A
- Access Control (Physical and Logical)
- Access Control Mechanism
- Accidental Insider Threat
- Account Hijacking
- Active Attack
- Active Content
- Administrator Rights
- Advanced Persistent Threat
- Adversary (or Attacker)
- Adware
- Agile Development Methodology
- Air Gap
- All-Source Analysis
- Allow List, Permit List
- Anti-Censorship
- Anti-Malware
- Antivirus Software
- Apple Wireless Direct Link (AWDL)
- Application Fuzzing
- Application Programming Interface (API)
- Application Proxy
- Application Security Assessment
- Artificial Intelligence (AI)
- Attack
- Attack Signature
- Attack Surface
- Attacker
- Attribution
- Authentication
- Authenticity
- Authorization
- Availability
B
- Backdoor
- Bandwidth
- Biometrics
- Bitcoin
- Black Box Testing
- Blended Threat
- Bloatware
- Block List, Deny List
- Blockchain
- Blue Team
- Bluejacking
- Bogon
- Boot Sector Virus
- Bot, Botnet, Bot Herder, and Bot Master
- Brute Force Attack
- Buffer Overflow Attack
- Bug
- Bug Bounty Programs
- Built-In Security
- Business Continuity and Disaster Recovery Plan
- Business Email Compromise (BEC)
- BYOD
C
- Catfishing
- Ciphertext
- Clickbait
- Clickjacking
- Closed Source
- Cloud Computing
- Command and Control (C&C) Server
- Commercial Off-The-Shelf (COTS)
- Common Vulnerabilities and Exposures (CVE)
- Compromised Credentials
- Computer Emergency Response Team (CERT)
- Computer Network Defense
- Confidentiality
- Contact Tracing
- Container
- Containment
- Content Delivery Network (CDN)
- Continuity of Operations Plan
- Cookie
- Coronavirus Advisory
- Countermeasure
- Cracker
- Credential Stuffing
- Critical (Confidential) Information
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Cryptanalysis
- Crypto-Mining or Cryptojacking
- Cryptocurrency Wallet
- Cryptographic Algorithm
- Cryptography
- Cyber Criminals
- Cyber Espionage
- Cyber Insurance
- Cybersecurity
- Cybersecurity Ecosystem
- Cybersecurity Maturity Model Certification (CMMC)
- Cyberspace
- Cybersquatting
- Cyberwarfare
D
- Data Aggregation
- Data Breach
- Data Classification
- Data Exfiltration
- Data Loss
- Data Loss Prevention
- Data Mining
- Data Normalization
- Data Sanitization
- Data Spill
- Decrypt
- Decryption
- Deep Learning
- Deepfakes
- Demilitarized Zone (DMZ)
- Denial of Service (DoS)
- Digital Content Management (DCM)
- Digital Forensics
- Digital Rights Management (DRM)
- Digital Signature
- Discretionary Access Controls (DAC)
- Disinformation
- Distributed Denial of Service (DDoS)
- DKIM
- DMARC
- DNS Reflection and Amplification Attacks
- Domain Name System (DNS)
- Drive-By Download
- Dwell Time
- Dynamic Code Analysis
E
F
G
H
I
- Identification
- Identity and Access Management
- Identity Theft
- ILOVEYOU Virus
- Incident
- Incident Management
- Incident Reponse
- Incident Response Plan
- Indicator
- Industrial Control System
- Influencer
- Information and Communication(s) Technology
- Information Assurance
- Information Assurance Compliance
- Information Dissemination
- Information Resources Management (IRM)
- Information Sharing
- Information System Resilience
- Information Systems Security Operations
- Information Technology
- Infrastructure as a Service (IaaS)
- Input Validation
- Insider
- Insider Threat
- Integrated Risk Management
- Integrity
- Intellectual Property
- International Traffic in Arms Regulations (ITAR)
- Internet Control Message Protocol (ICMP)
- Internet Engineering Task Force (IETF)
- Internet Message Access Protocol (IMAP)
- Internet of Things (IoT)
- Internet Protocol Security (IPSec)
- Interoperability
- Intrusion
- Intrusion Detection
- Investigation
L
M
- Machine Learning and Evolution
- Macro Virus
- Malicious Applet
- Malicious Code
- Malicious Insider Threat
- Malicious Logic
- Malicious URL
- Malware
