Cybersecurity terms made simple.

Regulatory requirement in some jurisdictions to notify authorities within a strict post-breach timeframe.

Authentication, Authorization, and Accounting controls user identity, permissions, and activity tracking.

Policy defining allowed and prohibited use of company systems, networks, and data.

Mechanisms that enforce who or what can access systems, applications, and data.

Unauthorized access to a legitimate user account, typically through stolen credentials or session theft.

Attack where an adversary intercepts and manipulates communications between two parties.

Skilled, long-term attacker campaign that remains undetected while pursuing strategic objectives.

Physical or logical isolation of a system from unsecured networks, especially the internet.

Security control that permits only pre-approved applications, IPs, users, or actions.

Technique for identifying behavior that deviates from expected baselines and may signal an attack.

Tools and controls designed to detect, block, and remove malicious software.

Practice of integrating security throughout application design, development, testing, and operations.

Authoritative list of hardware, software, cloud assets, and data stores requiring protection.

Likely sequence of steps an attacker can take to move from initial access to key targets.

Total set of reachable assets and entry points that adversaries can target.

Tamper-resistant record of security-relevant events used for monitoring and investigations.

Process of verifying identity before granting access.

Process of determining which resources an authenticated identity can use.

Assurance that systems and data remain accessible when needed.

Access model that evaluates user, resource, and context attributes to make authorization decisions.

Process of creating and configuring user accounts, entitlements, and access rights.

Process of removing or disabling accounts and access when users change roles or leave.

Kubernetes control that intercepts API requests to enforce policy before objects are persisted.

Protection of APIs against abuse, unauthorized access, and data exposure.

Entry point that enforces authentication, rate limits, and routing for API traffic.

Misuse of API endpoints to evade controls, scrape data, or disrupt services.

Japan privacy law governing the handling of personal data by businesses.

Australia federal privacy law establishing obligations for handling personal information.

Hidden method of bypassing normal authentication or controls for persistent unauthorized access.

Protected copy of data or systems used for recovery after incidents or failures.

Hardened system exposed to untrusted networks to broker controlled administrative access.

Analysis of user and entity behavior patterns to detect suspicious deviations.

Defensive security team focused on prevention, detection, and response.

Network of compromised devices remotely controlled by an attacker.

Plan to sustain critical operations during and after disruptive events.

Fraud technique where attackers impersonate trusted contacts to steal money or data.

Bring Your Own Device policy model that allows personal devices for business use.

Model where customers provide encryption keys for use by cloud services.

Periodic outbound communication from compromised hosts to command-and-control infrastructure.

Application flaw that allows users to perform actions outside intended permissions.

Assessment that identifies critical business functions and acceptable disruption thresholds.

Integrated strategy for maintaining operations and restoring technology services after incidents.

Legal obligation to notify affected parties and regulators after qualifying data breaches.

Internal data transfer rules approved by regulators for multinational organizations.

Cloud Access Security Broker enforcing visibility and policy across cloud applications.

Trusted entity that issues and validates digital certificates.

Technique that restricts trust to specific certificates or public keys to prevent interception.

Documented handling history of digital evidence to preserve integrity and admissibility.

Executive responsible for enterprise security strategy, governance, and risk outcomes.

Confidentiality, Integrity, and Availability principles used to frame security objectives.

Prioritized security best practices published by the Center for Internet Security.

Cloud-Native Application Protection Platform combining cloud posture and workload protection.

Governance framework for enterprise IT management, risk, and control alignment.

Infrastructure and communications channel used by attackers to control compromised systems.

Adherence to regulatory, legal, and contractual security requirements.

Protection of data from unauthorized access or disclosure.

Unplanned deviation of system configuration from the approved secure baseline.

Exploit that breaks out of a container to access the host or other workloads.

Automated login attempts using leaked username-password pairs from other breaches.

Essential systems whose disruption would significantly impact safety, economy, or national security.

Attack that tricks a logged-in user browser into submitting unwanted authenticated actions.

Injection attack where malicious scripts execute in a victim browser context.

Most business-critical assets or data sets that require highest protection priority.

Use of mathematical methods to secure confidentiality, integrity, and authenticity of information.

Cloud Security Posture Management for continuous misconfiguration detection in cloud environments.

Common Vulnerabilities and Exposures identifier assigned to publicly disclosed vulnerabilities.

Common Vulnerability Scoring System for rating technical severity of vulnerabilities.

Common Weakness Enumeration catalog of software weakness types.

