Malware - Malicious software designed to damage, disrupt, or gain unauthorized access to systems. Types include viruses, worms, ransomware, and spyware.
Firewall - A security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.
Encryption - The process of converting data into a code to prevent unauthorized access. Only users with the correct decryption key can read the information.
Phishing - A type of social engineering attack where attackers trick individuals into revealing sensitive information, such as passwords or credit card numbers, typically via email or fraudulent websites.
Vulnerability - A flaw or weakness in a system, network, or application that attackers can exploit to gain unauthorized access or cause harm.
Authentication - The process of verifying the identity of a user or system. Common methods include passwords, biometrics, and two-factor authentication (2FA).
Ransomware - A type of malware that encrypts a user’s data, rendering it inaccessible until a ransom is paid to the attacker to release the data.
Botnet - A network of compromised computers or devices under an attacker’s control, often used to launch large-scale attacks like Distributed Denial of Service (DDoS).
DDoS (Distributed Denial of Service) - An attack where multiple compromised systems flood a targeted network, service, or website with excessive traffic, rendering it inaccessible to legitimate users.
Patch - An update or fix applied to software to address security vulnerabilities, bugs, or other issues. Regularly applying patches is essential to maintaining system security.
Zero-Day Attack - An attack that targets a previously unknown vulnerability in software, occurring before a patch or fix is available from the software vendor.
Social Engineering - A tactic used by attackers to manipulate individuals into revealing confidential information or granting access to secure systems, often by exploiting trust or authority.
Threat Intelligence - The collection and analysis of data about current or emerging threats, allowing organizations to prepare for and defend against potential cyber attacks.
Insider Threat - A security risk originating from within an organization, often from employees or contractors who may intentionally or unintentionally cause data breaches or system vulnerabilities.
Penetration Testing (Pen Testing) - A simulated cyber attack on a system, network, or application conducted by security professionals to identify and fix vulnerabilities before they can be exploited by malicious actors.