Cybersecurity Glossary

Intrusion Detection System. A device or software that monitors network traffic for suspicious activity and known threats, generating alerts when potential intrusions are detected.

Intrusion Prevention System. A network security tool that monitors traffic and actively blocks or prevents detected threats in real time, going beyond passive detection.

Internet Control Message Protocol. A network protocol used by network devices to send error messages and operational information, commonly used by ping and traceroute.

Insecure Direct Object Reference. A vulnerability where an application exposes internal object references that allow attackers to access unauthorized data by manipulating object identifiers.

A vulnerability where untrusted data is used to abuse the logic of an application, inflict denial of service, or execute arbitrary code during deserialization.

Initialization Vector. A random value used with encryption algorithms to ensure that encrypting the same plaintext multiple times produces different ciphertext outputs.

Malware specifically designed to collect sensitive information from infected systems, including credentials, cookies, cryptocurrency wallets, and personal documents.

The organized approach to addressing and managing the aftermath of a security breach or cyberattack, with the goal of minimizing damage and recovery time.

Indicator of Compromise. Observable artifacts such as IP addresses, file hashes, domain names, or registry keys that indicate a system has been compromised.

Indicator of Attack. Behavioral patterns and techniques that indicate an active attack is in progress, focusing on attacker intent rather than static artifacts.

Infrastructure as a Service. A cloud computing model where virtualized computing resources are provided over the internet, with the customer managing OS and applications.

Identity and Access Management. The framework for managing digital identities and controlling access to resources in cloud environments through policies and roles.

An international standard for information security management systems that specifies requirements for establishing, implementing, and continually improving security management.

The practice of protecting information by mitigating information risks, encompassing the protection of data confidentiality, integrity, and availability.

A security risk originating from within an organization, posed by current or former employees, contractors, or partners with legitimate access to systems.

The fraudulent acquisition and use of another person personal identifying information, typically for financial gain or to commit crimes.

The practice of securing Internet of Things devices and networks, addressing unique challenges like limited processing power and default credentials.

Industrial Control System security. The protection of operational technology systems that manage physical processes in manufacturing, utilities, and infrastructure.

Interactive Application Security Testing. A method that combines static and dynamic analysis by monitoring applications from within during testing for comprehensive vulnerability detection.

The process of verifying that user-supplied data meets expected formats and constraints before processing, preventing injection attacks and data corruption.

Internet Message Access Protocol. An email retrieval protocol that allows clients to access and manage messages stored on a mail server from multiple devices.

A collection of Python classes for working with network protocols, widely used in penetration testing for authentication attacks and lateral movement.

Techniques used by attackers to avoid detection by intrusion detection systems, including fragmentation, encryption, and protocol-level manipulation.

Internet Protocol Security. A framework of open standards for securing IP communications by authenticating and encrypting each IP packet in a communication session.

A system that allows users to use the same identification data to obtain access across multiple organizations and security domains.

Identity and Access Management security in cloud environments, ensuring proper user permissions, least privilege, and credential management.

Security practices for Infrastructure as Code, scanning Terraform, CloudFormation, and other templates for misconfigurations before deployment.

An approach where servers are never modified after deployment, replaced entirely with new instances when changes are needed, reducing configuration drift.

A documented set of procedures describing the actions an organization takes when a security incident is detected, containing, and recovering from it.

The process of identifying and documenting indicators of compromise from forensic evidence, including file hashes, IP addresses, and behavioral patterns.

The policy-based centralized management of digital identities, including access provisioning, certification, and separation of duties enforcement.

An attack where malicious instructions are embedded in external content that an AI system processes, causing unintended actions without direct user input.

A network of compromised Internet of Things devices controlled by an attacker, often used for large-scale DDoS attacks like the Mirai botnet.

The process of removing software restrictions imposed by Apple on iOS devices, enabling root access and installation of unauthorized applications.

A mobile security vulnerability where sensitive data is stored without proper encryption on the device, accessible through forensic analysis or rooting.

