Vulnerability

A vulnerability is a characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible …

whitelist cybrary

Allow List, Permit List

An Allow list, also known as a Permit List or (deprecated: White List), is a list of entities that are considered trustworthy and are granted access or privileges. Allow lists may …

Work Factor

A Work Factor is an estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure. Defense-in-Depth Cybersecurity programs seek …

cybersecurity worm

Worm

A worm is a self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself to other machines. Worms can spread through software vulnerabilities or arrive in attachments or malicious …

Tokenization

Tokenization is a way for credit card information (also called the Primary Account Number or PAN) to not be used in credit card processing transactions and instead replaced with a …

Continuity of Operations Plan

Continuity of Operations Plan (COOP) is a document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. What Should …

White Team

A White Team is a group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems. What Should …

Bitcoin

Bitcoin is a type of digital currency in which a record of transactions is maintained and new units of currency are generated by the computational solution of mathematical problems, and …

network segmentation cybrary

Network Segmentation

Network Segmentation is creating sub-networks within a corporate, enterprise, or another large network. When done correctly, network segmentation helps containment malware and other threat actors who might breach your network. …

Ransomware

Ransomware is a type of malicious software designed to block access to a computer system, and more importantly the critical data it contains, until a sum of money or ransom …

Phishing

Phishing is a digital form of social engineering to deceive individuals into providing sensitive information. This is typically done via email, having people click on links that allow hackers to …

keylogger cybrary

Keylogger

A Keylogger is software or hardware that tracks all keystrokes and keyboard events, usually without the user’s knowledge. Hackers use keyloggers to monitor all actions by the user of a …

access control

Access Control (Physical and Logical)

Access Control Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that …

Advanced Persistent Threat

Advanced Persistent Threat (APT) is an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

Air Gap

An air gap is a security measure in which computers, computer systems, or networks are not connected in any way to any other devices or networks. It’s used in instances …

Public Key Cryptography

Public Key Cryptography is technically known as asymmetric encryption, is a cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. The …

Adversary (or Attacker)

An Adversary is an individual, group, organization, or government that conducts or has the intent to conduct malicious activities. An example of an adversary would be a hacker, an attacker, …

Antivirus Software

Antivirus Software is a program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes done by …

Compromised Credentials

Compromised credentials are rampant online. Over 82% of breaches relate back to stolen passwords and phishing attacks. Learn what to do about it.

Typosquatting

Typosquatting

Typosquatting is also called URL hijacking. It is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into …