eastbaycyber
Glossary
Category

Glossary

Definitions for every security term that matters: SIEM, EDR, zero trust, and the rest.

373 entries

Glossary

What is Endpoint Detection and Response? A Practitioner's Definition

Endpoint Detection and Response is a security capability that detects, investigates, and helps contain threats on laptops, servers, and other endpoints.

Glossary

What is Identity and Access Management? A Practitioner's Definition

Identity and Access Management controls who can access systems, what they can do, and how organizations enforce secure authentication.

Glossary

What is Network Detection and Response? A Practitioner's Definition

Network Detection and Response is a security capability that analyzes network activity to find threats, investigate incidents, and guide response.

Glossary

What is Extended Detection and Response? A Practitioner's Definition

Extended Detection and Response, or XDR, unifies telemetry, detection, and response across security tools to improve visibility and speed up triage.

Glossary

What is Security Information and Event Management? A Practitioner's Definition

Security Information and Event Management centralizes logs, correlates alerts, and helps teams detect, investigate, and respond faster.

Glossary

Attack Surface Management: Definition, How It Works, and When You’ll Use It

Attack surface management helps organizations find, monitor, and reduce exposed internet-facing assets before attackers can exploit them.

Glossary

Cyber Threat Intelligence (CTI): Definition, Uses, and Why It Matters

Cyber Threat Intelligence (CTI) is evidence-based information about threats that helps teams prioritize risk, detect attacks, and respond faster.

Glossary

Security Orchestration (SOAR): Definition, How It Works, and When You Will Encounter It

SOAR helps security teams automate workflows, connect tools, and respond faster to alerts. Learn what it is, how it works, and where it fits.

Glossary

Threat Intelligence Platform: Definition and How It Works

A threat intelligence platform collects, enriches, and operationalizes threat data so security teams can prioritize risks and act faster.

Glossary

Zero Trust Network Access (ZTNA): Definition, How It Works, and When You’ll Use It

Zero Trust Network Access is a secure access model that verifies users and devices before granting least-privilege access to apps.

Glossary

Access Control: Definition, How It Works, and Where You’ll See It

Access control defines who can access what. Learn authentication vs authorization, RBAC/ABAC, policy enforcement, and real-world examples.

Glossary

Account Takeover (ATO): Definition, How It Works, and How to Respond

Account takeover (ATO) is when attackers gain control of a real account. Learn common ATO methods, detection signals, and response steps.

Glossary

Active Directory (AD): Definition, How It Works, and Where You’ll Encounter It

Active Directory (AD) centralizes identities, authentication, and Group Policy in Windows domains. Learn how it works and where you’ll encounter it.

Glossary

Application Security (AppSec): Definition, How It Works, and Where You’ll Encounter It

Application security (AppSec) protects apps and APIs from vulnerabilities across the SDLC with secure design, testing, and runtime controls.

Glossary

ARP Spoofing: Definition, How It Works, Detection, and Mitigation

ARP spoofing (ARP poisoning) forges IP→MAC mappings to intercept LAN traffic. Learn how it works, how to detect it, and how to stop it.

Glossary

Attack Surface Management (ASM): Definition, How It Works, and When You’ll Encounter It

Attack Surface Management (ASM) continuously discovers and prioritizes internet-exposed assets so teams can reduce real-world security exposure.

Glossary

Audit Log: Definition, How It Works, and Why It Matters

An audit log records security-relevant actions (who/what/when/where). Learn how it works, how to protect integrity, and why it matters.

Glossary

Authentication vs Authorization: What’s the Difference?

Authentication confirms who you are; authorization determines what you can do. Definitions, workflows, examples, and key IAM terms.

Glossary

The Difference Between Authentication and Authorization

Authentication proves who you are; authorization controls what you can access. Learn flows, examples, IAM terms, and common failures.

Glossary

Authority To Operate (ATO): Definition, Process, and When You’ll Encounter It

Authority to Operate (ATO) explained: definition, steps, evidence, and when you’ll need one—plus SSP, POA&M, RMF, and monitoring.

Glossary

Bearer Token: Definition, How It Works, and Where You’ll See It

Bearer tokens are possession-based credentials used in Authorization: Bearer headers. Learn how they work, where they appear, and how to secure them.

Glossary

Blue Teaming: Definition, How It Works, and When You’ll Encounter It

Blue teaming is defensive security: monitoring, detection, incident response, and hardening. Learn how blue teams work and when you’ll meet them.

Glossary

Broken Object Level Authorization (BOLA): Definition, Examples, and How to Fix It

Broken Object Level Authorization (BOLA) enables IDOR-style access to others’ data via object IDs. Learn examples, detection, and fixes.

Glossary

Brute Force Attack: Definition, How It Works, and What to Do About It

A brute force attack repeatedly guesses passwords or keys. Learn the patterns, where it shows up (SSH/RDP/web), and how to stop it.

Glossary

Business Email Compromise (BEC): Definition, How It Works, and What to Do

Business email compromise (BEC) is targeted email fraud that steals money or data. Learn common scenarios, indicators, and what to do first.

Glossary

CI/CD Security Hardening Checklist (2026)

CI/CD security hardening checklist to protect runners, secrets, dependencies, artifacts, and deployments with enforceable, auditable controls.

Glossary

Cisco Vulnerability Management Basics

Cisco vulnerability management basics: track PSIRT advisories, map to inventory, prioritize by exposure, remediate, and verify closure.

Glossary

Cloud Security Basics: Shared Responsibility & Controls

Cloud security basics: shared responsibility, IAM, logging, encryption, CSPM, and practical steps to secure AWS/Azure/GCP and SaaS.

Glossary

Cloud Security: Definition, How It Works, When You’ll Encounter It, and Related Terms

Cloud security protects cloud apps, data, and infrastructure using IAM, encryption, posture management, and logging under shared responsibility.

Glossary

Code Signing: Definition, How It Works, and Where You’ll See It

Code signing uses digital signatures and certificates to prove software integrity and publisher identity. Learn how validation, timestamping, and failures work.

Glossary

Command and Control (C2): Definition, How It Works, and Why It Matters

Command and Control (C2) is how attackers manage compromised systems. Learn C2 stages, common protocols, and practical detection signals.

Glossary

Compensating Control in Compliance: Definition, Examples, and When to Use One

Learn what a compensating control is, when auditors accept it, and how to document it for PCI DSS, SOC 2, HIPAA, and ISO 27001.

Glossary

Compensating Control in Compliance: Definition & Examples

What a compensating control is, when it’s allowed, and how to document equivalency and evidence for PCI, HIPAA, ISO 27001, and audits.

Glossary

Conditional Access in Microsoft 365: Definition, How It Works, and When You’ll See It

Microsoft 365 Conditional Access evaluates sign-ins and enforces controls like MFA, compliant devices, or blocks based on risk and context.

Glossary

Confidential Computing: Definition, How It Works, and Where You’ll See It

Confidential computing protects data in use with hardware TEEs, memory encryption, and attestation—reducing host-level cloud risk.

Glossary

Consent Phishing: Definition, How It Works, and How to Spot It

Consent phishing tricks users into approving malicious OAuth app permissions, enabling mailbox/file access via tokens. Learn signs, impact, and defenses.

Glossary

Container Image Security Checklist (CI/CD to Kubernetes)

Container image security checklist: harden builds, scan + gate, generate SBOMs, sign images, lock registries, and enforce K8s admission policies.

Glossary

Container Security Hardening Checklist

Container security hardening checklist for Docker/Kubernetes: secure builds, scan/sign images, enforce least privilege, and monitor runtime threats.

