Compliance Reference

Cybersecurity Glossary

Plain-language definitions for the terms defense contractors encounter in CMMC assessments, NIST frameworks, and RMF packages — 265 terms and growing.

A

18

ACAS ACAS (Assured Compliance Assessment Solution) is the DoD's enterprise vulnerability scanning and… Acceptable Use Policy (AUP) An Acceptable Use Policy (AUP) defines the rules and guidelines for how employees and other users… Access Control Access control is the security discipline of managing who can access your systems, data, and… Account Management Account management is the lifecycle management of user accounts on your systems — from creation… Advanced Persistent Threat (APT) An Advanced Persistent Threat (APT) is a sophisticated, prolonged cyber attack campaign — typically… Adware Adware is software that displays unwanted advertisements on your computer, often installed without… Air Gap An air gap is a security measure where a computer or network is physically isolated from unsecured… API Security API (Application Programming Interface) security focuses on protecting the interfaces that allow… Assessment Objective An assessment objective is a specific, testable statement that an assessor uses to determine… Attack Surface Your attack surface is the total set of points where an attacker could attempt to enter or extract… Audit A security audit is a systematic evaluation of an organization's security program, policies, and… Audit Logging Audit logging is the process of recording events and activities on your systems so you can track… Authentication Authentication is the process of verifying that a user, device, or system is who or what it claims… Authority to Connect (ATC) An Authority to Connect (ATC) is an approval that permits a system to connect to another system or… Authority to Operate (ATO) An Authority to Operate (ATO) is the formal authorization from a senior official (the Authorizing… Authorization Authorization is the process of determining what a verified user is permitted to do — what… Authorization Boundary The authorization boundary defines exactly what is included in a system's security authorization —… Authorizing Official (AO) The Authorizing Official (AO) is the senior government official who has the authority to formally…

B

10

Backdoor A backdoor is a hidden method of bypassing normal authentication or security controls to gain… Backup A backup is a copy of your data stored separately from the original so it can be restored if the… Baiting Baiting is a social engineering attack where the attacker leaves malware-infected media — USB… Blacklisting Blacklisting (also called denylisting) is a security approach where known malicious items —… Blue Team A blue team is the defensive side of cybersecurity — the people responsible for maintaining and… Botnet A botnet is a network of compromised computers (bots or zombies) controlled remotely by an… Boundary Protection Boundary protection refers to the security controls at the edges of your network — where your… Brute Force Attack A brute force attack is a trial-and-error method of guessing passwords or encryption keys by… Business Continuity Business continuity planning ensures your organization can continue operating during and after a… Business Email Compromise (BEC) Business Email Compromise (BEC) is a sophisticated social engineering attack where attackers…

