Glossary of Cybersecurity Terms PDF

Summary

This glossary provides definitions for a range of cybersecurity terms, including concepts like different types of viruses (armored, add-on), adware, application flaws, active attacks, and various attack types such as ARP spoofing and DoS (Denial-of-Service) attacks. It also covers security concepts like authentication, availability, and asset management.

Full Transcript

Armored Virus: Armored viruses are viruses that are designed to confuse
or trick deployed antivirus systems to prevent them from detecting the
actual source of the infection.

 Add-on Virus: Add-on viruses append their code to the host code
without making any changes to the latter or relocate the host code to
insert their code at the beginning.

 Adware: A software or a program that supports advertisements and
generates unsolicited ads and pop-ups.

 Application Flaws: Application flaws are vulnerabilities in
applications that are exploited by the attackers.  Active Attacks:
Tamper with the data in transit or disrupt the communication or services
between the systems to bypass or break into secured systems.

 Active Reconnaissance: Active reconnaissance techniques involve direct
interactions with the target system by using tools to detect open ports,
accessible hosts, router locations, network mapping, details of
operating systems, and applications.

 Adversary: An adversary often refers to an opponent or hacker
responsible for the attack event.  ARP Spoofing/Poisoning: It involves
sending a large number of forged entries to the target machine's ARP
cache.

 Address Resolution Protocol (ARP): It is a protocol used for mapping
an IP address to a physical machine address which is recognized in the
local network.

 Advanced Persistent Threats (APTs): Advanced persistent threats (APTs)
are defined as a type of network attack, where an attacker gains
unauthorized access to a target network and remains undetected for a
long period of time.

 Adversarial Artificial Intelligence (AI): Adversarial artificial
intelligence is a new technology attack vector designed by attackers
with malicious intent to mislead ML models.

 Application-level DoS Attack: Attacker's exhaust available server
resources by sending hundreds of resource-intensive requests such as
retrieving large image files or requesting dynamic pages that require
expensive search operations on the backend of database servers.

 API DDoS Attacks: The DDoS attack involves saturating an API with a
massive volume of traffic from multiple infected computers (botnet) to
delay the API services to legitimate users.

 AP MAC Spoofing: Hacker spoofs the MAC address of WLAN client
equipment to mask as an authorized client.

 Android Rooting: Rooting allows Android users to attain privileged
control (known as \"root access\") within Android\'s subsystem.

 Adaptive Chosen-plaintext Attack: Attacker makes a series of
interactive queries, choosing subsequent plaintexts based on the
information from the previous encryptions.

 Availability: Assurance that the systems responsible for delivering,
storing, and processing information are accessible when required by the
authorized users.

 Authenticity: Refers to the characteristic of a communication,
document, or any data that ensures the quality of being genuine.

Glossary Page 2383

 Auditing: Auditing refers to the tracking and examining of the
activities of network devices in a network.

Armored Virus: Armored viruses are viruses that are designed to confuse
or trick deployed antivirus systems to prevent them from detecting the
actual source of the infection.

 Add-on Virus: Add-on viruses append their code to the host code
without making any changes to the latter or relocate the host code to
insert their code at the beginning.

 Adware: A software or a program that supports advertisements and
generates unsolicited ads and pop-ups.

 Application Flaws: Application flaws are vulnerabilities in
applications that are exploited by the attackers.  Active Attacks:
Tamper with the data in transit or disrupt the communication or services
between the systems to bypass or break into secured systems.

 Active Reconnaissance: Active reconnaissance techniques involve direct
interactions with the target system by using tools to detect open ports,
accessible hosts, router locations, network mapping, details of
operating systems, and applications.

 Adversary: An adversary often refers to an opponent or hacker
responsible for the attack event.  ARP Spoofing/Poisoning: It involves
sending a large number of forged entries to the target machine's ARP
cache.

 Address Resolution Protocol (ARP): It is a protocol used for mapping
an IP address to a physical machine address which is recognized in the
local network.

 Advanced Persistent Threats (APTs): Advanced persistent threats (APTs)
are defined as a type of network attack, where an attacker gains
unauthorized access to a target network and remains undetected for a
long period of time.

 Adversarial Artificial Intelligence (AI): Adversarial artificial
intelligence is a new technology attack vector designed by attackers
with malicious intent to mislead ML models.

 Application-level DoS Attack: Attacker's exhaust available server
resources by sending hundreds of resource-intensive requests such as
retrieving large image files or requesting dynamic pages that require
expensive search operations on the backend of database servers.

 API DDoS Attacks: The DDoS attack involves saturating an API with a
massive volume of traffic from multiple infected computers (botnet) to
delay the API services to legitimate users.

 AP MAC Spoofing: Hacker spoofs the MAC address of WLAN client
equipment to mask as an authorized client.

 Android Rooting: Rooting allows Android users to attain privileged
control (known as \"root access\") within Android\'s subsystem.

 Adaptive Chosen-plaintext Attack: Attacker makes a series of
interactive queries, choosing subsequent plaintexts based on the
information from the previous encryptions.

 Availability: Assurance that the systems responsible for delivering,
storing, and processing information are accessible when required by the
authorized users.