Model describing phases of an attack from reconnaissance to actions on objectives.

Evidence-based insights about threats, actors, and tactics to inform security decisions.

US Department of Defense cybersecurity certification model for defense contractors.

Policy-based access control that evaluates context such as location, device posture, and risk.

Security practices designed for dynamic, distributed cloud-native applications and infrastructure.

Software component responsible for starting and managing container execution on a host.

Portable package containing application code, runtime, libraries, and configuration.

Automated analysis of container images for vulnerabilities, malware, and policy violations.

Repository service for storing, signing, and distributing container images.

Tool for signing and verifying container images and related supply chain artifacts.

Security tooling focused on protecting hosts, containers, and serverless workloads at runtime.

Encryption key administered by the customer rather than the cloud provider.

Industry organization that develops guidance and best practices for cloud security.

Legitimate adversary simulation framework frequently abused in real-world intrusions.

Extraction of password hashes or credentials from systems and memory.

California law granting consumers rights over personal information collection and sharing.

California law that amended and expanded CCPA privacy obligations and enforcement.

Executive responsible for privacy governance, legal compliance, and data protection strategy.

Cloud Security Alliance control framework for assessing cloud provider security practices.

International standard for evaluating and certifying security properties of IT products.

Hardware-based protection that secures data while in use within trusted execution environments.

Connecticut privacy law defining consumer rights and controller obligations for personal data.

Processes and tooling used to capture, store, and enforce user consent choices.

US government information category requiring safeguarding controls but not classified handling.

Privacy governance model that separates entities deciding data purpose from those processing on instruction.

Internal control framework commonly used for governance, financial controls, and assurance alignment.

Movement of personal data between countries under legal transfer safeguards.

UK government-backed baseline certification for fundamental cybersecurity controls.

Advanced Cyber Essentials certification with independent technical verification testing.

US law creating federal cyber incident reporting requirements for covered critical infrastructure entities.

US agency responsible for national cyber defense coordination and critical infrastructure resilience.

Practical baseline cybersecurity actions published to improve resilience in critical infrastructure sectors.

Labeling data by sensitivity and business impact to guide handling controls.

Unauthorized transfer of data outside a trusted environment.

Controls for discovering sensitive data and preventing unauthorized exposure.

Principle of collecting and retaining only the data necessary for intended purposes.

Requirement for storing and processing data within specific geographic boundaries.

Concept that data is subject to laws of the country where it is stored or processed.

Use of decoys and traps to mislead attackers and generate high-confidence alerts.

Layered security strategy where multiple controls mitigate a single risk.

Attack that disrupts availability of a system or service.

Designing, testing, and maintaining detections for attack behaviors.

Collection and analysis of digital evidence to investigate incidents.

Cryptographic proof that data came from a trusted signer and was not altered.

DoS attack using many compromised systems to overwhelm a target.

Email authentication policy standard that builds on SPF and DKIM to reduce spoofing.

Blocking malicious domains through domain name resolution controls.

DNS Security Extensions adding cryptographic integrity validation to DNS responses.

Malware technique for creating rotating domains used for command and control.

Testing running applications from the outside to detect exploitable vulnerabilities.

Electronic representation of a user, device, or workload used for authentication and authorization.

Industrial protocol widely used in electric utility and critical infrastructure environments.

Identification of deviations between deployed infrastructure and approved configurations.

Execution technique that abuses application DLL search order to load malicious libraries.

Malware component whose primary purpose is delivering additional malicious payloads.

Supply chain attack that tricks build systems into pulling malicious packages.

DomainKeys Identified Mail standard that signs email to validate message authenticity.

Traffic analysis method that inspects packet payloads for policy and threat enforcement.

Plan for restoring IT systems and services after disruptive events.

Contract defining responsibilities and safeguards when one party processes personal data for another.

Regulatory body that enforces privacy and data protection laws in a jurisdiction.

Structured assessment of privacy risks for high-risk personal data processing activities.

Role tasked with advising on and monitoring privacy compliance obligations.

Rules defining how long data is stored and when it must be deleted.

Formal request from an individual to access and receive copies of personal data.

Assessment evaluating legal and practical risks of international personal data transfers.

US defense contracting regulations that include cybersecurity and incident reporting requirements.

EU regulation requiring financial entities to manage ICT risk, resilience testing, and incident reporting.

Endpoint Detection and Response for monitoring endpoints and containing suspicious activity.

Conversion of plaintext into ciphertext using keys to protect data confidentiality.

Endpoint security suite focused on prevention controls like antivirus and policy enforcement.

