....
Read definition →Refresh Token
A refresh token is a credential used to obtain new access tokens without requiring the user or application to authenticate again each time....
Read definition →Refresh Token Rotation
Refresh token rotation is the practice of issuing a new refresh token each time one is used and invalidating the previous token to reduce replay risk....
Read definition →Relationship-Based Access Control (ReBAC)
Relationship-Based Access Control (ReBAC) is an authorization model that grants or denies access based on the relationships between users, resources, and organizations....
Read definition →Remote Access
Remote access is the ability to connect to systems, applications, or networks from outside the normal local environment....
Read definition →Remote Browser Isolation (RBI)
Remote browser isolation (RBI) is a security approach that executes web browsing activity in a separate remote environment instead of directly on the user’s device....
Read definition →Resource Server
A resource server is the API or service that hosts protected data or functions and enforces access based on presented tokens or credentials....
Read definition →Restore Testing
Restore testing is the process of verifying that backup data can actually be recovered successfully into usable systems, files, or services....
Read definition →Risk Acceptance
Risk acceptance is the deliberate decision to tolerate a known security risk instead of fully remediating, transferring, or avoiding it....
Read definition →Risk Assessment
A risk assessment is the process of identifying threats, vulnerabilities, likelihood, and business impact to prioritize security decisions....
Read definition →Risk-Based Authentication
Risk-based authentication is an adaptive login approach that changes authentication requirements based on the assessed risk of a sign-in attempt....
Read definition →Role Mining
Role mining is the analysis of existing access patterns to identify useful role structures and reduce ad hoc permission complexity....
Read definition →Role-Based Access Control (RBAC)
Role-based access control (RBAC) is an access model that assigns permissions according to job roles or functional responsibilities....
Read definition →Root Cause Analysis
Root cause analysis is the process of identifying the underlying technical, human, or process failures that allowed an incident or security issue to occur....
Read definition →Runtime Application Self-Protection (RASP)
Runtime application self-protection (RASP) is a security approach in which an application or embedded component monitors and helps block malicious activity during execution....
Read definition →S
SaaS Security Posture Management (SSPM)
SaaS security posture management (SSPM) is the practice of monitoring and improving the security configuration, access posture, and risk settings of SaaS applications....
Read definition →Sandbox Analysis
Sandbox analysis is the examination of suspicious files, links, or code inside an isolated environment to observe behavior without risking production systems....
Read definition →SCIM Provisioning
SCIM provisioning is the automated creation, update, and removal of identities and groups between connected systems using the SCIM standard....
Read definition →Scoped Token
A scoped token is an access token that grants only a defined subset of permissions or resource access rather than broad unrestricted use....
Read definition →Secret Scanning
Secret scanning is the process of searching code, repositories, logs, files, and workflows for exposed passwords, API keys, tokens, and other sensitive credentials....
Read definition →Secret Zero
Secret zero is the initial credential or trust mechanism needed to obtain other secrets securely in a system or automation workflow....
Read definition →Secrets Management
Secrets management is the practice of securely storing, controlling, rotating, and using sensitive credentials such as API keys, tokens, and passwords....
Read definition →Secrets Sprawl
Secrets sprawl is the uncontrolled spread of passwords, API keys, tokens, certificates, and other sensitive credentials across systems, code, documents, and user workflows....
Read definition →Secure Access Service Edge (SASE)
Secure Access Service Edge (SASE) is a cloud-delivered model that combines networking and security services for distributed users, devices, and locations....
Read definition →Secure by Default
Secure by default means products, platforms, and systems should ship with baseline settings that reduce risk without requiring users to discover and enable protection on their...
Read definition →Secure by Design
Secure by design is the principle of building products, systems, and architectures so security is part of the design from the start rather than bolted on later....
Read definition →Secure Software Development Lifecycle (SSDLC)
A secure software development lifecycle (SSDLC) is a development approach that builds security activities into planning, design, coding, testing, release, and maintenance....
Read definition →Secure Web Gateway (SWG)
A secure web gateway (SWG) is a security control that monitors and filters web traffic to enforce policy and reduce access to malicious or risky web content....
Read definition →Security Awareness Training
Security awareness training is the process of teaching users how to recognize threats, follow security practices, and avoid risky behavior....
Read definition →Security Baseline
A security baseline is a defined set of minimum security settings and controls that systems, devices, or applications are expected to meet....