C

42

C3PAO A C3PAO (CMMC Third-Party Assessment Organization) is an independent company authorized by the… CCRI CCRI (Command Cyber Readiness Inspection) was the DoD's former cybersecurity inspection program,… Certificate Authority (CA) A Certificate Authority (CA) is a trusted organization that issues digital certificates —… Change Management Change management in cybersecurity is the formal process for requesting, reviewing, approving,… CIA Triad The CIA Triad — Confidentiality, Integrity, and Availability — is the foundational model for… CIS Benchmarks CIS (Center for Internet Security) Benchmarks are community-developed, consensus-based security… Cloud Security Cloud security encompasses the technologies, policies, controls, and processes used to protect… CMMC The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's framework for… CMMC 2.0 CMMC 2.0 is the current version of the Cybersecurity Maturity Model Certification framework,… CMMC Domain A CMMC domain is a grouping of related cybersecurity practices. The CMMC framework organizes its… CMMC Level 1 CMMC Level 1 is the foundational tier of the Cybersecurity Maturity Model Certification. It… CMMC Level 2 CMMC Level 2 is the middle tier and the most common target for defense contractors. It requires… CMMC Level 3 CMMC Level 3 is the highest tier, designed for contractors handling the most sensitive CUI where… CMMC Practice In CMMC terminology, a practice is a specific cybersecurity activity or capability that your… CMMC-AB CMMC-AB was the original name for the CMMC Accreditation Body, the organization responsible for… Common Access Card (CAC) The Common Access Card (CAC) is the standard identification card for active-duty military, DoD… Common Vulnerabilities and Exposures (CVE) CVE (Common Vulnerabilities and Exposures) is a standardized system for identifying and naming… Common Vulnerability Scoring System (CVSS) The Common Vulnerability Scoring System (CVSS) provides a standardized way to rate the severity of… Compliance Compliance is the state of meeting the requirements set by laws, regulations, standards, or… Configuration Management Configuration management is the discipline of establishing and maintaining consistent settings,… Container Security Container security addresses the protection of containerized applications — software packaged in… Continuous Monitoring Continuous monitoring is the ongoing process of maintaining awareness of your security posture,… Control Enhancement A control enhancement is an additional capability or specification that extends a base security… Control Family A control family is a grouping of related security controls that address a common security topic.… Controlled Technical Information (CTI) Controlled Technical Information (CTI) is a category of CUI that includes technical information… Controlled Unclassified Information (CUI) Controlled Unclassified Information, or CUI, is sensitive government information that isn't… CORA CORA (Cybersecurity Operational Readiness Assessment) is the DoD's inspection process for… Covered Defense Information (CDI) Covered Defense Information (CDI) is the term used in DFARS 252.204-7012 for the information that… Credential Stuffing Credential stuffing is an automated attack where stolen username/password combinations from one… Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) is a web application vulnerability that allows attackers to inject… Cryptography Cryptography is the science and practice of securing information through mathematical techniques —… Cyber Hygiene Cyber hygiene refers to the fundamental cybersecurity practices that every organization should… Cyber Incident Reporting Cyber incident reporting for defense contractors refers to the obligation under DFARS 252.204-7012… Cyber Insurance Cyber insurance is a type of insurance policy that provides financial protection against losses… Cyber Kill Chain The Cyber Kill Chain is a framework developed by Lockheed Martin that describes the stages of a… Cyber Resilience Cyber resilience is your organization's ability to anticipate, withstand, recover from, and adapt… Cyber Threat Hunting Cyber threat hunting is the proactive practice of searching through your networks and systems for… CyberAB The CyberAB (Cyber Accreditation Body) is the organization authorized by the Department of Defense… CYBERCOM United States Cyber Command (CYBERCOM) is the unified combatant command responsible for the DoD's… Cybersecurity Framework (CSF) The NIST Cybersecurity Framework (CSF) is a voluntary framework that provides organizations with a… Cybersecurity Incident A cybersecurity incident is an event that actually or potentially jeopardizes the confidentiality,… Cybersecurity Maturity Cybersecurity maturity describes how well-developed, institutionalized, and effective your security…

D

23

Data at Rest Data at rest refers to data that is stored and not currently being transmitted or processed — files… Data Classification Data classification is the process of categorizing your organization's data based on its… Data Exfiltration Data exfiltration is the unauthorized transfer of data from your organization to an external… Data Flow Diagram A data flow diagram (DFD) in the cybersecurity context maps how sensitive data — particularly CUI —… Data in Transit Data in transit refers to data that is being transmitted across a network — between your systems,… Data Loss Prevention (DLP) Data Loss Prevention (DLP) refers to tools and strategies that prevent sensitive data from leaving… DCSA The Defense Counterintelligence and Security Agency (DCSA) is the DoD agency responsible for… Defense in Depth Defense in depth is the strategy of layering multiple security controls so that if one fails,… Defense Industrial Base (DIB) The Defense Industrial Base (DIB) is the worldwide industrial complex that enables research and… Demilitarized Zone (DMZ) A DMZ (Demilitarized Zone) is a network segment that sits between your internal network and the… Denial of Authority to Operate (DATO) A Denial of Authority to Operate (DATO) is the formal decision by an Authorizing Official that a… Denial of Service (DoS) A Denial of Service (DoS) attack attempts to make a system, network, or service unavailable to its… DevSecOps DevSecOps integrates security practices into every phase of the software development lifecycle —… DFARS 252.204-7012 DFARS 252.204-7012 is the Defense Federal Acquisition Regulation Supplement clause titled… DFARS 252.204-7021 DFARS 252.204-7021 is the contract clause titled 'Cybersecurity Maturity Model Certification… DIBCAC DIBCAC stands for the Defense Industrial Base Cybersecurity Assessment Center. It's the DoD… DIBNet DIBNet is the DoD's web portal where defense contractors report cyber incidents as required by… Digital Forensics Digital forensics is the process of collecting, preserving, analyzing, and presenting digital… Digital Signature A digital signature is a cryptographic mechanism that provides authentication (verifying the… DISA The Defense Information Systems Agency (DISA) is the DoD agency responsible for providing and… Disaster Recovery Disaster recovery (DR) is the set of policies, tools, and procedures for recovering technology… Distributed Denial of Service (DDoS) A Distributed Denial of Service (DDoS) attack overwhelms a system, network, or service with massive… DITPR DITPR (DoD Information Technology Portfolio Repository) is the DoD's enterprise database for…