 Authenticity: Refers to the characteristic of a communication,
document, or any data that ensures the quality of being genuine.

Glossary Page 2383

 Auditing: Auditing refers to the tracking and examining of the
activities of network devices in a network.

Active Assessment: A type of vulnerability assessment that uses network
scanners to identify the hosts, services, and vulnerabilities present in
a network.

 Application Assessment: An application assessment focuses on
transactional web applications, traditional client-server applications,
and hybrid systems.

 Automated Assessment: An assessment where a security professional uses
vulnerability assessment tools such as Nessus, Qualys, or GFI LanGuard
to perform a vulnerability assessment of the target is called an
automated assessment.

 Asset Management: Asset management is a process of monitoring and
managing an organization's assets such as systems, printers, software or
hardware devices, and other devices in a cost-effective manner, which
helps in the growth of the organization and in fulfilling the overall
business goals.

 Application Sandboxing: Execute untrusted or untested applications in
an isolated environment to protect the system.

 Application Patch Management: Monitor and deploy new or missing
patches to ensure the security of applications on hosts.

 Application-level firewall (WAF) deployment: Deploy WAF to protect web
servers from malicious traffic.  Application Security Frame: An
application security frame, also referred to as a web-application
security schema, incorporates skillful technical operations such as
threat modeling to discover and categorize threats, vulnerabilities, and
attack surfaces as well as provide appropriate countermeasures.

 Application Whitelisting: Application whitelisting is a form of access
control that allows only specific programs to run. Unless a program is
whitelisted, it is blocked on a host.

 Application Blacklisting: Application blacklisting is a security
practice of blocking the running and execution of a list of undesirable
programs.

 Application Containers: These are containers used to run a single
service. They have layered file systems and are built on top of OS
container technologies.

 Anything-as-a-Service (XaaS): Anything as a service or everything as a
service (XaaS) is a cloud-computing and remote-access service that
offers anything as a service over the Internet based on the user's
demand.

 AWS Identity and Access Management: AWS identity and access management
(IAM) is a web service that enables customer to securely control the
access to AWS services and resources.

 Access Point (AP): An AP is used to connect wireless devices to a
wireless/wired network.  Association: It refers to the process of
connecting a wireless device to an AP.  Antenna: An antenna is a device
that is designed to transmit and receive electromagnetic waves at radio
frequencies.

 Advanced Encryption Standard (AES): The AES is a NIST specification
for the encryption of electronic data. It has a 128-bit block size with
key sizes of 128, 192, and 256 bits for AES-128, AES-192, and AES-256,
respectively

 ANT: ANT is a wireless sensor protocol that enables communication
between sensors and their controllers.  Assets: Different components of
OT are generally referred to as assets. Most OT systems, such as ICSs,
comprise physical assets such as sensors and actuators, servers,
workstations, network devices, PLCs,

 Asymmetric Encryption: Asymmetric encryption uses two separate keys to
carry out encryption and decryption; one key, called the public key, is
used for encrypting messages, whereas the second key, called the private
key, is used for decrypting messages.

 Asymmetric-key Algorithms: Use two different keys for encryption and
decryption

Authenticated Encryption with Associated Data (AEAD): AEAD is another
approach used to ensure the integrity and authenticity of a message.

 Asymmetric Database Encryption: This method is an improvement over
symmetric database encryption and uses only one private key to encrypt
and decrypt data; however, this method uses one public key to encrypt
the data and one private key per authorized user to decrypt the data.

 Attack Signatures: Traffic patterns that appear suspicious are
generally treated as attack signatures.  Application Event Log: This
includes events related to the applications installed on the system;
specifically, informational events, warnings from the applications, and
errors raised in an application.

 Application Log Entries: The application log contains events logged by
applications or programs.  Application Logs: An application log records
all events or actions generated during the runtime of an application.

 Authentication Logs: Authentication logs record events that occur
during the authentication process such as verifying and granting
permission to access a network or any restricted resource following an
authentication policy regulation.

B

 Black Hats: Individuals with extraordinary computing skills; they
resort to malicious or destructive activities and are also known as
crackers

 Backdoor Trojans: A backdoor is a program that can bypass the standard
system authentication or conventional system mechanisms such as IDS and
firewalls, without being detected.

 Botnet Trojans: Botnet Trojans infects a large number of computers
throughout a large geographical area to create a network of bots.

 Botnet: A Botnet is a collection of compromised computers connected to
the Internet to perform a distributed task.

 Buffer Overflows: Buffer overflows are common software vulnerabilities
resulting from coding errors that allow attackers to gain access to the
target system.

 Bash: Bash scripts can be employed to download malicious files or
programs and run them on the target machine.

 Brute-Force Attack: The program tries every combination of characters
until the password is broken.  Bluesmacking: DoS attack, which
overflows Bluetooth-enabled devices with random packets, causes the
devices to crash.

 Bluejacking: The art of sending unsolicited messages over Bluetooth to
Bluetooth-enabled devices, such as mobile phones and laptops.

