Cybersecurity Glossary

Demilitarized Zone. A physical or logical subnet that separates an internal network from untrusted external networks, typically hosting public-facing services like web servers.

An attack that corrupts DNS cache data to redirect domain name queries to malicious IP addresses, sending users to fake websites.

Distributed Denial of Service. An attack that overwhelms a target server or network with traffic from multiple compromised systems, rendering it unavailable to legitimate users.

Denial of Service. An attack designed to make a machine or network resource unavailable by flooding it with superfluous requests or exploiting vulnerabilities.

Domain Name System. The hierarchical distributed naming system that translates human-readable domain names into IP addresses that computers use to identify each other.

Dynamic Host Configuration Protocol. A network management protocol that automatically assigns IP addresses and other network configuration parameters to devices on a network.

A form of network packet filtering that examines the data payload of packets passing through a checkpoint, enabling more sophisticated traffic analysis and threat detection.

A type of XSS where the vulnerability exists in client-side JavaScript code that processes data from an untrusted source without proper sanitization.

An attack that exploits vulnerabilities in how applications reconstruct objects from serialized data, potentially achieving remote code execution.

The reverse process of encryption that converts ciphertext back into readable plaintext using the appropriate key and algorithm.

A cryptographic mechanism that proves the authenticity and integrity of a digital message or document, created using the signer private key.

An electronic document issued by a Certificate Authority that binds a public key to an entity identity, enabling trust in encrypted communications.

A key exchange protocol that allows two parties to establish a shared secret over an insecure channel without prior shared secrets, foundational to modern cryptography.

A type of malware designed to install other malware on a target system, often disguised as legitimate software to bypass initial security controls.

A malware delivery method where malicious software is automatically downloaded to a user device simply by visiting a compromised or malicious website.

A password cracking technique that tries words from a predefined list of common passwords and dictionary words rather than trying every possible combination.

A web content scanner that discovers hidden directories and files on web servers by dictionary-based brute-forcing of URL paths.

The application of scientific investigation techniques to digital evidence, recovering and analyzing data from electronic devices for legal proceedings.

The process of creating an exact bit-for-bit copy of a storage device for forensic analysis, preserving all data including deleted files and slack space.

Digital Forensics and Incident Response. The combined discipline of investigating security incidents and collecting digital evidence for analysis and legal proceedings.

Security measures for Docker container environments, including image vulnerability scanning, runtime protection, and daemon configuration hardening.

The process of categorizing data based on its sensitivity level and the impact of unauthorized disclosure, guiding appropriate security controls.

Technologies and strategies used to prevent sensitive data from being lost, misused, or accessed by unauthorized users through monitoring and enforcement.

The process, policies, and procedures for recovering critical technology infrastructure and systems following a natural or human-induced disaster.

A cybersecurity strategy that employs multiple layers of security controls throughout a system, so that if one layer fails, others continue to provide protection.

An approach that integrates security practices into the DevOps pipeline, making security a shared responsibility throughout the software development and deployment process.

A security incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorized individual or entity.

The unauthorized transfer of data from within an organization to an external destination, often the final objective of a cyberattack.

The process of removing or modifying personally identifiable information from data sets so individuals cannot be readily identified.

Replacing directly identifying information with artificial identifiers while maintaining a separate mapping, allowing re-identification when necessary.

The process of obscuring sensitive data by replacing it with realistic but fictitious data, commonly used in non-production environments.

The concept that data is subject to the laws and governance structures of the country where it is collected, stored, or processed.

The process of removing or obscuring personal identifiers from data to prevent the identification of individuals while preserving data utility.

The trail of data created by a user online activities, including websites visited, emails sent, social media interactions, and online purchases.

The malicious practice of researching and publicly broadcasting private or identifying information about an individual without their consent.

DomainKeys Identified Mail. An email authentication method that allows the receiver to verify that an email was sent by the domain it claims and was not altered in transit.

Domain-based Message Authentication, Reporting and Conformance. An email authentication protocol that builds on SPF and DKIM to prevent email spoofing and phishing.

A wireless denial-of-service attack that sends forged deauthentication frames to disconnect clients from their access point, often preceding other attacks.

Dynamic Application Security Testing. A method of testing running applications for security vulnerabilities by simulating attacks against the live application.

The automated process of checking third-party libraries and frameworks used in an application for known vulnerabilities and outdated versions.