E

11

eMASS eMASS (Enterprise Mission Assurance Support Service) is the DoD's official web-based application… Enclave An enclave is a defined portion of your network that is isolated and protected at a specific… Encryption Encryption is the process of converting readable data into an unreadable format using mathematical… Encryption at Rest Encryption at rest protects data that is stored on physical media — hard drives, SSDs, databases,… Encryption in Transit Encryption in transit protects data as it moves across networks — between your systems, to cloud… Endpoint Detection and Response (EDR) Endpoint Detection and Response (EDR) is advanced security software that runs on individual… Endpoint Protection Endpoint protection refers to the security solutions deployed on individual devices (endpoints) —… Endpoint Security Solution (ESS) The Endpoint Security Solution (ESS) is the DoD's mandated endpoint protection platform. ESS… Exploit An exploit is a piece of code, technique, or method that takes advantage of a vulnerability to… Export-Controlled Information Export-controlled information is data, technology, or software that the U.S. government restricts… Extended Detection and Response (XDR) Extended Detection and Response (XDR) expands on EDR by integrating security data from multiple…

F

9

Facility Clearance (FCL) A Facility Clearance (FCL) is the organizational equivalent of a personal security clearance — it's… False Claims Act The False Claims Act is a federal law that imposes liability on companies and individuals who… Federal Contract Information (FCI) Federal Contract Information (FCI) is information provided by or generated for the government under… FedRAMP FedRAMP (Federal Risk and Authorization Management Program) is the government-wide program that… FIPS 140-2 FIPS 140-2 (Federal Information Processing Standard Publication 140-2) specifies the security… FIPS 199 FIPS 199 (Federal Information Processing Standard 199) establishes the categories for classifying… FIPS 200 FIPS 200 (Federal Information Processing Standard 200) specifies the minimum security requirements… Firewall A firewall is a network security device (hardware or software) that monitors and controls incoming… Flaw Remediation Flaw remediation is the process of identifying, reporting, and correcting security flaws (bugs,…

G

1

Governance Security governance is the framework of policies, roles, responsibilities, and oversight that…

H

2

Hashing Hashing is a mathematical process that converts data of any size into a fixed-length string of… Helix Helix is the DoD's IT Service Management (ITSM) platform, replacing the former BMC Remedy system.…

I

19

IAVA An Information Assurance Vulnerability Alert (IAVA) is the highest-priority IAVM notice, issued for… IAVB An Information Assurance Vulnerability Bulletin (IAVB) is a mid-level IAVM notice for significant… IAVT An Information Assurance Vulnerability Technical Advisory (IAVT) is the lowest-priority IAVM… Identification and Authentication Identification and authentication (I&A) is the security process of claiming an identity… Identity and Access Management (IAM) Identity and Access Management (IAM) is the framework of policies, processes, and technologies for… Incident Handling Incident handling is the operational execution of your incident response plan — the actual process… Incident Response Incident response is the organized approach to detecting, containing, eradicating, and recovering… Incident Response Plan (IRP) An Incident Response Plan (IRP) is a documented set of procedures that your organization follows… Indicator of Compromise (IOC) An Indicator of Compromise (IOC) is a piece of forensic evidence that suggests a system or network… Indicators of Attack (IOA) Indicators of Attack (IOAs) are behavioral patterns that suggest an active attack is underway, as… Information Assurance Vulnerability Management (IAVM) Information Assurance Vulnerability Management (IAVM) is the DoD's program for managing… Information System Security Manager (ISSM) An Information System Security Manager (ISSM) is the person responsible for managing the… Information System Security Officer (ISSO) An Information System Security Officer (ISSO) works under the ISSM to handle the day-to-day… Information Systems Security Engineer (ISSE) An Information Systems Security Engineer (ISSE) is the technical expert responsible for designing… Infrastructure as a Service (IaaS) Infrastructure as a Service (IaaS) is a cloud delivery model where the provider supplies… Insider Threat An insider threat is a security risk that comes from within your organization — employees,… Interim Authority to Test (IATT) An Interim Authority to Test (IATT) is a temporary, limited authorization that allows a system to… Intrusion Detection System (IDS) An Intrusion Detection System (IDS) monitors network traffic or system activity for signs of… Intrusion Prevention System (IPS) An Intrusion Prevention System (IPS) is similar to an IDS but goes a step further — it not only…