An electronic security system that detects unauthorized entry into a protected area and alerts security personnel through audible or silent alarms.

A cybersecurity specialist who leads the investigation and remediation of security incidents, containing threats and restoring normal operations.

Information Rights Management. Technology that controls access to and usage of digital content, enforcing policies even after data leaves the organization.

The creation of IP packets with a falsified source IP address to impersonate another system or hide the sender identity.

The process of categorizing security incidents by type and severity to determine appropriate response actions and resource allocation.

A formal program designed to detect, deter, and mitigate risks posed by insiders who may intentionally or unintentionally harm the organization.

An attack strategy where adversaries compromise smaller partner organizations to use as stepping stones to reach their primary target.

Security practices for IoT firmware including secure boot, signed updates, encrypted storage, and vulnerability patching.

The process of verifying that a person is who they claim to be before issuing credentials, using documents, biometrics, or knowledge factors.

Storage systems that prevent data modification or deletion for a specified period, protecting against ransomware and insider threats.

Internet Key Exchange version 2. A VPN tunneling protocol that provides secure key exchange and supports MOBIKE for seamless VPN reconnection.

Indicator of Attack. Behavioral evidence that an attack is currently occurring, focusing on attacker intent and activities rather than static artifacts.

Filtering incoming network traffic at the network perimeter to block spoofed IP addresses and known malicious sources.

Invisible Internet Project. An anonymous network layer that allows applications to communicate with each other without revealing their IP addresses.

Security measures specific to networks containing IoT devices, including segmentation, monitoring, and device authentication.

A collection of Python classes for working with network protocols, widely used in penetration testing for executing remote commands and dumping credentials.

Information Technology Infrastructure Library. A set of practices for IT service management that includes security management processes.

An integrated identity infrastructure that provides consistent authentication and authorization across all environments and applications.

The total set of identity-related vulnerabilities in an organization including SSO misconfigurations, stale accounts, and excessive permissions.

Digital forensic analysis of Internet of Things devices, addressing challenges of diverse platforms, limited storage, and volatile data.

A covert channel technique that encapsulates data within ICMP echo request and reply packets to bypass firewall restrictions.

A security weakness where applications fail to log security-relevant events adequately, hampering incident detection and investigation.

Security assessment of Internet of Things devices including firmware analysis, network protocol testing, and hardware interface exploitation.

A system that creates, maintains, and manages identity information while providing authentication services to applications.

A system for tracking, managing, and documenting security incidents from detection through resolution and closure.

Security solutions that monitor identity infrastructure for signs of attack including credential theft and privilege abuse.

The process of managing digital identities from creation through modification to eventual deactivation and deletion.

Security considerations specific to IPv6 networks including larger address space reconnaissance, extension header attacks, and dual-stack vulnerabilities.

The process of collecting, validating, enriching, and operationalizing indicators of compromise across security tools.

The person responsible for managing all aspects of an incident response, making decisions and coordinating team activities.

Quantitative measurements of incident response performance including detection time, response time, and resolution effectiveness.

A documented strategy for internal and external communications during security incidents, including notification procedures and templates.

An organizational policy defining requirements for detecting, responding to, and recovering from cybersecurity incidents.

Exploiting cloud instance metadata services to obtain credentials, configuration data, and other sensitive information.

Security mechanisms for verifying the identity of IoT devices connecting to networks and cloud services.

Security controls for IoT gateways that bridge device networks to cloud services, including traffic filtering and protocol translation.

The process of cleaning user-supplied data by removing or encoding potentially dangerous characters before processing.

A cybercriminal who specializes in gaining unauthorized access to networks and selling that access to other threat actors.

The process of adding context to indicators of compromise using threat intelligence sources to improve detection accuracy.

Using data analytics to detect anomalous identity and access patterns that may indicate compromised accounts or insider threats.

Technology that connects modern cloud identity services with legacy on-premises systems for unified authentication.