There are plenty of terms used in information security, compliance and cyber security, that are unique to the industry.Here is our (almost) exhaustive list of terms that we think you might find useful.
Techniques used to regulate who can view or use resources within a computing environment.
A prolonged and targeted cyber attack where an intruder gains access and remains undetected for an extended period.
A software program designed to detect, prevent, and remove malware from computers.
The sum of all points where an unauthorised user can attempt to enter or extract data from a system.
A person, organisation, or entity that is being audited. It can also mean, incredible trust center software ;).
The process of verifying the identity of a user, device, or system before granting access.
The process of granting or denying specific access rights to resources based on the authenticated identity.
A hidden method of bypassing normal authentication or security controls within a system.
A method of guessing passwords by systematically trying all possible combinations.
An entity that issues digital certificates to verify identities in secure communications.
Practices and technologies designed to protect data, applications, and services in a cloud environment.
Ensuring that sensitive information is only accessible to those with authorised access.
A vulnerability that allows attackers to inject malicious scripts into web pages viewed by others.
The practice of using codes and ciphers to protect information from unauthorised access.
An incident where sensitive, protected, or confidential data is accessed or disclosed without authorisation.
The process of converting data into a coded format to prevent unauthorised access.
Strategies and tools designed to prevent data from being accidentally or maliciously shared outside the organisation.
A data subject is an individual whose personal data is collected, processed, or stored by an organisation, particularly in the context of privacy regulations like GDPR. They hold specific rights over their data, including the ability to access, correct, and request deletion of their personal information.
An attack that floods a network or server with traffic, causing it to become overwhelmed and unavailable.
An electronic document used to prove ownership of a public key in secure communications.
A DDoS attack is DoS attack launched from multiple devices, making it more difficult to block.
Strategies and tools used to protect devices like laptops, phones, and tablets that connect to the network.
The practice of testing computer systems to identify and fix vulnerabilities before they can be exploited by malicious hackers.
An exploit is a piece of code, a sequence of commands, or a software tool that takes advantage of a security vulnerability or flaw in a system to cause unintended behaviour.
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
The process of transforming data into a fixed-length hash value, which is typically unique to that data.
A honeypot is a deliberately vulnerable system or network set up to lure and trap attackers.
Policies and technologies used to ensure that the right individuals have the right access to the right resources.
The process by which an organisation handles and manages a cybersecurity incident.
The risk posed by employees, contractors, or trusted partners who intentionally or unintentionally misuse their access to an organisation’s resources.
A system that monitors network traffic for suspicious activity and issues alerts when it detects potential threats.
An advanced form of Intrusion Detection that not only detects but also blocks potential threats in real time.
The process of managing cryptographic keys, including their generation, exchange, storage, and destruction.
A security principle where users are granted the minimal level of access necessary to perform their tasks.
Malicious software designed to disrupt, damage, or gain unauthorized access to a system.
A type of attack where an attacker intercepts and possibly alters communication between two parties without their knowledge.
A security system that requires multiple forms of verification (e.g., password, fingerprint, OneTimePassword) to gain access.
Dividing a network into smaller segments to limit the spread of cyber attacks.
The process of regularly updating software and systems to fix vulnerabilities and improve security.
A security test where professionals simulate attacks to find and fix vulnerabilities in a system.
A technique where attackers trick users into providing sensitive information (like passwords) by pretending to be a legitimate entity.
A method used by attackers to gain elevated access to systems beyond their current privileges.
A system that manages digital certificates and public-key encryption to provide secure communications over untrusted networks.
Malware that encrypts a victim’s data and demands a ransom to restore access.
A simulated cyberattack carried out by security professionals to test an organisation’s defenses.
An attack that allows an attacker to run arbitrary code on a remote system.
The process of identifying, analysing, and evaluating risks to minimise the impact of potential threats.
An access control mechanism that assigns permissions to users based on their role within an organisation.
A platform that collects and analyses security data from multiple sources to detect threats.
The use of psychological manipulation to trick individuals into divulging confidential information.
A cloud computing model where users access software applications over the internet rather than installing them locally.
An attack where a person or program successfully masquerades as another by falsifying data.
A cyber attack that targets weaker links in the supply chain to compromise a system or network.
The process of gathering and analysing information about threats to understand and mitigate potential attacks.
Malware that appears to be a legitimate program but carries a hidden, malicious payload.
A technology that creates a secure, encrypted connection over a less secure network, such as the internet.
An attack that exploits a previously unknown vulnerability for which no patch or fix is available.
If you require any further help, please get in touch with us at
support@auditee.io