 Bluesnarfing: The theft of information from a wireless device through
a Bluetooth connection.  BlueSniff: Proof of concept code for a
Bluetooth wardriving utility.  Bluebugging: Remotely accessing a
Bluetooth-enabled device and using its features.  BluePrinting: The art
of collecting information about Bluetooth-enabled devices, such as
manufacturer, device model, and firmware version.

 Btlejacking: Detrimental to BLE devices, it is used to bypass security
mechanisms and listen to information being shared.

 BlueBorne Attack: A BlueBorne attack is performed on Bluetooth
connections to gain access and take full control of the target device.

Birthday Attack: A birthday attack is the name used to refer to a class
of brute-force attacks against cryptographic hashes that makes the brute
forcing easier.

 Birthday Paradox: The probability that two or more people in a group
of 23 share the same birthday is greater than 0.5.

 Biometrics: Biometrics is an advanced and unique security technology
that utilizes an individual's physical attributes such as fingerprint,
iris, face, voice, and behavior for verifying their identity.

 Business Partner Policy: Business partner policy defines the
agreements, guidelines, and responsibilities for business partners to
run business securely.

 Bollards: It is used to control vehicular and pedestrian traffic. 
Bastion Host: A bastion host is a computer system designed and
configured to protect network resources from attacks.

 Behavior-Based IDS: Behavior-based intrusion detection techniques
assume an intrusion can be detected by observing a deviation from normal
or expected behavior of the system or users.

 Blue Teaming: A blue team (also known as defender team) is a group of
highly skilled individuals, who undertake assessment of information
security or products to identify security deficits, to determine the
adequacy of security measures, to foresee efficacy of proposed security
solutions, and so on, to defend against various attacks.

 Black-Box Testing: To simulate real-world attacks and minimize false
positives, penetration testers can choose to undertake black-box testing
and map the network while enumerating services, shared file systems, and
operating systems (OSes) discreetly.

 Bug Bounty Program: A bug bounty program is a challenge or agreement
hosted by organizations, websites, or software developers for tech-savvy
individuals or security professionals to participate and break into
their security to report the latest bugs and vulnerabilities.

 Bandwidth: It describes the amount of information that may be
broadcast over a connection.  Basic Service Set Identifier (BSSID): It
is the media access control (MAC) address of an access point (AP) or
base station that has set up a basic service set (BSS).

 Bring Your Own Device (BYOD): BYOD refers to a policy that allows
employees to bring their devices such as laptops, smartphones, and
tablets to the workplace.

 Bluetooth Low Energy (BLE): BLE or Bluetooth Smart is a wireless
personal area network. This technology is designed to be applied in
various sectors such as healthcare, security, entertainment, and
fitness.

 Basic Process Control System (BPCS): A BPCS is responsible for process
control and monitoring of the industrial infrastructure.

 BACnet: BACnet (Building Automation and Control network) is a data
communication protocol designed for building automation and control
networks that implements standards such as ASHRAE, ANSI, and ISO
16484-5.

 Block Cipher: Deterministic algorithms operating on a block (a group
of bits) of fixed size with an unvarying transformation specified by a
symmetric key.

 Blockchain: A blockchain is a type of distributed ledger technology
(DLT) that is used to record and store the history of transactions
securely in the form of blocks.

 Business Critical Data: Business critical data contains information
that is important for business operation.  Bucketing: Bucketing is the
process of generalizing a field by differentiating it based on values or
ranges.  Best Evidence Rule: The best evidence rule states that the
court only allows the original evidence of a document, photograph, or
recording at the trial and not a copy.

Bandwidth Monitors: Bandwidth monitors are tools used to evaluate the
available bandwidth from the allocated bandwidth on a local system.

 Bit-Stream Imaging: Bit-stream imaging creates a bit-by-bit copy of a
suspect drive, which is a cloned copy of the entire drive including all
its sectors and clusters, which allows forensic investigators to
retrieve deleted files or folders.

 Business Continuity: Business continuity is described as the
processes, procedures, decisions, and activities that ensure continuity
of organization's business function irrespective of the potential risk,
threat, or cause of an outage.

 Business Continuity Management: Business continuity management (BCM)
is a process that ensures the continuity of business operations after
disruptive incidents.

 Business Recovery: Business recovery refers to an advance plan,
arrangement, and procedure implemented by the bronze or operational
teams of an organization after a disaster.

 Business Impact Analysis: Business impact analysis (BIA) is a
systematic process that determines and evaluates the potential effects
of an interruption to critical business operations as a result of a
disaster, an accident, or an emergency.

 Business Continuity Plan: Business continuity plan is a comprehensive
document that is formulated to ensure resilience against potential
threats and allow the operations to continue under adverse or abnormal
conditions.

C

 Cyber Terrorists: Individuals with a wide range of skills who are
motivated by religious or political beliefs to create the fear through
the large-scale disruption of computer networks

 Criminal Syndicates: Groups of individuals that are involved in
organized, planned, and prolonged criminal activities. They illegally
embezzle money by performing sophisticated cyber-attacks.

