Information Security Glossary
25 essential terms — because precise language is the foundation of clear thinking in Information Security.
Showing 25 of 25 terms
The process of verifying the identity of a user, device, or system before granting access to resources.
The assurance that information and systems are accessible and usable when needed by authorized users.
The encrypted, unreadable form of data produced by an encryption algorithm, which can only be converted back to plaintext with the correct decryption key.
The principle that information is accessible only to those authorized to access it.
The science of securing information by transforming it into an unreadable format using mathematical algorithms.
An attack that aims to make a system, network, or service unavailable by overwhelming it with traffic or exploiting a vulnerability.
An electronic document issued by a Certificate Authority that binds a public key to an identity, enabling verification of authenticity.
A piece of software, data, or sequence of commands that takes advantage of a vulnerability to cause unintended behavior in a system.
A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
A one-way cryptographic function that converts input data into a fixed-length output (hash) that cannot be reversed to reveal the original data.
The organized methodology for handling security breaches or cyberattacks, including preparation, detection, containment, eradication, recovery, and lessons learned.
The assurance that information is accurate, complete, and has not been modified by unauthorized parties.
A device or software that monitors network or system activities for malicious behavior or policy violations and generates alerts.
Malicious software designed to damage, disrupt, or gain unauthorized access to systems, including viruses, worms, trojans, ransomware, and spyware.
The assurance that someone cannot deny the validity of their actions, such as sending a message or making a transaction, typically achieved through digital signatures.
The process of identifying, acquiring, testing, and installing software updates (patches) to fix vulnerabilities and improve security.
Authorized simulated attacks against systems to identify and exploit vulnerabilities, evaluating the effectiveness of security controls.
A social engineering attack using fraudulent communications disguised as legitimate to trick victims into revealing sensitive information or installing malware.
The process of identifying assets, threats, and vulnerabilities, and evaluating the likelihood and potential impact of security incidents.
Security Information and Event Management: technology that provides real-time analysis of security alerts generated by network hardware and applications.
Any potential cause of an unwanted incident that may result in harm to a system or organization.
Transport Layer Security (and its predecessor Secure Sockets Layer) are cryptographic protocols that provide secure communication over a network, commonly used in HTTPS.
A weakness in a system, application, or process that could be exploited by a threat actor to gain unauthorized access or cause harm.
A previously unknown vulnerability that is exploited before the vendor has released a patch, giving defenders zero days to prepare.