Synthetic media created using deep learning that convincingly replaces a person likeness in video or audio, used in social engineering and disinformation.

An attack that compromises the integrity of a machine learning model by injecting malicious or misleading data into its training dataset.

Data stored on physical media such as hard drives, databases, or backup tapes, requiring encryption and access controls to protect against unauthorized access.

Data actively moving between locations, such as across the internet or through a private network, protected by transport encryption like TLS.

Data currently being processed in memory or CPU, requiring protection through techniques like encrypted memory and trusted execution environments.

A policy defining how long different types of data should be stored, when it should be deleted, and the procedures for secure data disposal.

The measures and controls used to protect database management systems from attacks, unauthorized access, and data breaches.

The overall management of data availability, usability, integrity, and security within an organization, ensuring data is consistent and trustworthy.

The practice of searching through discarded materials to find sensitive information like passwords, network diagrams, or financial data.

A technique for running code within the address space of another process by forcing it to load a dynamic-link library containing malicious code.

An attack where a malicious DLL is placed in a location where a legitimate application will load it instead of the intended library.

A technique that encodes data within DNS queries and responses to establish a covert communication channel, often used to bypass firewalls.

A type of cross-site scripting where the vulnerability exists in client-side code rather than server-side, with the payload executed by modifying the DOM environment.

A web server misconfiguration that displays the contents of a directory when no index file is present, potentially exposing sensitive files.

An attack that uses the Directory Replication Service protocol to request password hashes from a domain controller, simulating the behavior of a legitimate DC.

Security tools that deploy decoy assets like fake credentials, files, and systems to detect, analyze, and defend against attacks.

The process of acquiring, examining, and analyzing data from storage devices to recover evidence, including deleted files and file system artifacts.

Forensic analysis performed on a powered-off system, typically involving disk imaging and offline analysis of persistent storage.

Digital Operational Resilience Act. An EU regulation that strengthens the IT security of financial entities and ensures operational resilience against cyber threats.

The principle of collecting and retaining only the minimum amount of personal data necessary for a specific purpose.

An attack that modifies DNS settings to redirect users to malicious websites, often targeting router DNS settings or DNS registrar accounts.

A small, concealed computing device planted in a target's physical environment to provide persistent remote access to their network.

A mathematical framework for sharing information about a dataset while limiting exposure of individual records, adding calibrated noise to query results.

The legal rights of individuals regarding their personal data, including access, rectification, erasure, portability, and objection to processing.

Policies governing how long an organization stores data before it is deleted or archived, balancing business needs with privacy requirements and legal obligations.

A supply chain attack that exploits how package managers resolve dependencies, tricking systems into downloading malicious packages from public repositories.

A wireless denial-of-service attack that sends forged deauthentication frames to disconnect clients from an access point.

A set of vulnerabilities in the WPA3 Dragonfly handshake that allow password recovery through side-channel attacks and protocol downgrade attacks.

DNS-based Authentication of Named Entities. A protocol that uses DNSSEC to associate TLS certificates with domain names, enhancing email security.

The process of encrypting data stored in databases using transparent data encryption, column-level encryption, or application-level encryption.

The process of managing data from creation through storage, use, sharing, archiving, and eventual destruction.

The maintenance and assurance of data accuracy and consistency throughout its lifecycle, ensuring it has not been altered by unauthorized parties.

Security measures designed to detect and prevent unauthorized transfer of data outside an organization's network boundaries.

A security technology that monitors and analyzes database activity in real time to detect unauthorized access, SQL injection, and policy violations.

The process of identifying and classifying sensitive data across an organization's systems and storage to understand exposure and apply appropriate protections.

Domain Name System Security Extensions. A suite of specifications that adds security to the DNS protocol by enabling DNS responses to be validated.

DNS over TLS. A protocol that encrypts DNS queries using TLS, preventing eavesdropping and manipulation of DNS traffic between clients and resolvers.

DNS over HTTPS. A protocol for performing DNS resolution via the HTTPS protocol, encrypting DNS queries and making them indistinguishable from regular web traffic.

A DDoS attack that exploits open DNS resolvers to flood a target with amplified DNS response traffic using spoofed source addresses.

The practice of monitoring dark address space for backscatter traffic, worm propagation, and misconfigured systems.

A type of malware whose primary purpose is to download and install additional malicious payloads from remote servers after initial infection.

A ransomware tactic where attackers both encrypt data and threaten to publish stolen information if the ransom is not paid.

