The practice of protecting computer systems, networks, and data from unauthorized access, use, disclosure, disruption, modification, or destruction.

Any potential danger that could exploit a vulnerability to breach security and negatively impact an organization or individual.

A weakness in a system's design, implementation, operation, or internal controls that could be exploited by a threat.

The likelihood that a threat will exploit a vulnerability resulting in a negative impact.

The process of identifying, analyzing, and prioritizing vulnerabilities and threats to determine the overall risk to an organization.

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A system that monitors network traffic for malicious activity and generates alerts when suspicious behavior is detected.

A system that monitors network traffic for malicious activity and actively blocks or prevents suspicious behavior.

Software designed to detect, prevent, and remove malicious software (malware) from computer systems.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Examples include viruses, worms, Trojans, ransomware, spyware.

A social engineering attack where attackers attempt to trick users into revealing sensitive information such as usernames, passwords, and credit card details.

The art of manipulating individuals into divulging confidential information or performing actions that compromise security.

An attack that floods a network or system with traffic, making it unavailable to legitimate users.

A DoS attack launched from multiple sources, making it more difficult to mitigate.

The process of converting readable data into an unreadable format to protect it from unauthorized access.

An electronic document that verifies the identity of a website or individual.

A system for creating, managing, distributing, using, storing, and revoking digital certificates and managing public-key cryptography.

The process of verifying the identity of a user or device.

The process of determining what a user or device is allowed to access.

A security system that requires more than one method of authentication to verify a user's identity.

A secure connection over a public network, such as the internet.

A system that collects and analyzes security logs from various sources to detect and respond to security threats.

A centralized team responsible for monitoring and responding to security threats.

The process of regularly updating software and systems with security patches to fix vulnerabilities.

A set of technologies and processes designed to prevent sensitive data from leaving the organization's control.

A security model that assumes no implicit trust and requires verification for every user and device, regardless of location.