J

1

JFHQ-DODIN JFHQ-DODIN (Joint Force Headquarters - Department of Defense Information Networks) is the DoD…

K

2

Key Management Key management encompasses the policies, procedures, and technical mechanisms for generating,… Keylogger A keylogger is a type of malware or hardware device that records every keystroke typed on a…

L

4

Lateral Movement Lateral movement refers to an attacker's ability to move from one compromised system to other… Least Functionality Least functionality is the security principle of configuring systems to provide only the… Least Privilege Least privilege is the security principle that every user, program, and system process should have… Log Retention Log retention refers to how long you keep audit logs and security event records before they're…

M

14

Maintenance In the CMMC context, maintenance refers to the controlled processes for performing maintenance on… Malware Malware (malicious software) is any software designed to harm, exploit, or otherwise compromise… Man-in-the-Middle Attack (MitM) A Man-in-the-Middle (MitM) attack occurs when an attacker secretly positions themselves between two… Managed Detection and Response (MDR) Managed Detection and Response (MDR) is a service that combines security technology with human… Managed Security Service Provider (MSSP) A Managed Security Service Provider (MSSP) is a third-party company that provides outsourced… Maturity In cybersecurity frameworks, maturity refers to how well-established and repeatable your security… Mean Time to Detect (MTTD) Mean Time to Detect (MTTD) is a security metric that measures the average time it takes for your… Mean Time to Respond (MTTR) Mean Time to Respond (MTTR) is a security metric that measures the average time between detecting a… Media Protection Media protection covers the security measures for managing removable and portable storage media —… Micro-Segmentation Micro-segmentation is a network security technique that divides the network into very small,… MITRE ATT&CK MITRE ATT&CK is a comprehensive knowledge base of adversary tactics, techniques, and procedures… Mobile Device Management (MDM) Mobile Device Management (MDM) is a technology and set of policies for managing, securing, and… Multi-Factor Authentication (MFA) Multi-Factor Authentication (MFA) requires users to provide two or more verification factors to… Multi-Tenancy Multi-tenancy is a cloud architecture where multiple customers (tenants) share the same…

N

12

National Vulnerability Database (NVD) The National Vulnerability Database (NVD) is the U.S. government's comprehensive repository of… Network Access Control (NAC) Network Access Control (NAC) is a security approach that restricts which devices can connect to… Network Segmentation Network segmentation divides your network into smaller, isolated segments to control traffic flow… NIPRNet NIPRNet (Non-classified Internet Protocol Router Network) is the DoD's network for transmitting… NISPOM The National Industrial Security Program Operating Manual (NISPOM) — now titled 32 CFR Part 117 —… NIST The National Institute of Standards and Technology (NIST) is the U.S. federal agency that develops… NIST SP 800-171 NIST Special Publication 800-171 defines the security requirements for protecting Controlled… NIST SP 800-172 NIST Special Publication 800-172 provides enhanced security requirements for protecting CUI in… NIST SP 800-37 NIST Special Publication 800-37 is the guide for applying the Risk Management Framework (RMF) to… NIST SP 800-53 NIST Special Publication 800-53 is the comprehensive catalog of security and privacy controls used… NIST SP 800-53A NIST Special Publication 800-53A provides guidance for assessing the security controls defined in… Non-Repudiation Non-repudiation ensures that a party cannot deny having performed a specific action — such as…

O

4

Organization Seeking Certification (OSC) An Organization Seeking Certification (OSC) is the formal CMMC term for a company that is going… OSCAL The Open Security Controls Assessment Language (OSCAL) is a standardized, machine-readable format… Overlay A security overlay is a set of additional or modified security controls that address the unique… OWASP The Open Web Application Security Project (OWASP) is a nonprofit organization that produces freely…