Glossary

CSPM (Cloud Security Posture Management): Definition, How It Works, and When You’ll Encounter It

CSPM (Cloud Security Posture Management) finds cloud misconfigurations and compliance drift across AWS/Azure/GCP and helps you remediate them.

Glossary

CSRF (Cross-Site Request Forgery): Definition & Prevention

CSRF tricks a logged-in browser into unwanted actions. Learn how CSRF works and prevent it with tokens, SameSite cookies, and origin checks.

Glossary

A CVE: Definition, How It Works, and When You’ll Encounter It

A CVE is a public ID for a known vulnerability. Learn how CVE IDs are assigned, where you’ll see them, and how to use them in patching.

Glossary

Cybersecurity Framework: Definition, How It Is Used, and Examples

A cybersecurity framework organizes security controls and outcomes to manage risk. Learn how it works, where you’ll see it, and key related terms.

Glossary

DAST: Dynamic Application Security Testing Explained

DAST tests running web apps and APIs for real-world flaws by probing them like an attacker. Learn how it works, where it fits, and limits.

Glossary

Database Audit Logging Checklist (Security Ready)

Database audit logging checklist: what to log, how to protect logs, retention, SIEM alerts, and pitfalls so investigations don’t stall.

Glossary

Detection Engineering: Definition, How It Works, and Where You’ll Encounter It

Detection engineering builds, tests, and maintains security detections across SIEM/EDR/cloud to catch threats with low noise and clear response steps.

Glossary

DevSecOps: Definition, How It Works, When You’ll Encounter It, and Related Terms

DevSecOps embeds security into DevOps using automated CI/CD checks, policy-as-code, and supply-chain controls so teams ship faster and safer.

Glossary

Digital Forensics: Definition, How It Works, and When You’ll Encounter It

Digital forensics preserves and analyzes digital evidence for incidents, fraud, and legal matters. Learn the process, tools, and key use cases.

Glossary

DNS (Domain Name System): Definition, How It Works, and Where You’ll See It

DNS translates domain names into IPs and service records. Learn how resolution works, common record types, caching/TTL, and security basics.

Glossary

DNSSEC: Definition, How It Works, and When You’ll Encounter It

DNSSEC adds cryptographic signatures to DNS to stop spoofed answers. Learn how validation works, common records, and real-world pitfalls.

Glossary

Dual Stack Networking: Definition, How It Works, and Security Risks

Dual stack networking runs IPv4 and IPv6 together. Learn how it works, where you’ll see it, and the key security risks to mitigate.

Glossary

Dual Stack Networking: What It Is and What Are the Risks

Dual stack networking runs IPv4 and IPv6 in parallel. Learn how it works, where you’ll see it, and key security risks and mitigations.

Glossary

Edge Security Hardening Checklist

Edge security hardening checklist for firewalls, VPNs, routers & WAFs—lock down admin access, reduce exposure, log to SIEM, verify configs.

Glossary

Encryption: Definition, How It Works, and Where You’ll Encounter It

Encryption turns plaintext into ciphertext using keys. Learn how it works (TLS, AES), where you’ll see it, and what to verify in configs.

Glossary

Endpoint Detection and Response (EDR) Basics

EDR basics: what Endpoint Detection and Response is, how it works, and how teams investigate and respond to endpoint threats.

Glossary

Evil Twin Attack: Definition, How It Works, and How to Spot It

An evil twin attack is a rogue Wi‑Fi hotspot that mimics a trusted SSID to steal credentials or intercept traffic. Learn the signs and defenses.

Glossary

FIDO2: What It Is and Why It Matters

FIDO2 enables phishing-resistant login with passkeys or security keys using WebAuthn + CTAP2. Learn how it works, where it’s used, and why it matters.

Glossary

Forensic Imaging: Definition, Workflow, and When You’ll Need It

Forensic imaging creates a bit-for-bit copy with hashing and chain of custody so investigations analyze evidence without altering originals.

Glossary

GitOps Security Checklist (Practitioner Guide)

GitOps security checklist for Kubernetes: protect Git, harden CI, sign artifacts, manage secrets, least-privilege controllers, policy-as-code, logging.

Glossary

Hashing: Definition, How It Works, and Where You’ll See It in Security

Hashing creates a fixed-length fingerprint for integrity checks, password storage, and investigations. Learn how it works and common pitfalls.

Glossary

Home Network Segmentation Best Practices (Practical Guide)

Home network segmentation best practices: split Trusted/IoT/Guest with VLANs or SSIDs and firewall rules to reduce breach blast radius.

Glossary

How Role-Based Access Control (RBAC) Works

Learn how RBAC works—users get roles, roles grant permissions—to enforce least privilege across IAM, cloud, SaaS, and Kubernetes.

Glossary

HTTPS (Hypertext Transfer Protocol Secure)

HTTPS is HTTP over TLS—encrypting web traffic, ensuring integrity, and authenticating sites with certificates. Learn setup, HSTS, and checks.

Glossary

HTTPS: Definition, How It Works, and Where You’ll See It

HTTPS (HTTP over TLS) encrypts web traffic, authenticates sites with certificates, and prevents tampering. Learn where it appears and how to troubleshoot.

Glossary

Hypervisor: Definition, How It Does Virtualization & Why It Matters

A hypervisor runs and isolates virtual machines on a host. Learn Type 1 vs Type 2, how virtualization works, and key security practices.

Glossary

IAM (Identity and Access Management): Definition, How It Works, and Where You’ll Encounter It

IAM (Identity and Access Management) controls who can access what. Learn how IAM works, where it appears, and key related terms.

Glossary

Identity Attacks Explained

Identity attacks steal or abuse credentials, MFA, and sessions to take over accounts. Learn how they work, where they appear, and key terms.

Glossary

IDOR (Insecure Direct Object Reference): Definition, How It Works, and Where You’ll See It

IDOR is a broken access control flaw where changing an ID in a URL or API exposes other users’ data. Learn how it works and how to spot it.

Glossary

Incident Response Checklist for Small IT Teams

Step-by-step incident response checklist for small IT teams: triage, containment, evidence, eradication, recovery, and post-incident actions.

Glossary

Incident Response for Network Appliances: Definition, Workflow, and Field Guide

Incident response for firewalls, VPNs, routers & NAS: contain safely, preserve configs/logs, verify firmware, hunt persistence, recover clean.

Glossary

Incident Response for Network Appliances: Definition, Workflow, and Practical Playbooks

Incident response for network appliances: fast scoping, evidence capture, containment, credential rotation, config integrity checks, and recovery playbooks.

Glossary

Incident Response Fundamentals: Definition, Process, and What to Do First

Incident response fundamentals: define incidents fast, contain impact,preserve evidence, eradicate root cause, recover safely.

Glossary

Incident Response (IR): Definition, Process, and When You Need It

Incident response is a repeatable process to detect, contain, eradicate,and recover from security incidents—plus lessons learned to prevent repeats.

Glossary

Incident Response Plan (IRP): Definition, Workflow, and Practical Use

An incident response plan (IRP) is a repeatable playbook to detect, contain, eradicate, and recover from security incidents with clear roles and comms.

Glossary

Incident Response Planning Checklist (IRP) — Definition, Steps, and Quick Audit List

Incident response plan checklist with roles, runbooks, logging, comms, legal, evidence handling, tabletop tests, and backup readiness.

Glossary

Insider Threat: Definition, How It Works, and What to Do About It

Insider threat: risk from trusted access. Learn common patterns and practical controls like least privilege, logging, DLP, and offboarding.

Glossary

What Does an Intrusion Detection System (IDS) Do?

An intrusion detection system (IDS) monitors network/host activity for attacks, generates alerts for investigation, and supports SIEM/SOC workflows.