 Crypter: Software that protects malware from undergoing reverse
engineering or analysis.  Compromised Legitimate Websites: Hosting
embedded malware that spreads to unsuspecting visitors.  Command Shell
Trojans: A command shell Trojan provides remote control of a command
shell on a victim's machine.

 Cluster Virus: Cluster viruses infect files without changing the file
or planting additional files.  Companion Virus/Camouflage Virus: The
companion virus stores itself with the same filename as the target
program file.

 Computer Worms: Computer worms are standalone malicious programs that
replicate, execute, and spread across network connections independently
without human intervention.

 Cryptomining: Cryptomining make use of the victims' personal assets
and financial data on the system and perform the digital mining of
cryptocurrencies such as bitcoins.

 Close-in Attacks: Close-in attacks are performed when the attacker is
in close physical proximity with the target system or network in order
to gather, modify, or disrupt access to information.

 Clearing Tracks: Clearing tracks refers to the activities carried out
by an attacker to hide malicious acts.  Cyber Kill Chain Methodology:
The cyber kill chain methodology is a component of intelligence-driven
defense for the identification and prevention of malicious intrusion
activities.

 Card Cloning: The process of creating a duplicate of a credit card or
access card by copying information from the original card.

Cross-Site Scripting (\'XSS\' or \'CSS\'): Cross-site scripting (\'XSS\'
or \'CSS\') attacks exploit vulnerabilities in dynamically generated web
pages, enabling malicious attackers to inject client-side scripts into
web pages viewed by other users.

 Command Injection: Attackers identify an input validation flaw in an
application and exploit the vulnerability by injecting a malicious
command in the application to execute supplied arbitrary commands on the
host operating system.

 Cross-Site Request Forgery (CSRF): CSRF attacks exploit web page
vulnerabilities that allow an attacker to force an unsuspecting user\'s
browser to send malicious requests they did not intend.

 Consensus or Social Proof: Consensus or social proof refers to the
fact that people are usually willing to like things or do things that
other people like or do.

 Credential Harvesting: Attackers employ TTPs such as phishing
campaigns, password dumping tools, and MITM attacks to perform
credential stuffing.

 Cryptanalysis Attack: The attacker uses the same procedure as that
followed in a replay attack, along with reverse engineering of the
protocol to capture the original signal.

 Cloud Hopper Attack: Cloud Hopper attacks are triggered at the managed
service providers (MSPs) and their users.

 Cloud Cryptojacking: Cryptojacking is the unauthorized use of the
victim's computer to stealthily mine digital currency.

 Cloudborne: Cloudborne is a vulnerability residing in a bare-metal
cloud server that enables the attackers to implant a malicious backdoor
in its firmware.

 Ciphertext-only Attack: Attacker has access to the cipher text; the
goal of this attack is to recover the encryption key from the
ciphertext.

 Chosen-plaintext Attack: Attacker defines their own plaintext, feeds
it into the cipher, and analyzes the resulting ciphertext.

 Chosen-key Attack: Attacker usually breaks an n bit key cipher into 2
n/2 operations.  Confidentiality: Assurance that the information is
accessible only to those authorized to have access.  Continual/Adaptive
Security Strategy: The adaptive security strategy prescribes that
continuous prediction, prevention, detection, and response actions must
be taken to ensure comprehensive computer network defense.

 Crossover Error Rate (CER): The value of the false rejection rate and
false acceptance rate when sensitivity is configured such that FRR and
FAR are equal.

 Centralized Authorization: It maintains a single database for
authorizing all the network resources or applications.

 Computer Fraud and Abuse Act: States that, whoever intentionally
accesses a computer without authorization or exceeds authorized access,
and thereby obtains information from any protected computer, and if the
conduct involves an interstate or foreign communication, shall be
punished under the Act.

 Capability Maturity Model Integration (CMMI): It is a process model
that defines what an organization should do to promote behaviors that
facilitate improved performance.

 Change Management Policy: A change management policy helps minimize
the disruption of services while implementing changes throughout an
organization by following standard change procedures.

 Compensating Controls: These controls are used as an alternative
control when the intended controls fail or cannot be used.

Clean-Agent Suppression System: This type of system employs an inert gas
or chemicals to control a fire that is in the initial stage of growth or
development.

 Combination Locks: It has a combination of numbers and letters. The
user needs to provide the combination to open the lock.

 Concealed Weapon/Contraband Detection Devices: Contraband includes
materials that are banned from entering the environment such as
explosives, bombs, weapons, etc.

 Circuit-Based Alarm: This type of alarm is used to signal when a
door/window/fence is opened, cut off, or damaged by any person.

 Circuit-Level Gateway: Circuit level gateways work at the session
layer of the OSI model, or the TCP layer of TCP/IP.

 Client-to-Site (Remote-access) VPNs: Remote-Access VPNs allow
individual hosts or clients, such as telecommuters and mobile users to
establish secure connections to a company's network over the Internet.

 CHAP (Challenge Handshake Authentication Protocol): It uses an
encryption authentication technique which transmits a password
representation instead of an actual password during the authentication
process.