- Man-In-The-Middle Attack
- Managed Service Provider (MSP)
- Mandatory Access Controls (MAC)
- Mantrap
- MAZE Ransomware
- MAZE Ransomware: 3x Threat to Data Security
- Mean Time to Failure (MTTF)
- Media Access Control (MAC) Address
- Melissa Virus
- Memory-Resident Virus
- Metadata
- Monthly Recurring Revenue (MRR)
- Morris Worm
- Moving Target Defense
N
- Nation State Hackers
- Near Field Communications (NFC)
- Need to Know
- Network Based Intrusion Detection System (NIDS)
- Network Behavior Analysis (NBA)
- Network Resilience
- Network Segmentation
- Network Services
- Network-Based Intrusion Prevention
- Non-Fungible Token (NFT)
- Non-Public Personal Information (NPPI)
- Non-Repudiation
O
P
- Packet
- Packet Sniffing
- Parasitic Virus
- Passive Attack
- Passphrase
- Password
- Password Cracking
- Password Manager
- Password Salting
- Password Sniffing
- Paste
- Patch
- PCI-DSS
- PDF (Portable Document Format)
- Penetration Testing
- Personal Identifying Information
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Phishing
- Piggybacking
- Ping of Death (PoD)
- Plaintext
- Platform as a Service (PaaS)
- Point-to-Point Tunneling Protocol (PPTP)
- Polyinstantiation
- Polymorphic Virus
- POS Intrusions
- Privacy
- Private Key
- Privileged User
- Public Key
- Public Key Cryptography
- Public Key Infrastructure
R
- Radio Frequency Identification (RFID)
- RADIUS Authentication
- Rainbow Tables
- RAM Disk
- Random Access Memory (RAM)
- Ransomware
- Ransomware Task Force (RTF)
- Read-Only Memory (ROM)
- Real User Monitoring (RUM)
- reCAPTCHA
- Reconnaissance
- Recovery
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Red Team
- Redundancy
- Remote Access Trojan (RAT)
- Remote Desktop Protocol (RDP)
- Remote Monitoring and Management (RMM)
- Response
- Responsible Disclosure
- Restore (Recovery)
- Revenge Porn
- Reverse Engineering
- Reverse Intent
- Reverse Proxy
- Revision
- RFC 1918
- Risk
- Risk Acceptance (Accept)
- Risk Analysis
- Risk Assessment
- Risk Avoidance
- Risk Management
- Risk Mitigation
- Risk Reduction (Limitation)
- Risk-Based Data Management
- Role-Based Access Control (RBAC)
- Root Cause Analysis
- Rootkit
S
- Safe Links | URL Protection | Link Protection
- Sandboxing
- Script Kiddie
- Secret Key
- Secure Shell (SSH)
- Secure Socket Layer (SSL)
- Secure Web Gateway (SWG)
- Security Automation
- Security Event and Incident Management (SEIM)
- Security Operations
- Security Operations Center (SOC)
- Sender Policy Framework (SPF)
- Sensitive (Restricted) Information
- Separation of Duties
- Service Set Identifier (SSID)
- Session Hijacking Attack
- Signature
- SIM Swapping
- Single Sign-On (SSO)
- Situational Awareness
- Smishing
- SOC 1
- SOC 2
- SOC 3
- Social Engineering
- Social Media Bots
- Software as a Service (SaaS)
- Software Assurance
- Software Development Life Cycle (SDLC)
- Solid State Drive (SSD)
- Spam
- Spear-Phishing
- Spoofing
- Spyware
- SQL Slammer Virus (Harbinger of things to come)
- SSAE Compliance
- Stalkerware
- Starlink
- Static Code Analysis
- Steganography
- Stuxnet
- Subject
- Supervisory Control and Data Acquisition
- Supply Chain
- Supply Chain Risk Management
- Supply Chain Threat
- Swatting
- Symmetric Cryptography
- Symmetric Key
- Synthetic Transaction Monitoring (STM)
- System Integrity
T
- Tactics, Techniques, and Procedures (TTP)
- Tailored Trustworthy Space
- Test Oracle
- Third-Party Risk Management (TPRM)
- Threat
- Threat Actor
- Threat Agent
- Threat Analysis
- Threat Hunting
- Threat Intelligence
- Ticket
- Tokenization
- Tor Browser
- Traffic Light Protocol
- Transaction Lock
- Transmission Control Protocol (TCP)
- Transport Layer Security (TLS)
- Trialware
- Trojan Horse
- Trusted Wi-Fi Network
- Two-Factor Authentication
- Typosquatting