Defined chain of technical and management contacts for incident handling decisions.

Code or technique that takes advantage of a vulnerability.

Sequence of vulnerabilities and techniques combined to achieve attacker objectives.

Continuous process of identifying, prioritizing, and reducing exploitable security gaps.

Discovery and monitoring of internet-facing assets and exposures.

Privileged OT workstation used to configure controllers and manage industrial system logic.

Distributed key-value store that persists Kubernetes cluster state and configuration.

Linux kernel technology that enables efficient runtime observability and security enforcement.

Lateral network traffic that moves between internal systems and workloads.

EU legislation establishing cybersecurity requirements for connected products and software.

EU framework governing electronic identification, trust services, and digital signatures.

EU legal framework for electronic communications privacy, including cookies and marketing communications.

US export controls governing dual-use items, including some cybersecurity technologies.

Alert that incorrectly flags benign activity as malicious.

US government program standardizing security assessment and authorization for cloud services.

Detection of unauthorized file or configuration changes on critical systems.

Control point that filters network traffic based on security rules.

Preparedness to collect and preserve evidence efficiently during incidents.

Automated testing that feeds unexpected inputs to uncover crashes and vulnerabilities.

Trust relationship that allows identity assertions to be accepted across separate organizations or systems.

Configuration data exchanged between identity providers and service providers to establish trust.

Open authentication standard enabling phishing-resistant, passwordless sign-in with cryptographic authenticators.

Cloud execution model where code runs in managed functions triggered by events.

Factor Analysis of Information Risk framework for quantifying cyber risk in financial terms.

US law protecting student education records and related privacy rights.

US law requiring federal agencies to implement risk-based information security programs.

US rule requiring financial institutions to implement a written information security program.

US and Canada standard for validating cryptographic module security requirements.

General Data Protection Regulation governing personal data privacy in the European Union.

Integrated discipline for policy oversight, risk management, and compliance assurance.

Brazil national privacy law governing processing of personal data.

US law requiring financial institutions to protect customer financial information.

Secure default configuration standard for systems and services.

One-way transformation used for integrity checks and secure password storage workflows.

US healthcare security and privacy requirements for protected health information.

Decoy system intended to attract and observe attacker behavior.

Host-based monitoring for suspicious activity on servers or endpoints.

Host-based control that detects and blocks suspicious behavior in real time.

Operator interface used to visualize and control industrial processes.

System that stores time-series industrial process data for monitoring and analysis.

Assurance framework and certification program often used in healthcare and regulated sectors.

Identity and Access Management controls digital identities and access lifecycles.

Backup that cannot be altered or deleted during a defined retention period.

Process for preparing for, detecting, containing, eradicating, and recovering from incidents.

Behavioral pattern suggesting malicious activity before clear compromise evidence exists.

Observable artifact that indicates a system may have been compromised.

Operational technology environment used to monitor and control industrial processes.

Structured set of policies, processes, and controls for managing information security risk.

Risk posed by internal users who intentionally or accidentally harm the organization.

Assurance that data is accurate, complete, and not altered without authorization.

Monitoring system that identifies suspicious or malicious network and host activity.

Control that can automatically block malicious activity detected in traffic streams.

International standard for establishing and maintaining an information security management system.

Discipline for managing identity lifecycle, access requests, certifications, and separation-of-duties policies.

Verification process that establishes confidence a digital identity belongs to a real person.

Connected sensors and devices used in industrial operations and telemetry collection.

International standards series for securing industrial automation and control systems.

Cryptographic signing of artifacts to verify software provenance and integrity.

Managing infrastructure with declarative code and automated deployment workflows.

Practices and tooling to detect security misconfigurations in infrastructure templates before deployment.

Access control flaw exposing direct object identifiers without proper authorization checks.

Vulnerability where unsafe object deserialization enables code execution or logic abuse.

Runtime-assisted testing approach that detects vulnerabilities with instrumentation inside the application.

India national privacy law establishing obligations for handling digital personal data.

US export control regulations governing defense-related articles, services, and technical data.

International standard for business continuity management systems.

International code of practice for cloud security controls.

International standard for protecting personal data in public cloud services.

Privacy information management extension to ISO 27001 and ISO 27002.

Model that grants elevated privileges only when needed and only for a limited duration.

Principle and implementation approach that limits administrative sessions to the minimum required actions.

Lifecycle management of cryptographic keys including generation, storage, rotation, and retirement.

Container orchestration platform used to deploy, scale, and manage containerized workloads.