Glossary

IOC (Indicator of Compromise): Definition, How It Works, and How to Use It

An IOC is observable evidence of compromise. Learn IOC types, how to use them in SIEM/EDR, and best practices to reduce false positives.

Glossary

IoT Security Checklist for Small Business

IoT security checklist for small business: inventory, segmentation, hardening, firmware patching, monitoring, vendor risk, and incident response.

Glossary

IoT Security Hardening Checklist (Practical Guide for 2026)

IoT security hardening checklist for cameras, sensors, gateways: inventory, identity, segmentation, patching, logging, and incident response.

Glossary

Jump Server (Bastion Host): Definition, How It Works, and Where You’ll See It

A jump server is a hardened gateway for admin access to private systems. Learn how it works, key use cases, and hardening basics.

Glossary

Jump Server (Bastion Host): Definition, How It Works

A jump server (bastion host) is a hardened gateway for privileged access to private systems. Learn how it works, patterns, and best practices.

Glossary

KMS (Key Management Service): Definition, How It Works, and Where You’ll See It

KMS centralizes encryption key creation, storage, access control, rotation, and audit logs. Learn how it works and where you’ll see it.

Glossary

Kubernetes Secrets Management Best Practices

Kubernetes secrets best practices: etcd encryption, least-privilege RBAC, safer mounting, external secret managers, rotation, and auditing.

Glossary

Lateral Movement: Definition, How It Works, and How to Detect It

Lateral movement is how attackers pivot after initial access. Learn common paths (RDP/SMB/WinRM), what to monitor, and how to stop spread.

Glossary

Least Privilege IAM Review Checklist (Quick, Practical Guide)

Run a least privilege IAM review: check users, roles, policies, service accounts, and admin paths. Includes verification, evidence, and fixes.

Glossary

Least Privilege in Cloud Security: Definition, How It Works, and Where You’ll See It

Least privilege in cloud security means granting only the minimum access needed. See how it works in IAM roles, policies, CI/CD, and Kubernetes.

Glossary

Least Privilege: Definition, How It Works, and Where You’ll See It

Least privilege grants only the access needed—no more. Learn how it works, where it’s used, and practical steps to implement it.

Glossary

Linux Log Analysis for Security Teams (2026 Guide)

Linux log analysis for security teams: key log sources, fast CLI workflows, detection patterns, and SIEM tips to speed incident response.

Glossary

Linux Patch Management Best Practices

Linux patch management best practices: risk-based SLAs, staging rings, automation with apt/dnf/yum, verification, and reboot/kernel drift control.

Glossary

Live Response in Incident Handling: Definition, Workflow, and When to Use It

Live response captures volatile evidence from running systems. Learn the workflow, what to collect first, and when to use it in incidents.

Glossary

Log Management: Definition, How It Works, and When You’ll Encounter It

Log management centralizes, normalizes, stores, and analyzes logs for troubleshooting, security monitoring, and compliance.

Glossary

macOS Security Basics for IT Teams

macOS security basics for IT teams: what to enforce with MDM, FileVault, Gatekeeper, SIP/TCC, firewall, and logging—plus practical checks.

Glossary

Malware: Definition, How It Works, When You’ll Encounter It, and Related Terms

Malware is malicious software that disrupts, spies, or extorts. Learn its lifecycle, common entry points, warning signs, and key related terms.

Glossary

Malware vs Virus: What’s the Difference?

Malware is any malicious software; a virus is a type that infects files and replicates when they run. Learn how each works and what to do next.

Glossary

Malware: Definition, How It Works, Where You’ll Encounter It, and Related Terms

Malware is malicious software that steals data, disrupts systems, or enables access. Learn how infections happen, where it appears, and key terms.

Glossary

Man-in-the-Middle (MITM) Attack: Definition, How It Works, and Where You’ll See It

Man-in-the-middle (MITM) attacks intercept or alter traffic between parties. Learn how they work, where they happen, and how to stop them.

Glossary

Microsegmentation: Definition, How It Works, and When You’ll Encounter It

Microsegmentation enforces workload-level policies to block lateral movement and control east-west traffic in data centers and cloud.

Glossary

MITRE ATT&CK and How Teams Use It

Learn what MITRE ATT&CK is, how tactics and techniques work, and how SOC teams use it for detections, hunting, testing, and reporting.

Glossary

MITRE ATT&CK: Definition, How It Works, and When You'll Encounter It

Learn what MITRE ATT&CK is, how tactics and techniques work, and how SOC, IR, and threat intel teams use it to measure detection coverage.

Glossary

MITRE ATT&CK and How Teams Use It

MITRE ATT&CK explains attacker behaviors. Learn how SOCs use it for detection mapping, hunting, purple teaming, and IR reporting.

Glossary

Mobile Incident Response Checklist (IR) — Step-by-Step Guide for Security Teams

Mobile incident response checklist for iOS/Android: contain fast, preserve device+cloud evidence, triage, eradicate, recover, and harden.

Glossary

Mobile Incident Response Playbook (MIRP): Definition, Steps, and When to Use It

Mobile incident response (MIRP) is a repeatable process to detect, contain, investigate, and recover from iOS/Android incidents.

Glossary

Multi Factor Authentication (MFA): Definition, How It Works, and Where You’ll See It

Multi factor authentication (MFA) adds 2+ verification factors to prevent account takeovers. Learn methods, best practices, and where MFA is used.

Glossary

Network Segmentation: What It Is and Why It Matters

Network segmentation isolates zones and limits lateral movement. Learn how it works, where you’ll see it, and practical rule patterns.

Glossary

The NIST Cybersecurity Framework (CSF): Definition, How It Works, and When You’ll Encounter It

NIST CSF 2.0 explains cyber risk using Govern, Identify, Protect, Detect, Respond, Recover. Learn how it works and when you’ll use it.

Glossary

NIST SP 800-53 Explained: Controls, Baselines, RMF

Learn what NIST SP 800-53 is, how controls and baselines work, and when you’ll face it in RMF, FISMA, and FedRAMP audits.

Glossary

OpenID Connect (OIDC): Definition, Flow, and Where You’ll See It

OpenID Connect (OIDC) is an identity layer on OAuth 2.0. Learn the OIDC flow, tokens, endpoints, and where you’ll encounter it in SSO.

Glossary

OT Incident Response Planning: Process & Practical Steps

OT incident response planning: roles, runbooks, safe containment, and validated recovery for ICS/SCADA incidents without compromising safety.

Glossary

OT Network Segmentation Basics (Operational Technology)

OT network segmentation basics: define zones and conduits, use an OT DMZ, and reduce lateral movement risk in industrial environments.

Glossary

Pass-the-Ticket (PtT) Attack: How It Works & Detection

Pass-the-Ticket (PtT) replays stolen Kerberos TGT/TGS tickets to access AD resources without a password. Learn mechanics, logs, and detection.

Glossary

Passkeys: Definition, How They Work, and Where You’ll See Them

Passkeys replace passwords with phishing-resistant FIDO2/WebAuthn sign-ins using device-bound cryptographic keys. Learn how they work and where used.

Glossary

Passkeys: Definition, How They Work, and Where You’ll See Them

Passkeys replace passwords with phishing-resistant WebAuthn/FIDO2 sign-ins. Learn how passkeys work, where you’ll see them, and rollout tips.

Glossary

Password Hashing: Definition, How It Works, and Where You’ll See It

Password hashing stores one-way password verifiers using salts and slow KDFs like Argon2id or bcrypt to resist offline cracking.

Glossary

Password Manager Security Best Practices (2026 Guide)

Password manager security best practices for 2026: master passphrase, phishing-resistant MFA, vault hardening, monitoring, sharing controls, recovery.