 Cyber Threat Intelligence (CTI): Cyber Threat Intelligence (CTI) is
defined as the collection and analysis of information about threats and
adversaries and drawing patterns that provide an ability to make
knowledgeable decisions for the preparedness, prevention, and response
actions against various cyber-attacks.

 Communication Intelligence (COMINT): It involves the gathering of
information about messages or voice extracted from the interception of
foreign communications.

 Cyber Counterintelligence (CCI): Cyber counterintelligence (CCI) is
used as a security mechanism to protect the organization against the
adversary's intelligence operations.

 Commercial Sources: Information is collected from commercial entities
and security vendors that provide the threat information to various
organizations.

 Common Vulnerability Scoring System (CVSS): CVSS is a published
standard that provides an open framework for communicating the
characteristics and impacts of IT vulnerabilities.

 Common Vulnerabilities and Exposures (CVE): CVE® is a publicly
available and free-to-use list or dictionary of standardized identifiers
for common software vulnerabilities and exposures.

 Common Weakness Enumeration (CWE): Common Weakness Enumeration (CWE)
is a category system for software vulnerabilities and weaknesses.

 Credentialed Assessment: Credentialed assessment is also called
authenticated assessment. In this type of assessment, the security
professional possesses the credentials of all machines present in the
assessed network.

 Configuration Management: Configuration management (CM) is a technical
and administrative process employed to build and ensure the stability of
a product's performance, track the product's real-time operation, and
keep the product updated all the time.

 Configuration Review: Configuration review is a process of verifying
the configuration settings of hardware and software devices/components
in an enterprise.

 Change Management: Change management is a process of managing the
changes to an organization's IT systems and infrastructure. It is an
organized procedure that addresses the enterprise's objectives,
functionalities, and technologies.

 Content Security Policy (CSP): CSP is another type of secure HTTP
header response that can be used by modern web browsers to improve the
security of the web page.

Code Signing: Code signing is used by software publishers/developers to
digitally sign software, product updates, or executables.

 Container: Containers refer to virtualization based on an operating
system, in which the kernel's operating system functionality is
replicated on multiple instances of isolated user space.

 Containers as a service (CaaS): This refers to services that enable
the deployment of containers and container management through
orchestrators.

 Container Engine: A container engine can be used to create, add, and
remove containers as per requirements.

 Container Orchestration: This refers to an automated process of
managing the lifecycles of software containers and their dynamic
environment.

 Cloud Computing: Cloud computing is an on-demand delivery of IT
capabilities in which an IT infrastructure and applications are provided
to subscribers as metered services over a network.

 Community Cloud: It is a multi-tenant infrastructure shared among
organizations from a specific community with common computing concerns,
such as security, regulatory compliance, performance requirements, and
jurisdiction.

 Cloud Consumer: A cloud consumer is a person or organization that
maintains a business relationship with the cloud service providers
(CSPs) and utilizes the cloud computing services.

 Cloud Provider: A cloud provider is a person or organization who
acquires and manages the computing infrastructure intended for providing
services to interested parties via network access.

 Cloud Carrier: A cloud carrier acts as an intermediary that provides
connectivity and transport services between CSPs and cloud consumers.

 Cloud Auditor: A cloud auditor is a party that performs an independent
examination of cloud service controls to express an opinion thereon.

 Cloud Broker: The cloud broker is an entity that manages cloud
services regarding use, performance, and delivery and maintains the
relationship between CSPs and cloud consumers.

 Compliance: A clear idea about the regulation standards that an
organization wants to comply with along with its associated requirements
allows organizations benefit from the business agility and growth.

 Cloud Access Security Broker (CASB): Cloud access security brokers
(CASBs) are on-premise or cloud-hosted solutions.

 CCMP: It is an encryption protocol used in WPA2 for strong encryption
and authentication.  5G Cellular (Mobile) Communication: It is a
broadband cellular network that operates at high bandwidth with low
latency and provides high-speed data downloads.

 Context-aware Authentication: Context-aware authentication is a type
of enhanced security technique that uses the contextual information of a
user for enhancing data security decisions.

 Choose Your Own Device (CYOD): CYOD refers to a policy in the
employees select their device of choice from a preapproved set of
devices (laptops, smartphones, and tablets) to access company data
according to the access privileges of an organization.

 Corporate Owned, Personally Enabled (COPE): Corporate Owned,
Personally Enabled (COPE) refers to a policy that allows employees to
use and manage the devices purchased by the organizations.

 Company Owned, Business Only (COBO): Company Owned, Business Only
(COBO) refers to a policy that allows employees to use and manage the
devices purchased by the organization but restrict the use of the device
for business use only.

Containerization: It is a technique in which all personal and
organizational data are segregated on an employee's mobile device.

 Cellular: Cellular is a type of communication protocol that is used
for communication over a longer distance.  CoAP: Constrained
Application Protocol (CoAP) is a web transfer protocol used to transfer
messages between constrained nodes and IoT networks.

 Cloud-to-Cloud (Back-End Data-Sharing) Communication: This type of
communication model extends the device-to-cloud communication type such
that the data from the IoT devices can be accessed by authorized third
parties.

 Critical Infrastructure: Critical infrastructure refers to a
collection of physical or logical systems and assets, the failure or
destruction of which will severely impact security, safety, the economy,
or public health.