Control-plane component that validates and processes cluster API requests.

Node agent that ensures containers are running according to Kubernetes pod specifications.

Kubernetes resource that controls pod-to-pod network communication flows.

Role-based access control model for Kubernetes API permissions.

Kubernetes object type for storing sensitive configuration data used by workloads.

Continuous assessment of Kubernetes configurations against security best practices.

Managed service for creating, storing, rotating, and controlling access to encryption keys.

Malware or tool that records keystrokes to capture credentials and sensitive data.

Attacker movement across internal systems after initial compromise.

Principle of granting only the minimum access required for a task.

Combining events from multiple sources to identify meaningful attack patterns.

Policy and practice of storing logs for defined durations to support monitoring and compliance.

Preconfigured cloud environment with baseline identity, networking, and security controls.

Attacker tactic that uses legitimate system tools to avoid detection.

Living Off the Land Binaries and Scripts catalog of dual-use Windows utilities often abused by attackers.

Malicious program that retrieves and executes secondary payloads in memory.

Process to preserve potentially relevant records for legal proceedings and investigations.

Portuguese name for Brazil privacy law governing personal data processing.

Insider who intentionally abuses authorized access for theft, sabotage, or fraud.

Malicious software designed to disrupt operations, steal data, or gain unauthorized control.

Managed Detection and Response combining monitoring, threat hunting, and active response services.

Average time between incident occurrence and detection.

Average time required to contain or remediate a detected incident.

Fine-grained network policy enforcement to limit east-west movement.

Knowledge base of real-world adversary tactics and techniques used for detection and defense.

Managed Security Service Provider delivering outsourced security monitoring and operations.

Authentication requiring two or more distinct verification factors.

Legacy industrial communications protocol commonly used between PLCs and supervisory systems.

Examination of malware binaries without execution to identify structure, indicators, and capabilities.

Executing malware in a controlled environment to observe runtime behavior and artifacts.

Group of related malware samples sharing code, behavior, or operational techniques.

Isolated environment used to safely detonate and analyze malicious files.

Average time required to stop attacker activity after detection.

Incident significant enough to influence investor decisions and trigger disclosure obligations in some regimes.

Network Access Control enforcing device and user access policies before network admission.

US repository that enriches CVE records with vulnerability metadata and severity data.

Network Detection and Response focused on detecting malicious network behaviors and intrusions.

Division of networks into isolated zones to reduce blast radius and control access.

European cybersecurity directive establishing stronger security and incident reporting obligations.

US standards body publishing widely adopted cybersecurity guidance and controls.

Framework organizing cybersecurity outcomes around governance, identify, protect, detect, respond, and recover.

Catalog of security and privacy controls for information systems and organizations.

Ability to prove an action occurred so participants cannot credibly deny it.

Network metadata records used for traffic visibility, anomaly detection, and forensics.

Network traffic flowing between internal environments and external networks.

North American electric sector cybersecurity standards for bulk electric system reliability.

Framework for managing privacy risk through governance and data processing outcomes.

Australia regime requiring notification of eligible data breaches.

New York cybersecurity regulation for covered financial services institutions.

Authorization framework allowing applications to obtain limited delegated access.

Storage setting that prevents object deletion or modification for defined retention periods.

Community-driven organization providing application security guidance and standards.

Widely used ranking of critical web application security risks.

Identity layer on top of OAuth 2.0 that provides standardized user authentication claims.

Systems and devices that monitor or control physical processes in industrial environments.

Industrial interoperability standard that supports secure, structured machine-to-machine communication.

Process of identifying industrial devices, protocols, and communications with minimal operational disruption.

Deliberate transformation of code or scripts to hinder analysis and detection.

US HHS office that enforces HIPAA privacy and security requirements.

Process for evaluating, prioritizing, testing, and deploying software updates securely.

Payment Card Industry Data Security Standard for protecting cardholder data.

Authorized simulation of attacker techniques to validate security controls.

Data that can identify a specific individual directly or indirectly.

Deceptive communication used to steal credentials, data, or money.

Step-by-step procedure for handling recurring security scenarios and incidents.

Evaluation of current security controls, configurations, and risk exposure.

Controls and workflows for securing high-privilege accounts and sessions.

Technique used to gain higher access rights than originally granted.

System of certificates, keys, and policies used to enable trusted encryption and signing.

Collaborative practice where red and blue teams improve defenses together.

Phishing-resistant credential based on public-key cryptography used for passwordless authentication.

