Glossary

Authentication is the process of verifying the identity of a person or a thing, by checking a password, a hardware token or any other object that can prove the identity of the person.

Read more: What is authentication? | Cloudflare 

Just as it is important that unauthorized users are kept out of an organization’s data, data should be available to authorized users whenever they require it. This means keeping systems, networks, and devices up and running.

Read more: What is the CIA Triad? Definition, Importance, & Examples 

Back door is any technique used by an attacker to remotely access a device without the knowledge or permission of the user.

Read more: What is a Backdoor Attack | Shell & Trojan Removal | Imperva 

An internal security team whose goal is to defend the organization’s security environment from the red team.

Read more: What is a Blue Team? | XM Cyber 

Botnet, formed from the amalgamation of the words ‘robot’ and ‘network’, is a network of computers built to help hackers enhance their capacity to carry out mass cyberattacks, using applications designed to run automated scripts called bots.

Read more: What is a Botnet? (kaspersky.com) 

Continuous Integration and Continuous Deployment (CI/CD) pipeline is a series of steps focused on improving the reliability of the software delivery process.

Read more: CI/CD Pipeline & Security: A Guide to Continuous Integration and Delivery | Fortinet 

Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.

Read more: confidentiality, integrity and availability (CIA triad) 

Cloud security, also known as cloud computing security, includes policies, controls and procedures to protect cloud-based systems and data.

Read more: What is Cloud Security? | Microsoft Security 

Confidentiality has to do with keeping an organization’s data private. This often means that only authorized users and processes should be able to access or modify data.

Read more: What is the CIA Triad? Definition, Importance, & Examples 

Cross-Site Request Forgery (CSRF) is a web security vulnerability where an attacker manipulates a victim user to perform actions which he doesn’t intend to.

Read more: Cross Site Request Forgery (CSRF) | OWASP Foundation 

Cryptography is the method of converting information to a form such that only the intended person is able to read it. The main intention of this technique is to secure information and communication.

Read more: What is Cryptography? Definition, Importance, Types | Fortinet 

CVE, short for Common Vulnerabilities and Exposures, is a list of publicly disclosed computer vulnerabilities. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.

Read more: FAQs | CVE 

CWE, short for Common Weakness Enumeration, is a formal list of common software and hardware weaknesses that can occur in a computer system, and which can lead to security vulnerabilities that can be exploited.

Read more: CWE – Frequently Asked Questions (FAQ) (mitre.org) 

Dynamic application security testing (DAST) is a testing technique used to analyze web applications and detect vulnerabilities in its running state.

Read more: Definition of DAST – IT Glossary | Gartner 

A data breach is an incident where security of a system is violated when an unauthorized person gains access to information.

Read more: What is a data breach? (norton.com) 

Distributed Denial-of-Service (DDoS) is a cyber-attack carried out from multiple sources on a single victim, to make the victim site deny its services to its users.

Read more: What is a distributed denial-of-service (DDoS) attack? | Cloudflare 

Decryption is the process of converting back encrypted data into a comprehensible format. Refer more: 

Short for development, Security, and Operations, DevSecOps is an approach taken to integrate security at every stage of the software development lifecycle along with development and operations.

Read more: What is DevSecOps? | IBM 

Denial-of-Service (DOS) is a type of cyber attack where users are blocked from accessing a website by interjecting the normal functioning of the system.

Read more: What is a denial-of-service (DoS) attack? | Cloudflare 

Encryption is the process of converting readable data into incomprehensible text, known as ciphertext, so that the data cannot be comprehended by an unauthorized party. Hence the data is protected.

Read more: What is encryption? | Types of encryption | Cloudflare 

Hacker is a person who uses computer, networking, programming or related skills to hack into a cyber system, ethically or unethically.

Read more: What Is a Hacker? – Cisco 

In this type of scanning, vulnerabilities are detected by analyzing the behavior and patterns of files or targets and not by relying on pre-defined signatures. Read more: How scanners find vulnerabilities | Acunetix 

Interactive Application Security Testing (IAST) is a testing solution developed by combining features of Dynamic application security testing (DAST) and Static application security testing (SAST). Here the code is analyzed while carrying out dynamic testing methods on the application.

Read more: What Is IAST and How Does It Work? | Synopsys 

Integrity means that data can be trusted. It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable.

Read more: What is the CIA Triad? Definition, Importance, & Examples 

IPSec, short for Internet Protocol Security, is a framework comprising of a number of protocols used to ensure secure data transfer over public networks.

Read more: What is IPsec? | How IPsec VPNs work | Cloudflare 

Malware, short for malicious software, is a computer program created to harm computer systems of legitimate users.

Read more: What is Malware? Detection & Removal Methods | CrowdStrike 

Man-in-the-middle (MITM) attack is a common cyberattack where a hacker eavesdrops on the communication between two legitimate users. In this attack the hacker is able to listen to or even modify the communication of two victims.

Read more: All about Man-in-the-Middle Attacks | Acunetix 

A managed security service provider (MSSP) provides third party services to monitor and maintain the network security of an organization. This can include services like managed firewall, intrusion detection, virtual private network, vulnerability scanning, antiviral services etc.

Read more: Definition of Managed Security Service Provider (MSSP) – IT Glossary | Gartner 

Penetration testing (or pen testing) is a simulated attack executed by a trusted professional on a computer system, with the intention of finding vulnerabilities and exploiting them, avoiding any impact on information security, so that the vulnerabilities can be patched up before been discovered by a hacker.

Read more: Penetration testing vs vulnerability scanning | Acunetix 

Pharming is the malicious act of redirecting an internet user to a spoofed website instead of the intended website with the intention of engaging in cyber crimes using the user’s credentials and information.

Read more: What Is Pharming and How To Protect Against Attacks | Fortinet