Sec+

Version control

Software that tracks changes and allows reverting to previous versions.

Public key infrastructure (PKI)

System using public and private keys for data encryption and verification.

Public key

Visible digital lock used for encryption in PKI; requires private key for decryption.

Private key

Secret key paired with a public key for decrypting encrypted data.

Key escrow

Process of storing private keys with a trusted third party for data access if keys are lost.

Full-disk encryption

Encrypting all data on a disk including OS, applications, and user files.

Partition encryption

Encrypting specific partitions or sections of a hard drive.

File encryption

Encrypting files or folders to protect their contents.

Volume encryption

Encrypting a virtual container or disk image acting as a separate storage volume.

Database encryption

Securing a database by encrypting sensitive stored data.

Transport/communication encryption

Encoding information before sending over a network to prevent unauthorized interception.

Asymmetric encryption

Using separate keys for encryption and decryption (public and private keys).

Symmetric encryption

Using a single shared key for both encryption and decryption.

Key exchange

Securely sharing cryptographic keys between parties for message encryption.

Algorithms

Mathematical procedures for generating cryptographic keys and ensuring secure communication.

Key length

The longer the key, the more secure it is against guessing or attacks.

Trusted Platform Module (TPM)

Microchip on a computer's motherboard for secure storage of keys and sensitive data.

Hardware security module (HSM)

Hardware device for secure key storage, commonly used in high-security environments.

Key management system

System for generating, storing, distributing, and revoking encryption keys.

Secure enclave

Highly protected area for secure operations like encryption within computer systems.

Obfuscation

Technique to make code or data harder to understand without changing its functionality.

Steganography

Method of hiding secret information within non-secret files or messages.

Tokenization

Protecting sensitive data by replacing it with non-sensitive placeholders.

Data masking

Protecting data by replacing it with fictional or anonymized data while maintaining format.

Hashing

Process of converting data into a unique, scrambled output (hash value) in cryptography.

Salting

Adding random data to passwords when hashing to enhance security.

Digital signatures

Digital signatures authenticate the identity of message senders or document signers.

Key stretching

Technique to increase password security by requiring more time and resources for attackers.

Blockchain

Distributed digital ledger technology recording transactions across a network.

Open public ledger

System where transactional data is transparently shared and accessible to all network participants.

Certificates

Digital documents validating entity identity for secure internet communication.

Certificate authorities

Trusted entities issuing digital certificates to authenticate individuals, organizations, or devices.

Certificate revocation lists (CRLs)

Lists by CAs containing revoked digital certificate serial numbers before expiration.

Online Certificate Status Protocol (OCSP)

Protocol for real-time verification of digital certificate revocation status.

Self-signed

Digital certificate signed by its creator rather than a trusted CA.

Third-party

Entity validating certificate authenticity but not the issuer or subject.

Root of trust

Inherently trusted security system serving as the basis for trust relationships.

Certificate signing request (CSR) generation

Process of generating key pair, creating CSR file, and submitting it to a CA for approval.

Wildcard

Digital certificate securing a domain and its subdomains with a single certificate.