Glossary

Password Manager: Definition, How It Works, and When You’ll Encounter It

A password manager stores and generates passwords in an encrypted vault. Learn how it works, where you’ll see it, and how to deploy it safely.

Glossary

Patch Management Best Practices: A Practitioner’s Guide

Patch management best practices: inventory, prioritize, stage rings, automate deployment, verify fixes, and report risk with practical workflows.

Glossary

Patch Management Best Practices

Patch management best practices: inventory assets, prioritize by exploitability, stage and test releases, deploy safely, and verify with logs.

Glossary

Penetration Testing: Definition, How It Works, and When You’ll Encounter It

Penetration testing (pen test) explained: definition, steps, deliverables, and when to schedule one to validate real-world security risk.

Glossary

Phishing: Definition, How It Works, When You’ll Encounter It, and Related Terms

Phishing is a social engineering attack that tricks users into revealing credentials or installing malware. Learn how it works and how to spot it.

Glossary

Pimcore Security Hardening (Checklist for 2026)

Pimcore security hardening checklist: lock down /admin, enforce MFA/SSO, patch Symfony/PHP deps, secure secrets, add WAF, logging, backups.

Glossary

Pimcore Security Hardening: Definition, How It Works, When You’ll Encounter It, Related Terms

Pimcore security hardening checklist: lock down /admin, rotate secrets, harden PHP/Symfony, add headers, scan uploads, and monitor logs.

Glossary

PKI (Public Key Infrastructure): Definition, How It Works, and Where You’ll See It

PKI explained: how digital certificates and CAs work, where PKI is used (TLS, mTLS, VPN, Wi‑Fi), plus lifecycle tips.

Glossary

Ransomware Response Checklist (IR Quick Guide)

Ransomware response checklist to contain fast, preserve evidence, eradicate, recover safely, and handle comms/notifications.

Glossary

Red Teaming: Definition, How It Works, When You’ll Encounter It, Related Terms

Red teaming emulates real attackers to test detection and response end-to-end. Learn phases, ROE, reporting, and when it’s worth it.

Glossary

Remote Code Execution (RCE): Definition, How It Works, and Where You’ll See It

Remote code execution (RCE) lets attackers run commands on a system over a network. Learn common paths, where it appears, and how to respond.

Glossary

Cybersecurity Risk Management: Definition & How It Works

Cybersecurity risk management identifies, prioritizes, and treats risk using a risk register, scoring, and continuous review.

Glossary

Risk Management: Definition, How It Works, When You’ll Encounter It

Learn cybersecurity risk management: definition, workflow, risk register basics, and when you’ll use it for audits, vendors, cloud, and incidents.

Glossary

Rootkit: Definition, How It Works, Where You’ll Encounter It

Rootkit malware hides attacker access by tampering with OS, boot, or firmware. Learn layers, signs, and practical response steps.

Glossary

Runner Hardening Best Practices

Runner hardening best practices for CI/CD: isolate builds, enforce least privilege, protect secrets, patch, log, and monitor runners.

Glossary

SAML Definition: SSO Flow, IdP/SP, and Troubleshooting

Learn what SAML is, how IdP↔SP SSO works, what to validate in assertions, and where SAML appears in enterprise identity.

Glossary

Sandboxing: Definition, How It Works, and Where You’ll Encounter It

Sandboxing isolates untrusted code to reduce malware impact. Learn how it works in browsers, email detonation, EDR, VMs, and containers.

Glossary

SAST (Static Application Security Testing): Definition, How It Works, and When You’ll Encounter It

SAST (static application security testing) scans code without running it to find flaws early. Learn how it works, CI/CD use, and tips.

Glossary

SBOM Practical Guide: Definition, How It Works, and When You’ll Encounter It

Learn what an SBOM is, how SPDX and CycloneDX work, and when SBOMs show up in CI/CD, procurement, and vulnerability response.

Glossary

Secure by Design: Definition, How It Means, and Where You’ll See It

Secure by Design builds security into architecture, code, and defaults from day one. Learn how it works, where you’ll encounter it, and key terms.

Glossary

Securing Active Directory Environments

Secure Active Directory with practical hardening steps: Tier 0 controls, Kerberos/NTLM monitoring, GPO/ACL auditing, and recovery readiness.

Glossary

SIEM Hardening Best Practices (2026 Guide)

SIEM hardening best practices to secure ingestion, access, storage, integrations, and audit trails—so attackers can’t blind detection.

Glossary

SIEM Hardening Best Practices

SIEM hardening best practices: MFA/RBAC, secure log ingestion, tamper-resistant retention, change control, and monitoring to stop SIEM abuse.

Glossary

SIEM Explained: Definition, How It Works, and Use Cases

Learn what SIEM is, how it ingests and correlates logs, and when you’ll use it for detection, investigations, and compliance.

Glossary

Single Sign-On (SSO): Definition, How It Works, and Where You’ll See It

Single sign-on (SSO) lets you access many apps with one login. Learn how SAML/OIDC works, where SSO appears, and how to secure it.

Glossary

Small Business Backup Strategy: Resilience & Recovery

Build a small business backup strategy with clear RPO/RTO, 3-2-1 plus immutable/offsite copies, MFA-protected access, and routine restore tests.

Glossary

Smishing Defense Best Practices

Smishing defense: how SMS phishing works and how to stop it with MFA hardening, reporting, mobile controls, and incident response steps.

Glossary

SOC 2 Report Explained: Definition, Types, and How to Read It

SOC 2 is an independent assurance report on a vendor’s controls. Learn Trust Services Criteria, Type I vs Type II, scope, exceptions, and CUECs.

Glossary

Social Engineering in Cybersecurity: Definition, How It Works, and Where You’ll See It

Learn what social engineering is, how attackers manipulate people, common scenarios, and practical defenses for teams and SMBs.

Glossary

Software Supply Chain Attack: Definition, How It Works, and What to Do

Learn what a software supply chain attack is, how attackers compromise dependencies and CI/CD, and practical steps to prevent and detect it.

Glossary

Software Supply Chain Risk Management: Definition & Next Steps

Software supply chain risk management (SSCRM) cuts risk from dependencies and CI/CD with SBOMs, signing, provenance, and pipeline hardening.

Glossary

Spear Phishing: Definition, How It Works, and How to Spot It

Spear phishing is targeted phishing aimed at a person or team. Learn how it works, common signs, and what to do if you receive one.

Glossary

SQL Injection Prevention Best Practices

SQL injection prevention best practices: parameterized queries, allowlists, least privilege, safe errors, logging, WAF/RASP, and testing.

Glossary

SQL Injection (SQLi): Definition, How It Works, and Prevention

SQL injection (SQLi) occurs when untrusted input becomes SQL. Learn how SQLi works, where it appears, and how to prevent and detect it.

Glossary

Supply Chain Security Basics

Supply chain security basics: how software supply chain attacks happen and the practical controls—SBOMs, signing, CI/CD hardening—to reduce risk.

Glossary

Third Party Risk Management Basics

Third party risk management basics: tier vendors, assess controls (SOC 2), contract requirements, monitor continuously, and offboard safely.

Glossary

Third Party Risk Management Best Practices

Practical TPRM best practices: inventory vendors, tier risk, verify controls with evidence, add contract clauses, monitor continuously, and offboard safely.

Glossary

Third Party Risk

Third party risk is exposure inherited from vendors. Learn how it works, where it shows up, and practical steps to assess and reduce vendor risk.

Glossary

TLS (Transport Layer Security): Definition, How It Works, and Where You’ll See It

TLS encrypts data in transit for HTTPS, APIs, email, and VPNs. Learn TLS handshakes, TLS 1.3 vs 1.2, certs, mTLS, and hardening tips.

