Cybersecurity

A systematic evaluation of an organization's information systems, policies, and procedures to assess compliance with security standards and identify vulnerabilities. Security audits can be internal or...

The psychological manipulation of people into performing actions or divulging confidential information. Rather than exploiting technical vulnerabilities, social engineering targets human behavior thro...

Malicious software that secretly monitors and collects information about a user's activities without their knowledge or consent. Spyware can capture keystrokes, browsing history, login credentials, an...

A cyberattack that targets an organization by compromising a trusted third-party vendor or supplier in its supply chain. Attackers infiltrate software updates, open-source libraries, or hardware compo...

Evidence-based knowledge about existing or emerging threats to an organization's assets. Threat intelligence includes information about threat actors, their tactics, techniques, and procedures (TTPs),...

A type of malware that disguises itself as legitimate software to trick users into installing it. Once activated, a Trojan can give attackers remote access to the infected system, steal data, or insta...

Virtual Private Network: a technology that creates an encrypted tunnel between a user's device and a remote server, masking the user's IP address and securing data in transit. VPNs are used for privac...

A weakness or flaw in a system's design, implementation, or configuration that can be exploited by a threat actor to gain unauthorized access or cause harm. Vulnerabilities are cataloged using identif...

Web Application Firewall: a security solution that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application. A WAF protects against common web exploits such as SQL injection, XSS...

Cross-Site Scripting: a web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. XSS attacks can steal session cookies, redirect users, or def...

A security framework that requires all users, whether inside or outside the organization's network, to be authenticated, authorized, and continuously validated before being granted access to applicati...

An attack that targets a previously unknown vulnerability in software or hardware before the vendor has released a patch. The term "zero-day" refers to the fact that developers have had zero days to f...