 CC-Link: A CC-Link (Control and Communications Link) is an open
industrial network that enables devices from different manufacturers to
communicate. It is used in machine, process control, and building
automation.

 CANopen: CANopen is a high-level communication protocol based on the
CAN (Controller Area Network) protocol. It is used for embedded
networking applications like vehicle networks.

 Crimson: Crimson is the common programming platform used for a variety
of Red Lion products such as G3 and G3 Kadet series HMIs, Data Station
Plus, Modular Controller, and the Productivity Station.

 Cryptography: Cryptography is the conversion of data into a scrambled
code that is encrypted and sent across a private or public network

 Ciphers: A cipher is an algorithm for performing encryption and
decryption.  Classical Ciphers: Classical ciphers are the most basic
type of ciphers, which operate on letters of the alphabet (A--Z).

 Cipher Modes of Operation: Cipher modes of operation, also known as
block cipher modes of operation, are used to encrypt a fixed block of
plaintext using a secret key and, in some modes, an initialization
vector.

 Cipher Block Chaining (CBC) Mode: The CBC mode is an improvement over
ECB that rectifies most of the security flaws in ECB. In the CBC mode,
the process of encryption requires an initialization vector and a secret
key.

 Cipher Feedback (CFB) Mode: In the CFB mode, previously generated
ciphertext is used as feedback for the encryption algorithm to encrypt
the next plaintext block to ciphertext.

 Counter Mode: The counter mode is a block cipher mode of operation
that uses a counter value in the encryption and decryption process.

 Certificate Chaining: The certificate chain, also referred to as the
chain of trust, is established by a set of certificates starting from
the server certificates and ending with the root certificates.

 Certificate Pinning: Certificate pinning allows a client application
to verify the corresponding server's certificate using a pre-installed
digital certificate.

 Certificate Revocation List (CRL): CRL is the list of all revoked
certificates and is used for checking certificate status in a process
known as offline revocation check.

 Certificate Stapling: Certificate stapling, also known as OCSP
stapling, is an alternative version of the common OCSP method to
determine the revocation status of SSL certificates.

 Challenge-Handshake Authentication Protocol (CHAP):
Challenge-Handshake Authentication Protocol (CHAP) calculates a hash
soon after the user gets logged in, then it shares that hash with the
client system.

 Column-Level Encryption: This method is a form of partial database
encryption. It encrypts the individual columns within the database
tables using different encryption keys.

Confidentiality and Non-disclosure Agreement (CNDA): An NDA is a
security contract signed between two individuals or companies for
maintaining the confidentiality of information shared between them.

 Cloud Data Backup: Storing backup data on storage provided by an
online backup provider.  Clearing: Clearing is a data destruction
technique that protects sensitive information against keyboard attacks.

 Centralized Logging: Centralized logging involves storing the logs
generated by the network devices on a central server.

 Custom Log: A custom log facilitates an application to change the size
of the log or add access control lists (ACLs) without influencing other
applications.

 Computer Forensics: Computer forensics refer to a set of
methodological procedures and techniques that help identify, gather,
preserve, extract, interpret, document, and present evidence from
computing equipment, such that any discovered evidence is acceptable
during a legal and/or administrative proceeding.

 Cyber Defamation: It an offensive activity wherein a computer or
device connected to the web is employed as a tool or source point to
damage the reputation of an organization or individual. Sending
defamatory emails or posting defamatory statements on social media can
damage the reputation of the target organization or entity to a great
extent.

 Cyberterrorism: It involves the use of the Internet or web resources
for threatening, intimidating, or performing violent activities to gain
ideological or political advantages over individuals or groups. It can
be performed using computer worms, viruses, malicious scripts, or
malicious tools with a personal agenda.

 Cyberwarfare: It is the use of information systems against the virtual
personas of individuals or groups. It is the broadest of all information
warfare.

 Case Analysis: Case analysis is the process of relating the obtained
evidential data to the case in order to understand how the complete
incident took place.

 Correlation: Security solutions apply correlation rules to integrate
multiple log sources and transform the data into useful information.

 Chain of Custody: Chain of custody is a legal document that
demonstrates the progression of evidence as it travels from the original
evidence location to the forensic laboratory.

 CRC-32: Cyclic redundancy code algorithm-32 is a hash function based
on the idea of polynomial division.  Crisis Management: Crisis
Management (CM) is the ability of an organization to respond under
crisis, and thereby minimize the damage to its brand name, business
operation, and revenue.

 Contingency Planning: Organizations execute a contingency plan when
their regular business operations are interrupted by a disruptive event.

 COSO ERM Framework: COSO ERM framework defines essential components,
suggests a common language, and provides clear direction and guidance
for ERM.

 COBIT Framework: COBIT is an IT governance framework and supporting
toolset that allows managers to bridge the gap between control
requirements, technical issues and business risks.

D

 Drive-by Downloads: Exploiting flaws in browser software to install
malware just by visiting a web page.  Downloader: A type of Trojan that
downloads other malware from the Internet on to the PC  Dropper: A type
of Trojan that covertly installs other malware files on to the system.