Glossary

Tokenization: Definition, How It Works, and Where You’ll See It

Tokenization replaces sensitive data with tokens to reduce breach impact and compliance scope. Learn how it works and when to use it.

Glossary

VPN Definition: How It Works and When You’ll Use It

What a VPN is, how VPN tunneling works, common use cases, and key terms like IPsec, WireGuard, and split tunneling.

Glossary

VPN Definition: How It Works and When You’ll Use One

A VPN encrypts traffic between your device and a VPN endpoint. Learn how tunnels, routing, DNS, and logs work in real deployments.

Glossary

Vulnerability Management Best Practices (2026): A Practical Guide

Vulnerability management best practices for 2026: asset coverage, continuous scanning, risk-based prioritization, SLAs, verification, and metrics.

Glossary

Vulnerability Management Triage Workflow

Practitioner triage workflow to validate vulnerability findings, prioritize risk, assign owners/SLAs, and verify remediation with evidence.

Glossary

Vulnerability Management: Definition, Process, and Practical Use

Vulnerability management is a continuous loop to find, prioritize, fix, and verify security weaknesses across systems before attackers exploit them.

Glossary

Vulnerability Scanning: Definition, How It Works, When You’ll Encounter It, and Related Terms

Vulnerability scanning finds known weaknesses in systems and apps. Learn how it works, when to use it, and key related terms.

Glossary

WAF (Web Application Firewall): Definition, How It Does Works & When You'll See One

A WAF (Web Application Firewall) inspects HTTP/S traffic to block threats like SQLi and XSS. Learn how it works, where it sits, and when you need it.

Glossary

Web Application Hardening Checklist (Practical Guide)

Web application hardening checklist to secure auth, sessions, headers, TLS, input handling, logging, and deployment with actionable steps.

Glossary

Web Server Hardening Checklist (2026)

Web server hardening checklist for Nginx, Apache & IIS: cut attack surface, lock TLS/headers, tighten access, monitor logs, and verify.

Glossary

What a SOC Analyst Does Day to Day: Duties, Workflow, Tools

SOC analyst day-to-day work: SIEM/EDR monitoring, triage, investigation, containment, reporting, and improving detections—plus when you’ll engage a SOC.

Glossary

What a SOC Analyst Does Day to Day (Security Operations Center)

See what a SOC analyst does daily: monitor alerts, triage, investigate in SIEM/EDR, coordinate containment, and improve detections.

Glossary

What an Intrusion Prevention System (IPS) Does

An intrusion prevention system (IPS) inspects traffic inline and blocks attacks in real time using signatures, behavior, and policy controls.

Glossary

What Does a SOC Do? Definition, Workflow, and When You’ll Encounter One

Learn what a SOC does: definition, daily workflow, alerts and escalation, and when you’ll interact with a Security Operations Center.

Glossary

What Is a SOC? Definition, How It Works, When You’ll Encounter It

A SOC (Security Operations Center) monitors, detects, and responds to threats. Learn how it works, when you need one, and key related terms.

Glossary

When Does a Security Incident Become a Reportable Data Breach?

Learn when a security incident becomes a reportable data breach, what triggers breach notification, and the first steps to take.

Glossary

Wiper Malware: Definition, How It Works, and When You’ll Encounter It

Wiper malware destroys data to disrupt operations. Learn how it works, warning signs, where it appears, and what to do first in IR.

Glossary

WordPress Plugin Security Best Practices (Practical Checklist for Admins)

WordPress plugin security best practices to cut risk: vet plugins, patch fast, enforce least privilege, add WAF, monitoring, and backups.

Glossary

WPA2: Definition, How It Works, and Where You’ll Encounter It

WPA2 is the Wi‑Fi security standard (802.11i) using AES‑CCMP. Learn WPA2 modes, the 4‑way handshake, and where you’ll see it.

Glossary

What Is a Bastion Host?

A bastion host is a hardened system used as a controlled entry point for administrative access to private networks or servers.

Glossary

What Is a Bootkit?

A bootkit is malware that infects the boot process so it runs before the operating system and can evade normal defenses.

Glossary

What Is a Botnet?

A botnet is a network of compromised devices controlled by an attacker to launch DDoS attacks, send spam, steal data, or spread malware.

Glossary

What Is a Buffer Overflow?

A buffer overflow happens when a program writes past a buffer’s limit, causing crashes, memory corruption, or possible code execution.

Glossary

What Is a Business Continuity Plan?

A business continuity plan documents how an organization keeps critical operations running during and after disruptions.

Glossary

What Is a CAA Record?

Learn what a CAA record is, how it controls TLS certificate issuance, and why it matters for DNS and domain security.

Glossary

What Is a Captive Portal?

A captive portal is a network access page that requires login, acceptance, or payment before granting internet access.

Glossary

What Is a Cloud Workload Protection Platform?

A CWPP secures cloud workloads like VMs, containers, and servers with visibility, policy enforcement, and threat detection.

Glossary

What Is a Digital Signature?

A digital signature verifies who signed data and whether it was altered, using public-key cryptography and certificate trust.

Glossary

What Is a Drive-By Download?

A drive-by download is malware delivered when a user visits a compromised or malicious site, often without clear consent.

Glossary

What Is a Golden Ticket?

A Golden Ticket is a forged Kerberos ticket that can give attackers persistent, high-privilege access in Active Directory.

Glossary

What Is a Jump Server?

A jump server is a hardened intermediary system used to control and monitor administrative access to sensitive internal systems.

Glossary

What Is a Logic Bomb?

A logic bomb is malicious code that stays dormant until a condition is met, then triggers harmful actions like deletion or disruption.

Glossary

What Is a Penetration Test?

A penetration test is an authorized security assessment that simulates real-world attacks to find and validate exploitable weaknesses.

Glossary

What Is a Race Condition?

A race condition is a flaw where system behavior depends on timing, allowing unintended actions when operations occur out of order.

Glossary

What Is a Reproducible Build?

A reproducible build produces the same output from the same source and build environment, helping verify software integrity.

Glossary

What Is a Rogue Access Point?

A rogue access point is an unauthorized Wi-Fi device that can expose a network to interception, abuse, or unauthorized access.

Glossary

What Is a Route Leak?

A route leak is the improper advertisement of internet routes, causing traffic to take unintended paths and creating outages or instability.

Glossary

What Is a Service Mesh?

A service mesh manages, secures, and observes service-to-service communication in distributed applications.

Glossary

What Is a Sidecar Proxy?

A sidecar proxy is a helper proxy that runs alongside an app instance to handle network traffic, security, and observability.

Glossary

What Is a Supply Chain Attack?

Learn what a supply chain attack is, how vendor and software trust is abused, and why third-party risk matters to defenders.

Glossary

What Is a Tabletop Exercise?

A tabletop exercise is a discussion-based simulation used to test how teams would respond to a cyber incident or business disruption.

Glossary

What Is a Trojan?

A Trojan is malware disguised as legitimate software to trick users into running it and giving attackers access or control.

Glossary

What Is a Trusted Execution Environment?

A Trusted Execution Environment is a hardware-isolated area that protects sensitive code and data from the rest of the system.

Glossary

What Is a Watering Hole Attack?

A watering hole attack compromises a trusted website to infect, exploit, or steal credentials from a specific target group.

Glossary

What Is a Web Application Firewall?

A web application firewall filters and monitors HTTP traffic to help block attacks against websites, web apps, and APIs.

Glossary

What Is a Zero Day?

A zero day is a software vulnerability unknown to the vendor or unpatched when attackers begin exploiting it.