Authentication approach that replaces passwords with stronger factors like device-bound keys or biometrics.

Authorization approach using centralized policies to evaluate access conditions at request time.

Identity controls that govern privileged role assignment, activation, and review.

Industrial control computer used to automate mechanical and process operations.

Reference architecture that segments industrial networks into hierarchical control layers.

Kubernetes policy profiles defining baseline and restricted pod security requirements.

Tools or techniques that compress or encrypt binaries to obscure malicious code.

Technique that runs malicious code within another process to evade defenses.

Technique that replaces legitimate process code with malicious payloads at runtime.

Raw network packet recording used for troubleshooting and incident investigation.

Privacy law title used in multiple jurisdictions, including Singapore and Thailand.

Canada federal privacy law for private-sector personal information handling.

China national privacy law governing processing of personal information.

Approach that embeds privacy requirements into systems and processes from the start.

Assessment process used to identify and mitigate privacy risks in systems and projects.

South Africa privacy law governing lawful processing of personal information.

Technique that reduces identifiability of personal data by replacing direct identifiers.

Phishing attack that uses malicious QR codes to redirect victims to fraudulent destinations.

Malware that encrypts or steals data and extorts payment.

Maximum acceptable amount of data loss measured in time.

Maximum acceptable downtime before service restoration.

Offensive team emulating realistic adversary behavior to test defenses.

Vulnerability allowing an attacker to run arbitrary code on a target system.

Ability to prepare for, withstand, recover from, and adapt after cyber incidents.

Amount and type of risk an organization is willing to accept.

Documented inventory of risks, ratings, owners, and treatment plans.

Method for identifying underlying factors that caused a security event or control failure.

Foundational hardware or software component implicitly trusted for security operations.

Stealth malware designed to hide malicious activity and maintain privileged persistence.

Detailed operational guide for executing specific security procedures consistently.

Application-embedded defense that detects and blocks attacks during execution.

Authorization model that assigns permissions to roles rather than individual users.

Industrial field device that gathers telemetry and executes supervisory control commands.

Detection of suspicious behavior while workloads are actively running.

Technical process of understanding software internals to uncover behavior and vulnerabilities.

Cybercrime business model where operators rent ransomware infrastructure to affiliates.

Required documentation of personal data processing operations under certain privacy regulations.

Privacy right allowing individuals to request deletion of personal data under qualifying conditions.

Privacy right allowing individuals to request correction of inaccurate personal data.

Privacy right allowing individuals to limit how their personal data is used.

Privacy right allowing individuals to receive personal data in a transferable format.

Structured process for teams to evaluate control effectiveness and operational risk exposure.

Executing code in an isolated environment to limit potential damage.

Supervisory Control and Data Acquisition systems used for industrial process control.

Architecture combining networking and security services delivered from the cloud edge.

Startup security feature that permits only trusted, signed code during boot.

Approach that builds security requirements into products from initial architecture onward.

Software lifecycle model that integrates security activities into each development phase.

Email security control for filtering phishing, malware, and spoofed messages.

Encrypted network protocol for secure remote administration and file transfer.

Minimum required control and configuration standard for systems.

Platform that aggregates, normalizes, correlates, and alerts on security telemetry.

Centralized team and function for continuous monitoring, triage, and incident response.

Platform that automates security workflows and incident response playbooks.

Control that separates critical tasks across roles to reduce fraud and abuse risk.

Contractually defined performance targets such as response and resolution times.

Takeover of a valid user session token to impersonate that user.

Authentication model where one login grants access to multiple applications.

Psychological manipulation used to trick people into insecure actions.

Audit framework evaluating controls for security, availability, and confidentiality.

Inventory of software components and dependencies used in an application.

Automated detection of open-source components and known vulnerabilities in codebases.

Unsolicited bulk messaging, often used to distribute phishing and malware.

Targeted phishing attack tailored to a specific person, team, or organization.

Injection attack that manipulates backend database queries through unsanitized input.

Protocols for securing data in transit over networks.

Compromise of trusted vendors, software, or dependencies to reach downstream targets.

Security Assertion Markup Language standard for exchanging authentication and authorization data.

System for Cross-domain Identity Management standard for automating account provisioning and deprovisioning.

Requirement for stronger authentication when a user performs higher-risk actions.

Independent protection system designed to place industrial processes into a safe state.

Infrastructure layer that manages service-to-service communication, security, and observability.

Companion container that provides networking or security capabilities to an application workload.

Open source ecosystem for signing, verifying, and transparency logging of software artifacts.

