Network Security
A security system that controls incoming and outgoing network traffic based on predetermined security rules.
Firewall
The process of converting information or data into a code, especially to prevent unauthorized access.
Encryption
Software that is intended to damage or disable computers and computer systems.
Malware
A document stipulating constraints and practices that a user must agree to for access to a corporate network or the internet.
Acceptable Use Policy (AUP)
A simulated cyberattack against your computer system to check for exploitable vulnerabilities.
Penetration Testing
A device or software application that monitors a network for malicious activity or policy violations.
Intrusion Detection System (IDS)
A set of roles, policies, and procedures needed to create, manage public-key encryption.
Public Key Infrastructure (PKI)
A method of trying to gather personal information using deceptive e-mails and websites.
Phishing
A well-defined, documented plan for responding to and managing the aftermath of a security breach or cyberattack.
Incident Response Plan (IRP)
The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purpose.
A method used to add security and privacy to private and public networks, like WiFi Hotspots and the Internet.
VPN (Virtual Private Network)
A process of converting data into a fixed-sized string of characters, which is typically a hash code that is unique to the data.
Hashing
A software vulnerability that is unknown to those who should be interested in its mitigation (including the vendor or the target software).
Zero-Day Vulnerability
A strategy for making sure that end users do not send sensitive or critical information outside the corporate network.
Data Loss Prevention (DLP)
A reward paid to a person who identifies an error or vulnerability in a computer program or system.
Bug Bounty
A physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the internet.
DMZ (Demilitarized Zone)
A mathematical scheme for demonstrating the authenticity of digital messages or documents.
Digital Signature
An interruption in an authorized user's access to a computer network, typically one caused with malicious intent.
Denial of Service (DoS)
The process of identifying, evaluating, and estimating the levels of risks involved in a situation, with the aim of determining an appropriate risk response.
Risk Assessment
A security training drill where one group (Red Team) act as attacker and another group (Blue Team) defends against the attack.
Red Team/Blue Team Exercises
An intermediary server separating end users from the websites they browse.
Proxy Server
A type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
Symmetric Encryption
A type of malicious software designed to block access to a computer system until a sum of money is paid.
Ransomeware
Training provided to the employees to help them understand the importance of security and to learn how to recognize and deal with security threats.
Security Awareness Training
An ethical hacker who helps organizations find and fix security vulnerabilities.
White Hat Hacker