| Network Validation | Authentication |
| Network Security | Digital Certificate |
| Biometric Authentication | Access Control |
| Two-Factor Authentication | Intrusion Detection System |
| The act of confirming the identity of a user or device, with the purpose of granting access to a network or system. | The process of verifying that a network operates efficiently and satisfies the intended performance standards. |
| An electronic document that confirms the credibility of a sender or receiver in a network communication. | Implementing measures to safeguard a network against unauthorized access, improper use, alteration, or disruption of service. |
| It involves implementing mechanisms that restrict user or device entry to specific resources or areas within a network. | Unique physical or behavioral characteristics like fingerprints or iris scans are utilized to verify an individual's identity through the process of authentication. |
| A monitoring solution, whether it's in the form of software or hardware, which oversees network traffic to acknowledge and take action against potential security threats or attacks. | A security process necessitating users to provide two distinct authentication factors, often a password and a unique code. |
| Firewall | Security Audit |
| Password Authentication | Credentials |
| Authentication Factor | Hashing |
| Salt | Phishing |
| The process of assessing a network's security measures to identify weaknesses, evaluate potential threats, and suggest enhancements. | A network security device that employs predetermined security rules to filter and regulate incoming and outgoing network traffic. |
| Information used to authenticate a user's identity, typically consisting of a username and password. | The process of verifying the identity of a user by requiring them to provide a password. |
| The process of converting a password into a fixed-length string of characters using a cryptographic algorithm. | A piece of information used to authenticate a user's identity, such as a password or biometric data. |
| A fraudulent attempt to obtain sensitive information, such as passwords, by disguising as a trustworthy entity. | A random string of characters added to a password before hashing to protect against rainbow table attacks. |
| Asymmetric Encryption | Symmetric Encryption |
| Public Key | Private Key |
| Key Exchange | Encryption |
| Decryption | Certificate Authority |
| A cryptographic system that uses the same key for both encryption and decryption. | A cryptographic system that uses two different keys: a public key for encryption and a private key for decryption. |
| In asymmetric encryption, a key that is kept secret and used for decryption. | In asymmetric encryption, a key that is publicly available and used for encryption. |
| The process of converting plaintext into ciphertext using an encryption algorithm and a key. | The process of securely exchanging keys between parties in asymmetric encryption. |
| An organization that issues digital certificates and verifies the authenticity of entities. | The process of converting ciphertext into plaintext using a decryption algorithm and a key. |
| Digital Signature | Certificate Revocation |
| Key Pair | Antivirus |
| Virtual Private Network | Intrusion Prevention System |
| Vulnerability Scanning | Security Policy |
| The process of invalidating a digital certificate before its expiration date. | A cryptographic mechanism that ensures the authenticity and integrity of digital messages or documents. |
| Software designed to detect and remove computer viruses, preventing them from spreading and causing harm to a computer network. | A pair of cryptographic keys, consisting of a public key and a private key. |
| A network security device that monitors and blocks malicious activities and prevents potential network attacks. | A secure network connection that allows remote users to access a private network over the internet securely. |
| A documented set of rules and procedures that define the organization's approach to network security and guide security implementations. | The process of identifying and assessing security vulnerabilities in a network infrastructure to address and mitigate potential risks. |
| Antivirus Software | Network Segmentation |
| Network Security Audit | Penetration Testing |
| Acceptable Use Policy | User Agreement |
| Internet Usage Policy | Incident Response Plan |
| The process of dividing a computer network into smaller subnetworks for improved security and performance. | Software designed to detect and remove malicious software, such as viruses, from computer systems. |
| A controlled attempt to exploit vulnerabilities in a network to assess its level of security. | A process of assessing the security measures implemented in a network to identify vulnerabilities and potential risks. |
| A legally binding contract between a user and a service provider that establishes the terms and conditions for using the service. | A set of rules and guidelines that outline the proper and acceptable use of a system, network, or service. |