Glossary

What Is ABAC?

ABAC is an access control model that grants or denies access based on attributes like user, device, data, and context.

Glossary

What Is Adware?

Learn what adware is, how it works, when you'll encounter it, and the related security terms IT teams should know.

Glossary

What Is Air Gapped Backup?

An air gapped backup is isolated from production systems so attackers cannot easily encrypt, delete, or tamper with recovery data.

Glossary

What Is an Amplification Attack?

An amplification attack is a DDoS technique that uses third-party servers to multiply traffic and overwhelm a target.

Glossary

What Is an Audit Log?

An audit log records user and system activity to support investigations, detection, accountability, and compliance.

Glossary

What Is an HSM?

An HSM is a hardware security module: a dedicated device that generates, stores, and uses cryptographic keys with strong protection.

Glossary

What Is an Immutable Log?

An immutable log is a tamper-resistant record that cannot be altered or deleted, helping preserve evidence and audit integrity.

Glossary

What Is an Indicator of Compromise?

Learn what an indicator of compromise is, common IOC examples, how teams use IOCs for detection and incident response, and where IOC limits matter.

Glossary

What Is an IOC?

An IOC, or indicator of compromise, is evidence that suggests a system, account, or network may have been breached or abused.

Glossary

What Is an Out-of-Band Patch?

An out-of-band patch is an urgent update released outside the normal patch cycle to fix critical security or stability issues.

Glossary

What Is Anonymization?

Learn what anonymization is, how data anonymization works, where re-identification risk remains, and how it differs from pseudonymization.

Glossary

What Is ARM TrustZone?

Learn what ARM TrustZone is, how it creates a secure world on ARM devices, and where it is used for keys, boot, biometrics, and device security.

Glossary

What Is Asymmetric Encryption?

Asymmetric encryption uses a public and private key pair to encrypt data, verify identity, and secure communications.

Glossary

What Is Backup?

A backup is a separate copy of data kept so files and systems can be restored after deletion, corruption, hardware failure, or attack.

Glossary

What Is BGP Hijacking?

BGP hijacking is the unauthorized announcement of IP routes that diverts, intercepts, or blackholes internet traffic.

Glossary

What Is Blue Team?

Blue Team is the defensive side of cybersecurity, responsible for detection, prevention, response, and resilience across an organization.

Glossary

What Is Bot Management?

Bot management identifies and controls automated traffic so websites and APIs can block abusive bots without disrupting legitimate use.

Glossary

What Is Broken Access Control?

Learn what broken access control is, how authorization flaws work, and why they can expose data, admin functions, and other users' records.

Glossary

What Is CASB?

CASB stands for Cloud Access Security Broker, a control point that enforces security policies across cloud apps and SaaS usage.

Glossary

What Is CCPA?

CCPA is a California privacy law that gives residents rights over personal information and requires covered businesses to provide disclosures and response processes.

Glossary

What Is Certificate Pinning?

Certificate pinning is a technique that restricts which certificates or keys an app will trust for a specific service or domain.

Glossary

What Is Chain of Custody?

Chain of custody is the documented record of how evidence is collected, handled, transferred, and protected to preserve integrity.

Glossary

What Is Clickjacking?

Learn what clickjacking is, how it tricks users into unintended clicks, common risks, and the browser defenses that help stop it.

Glossary

What Is Cloud Infrastructure Entitlement Management?

CIEM helps organizations discover, analyze, and reduce excessive cloud permissions across identities, roles, and workloads.

Glossary

What Is Cloud Security Posture Management?

Cloud Security Posture Management helps teams find and fix cloud misconfigurations, policy drift, and compliance gaps.

Glossary

What Is Command Injection?

Command injection is a vulnerability that lets attacker input execute system commands on a server or application host.

Glossary

What Is Containerization?

Containerization packages applications with dependencies so they run consistently across environments using OS-level isolation.

Glossary

What Is Credential Stuffing?

Credential stuffing is an automated attack that uses stolen username-password pairs to log into other accounts.

Glossary

What Is Cross-Site Scripting?

Cross-site scripting, or XSS, is a web vulnerability that lets attackers run malicious scripts in a user's browser.

Glossary

What Is Cryptojacking?

Learn what cryptojacking is, how it works, where it appears, and the key security terms related to unauthorized crypto mining.

Glossary

What Is CSRF?

CSRF is an attack that tricks a logged-in user's browser into sending unauthorized requests to a trusted web application.

Glossary

What Is CVSS?

CVSS is a standard scoring system used to rate the severity of software vulnerabilities based on exploitability and impact.

Glossary

What Is CWE?

CWE is a catalog of software and hardware weakness types used to classify common security flaws and improve remediation.

Glossary

What Is Data Classification?

Learn what data classification is, how labels work, and why organizations use them to protect sensitive data and enforce access controls.

Glossary

What Is Data Residency?

Data residency is the requirement or practice of storing and processing data in a specific geographic jurisdiction.

Glossary

What Is Data Sovereignty?

Data sovereignty means data is subject to the laws of the country where it is stored, processed, or controlled.

Glossary

What Is DDoS?

Learn what DDoS is, how it works, common attack types, and how security teams reduce denial-of-service risk.

Glossary

What Is Defense in Depth?

Learn what defense in depth is, how layered security works, when teams use it, and the related terms every security program should know.

Glossary

What Is Dependency Confusion?

Dependency confusion is a supply chain attack where public packages are mistaken for internal ones and installed by build systems.

Glossary

What Is Differential Privacy?

Differential privacy is a method for analyzing data while limiting what can be learned about any one individual.

Glossary

What Is Disaster Recovery?

Disaster recovery is the process of restoring systems, data, and operations after an outage, attack, or other disruptive event.

Glossary

What Is Disk Forensics?

Disk forensics is the analysis of storage media to recover, preserve, and investigate digital evidence from files and system artifacts.

Glossary

What Is DLP?

Learn what DLP is, how Data Loss Prevention works, and how teams protect sensitive data from leaks, misuse, and exfiltration.

Glossary

What Is DNS over HTTPS?

DNS over HTTPS encrypts DNS lookups inside HTTPS traffic to improve privacy and reduce visibility into queried domains.

Glossary

What Is DNS over TLS?

DNS over TLS encrypts DNS queries between a device and resolver to improve privacy and reduce network interception.

Glossary

What Is DNS Spoofing?

DNS spoofing tricks systems into resolving a domain to the wrong IP address, often redirecting users to malicious sites.

Glossary

What Is DNS Tunneling?

DNS tunneling abuses DNS queries and responses to move data or command traffic through networks that would otherwise block it.

Glossary

What Is DoS?

Learn what DoS is, how it works, when teams encounter it, and the key terms related to denial-of-service attacks.

Glossary

What Is Dynamic Application Security Testing?

DAST tests a running application from the outside to find exploitable web security flaws such as injection and auth issues.

Glossary

What Is eBPF?

Learn what eBPF is, how it works in Linux, and why teams use it for observability, runtime security, and Kubernetes visibility.

Glossary

What Is EDR? A Practitioner's Definition

EDR monitors endpoints for threats, records activity, and enables rapid response. Learn how it works and when you'll encounter it.

Glossary

What Is EDR?

Learn what EDR is, how it works, when teams use it, and the key security terms related to endpoint detection and response.

Glossary

What Is Envelope Encryption?

Envelope encryption protects data with a data key that is itself encrypted by a master key, improving scale and key management.

Glossary

What Is Evil Twin?

Learn what an evil twin attack is, how fake Wi-Fi hotspots steal data, and how to reduce risk on public and guest networks.

Glossary

What Is FedRAMP?