Read definition →Security Champion
A security champion is a team member embedded in a business, engineering, or operations function who helps promote and reinforce security practices locally....
Read definition →Security Data Lake
A security data lake is a centralized repository used to store large volumes of raw and processed security telemetry for analysis, investigation, and detection....
Read definition →Security Debt
Security debt is the accumulated future risk and remediation burden created by postponed security work, weak design choices, or repeated short-term tradeoffs....
Read definition →Security Information and Event Management (SIEM)
Security information and event management (SIEM) is a platform approach that collects, correlates, and analyzes security logs and events from multiple sources....
Read definition →Security Misconfiguration
Security misconfiguration is a weakness created when systems, applications, cloud services, or security controls are set up in an unsafe or incomplete way....
Read definition →Security Operations Center (SOC)
A security operations center (SOC) is the team and operating function responsible for monitoring, detecting, investigating, and responding to security events....
Read definition →Security Orchestration
Security orchestration is the coordination of security tools, data, and workflows so tasks and responses can be executed more consistently across systems....
Read definition →Security Orchestration, Automation, and Response (SOAR)
Security orchestration, automation, and response (SOAR) is a technology and workflow approach for coordinating security tools and automating response tasks....
Read definition →Security Validation
Security validation is the practice of testing whether security controls actually work as intended against relevant threats and scenarios....
Read definition →Service Account
A service account is a non-human account used by applications, services, scripts, or automated processes to authenticate and perform tasks....
Read definition →Service Mesh Security
Service mesh security is the set of controls used to secure communication, identity, policy, and observability between services in a microservices environment....
Read definition →Session Binding
Session binding is the practice of tying an authenticated session to expected attributes such as device, browser, network, or cryptographic context....
Read definition →Session Hijacking
Session hijacking is the abuse of a valid user session so an attacker can act as the user without needing the original password....
Read definition →Session Management
Session management is the set of controls used to create, maintain, protect, and end authenticated user sessions in applications and services....
Read definition →Session Revocation
Session revocation is the process of invalidating active authentication sessions or tokens so they can no longer be used for access....
Read definition →Session Risk Scoring
Session risk scoring is the process of evaluating an active authenticated session for suspicious signals that may justify additional controls or termination....
Read definition →Shadow API
A shadow API is an undocumented, unmanaged, forgotten, or poorly governed application interface that exists outside normal security visibility and control....
Read definition →Shadow Identity
Shadow identity is an unmanaged or poorly governed account, identity, or access path that exists outside normal security visibility and control....
Read definition →Single Sign-On (SSO)
Single sign-on (SSO) is an authentication approach that lets users access multiple applications with one primary login session....
Read definition →Single-Factor Authentication
Single-factor authentication is a login method that relies on only one category of proof, such as a password, to verify identity....
Read definition →SOC 2
SOC 2 is an attestation framework used to evaluate controls relevant to security, availability, processing integrity, confidentiality, and privacy....
Read definition →Social Engineering
Social engineering is the use of deception and manipulation to trick people into revealing information or taking unsafe actions....
Read definition →Software Bill of Materials (SBOM)
A software bill of materials (SBOM) is a structured inventory of the components, libraries, and dependencies that make up a software product or application....
Read definition →Software Composition Analysis (SCA)
Software composition analysis (SCA) is the process of identifying and evaluating third-party libraries, packages, and open-source components used in software....
Read definition →Spam
Spam is unsolicited bulk messaging often used for advertising, fraud, phishing, and large-scale malicious delivery....
Read definition →Spyware
Spyware is malware that secretly monitors users, gathers sensitive information, or tracks behavior without consent....
Read definition →SQL Injection
SQL injection is a web attack that manipulates database queries through unsafe input handling in an application....
Read definition →Static Application Security Testing (SAST)
Static application security testing (SAST) analyzes source code, bytecode, or compiled artifacts to find potential security weaknesses without running the application....
Read definition →Step-Up Authentication
Step-up authentication is the requirement for stronger or additional verification when a login or action is considered higher risk....
Read definition →Supply Chain Attack
A supply chain attack is a cyberattack that compromises a target through a trusted vendor, software dependency, or outside service relationship....
Read definition →T
Tabletop Exercise
A tabletop exercise is a structured discussion-based simulation used to test how people, teams, and leaders would respond to a cybersecurity incident or crisis....