P

16

Patch Management Patch management is the process of identifying, testing, and applying software updates (patches) to… Penetration Test Report A penetration test report is the formal document delivered after a penetration test, detailing the… Penetration Testing Penetration testing (pen testing) is an authorized simulated cyber attack against your systems to… Personnel Security Personnel security encompasses the screening, oversight, and management of people with access to… Phishing Phishing is a type of social engineering attack where attackers send deceptive emails, messages, or… Physical Security Physical security encompasses the measures taken to protect facilities, equipment, and personnel… Plan of Action and Milestones (POA&M) A Plan of Action and Milestones (POA&M, sometimes written POAM) is a document that lists the… Platform as a Service (PaaS) Platform as a Service (PaaS) is a cloud delivery model that provides a platform for developing,… POAM POAM is a common shorthand for Plan of Action and Milestones (POA&M). It refers to the same… Pretexting Pretexting is a social engineering technique where the attacker creates a fabricated scenario (the… Privilege Escalation Privilege escalation occurs when an attacker exploits a vulnerability, design flaw, or… Privileged Access Management (PAM) Privileged Access Management (PAM) focuses specifically on controlling, monitoring, and auditing… Privileged User A privileged user is anyone with elevated system access rights beyond those of a standard user —… Provisional Authorization In cybersecurity frameworks, a provisional authorization is a temporary or conditional approval to… Public Key Infrastructure (PKI) Public Key Infrastructure (PKI) is the system of digital certificates, certificate authorities, and… Purple Team A purple team combines red team (offensive) and blue team (defensive) activities in a collaborative…

R

10

Ransomware Ransomware is malicious software that encrypts your files and data, making them inaccessible until… Red Team A red team is a group of security professionals who simulate adversary tactics, techniques, and… Remote Access Remote access refers to the ability of users to connect to organizational systems and resources… Risk In cybersecurity, risk is the potential for loss or damage when a threat exploits a vulnerability.… Risk Assessment A risk assessment is the process of identifying potential threats and vulnerabilities that could… Risk Assessment Report (RAR) A Risk Assessment Report (RAR) is a formal document that identifies and evaluates the security… Risk Management Framework (RMF) The Risk Management Framework (RMF) is the structured process the federal government and DoD use to… RMF Technical Advisory (RMF TA) An RMF Technical Advisory (RMF TA) is guidance issued to clarify, update, or provide additional… Role-Based Access Control (RBAC) Role-Based Access Control (RBAC) is an access management approach where permissions are assigned to… Rootkit A rootkit is a particularly insidious type of malware designed to hide its presence and the…