FedRAMP is the U.S. program for standardizing security assessment and authorization of cloud services used by federal agencies.

Glossary

What Is FISMA?

Learn what FISMA is, who it applies to, how it works with NIST RMF, and why it matters for federal agencies and contractors.

Glossary

What Is GDPR?

GDPR is the EU privacy law that governs how organizations collect, use, secure, and manage personal data.

Glossary

What Is Hashing?

Learn what hashing is, how cryptographic hashes work, and why hashing matters for integrity checks, password storage, and security workflows.

Glossary

What Is Heap Spray?

Learn what heap spray is, how this memory exploitation technique works, and why it appears in browser exploits and code execution attacks.

Glossary

What Is HIPAA?

Learn what HIPAA is, who it applies to, what PHI means, and how the law affects healthcare privacy, security, and breach response.

Glossary

What Is HMAC?

HMAC is a cryptographic method that uses a secret key with a hash function to verify message integrity and authenticity.

Glossary

What Is Homomorphic Encryption?

Homomorphic encryption lets systems compute on encrypted data without decrypting it first, reducing exposure during processing.

Glossary

What Is HSTS?

HSTS is an HTTP security policy that tells browsers to use HTTPS only and reject insecure downgrade attempts.

Glossary

What Is Incident Response Plan?

Learn what an incident response plan is, how it works, and why organizations use it to contain, investigate, and recover from cyber incidents.

Glossary

What Is Insecure Deserialization?

Insecure deserialization is a flaw where untrusted serialized data is processed, leading to tampering, privilege abuse, or code execution.

Glossary

What Is Insecure Direct Object Reference?

Insecure Direct Object Reference is an access control flaw where users can access records or actions by changing an identifier.

Glossary

What Is Intel SGX?

Intel SGX is a hardware feature that creates protected memory enclaves so sensitive code and data can run in isolation.

Glossary

What Is Interactive Application Security Testing?

Learn what IAST is, how interactive application security testing works, and how it compares with SAST and DAST in AppSec programs.

Glossary

What Is ISO 27001?

ISO 27001 is an international standard for building, operating, and improving an information security management system.

Glossary

What Is Just-in-Time Access?

Learn what just-in-time access is, how JIT access works, and why time-limited admin rights reduce standing privilege risk.

Glossary

What Is JWT?

JWT is a JSON Web Token, a signed token used to carry claims for authentication, authorization, and API access.

Glossary

What Is K-Anonymity?

K-anonymity is a privacy method that makes each record indistinguishable from at least k-1 others based on identifying attributes.

Glossary

What Is Kerberoasting?

Kerberoasting is an Active Directory attack that extracts service tickets for offline password cracking of service accounts.

Glossary

What Is Key Management Service?

Learn what a Key Management Service is, how KMS protects encryption keys, and why key rotation and access control matter.

Glossary

What Is Kubernetes Security Posture Management?

Learn what Kubernetes Security Posture Management is, how KSPM works, and how it helps find misconfigurations and risky permissions.

Glossary

What Is Lateral Movement?

Lateral movement is when an attacker moves from one compromised system to others to expand access, reach targets, and deepen control.

Glossary

What Is Living off the Land?

Living off the land is an attacker technique that abuses legitimate system tools and built-in features to evade detection.

Glossary

What Is Log Aggregation?

Log aggregation collects logs from many systems into one place for search, monitoring, troubleshooting, and security analysis.

Glossary

What Is Log Retention?

Log retention is the practice of keeping security and system logs for a defined period to support investigations, compliance, and operations.

Glossary

What Is Malvertising?

Malvertising is the use of online ads to deliver scams, redirects, or malware through advertising and sponsored search results.

Glossary

What Is Man in the Middle?

A man-in-the-middle attack intercepts or alters communications between two parties without their knowledge.

Glossary

What Is MDR? A Practitioner's Definition

MDR delivers 24/7 threat detection and response as a managed service. Learn how it works, what it includes, and when your organization needs it.

Glossary

What Is MDR?

Learn what MDR is, how it works, when organizations use it, and the key security terms related to managed detection and response.

Glossary

What Is Measured Boot?

Measured Boot records each startup stage so systems can detect tampering and verify boot integrity with TPM-backed evidence.

Glossary

What Is Memory Forensics?

Memory forensics is the analysis of a system’s RAM to find malware, attacker activity, credentials, and other volatile evidence.

Glossary

What Is MITRE ATT&CK?

MITRE ATT&CK is a knowledge base of attacker tactics and techniques used to map threats, detections, and security gaps.

Glossary

What Is mTLS?

mTLS, or mutual TLS, authenticates both client and server with certificates to secure APIs and service-to-service traffic.

Glossary

What Is Multi-Factor Authentication?

Learn what multi-factor authentication is, how MFA works, common methods, and why it helps reduce account takeover risk.

Glossary

What Is N-day?

An N-day vulnerability is a known flaw with public disclosure or a patch available, but many systems remain unpatched and exposed.

Glossary

What Is Network Forensics?

Learn what network forensics is, how investigators analyze traffic and logs, and why it matters for incident response and threat hunting.

Glossary

What Is NIST CSF?

NIST CSF is a cybersecurity framework that helps organizations organize, assess, and improve security risk management.

Glossary

What Is OAuth?

OAuth is an authorization framework that lets apps access specific resources without sharing your password.

Glossary

What Is OIDC?

Learn what OIDC is, how OpenID Connect works with OAuth 2.0, and why it matters for SSO, identity providers, and authentication.

Glossary

What Is OPA?

OPA, or Open Policy Agent, is a policy engine used to enforce rules across cloud-native apps, APIs, and infrastructure.

Glossary

What Is Open Redirect?

An open redirect is a web flaw that lets attackers send users from a trusted site to a malicious destination via a manipulated URL.

Glossary

What Is OTP?

OTP stands for one-time password, a code valid for one login or transaction and commonly used in multi-factor authentication.

Glossary

What Is Pass the Hash?

Learn what Pass the Hash is, how attackers use stolen hashes in Windows environments, and why PtH matters for lateral movement.

Glossary

What Is Pass the Ticket?

Pass the Ticket is a Kerberos attack where a stolen valid ticket is reused to access systems without knowing the user's password.

Glossary

What Is Passkey?

Learn what a passkey is, how passwordless sign-in works, and why passkeys are phishing-resistant alternatives to passwords.

Glossary

What Is Password Spraying?

Password spraying is an attack that tries a few common passwords across many accounts to avoid lockouts and gain access.

Glossary

What Is Patch Tuesday?

Learn what Patch Tuesday is, how Microsoft’s monthly update cycle works, and why IT and security teams plan patching around it.

Glossary

What Is Path Traversal?

Path traversal is a vulnerability that lets attackers access unintended files or directories by manipulating file paths.

Glossary

What Is PCI DSS?

PCI DSS is a security standard for organizations that store, process, or transmit payment card data.

Glossary

What Is PCI Tokenization?

PCI tokenization replaces payment card data with non-sensitive tokens to reduce exposure and simplify cardholder data protection.

Glossary

What Is Pepper?

A pepper is a secret value added to password hashing to make stolen password hashes harder for attackers to crack.

Glossary

What Is PKI?

PKI, or Public Key Infrastructure, is the framework used to issue, manage, and trust digital certificates and encryption keys.

Glossary

What Is Privilege Escalation?

Privilege escalation is when a user, process, or attacker gains higher permissions than originally intended on a system or network.

Glossary

What Is Privileged Access Management?

Privileged Access Management secures admin accounts, credentials, and elevated sessions to reduce misuse, theft, and lateral movement.

Glossary

What Is Pseudonymization?

Pseudonymization replaces identifying data with tokens or aliases so records are less directly attributable to a person.