| A documented set of procedures and guidelines that an organization follows when responding to and managing security incidents. | A policy that governs the appropriate use of the internet and outlines the rules for accessing and using online resources. |
| Mitigation | Computer Virus |
| Trojan Horse | Worm |
| Ransomware | Malware |
| Virus | Trojan |
| A type of malicious software that can replicate itself and spread to other computers. | The process of reducing or eliminating the impact of a security incident or vulnerability by implementing preventive measures. |
| A self-replicating program that spreads across computer networks and can cause harm by consuming system resources or deleting files. | A type of malware that disguises itself as a legitimate program but performs malicious activities in the background. |
| Malicious software designed to harm or exploit computers or networks. | A type of malware that encrypts files on a victim's computer and demands a ransom in exchange for the decryption key. |
| A type of malware disguised as legitimate software, which allows unauthorized access to a computer or network. | A type of malware that self-replicates and infects other files or systems. |
| Spyware | Adware |
| Rootkit | Keylogger |
| Spoofing | Phishing Website |
| Ddos Attack | Zombie Computers |
| Malware that displays unwanted advertisements or redirects browsers to advertising websites. | Malware that secretly gathers information about a person or organization without their consent. |
| Malware that records keystrokes on a computer without the user's knowledge, often used to steal login credentials or sensitive information. | Malware that enables unauthorized access to a computer, while hiding its presence from the user and antivirus software. |
| A fraudulent site created to mimic a legitimate platform. | Tricking users into believing that their communication is coming from a trusted source when it isn't. |
| Computers that have been infected by malware and can be remotely controlled without the knowledge of their owners, often used in DDoS attacks. | A type of cyber attack that floods a computer network with excessive traffic in order to disrupt normal operations. |
| Amplification Attack | Packet Flooding |
| Brute Force Attacks | Dictionary Attack |
| SQL Injection | Input Sanitation |
| Insider Threats | Privileged Access |
| A technique used in DDoS attacks where a large number of packets are sent to a target, overwhelming its capacity to process them. | A type of DDoS attack that uses amplification techniques to magnify the volume of traffic sent to a target, making the attack more effective. |
| Where an attacker uses a list of words, phrases, or commonly used passwords to attempt unauthorized access to a system. | Where an attacker systematically tries all possible combinations of passwords in order to gain unauthorized access to a system. |
| The process of filtering and validating user input before using it in an application. | A code injection technique that attackers use to exploit vulnerabilities in a web application's database layer. |
| Elevated permissions and rights granted to select users within an organization, increasing the risk of insider threats. | Security risks posed by individuals within an organization, such as employees or former employees. |
| Social Engineering | Pretexting |
| Baiting | Tailgating |
| Impersonation | Spear Phishing |
| Physical System Attacks | Eavesdropping |
| A form of social engineering where attackers create a fictitious scenario to obtain information from individuals. | The act of manipulating people into performing actions or divulging confidential information. |
| A method of social engineering where an unauthorized person follows an authorized individual to gain access to a restricted area. | A social engineering technique that involves offering something enticing to trick individuals into revealing information or taking action. |
| A targeted form of phishing where attackers tailor fraudulent emails to specific individuals or organizations. | A social engineering tactic where attackers pretend to be someone else to deceive individuals and gain access to confidential information. |
| A form of attack where an unauthorized party intercepts and monitors communication on a network. | Attacks that exploit vulnerabilities in a physical system, such as tampering with hardware or interrupting power supply. |
| Tampering | Physical Tapping |
| Botnet | Command And Control Server |
| Infected Devices | Bot Herders |
| An attack where an attacker physically taps into a network cable to intercept data passing through. | An attack where an attacker alters data or devices in a network to disrupt operations or gain unauthorized access. |
| A central server that sends instructions to the devices in a botnet and receives data back from them. | A network of infected computers, or bots, that are controlled remotely and used to carry out DDoS attacks or other malicious activities. |
| Individuals or groups who control and manage botnets of infected devices. | Devices that have been compromised by malware and are part of a botnet. |