S

43

Sanitization Sanitization (or media sanitization) is the process of making data on storage media unrecoverable… SCAP The Security Content Automation Protocol (SCAP) is a standardized approach for automating security… Scoping Scoping is the process of determining which parts of your organization, networks, and systems fall… Security Architecture Security architecture is the design framework that describes how security controls are positioned… Security Assessment A security assessment is a broad evaluation of an organization's security posture, policies, and… Security Awareness Security awareness is the knowledge and attitude that members of your organization possess… Security Awareness Training Security awareness training educates employees about cybersecurity risks, organizational security… Security Baseline A security baseline is the starting set of security controls recommended for a system based on its… Security Clearance A security clearance is a formal determination that a person is eligible to access classified… Security Control Assessment A security control assessment is the formal process of evaluating whether the security controls… Security Control Assessment Report (SCAR) A Security Control Assessment Report (SCAR), also called a Security Assessment Report (SAR), is the… Security Control Assessor (SCA) A Security Control Assessor (SCA) is an independent evaluator who tests and verifies whether… Security Controls Security controls are the safeguards or countermeasures your organization implements to protect… Security Information and Event Management (SIEM) A Security Information and Event Management (SIEM) system collects, correlates, and analyzes log… Security Information Sharing Security information sharing is the practice of exchanging cybersecurity threat intelligence,… Security Operations (SecOps) Security Operations (SecOps) refers to the ongoing, day-to-day activities of monitoring, detecting,… Security Operations Center (SOC) A Security Operations Center (SOC) is a centralized team — and often a physical facility —… Security Policy A security policy is a formal document that defines your organization's approach to cybersecurity —… Security Posture Security posture is the overall strength and readiness of your organization's cybersecurity… Security Technical Implementation Guide (STIG) A Security Technical Implementation Guide (STIG) is a configuration standard developed by DISA that… Security Token A security token is a physical or digital device used as part of multi-factor authentication.… Self-Assessment A self-assessment in the CMMC context means your company evaluates its own cybersecurity practices… Separation of Duties Separation of duties is the security principle that no single individual should have enough access… Session Management Session management controls how user sessions are created, maintained, and terminated on your… Shared Responsibility Model The Shared Responsibility Model defines which security responsibilities belong to the cloud service… Single Sign-On (SSO) Single Sign-On (SSO) is an authentication mechanism that allows users to log in once and gain… SIPRNet SIPRNet (Secret Internet Protocol Router Network) is the DoD's classified network for transmitting… Smishing Smishing (SMS phishing) is a social engineering attack delivered through text messages. Attackers… SNAP SNAP (System Network Approval Process) is the DoD Navy's process for approving systems to connect… Social Engineering Social engineering is the use of psychological manipulation to trick people into making security… Software as a Service (SaaS) Software as a Service (SaaS) is a cloud delivery model where applications are hosted by a provider… Software Bill of Materials (SBOM) A Software Bill of Materials (SBOM) is a detailed inventory of all components, libraries, and… Spear Phishing Spear phishing is a targeted form of phishing where attackers craft personalized messages aimed at… Spillage In cybersecurity, spillage (also called a data spill) occurs when classified or sensitive… SPRS SPRS (Supplier Performance Risk System) is the DoD's online system where defense contractors submit… Spyware Spyware is a type of malware that secretly monitors and collects information about a user's… SQL Injection SQL Injection is a web application attack where an attacker inserts malicious database commands… Supply Chain Attack A supply chain attack targets an organization by compromising a less-secure element in its supply… Supply Chain Risk Management (SCRM) Supply Chain Risk Management is the discipline of identifying, assessing, and mitigating… System and Communications Protection System and communications protection covers the security measures that protect information as it's… System and Information Integrity System and information integrity is the security objective of ensuring that systems operate… System Hardening System hardening is the process of reducing a system's attack surface by removing unnecessary… System Security Plan (SSP) A System Security Plan (SSP) is a formal document that describes how your company's information…

T

13

Tabletop Exercise A tabletop exercise is a simulated cybersecurity scenario that brings together key personnel to… Tactics, Techniques, and Procedures (TTPs) Tactics, Techniques, and Procedures (TTPs) describe the behavior patterns of cyber threat actors —… Tailgating Tailgating (or piggybacking) is a physical security breach where an unauthorized person follows an… Third-Party Assessment A third-party assessment is an independent evaluation of your cybersecurity practices conducted by… Threat A threat is any circumstance or event with the potential to adversely impact your organization… Threat Actor A threat actor is any individual, group, or organization that conducts or has the intent to conduct… Threat Intelligence Threat intelligence is evidence-based knowledge about existing or emerging cyber threats —… Threat Modeling Threat modeling is a structured approach to identifying and prioritizing potential threats to your… Threat Vector A threat vector is the method or pathway an attacker uses to gain access to your systems or deliver… TLS/SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic… Trellix Trellix is the cybersecurity company (formed from the merger of McAfee Enterprise and FireEye)… Trojan A Trojan (or Trojan horse) is malware disguised as legitimate software. Unlike viruses and worms,… Two-Factor Authentication (2FA) Two-Factor Authentication (2FA) is a specific form of multi-factor authentication that requires…

V

5

Virtual Private Network (VPN) A Virtual Private Network (VPN) creates an encrypted tunnel between your device and a remote… Virus A computer virus is a type of malware that attaches itself to legitimate programs or files and… Vishing Vishing (voice phishing) is a social engineering attack conducted over the phone where callers… Vulnerability A vulnerability is a weakness in a system, software, process, or configuration that could be… Vulnerability Scanning Vulnerability scanning is the automated process of examining your systems, networks, and…

W

4

Watering Hole Attack A watering hole attack targets a specific group of users by compromising a website they frequently… Whitelisting Whitelisting (also called allowlisting) is a security approach where only specifically approved… Wireless Security Wireless security encompasses the measures taken to protect wireless networks and the data… Worm A worm is a type of malware that spreads automatically across networks without requiring user…

Z

2

Zero Trust Zero Trust is a cybersecurity strategy that assumes no user, device, or network connection should… Zero-Day A zero-day is a vulnerability that is unknown to the software vendor and for which no patch exists.…