Read definition →Tamper Protection
Tamper protection is a security control that helps prevent unauthorized users or malware from disabling, modifying, or weakening security protections....
Read definition →Tenant Isolation
Tenant isolation is the separation of customer data, permissions, and operations so one tenant cannot access or affect another tenant’s environment....
Read definition →Third-Party Due Diligence
Third-party due diligence is the process of reviewing external vendors, partners, or providers before and during a relationship to understand risk and trustworthiness....
Read definition →Third-Party Risk
Third-party risk is the security, operational, and compliance exposure created by vendors, suppliers, contractors, and other outside relationships....
Read definition →Threat Hunting
Threat hunting is the proactive practice of searching for signs of attacker activity that automated alerts may have missed....
Read definition →Threat Intelligence
Threat intelligence is collected and analyzed information about threats, threat actors, tactics, and indicators used to support better security decisions....
Read definition →Threat Intelligence Platform (TIP)
A threat intelligence platform (TIP) is a system used to collect, organize, enrich, and distribute threat intelligence for security operations and analysis....
Read definition →Threat Modeling
Threat modeling is the structured process of identifying how a system could be attacked, what matters most to protect, and which safeguards should be prioritized....
Read definition →Token Binding
Token binding is the practice of associating a token with a specific client or cryptographic context so the token is harder to reuse elsewhere....
Read definition →Token Introspection
Token introspection is the process of asking an authorization service for the current validity and metadata of a token before trusting it....
Read definition →Token Replay
Token replay is the reuse of a captured authentication token to impersonate a legitimate user or service....
Read definition →Token Theft
Token theft is the unauthorized capture or reuse of authentication or session tokens that allow access to systems or applications....
Read definition →Toxic Combination of Access
A toxic combination of access is a set of permissions that should not be held together because they create excessive fraud, abuse, or control-bypass risk....
Read definition →Trojan Horse
A trojan horse is malware that disguises itself as legitimate software or content so a victim will install or run it....
Read definition →Trusted Device
A trusted device is an endpoint that an organization recognizes as meeting the conditions required for higher-confidence access decisions....
Read definition →U
User and Entity Behavior Analytics (UEBA)
User and entity behavior analytics (UEBA) is a detection approach that looks for abnormal or risky patterns in how users, devices, systems, or service accounts behave over tim...
Read definition →V
Vendor Risk Management
Vendor risk management is the process of evaluating, monitoring, and governing security and business risk introduced by third parties....
Read definition →Virtual Private Network (VPN)
A virtual private network (VPN) creates an encrypted connection that helps protect traffic, improve privacy, and secure remote access....
Read definition →Virus
A computer virus is a type of malware that attaches to files or programs and spreads when infected content is executed....
Read definition →Vulnerability
A vulnerability is a weakness in software, hardware, configuration, or process that attackers can exploit to gain access or cause harm....
Read definition →Vulnerability Disclosure Program (VDP)
A vulnerability disclosure program (VDP) is a structured process that tells security researchers how to report vulnerabilities safely and responsibly to an organization....
Read definition →Vulnerability Management
Vulnerability management is the ongoing process of identifying, assessing, prioritizing, remediating, and tracking security weaknesses over time....
Read definition →Vulnerability Scanning
Vulnerability scanning is the automated process of checking systems, applications, or environments for known weaknesses, missing patches, or insecure configurations....
Read definition →W
Watering Hole Attack
A watering hole attack compromises or imitates a website that a target group is likely to visit so the attacker can infect, monitor, or exploit those visitors....
Read definition →Web Application Firewall (WAF)
A web application firewall (WAF) is a security control that filters and monitors HTTP traffic to help protect web applications from common attacks....
Read definition →Workload Identity
Workload identity is the mechanism by which an application, service, or compute workload proves its identity to access other systems securely....
Read definition →Workload Identity Federation
Workload identity federation is a trust model that lets external or federated workloads obtain access without storing long-lived static credentials....
Read definition →Worm
A worm is self-replicating malware that spreads across devices or networks by exploiting vulnerabilities or weak security controls....
Read definition →Z
Zero Trust
Zero Trust is a security model that assumes no user, device, or connection should be inherently trusted without continuous verification....
Read definition →Zero-day
A zero-day vulnerability is a flaw that attackers can exploit before a vendor or defender has a reliable patch or mitigation in place....
Read definition →