Data Encryption Standard. A formerly predominant symmetric-key algorithm for data encryption, now considered insecure due to its 56-bit key length.

Digital Signature Algorithm. A federal standard for digital signatures based on the mathematical concept of modular exponentiation and discrete logarithm.

A security framework that evaluates the security posture of a device before granting access to organizational resources.

The practice of designing, building, testing, and maintaining detection rules and analytics for identifying security threats.

The coordinated process of investigating, containing, and remediating a data breach while meeting notification requirements.

An attack that exploits the Windows DLL search order to load a malicious DLL by placing it alongside a legitimate application.

A digital identity model where individuals control their identity data without relying on centralized authorities, often using blockchain.

Deceptive user interface designs that trick users into making choices that benefit the company at the expense of user privacy.

A security weakness in a third-party library or package that an application depends on, potentially introducing risk through the supply chain.

Standardized categories for organizing data by sensitivity, typically including public, internal, confidential, and restricted levels.

Requirements specifying the physical or geographic location where data must be stored and processed, often driven by regulation.

The tracking of data from its origin through its lifecycle, documenting transformations and movements for compliance and security.

A security control designed to identify and alert on security events that have already occurred, such as intrusion detection and log monitoring.

A threat intelligence framework that describes intrusion events using four core features: adversary, capability, infrastructure, and victim.

Certifications for forensics professionals including GCFE, EnCE, CFCE, and AccessData Certified Examiner.

A DNS server that returns false results for specific domains, used to block access to known malicious sites and disrupt malware communications.

A technique that routes network traffic through a trusted domain to disguise the true destination, often used to evade censorship and security controls.

Security architecture that provides consistent data protection across distributed environments including cloud, on-premises, and edge.

A secure environment where multiple parties can analyze combined datasets without exposing raw data to each other.

Security practices for data mesh architectures where domain teams own their data products with federated governance.

Security measures for protecting against and using unmanned aerial vehicles, including counter-drone technology and surveillance capabilities.

A security service that filters DNS queries to block access to malicious domains, phishing sites, and command-and-control servers.

Technologies and services that detect and absorb volumetric denial-of-service attacks before they reach the target infrastructure.

An attack that exhausts the DHCP server address pool by flooding it with requests using spoofed MAC addresses.

An attack where a rogue DHCP server provides false network configuration to clients, redirecting their traffic through attacker-controlled systems.

The process of distinguishing penetration testing activities from real attacks during an engagement to prevent unnecessary incident responses.

A lattice-based digital signature scheme selected by NIST as a post-quantum cryptography standard.

Services that monitor the internet for threats targeting an organization including brand impersonation, data leaks, and phishing.

An approach where security detection rules are managed like software code with version control, testing, and automated deployment.

EU regulation establishing obligations for online platforms regarding illegal content, transparency, and user protection.

Technologies and methods for identifying AI-generated synthetic media including facial inconsistencies and artifact analysis.

An assessment comparing current detection capabilities against known attack techniques to identify areas needing improvement.

Applying differential privacy techniques to machine learning to prevent training data from being extracted from models.

The practice of distributing administrative responsibilities to specific individuals or teams for their areas of authority.

A risk assessment model rating threats on Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.

A comprehensive inventory of data assets that provides metadata about data location, ownership, sensitivity, and lineage.

Policies and processes controlling who can access specific data, under what conditions, and how access is monitored.

A security tool that monitors database traffic and blocks unauthorized queries, SQL injection, and privilege escalation attempts.

The process of obscuring sensitive data in documents or databases by replacing it with placeholders while preserving document structure.

The forensic analysis of database contents, logs, and transactions to investigate unauthorized access and data manipulation.

The process of verifying the identity and integrity of hardware devices before granting them access to resources.

Career progression from SOC analyst through incident responder, threat hunter, and security architect roles.

A switch security feature that validates ARP packets against a trusted binding table to prevent ARP spoofing attacks.

The duration between an initial compromise and its detection, often measured in days, indicating detection capability effectiveness.

The process of revoking user access rights and disabling accounts when employees leave or change roles within an organization.

Ensuring data storage and processing complies with the legal requirements of the jurisdictions where data subjects reside.

The process of deliberately and permanently removing data from storage media to prevent recovery using standard forensic techniques.

A service that replaces sensitive data with non-sensitive tokens for storage and processing while maintaining a secure token vault.

A designated individual responsible for overseeing data protection strategy and compliance with privacy regulations.