Practices that protect software build, dependency, and release pipelines from tampering.

Security controls tailored for event-driven, function-based cloud workloads.

Cloud principle defining which security responsibilities belong to provider versus customer.

Security service that filters web traffic to enforce policy and block malicious destinations.

Cloud-delivered security stack that commonly includes SWG, CASB, and ZTNA capabilities.

Malware behavior designed to detect analysis environments and hide malicious actions.

Malware designed to secretly monitor activity and exfiltrate sensitive information.

Vulnerability that lets attackers coerce servers into making unintended network requests.

Secure storage, distribution, and rotation of credentials, tokens, and encryption keys.

Automated discovery of exposed credentials and sensitive tokens in code and repositories.

Code analysis technique that identifies vulnerabilities without executing the application.

Sender Policy Framework standard that authorizes email senders for a domain.

Security control that redirects malicious traffic to controlled infrastructure for blocking or analysis.

US law requiring internal control and financial reporting assurances for public companies.

European court ruling that tightened requirements for transferring personal data outside the EU.

US SEC requirements for public companies to disclose material cyber incidents and governance practices.

Audit report focusing on controls relevant to financial reporting.

General-use trust services report derived from SOC 2 examination results.

US program that standardizes cloud security assessments for state and local governments.

Pre-approved contractual terms used to legitimize international personal data transfers.

Security framework for improving software supply chain integrity and provenance assurance.

AICPA attestation framework family including SOC 1, SOC 2, and SOC 3 reports.

Discussion-based simulation used to rehearse incident response and decision-making.

Patterns describing how threat actors plan and execute operations.

Individual or group conducting malicious cyber activity.

Proactive search for hidden adversary activity not detected by automated controls.

Platform that ingests, enriches, and operationalizes threat intelligence feeds.

Replacing sensitive data with non-sensitive tokens while keeping data utility.

Modern cryptographic protocol used to protect data in transit.

Prioritizing and routing alerts or incidents based on severity and business impact.

Infrastructure as code tool used to provision and manage cloud infrastructure resources.

Malware disguised as legitimate software to trick users into execution.

Malicious registration of lookalike package or domain names to trick users and systems.

Program for assessing and monitoring security risks introduced by vendors and partners.

Trusted Information Security Assessment Exchange standard used in the automotive industry.

Public report disclosing security incidents, law enforcement requests, and governance practices.

Platform for centrally managing security and configuration across endpoint device types.

Analytics for identifying anomalous user and system behavior associated with threats.

Hardware-enforced one-way network communication device used to protect critical OT environments.

United Kingdom data protection regime derived from EU GDPR and domestic law.

United Kingdom regulations imposing cyber resilience requirements on essential services and digital providers.

Utah privacy law defining baseline rights and obligations for personal data handling.

Virtual Chief Information Security Officer service providing fractional security leadership.

Voice phishing attack using phone calls to trick victims into revealing sensitive data.

Virtual Private Network creating encrypted tunnels across untrusted networks.

Systematic identification and evaluation of security weaknesses.

Formal channel for external researchers to report vulnerabilities safely and responsibly.

Continuous process of finding, prioritizing, remediating, and validating vulnerabilities.

Automated tool that detects known vulnerabilities and misconfigurations.

Evaluation of supplier security controls, posture, and contractual risk obligations.

Virginia privacy law granting rights and imposing data processing obligations on covered entities.

Compromising a website frequented by targets to infect visitors.

Control that inspects and filters malicious HTTP and HTTPS traffic to web apps.

Highly targeted phishing aimed at executives or high-value decision-makers.

Native Windows mechanism for centralizing event logs from endpoints and servers.

Self-replicating malware that spreads automatically across systems or networks.

W3C web standard enabling strong authentication with public-key credentials.

Identity model that assigns cryptographically verifiable identities to applications and services.

Protection of cloud and container workloads across build, deploy, and runtime phases.

Destructive malware intended to erase data or render systems inoperable.

XML parser vulnerability that can expose data, trigger SSRF, or execute unintended actions.

Extended Detection and Response unifying detection and response across endpoint, network, and cloud.

Rule-based pattern matching language used to identify malware families and artifacts.

Previously unknown vulnerability exploited before a patch is available.

Security model that continuously verifies identity, device posture, and context for every request.

Compromised device controlled remotely as part of a botnet.

IEC 62443 segmentation approach that organizes assets into zones and controlled communication conduits.

Access model that grants application access based on identity and context instead of network location.