Glossary

What Is Purple Team?

Purple teaming is a collaborative security exercise where offensive and defensive teams work together to improve detection and response.

Glossary

What Is Ransomware?

Learn what ransomware is, how it spreads, how attacks unfold, and the security terms teams should know for prevention and response.

Glossary

What Is RBAC?

RBAC, or role-based access control, assigns permissions by job role so users get the access they need and no more.

Glossary

What Is Red Team?

Learn what a red team is, how red teaming works, and how it tests security defenses, detection, and incident response.

Glossary

What Is Return-Oriented Programming?

Return-oriented programming is an exploit technique that chains existing code snippets to execute attacker-controlled logic without injecting new code.

Glossary

What Is Right to Be Forgotten?

The right to be forgotten lets people request deletion of certain personal data when there is no valid reason to retain it.

Glossary

What Is RPO?

RPO, or Recovery Point Objective, defines how much data loss an organization can tolerate after an outage or cyber incident.

Glossary

What Is RTO?

Learn what RTO is, how Recovery Time Objective works, and why it matters for disaster recovery, downtime planning, and business continuity.

Glossary

What Is Runtime Application Self-Protection?

RASP helps a running application detect and block attacks from inside the app using runtime context.

Glossary

What Is Salting?

Salting adds unique random data to passwords before hashing so identical passwords do not produce identical stored hashes.

Glossary

What Is SAML?

SAML is an identity standard that lets users sign in once and access multiple apps using trusted authentication assertions.

Glossary

What Is Secrets Management?

Secrets management secures API keys, passwords, tokens, and certificates through controlled storage, access, rotation, and auditing.

Glossary

What Is Secure Boot?

Secure Boot is a startup security feature that allows a device to load only trusted, signed boot software during startup.

Glossary

What is SIEM? A Practitioner's Definition

SIEM collects, correlates, and alerts on security event data across your environment. Learn how it works and when you'll encounter it.

Glossary

What Is SIEM?

Learn what SIEM is, how it works, when teams use it, and the related security terms you should know.

Glossary

What Is Silver Ticket?

Learn what a Silver Ticket is, how forged Kerberos service tickets work, and why this Active Directory attack matters for defenders.

Glossary

What Is Smishing?

Learn what smishing is, how SMS phishing works, when it appears, and the related security terms teams should know.

Glossary

What Is SOAR?

Learn what SOAR is, how security orchestration, automation, and response works, and where security teams use it every day.

Glossary

What Is SOC 2?

SOC 2 is an attestation framework for how organizations design and operate controls around security and related trust criteria.

Glossary

What Is Software Composition Analysis?

Software Composition Analysis identifies open-source components, licenses, and known risks in application dependencies.

Glossary

What Is SOX?

SOX is a U.S. law requiring public companies to maintain and test internal controls over financial reporting.

Glossary

What Is Spear Phishing?

Learn what spear phishing is, how it works, when it appears, and the related security terms teams should know.

Glossary

What Is Spyware?

Learn what spyware is, how it works, where it appears, and the related security terms teams should know.

Glossary

What Is SQL Injection?

SQL injection is a web attack that inserts malicious SQL into an application query to read, change, or delete database data.

Glossary

What Is SSO?

SSO lets users sign in once to access multiple applications, reducing password sprawl and centralizing authentication.

Glossary

What Is SSRF?

Learn what SSRF is, how Server-Side Request Forgery works, why cloud metadata is at risk, and how teams reduce internal exposure.

Glossary

What Is Static Application Security Testing?

SAST analyzes source code or binaries for security flaws before deployment, helping teams catch issues earlier in development.

Glossary

What Is Subdomain Takeover?

Subdomain takeover is when an attacker claims an unassigned service behind a live DNS record and gains control of that subdomain.

Glossary

What Is Symmetric Encryption?

Symmetric encryption uses one secret key to encrypt and decrypt data, making it fast for protecting data at rest and in transit.

Glossary

What Is Threat Hunting?

Threat hunting is the proactive search for hidden attacker activity in an environment using hypotheses, telemetry, and investigation.

Glossary

What Is Threat Intelligence?

Threat intelligence is evidence-based information about threats, attackers, and tactics used to improve security decisions and response.

Glossary

What Is TLS?

Learn what TLS is, how it protects data in transit for HTTPS, APIs, and email, and why certificates and encryption matter.

Glossary

What Is TOCTOU?

TOCTOU is a race condition where a system checks a resource, then uses it later after conditions have changed.

Glossary

What Is TOTP?

TOTP is a time-based one-time password used as a second login factor, generating short-lived codes from a shared secret and time.

Glossary

What Is Trojan Malware?

Learn what Trojan malware is, how it works, when teams encounter it, and the related security terms you should know.

Glossary

What Is TTP?

TTP stands for tactics, techniques, and procedures: the behavioral patterns security teams use to understand how attackers operate.

Glossary

What Is Typosquatting?

Typosquatting is the use of misspelled or lookalike domains to trick users into visiting malicious or deceptive websites.

Glossary

What Is UEBA?

UEBA uses behavior analytics to identify unusual activity by users and devices that may indicate compromise or misuse.

Glossary

What Is Virtualization?

Learn what virtualization is, how virtual machines and hypervisors work, and why virtualization matters for IT operations and security.

Glossary

What Is Vishing?

Learn what vishing is, how voice phishing works, when it appears, and the related security terms IT and security teams should know.

Glossary

What Is VLAN Hopping?

VLAN hopping is a network attack that lets traffic reach a different VLAN than intended by abusing switch configuration or tagging behavior.

Glossary

What Is Volatile Data?

Volatile data is short-lived system data, such as RAM contents and active connections, that can disappear when a device powers off.

Glossary

What Is Vulnerability Assessment?

A vulnerability assessment identifies, prioritizes, and reports security weaknesses in systems, software, and configurations.

Glossary

What Is WebAuthn?

WebAuthn is a web authentication standard that enables phishing-resistant sign-in using security keys, biometrics, or device-based passkeys.

Glossary

What Is Whaling?

Learn what whaling is, how executive phishing works, when it appears, and the related security terms teams should know.

Glossary

What Is WORM Storage?

WORM storage is write once, read many storage that prevents data from being altered or deleted for a defined retention period.

Glossary

What Is Worm?

Learn what a computer worm is, how it spreads, when teams encounter it, and the related malware terms security teams should know.

Glossary

What Is WPA3?

WPA3 is a Wi-Fi security standard that improves wireless authentication and encryption over WPA2 for home, business, and public networks.

Glossary

What Is XDR?

Learn what XDR is, how it works, when teams use it, and the key security terms related to extended detection and response.

Glossary

What Is XXE?

XXE is an XML parsing flaw that can let attackers read files, trigger server-side requests, or disrupt applications.

Glossary

What Is Zero Trust?

Learn what Zero Trust is, how it works, when organizations use it, and the key terms behind this security model.

Glossary

glossary-ci-cd-security-basics

Glossary

glossary-data-governance

Glossary

glossary-exposure-management-guide-definition-workflow-ctem

Glossary

glossary-hashing-cybersecurity-definition-uses-and-examples

Glossary

glossary-incident-response-planning-checklist-irp

Glossary

glossary-kubernetes-rbac-best-practices-role-based-access-control

Glossary

glossary-mitre-attck-mitre-attack

Glossary

glossary-patch-management

Glossary

glossary-pharming

Glossary

glossary-reverse-proxy-security-best-practices

Glossary

glossary-software-supply-chain-security-basics

Glossary

glossary-software-vulnerability

Glossary

glossary-third-party-risk-management-tprm

Glossary

glossary-what-is-amd-sev