Defacement Trojans: Defacement Trojans, once spread over the system, can
destroy or change the entire content of a database.

 DDoS Attack Trojans: These Trojans are intended to perform DDoS
attacks on target machines, networks, or web addresses.

 Destructive Trojans: The sole purpose of a destructive Trojan is to
delete files on a target system.  Direct Action or Transient Virus:
Direct action or transient viruses transfer all controls of the host
code to where it resides in the memory. It selects the target program to
be modified and corrupts it.

 Dialers: Dialers or spyware dialers are programs that get installed
and configured in a system automatically to call a set of contacts at
several locations without the user's consent.

 DLL Injection: When an application runs third-party code or untrusted
code that loads an assembly or DLL file, an attacker may exploit this
vulnerability to inject a malicious DLL into the current running process
and execute malicious code.

 Design Flaws: Design vulnerabilities such as incorrect encryption or
the poor validation of data refer to logical flaws in the functionality
of the system that attackers exploit to bypass the detection mechanism
and acquire access to a secure system.

 Distribution Attacks: Distribution attacks occur when attackers tamper
with hardware or software prior to installation.

 Diamond Model: The Diamond Model offers a framework for identifying
the clusters of events that are correlated on any of the systems in an
organization.

 DNS Footprinting: DNS footprinting, which can be used to gather
information about specific domains and IP addresses in the network.

 DNS Poisoning: Domain Name Server (DNS) poisoning is the unauthorized
manipulation of IP addresses in the DNS cache.

 Domain Hijacking: Domain hijacking is an attack in which the domain
ownership is changed to the attacker's server without the consent of the
actual owner.

 DHCP: DHCP is a configuration protocol that assigns valid IP addresses
to host systems out of a pre-assigned DHCP pool.

 DHCP Starvation Attack: It is a process of inundating DHCP servers
with fake DHCP requests and using all the available IP addresses.

 DNS Footprinting: DNS footprinting reveals information about DNS zone
data.  DHCP Spoofing Attack: An attacker will introduce a rogue server
into the network.  Denial-of-Service (DoS) Attack: It is an attack on a
computer or network that reduces, restricts, or prevents accessibility
of system resources to its legitimate users.

 Distributed Denial-of-Service (DDoS) Attack: Distributed
denial-of-service (DDoS) is a coordinated attack that involves a
multitude of compromised systems (Botnet) attacking a single target,
thereby denying service to users of the targeted system.

 Distributed Reflection Denial-of-Service (DRDoS) Attack: A distributed
reflected denial-of-service attack (DRDoS), also known as a spoofed
attack, involves the use of multiple intermediary and secondary machines
that contribute to the actual DDoS attack against the target machine or
application.

 Directory Traversal Attacks: In directory traversal attacks, attackers
use the../ (dot-dot-slash) sequence to access restricted directories
outside the web server root directory.

 DNS Amplification Attack: Attacker takes advantage of the DNS
recursive method of DNS redirection to perform DNS amplification
attacks.

Dictionary Attack: A dictionary file is loaded into the cracking
application that runs against user accounts.  Default Passwords: A
default password is a password supplied by the manufacturer with new
equipment (e.g., switches, hubs, routers) that is password protected.

 Driver Manipulation: Attackers attempt to manipulate the driver
software of these devices by adding malicious code and hide their code
from the security system of the OS.

 Dumpster Diving: Looking for treasure in someone else's trash. 
Disassociation Attack: In a disassociation attack, the attacker makes
the victim unavailable to other wireless devices by destroying the
connectivity between the AP and client.

 De-authentication Attack: In a de-authentication attack, the attacker
floods station(s) with forged de-authenticates or disassociates to
disconnect users from an AP.

 Data Modification Attack: A more dangerous attack that not only
captures and stores the target's data exchange but also modifies it
using a radio-frequency device.

 Data Corruption Attack: A type of DoS attack performed either by
interfering or disrupting the data transmission or blocking the data
channel so that the receiver is not able to decipher or read the data
received.

 Differential Power Analysis (DPA): It does not require the knowledge
of the details of algorithm implementation; it exploits statistical
methods.

 DUHK Attack: DUHK (Don\'t Use Hard-Coded Keys) is a cryptographic
vulnerability that allows an attacker to obtain encryption keys used to
secure VPNs and web sessions.

 DROWN Attack: A DROWN attack is a cross-protocol weakness that can
communicate and initiate an attack on servers that support recent
SSLv3/TLS protocol suites.

 Deterrence Controls: These are used to discourage the violation of
security policies. They include access controls such as security guards
and warning signs.

 Detection Controls: These are used to detect unauthorized access
attempts. They include access controls such as CCTV and alarms.

 Discretionary Access Control (DAC): End user has complete access to
the information they own.  Digital Certificate: A digitally signed
statement with a public key and the subject (user, company, or system)
name in it.

 Decentralized Authorization: A decentralized authorization maintains a
separate database for each resource.

 Data Protection Act 2018 (DPA): The DPA is an act to make provision
for the regulation of the processing of information relating to
individuals.

