| Firewall | Antivirus |
| Intrusion Detection System | Encryption |
| Virtual Private Network | Two-Factor Authentication |
| Access Control | Intrusion Prevention System |
| Software designed to detect and remove computer viruses, preventing them from spreading and causing harm to a computer network. | A network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules. |
| The process of converting plaintext data into an unreadable form to protect it from unauthorized access or theft. | A system that monitors network traffic to identify and respond to unauthorized access attempts or malicious activities. |
| A security measure that requires users to provide two separate forms of identification, typically a password and a unique code, to access a network or system. | A secure network connection that allows remote users to access a private network over the internet securely. |
| A network security device that monitors and blocks malicious activities and prevents potential network attacks. | The practice of restricting and managing user access to network resources based on predetermined security policies. |
| Vulnerability Scanning | Security Policy |
| Antivirus Software | Network Segmentation |
| Network Security Audit | Penetration Testing |
| Acceptable Use Policy | User Agreement |
| A documented set of rules and procedures that define the organization's approach to network security and guide security implementations. | The process of identifying and assessing security vulnerabilities in a network infrastructure to address and mitigate potential risks. |
| The process of dividing a computer network into smaller subnetworks for improved security and performance. | Software designed to detect and remove malicious software, such as viruses, from computer systems. |
| A controlled attempt to exploit vulnerabilities in a network to assess its level of security. | A process of assessing the security measures implemented in a network to identify vulnerabilities and potential risks. |
| A legally binding contract between a user and a service provider that establishes the terms and conditions for using the service. | A set of rules and guidelines that outline the proper and acceptable use of a system, network, or service. |
| Internet Usage Policy | Incident Response Plan |
| Mitigation | Computer Virus |
| Trojan Horse | Worm |
| Ransomware | Malware |
| A documented set of procedures and guidelines that an organization follows when responding to and managing security incidents. | A policy that governs the appropriate use of the internet and outlines the rules for accessing and using online resources. |
| A type of malicious software that can replicate itself and spread to other computers. | The process of reducing or eliminating the impact of a security incident or vulnerability by implementing preventive measures. |
| A self-replicating program that spreads across computer networks and can cause harm by consuming system resources or deleting files. | A type of malware that disguises itself as a legitimate program but performs malicious activities in the background. |
| Malicious software designed to harm or exploit computers or networks. | A type of malware that encrypts files on a victim's computer and demands a ransom in exchange for the decryption key. |
| Virus | Trojan |
| Spyware | Adware |
| Rootkit | Keylogger |
| Phishing | Spoofing |
| A type of malware disguised as legitimate software, which allows unauthorized access to a computer or network. | A type of malware that self-replicates and infects other files or systems. |
| Malware that displays unwanted advertisements or redirects browsers to advertising websites. | Malware that secretly gathers information about a person or organization without their consent. |
| Malware that records keystrokes on a computer without the user's knowledge, often used to steal login credentials or sensitive information. | Malware that enables unauthorized access to a computer, while hiding its presence from the user and antivirus software. |
| Tricking users into believing that their communication is coming from a trusted source when it isn't. | A technique used by cybercriminals to trick individuals into revealing sensitive information by posing as a trustworthy entity. |
| Phishing Website | Ddos Attack |
| Zombie Computers | Amplification Attack |
| Packet Flooding | Brute Force Attacks |
| Dictionary Attack | SQL Injection |
| A type of cyber attack that floods a computer network with excessive traffic in order to disrupt normal operations. | A fraudulent site created to mimic a legitimate platform. |
| A type of DDoS attack that uses amplification techniques to magnify the volume of traffic sent to a target, making the attack more effective. | Computers that have been infected by malware and can be remotely controlled without the knowledge of their owners, often used in DDoS attacks. |
| Where an attacker systematically tries all possible combinations of passwords in order to gain unauthorized access to a system. | A technique used in DDoS attacks where a large number of packets are sent to a target, overwhelming its capacity to process them. |
| A code injection technique that attackers use to exploit vulnerabilities in a web application's database layer. | Where an attacker uses a list of words, phrases, or commonly used passwords to attempt unauthorized access to a system. |
| Input Sanitation | Insider Threats |
| Privileged Access | Social Engineering |
| Pretexting | Baiting |
| Tailgating | Impersonation |
| Security risks posed by individuals within an organization, such as employees or former employees. | The process of filtering and validating user input before using it in an application. |
| The act of manipulating people into performing actions or divulging confidential information. | Elevated permissions and rights granted to select users within an organization, increasing the risk of insider threats. |
| A social engineering technique that involves offering something enticing to trick individuals into revealing information or taking action. | A form of social engineering where attackers create a fictitious scenario to obtain information from individuals. |
| A social engineering tactic where attackers pretend to be someone else to deceive individuals and gain access to confidential information. | A method of social engineering where an unauthorized person follows an authorized individual to gain access to a restricted area. |
| Spear Phishing | Physical System Attacks |
| Eavesdropping | Tampering |
| Physical Tapping | Botnet |
| Command And Control Server | Infected Devices |
| Attacks that exploit vulnerabilities in a physical system, such as tampering with hardware or interrupting power supply. | A targeted form of phishing where attackers tailor fraudulent emails to specific individuals or organizations. |
| An attack where an attacker alters data or devices in a network to disrupt operations or gain unauthorized access. | A form of attack where an unauthorized party intercepts and monitors communication on a network. |
| A network of infected computers, or bots, that are controlled remotely and used to carry out DDoS attacks or other malicious activities. | An attack where an attacker physically taps into a network cable to intercept data passing through. |
| Devices that have been compromised by malware and are part of a botnet. | A central server that sends instructions to the devices in a botnet and receives data back from them. |
| Bot Herders | |
| Individuals or groups who control and manage botnets of infected devices. | |