 Data Backup Policy: The backup policy helps an organization recover
and safeguard information in the event of a security incident/network
failure.

 Data Retention Policy: The data retention policy is a set of rules for
preserving and maintaining data for operational or regulatory compliance
requirements.

 Detective Controls: These controls detect security violations and
record any intrusion attempts. These controls act when preventive
controls fail.

 Deterrent Controls: They are used to discourage attackers and send
warning messages to the attackers to discourage an intrusion attempt.

 Dry-Pipe Sprinklers: Dry-pipe sprinklers are generally used in
locations where freezing is expected, i.e., where the temperature is
below 40 °F.

Deluge System: A deluge system can be used in highly dangerous areas
where high volumes of water are required to control fire or heat.

 Digital Locks: Digital locks use fingerprint, smart card or a PIN on
the keypad to unlock.  DNSSEC: Domain Name System Security Extensions
(DNSSEC) is a suite of specifications maintained by the Internet
Engineering Task Force (IETF).

 Demilitarized Zone (DMZ): A computer subnetwork is placed between the
organization's private network such as a LAN, and an outside public
network such as the Internet, and acts as an additional security layer.

 Database Honeypots: Database honeypots employ fake databases that are
vulnerable to perform database-related attacks such as SQL injection and
database enumeration.

 Data-driven Hunting: Generating a hypothesis from observations is the
initial step in hunting activities.  Deep Web: It consists of web pages
and content that are hidden and unindexed and cannot be located using
traditional web browser and search engines.

 Dark Web or Dark Net: It is the subset of deep web where it enables
anyone to navigate anonymously without being traced.

 Database Assessment: A database assessment is any assessment focused
on testing the databases for the presence of any misconfiguration or
known vulnerabilities.

 Distributed Assessment: This type of assessment, employed by
organizations that possess assets like servers and clients at different
locations, involves simultaneously assessing the distributed
organization assets, such as client and server applications, using
appropriate synchronization techniques.

 Dead Code: Dead code is unwanted code in an application source code
that cannot be executed.  Dynamic Application Security Testing (DAST):
DAST is a security testing technique which involves simulating attacks
against the application and analyzes how the application behaves.

 Desktop Virtualization: In this virtualization technology, the
operating system instance, representing the user's desktop, is located
within a central server on the cloud.

 Docker: Docker is an open-source technology used for developing,
packaging, and running applications and all their dependencies in the
form of containers, to ensure that each application works in a seamless
environment.

 Docker Networking: Docker allows connecting multiple containers and
services or other non-Docker workloads together.

 Direct-Sequence Spread Spectrum (DSSS): DSSS is a spread spectrum
technique that multiplies the original data signal with a pseudo-random
noise-spreading code.

 Directional Antenna: A directional antenna can broadcast and receive
radio waves from a single direction.  Dipole Antenna: A dipole antenna
is a straight electrical conductor measuring half a wavelength from end
to end, and it is connected at the center of the radio frequency (RF)
feed line.

 Device-to-Device Communication: In this type of communication,
inter-connected devices interact with each other through the Internet,
but they predominantly use protocols such as ZigBee, Z-Wave or
Bluetooth.

 Device-to-Cloud Communication: In this type of communication, devices
communicate with the cloud directly, rather than directly communicating
with the client to send or receive data or commands.

 Device-to-Gateway Communication: In the device-to-gateway
communication model, the IoT device communicates with an intermediate
device called a gateway, which in turn communicates with the cloud
service.

Distributed Control System (DCS): A DCS is used to control production
systems spread within the same geographical location.

 DCOM: DCOM (Distributed Component Object Model) is Microsoft's
proprietary software that enables software components to communicate
directly over a network reliably and securely.

 DNP3: DNP3 (Distributed Network Protocol 3) is a communication
protocol used to interconnect components within process automation
systems.

 DeviceNet: DeviceNet is another variant of the Common Industrial
Protocol (CIP) that is used in the automation industry for
interconnecting control devices to exchange data.

 Data Encryption Standard (DES): DES is a standard for data encryption
that uses a secret key for both encryption and decryption (symmetric
cryptosystem).

 Digital Signature Algorithm (DSA): Federal Information Processing
Standard (FIPS) 186-2 specifies the digital signature algorithm (DSA)
that can be used in the generation and verification of digital
signatures for sensitive, unclassified applications.

 Digital Signature: A digital signature is a cryptographic means of
authentication. Public-key cryptography uses asymmetric encryption and
helps the user to create a digital signature.

 Digital Certificates: The digital certificates are used for dealing
with the security concerns regarding transmission of public keys
securely to the receiver in the digital signature.

 Domain validation: A domain certificate is issued to a user after they
prove some degree of control over a domain.

 Data Security: Data security involves the application of various data
security controls to prevent any intentional or unintentional act of
data misuse, data destruction, and data modification.

 Data Owners: Data owners are individuals or steering committees having
complete control over the data in an organization; they are solely
responsible for the data assets of the organization.

 Data Controller: The data controller is a person who collects and
controls the processing of data provided to the data processor.

 Data Processor: The data processor is a person who processes the data
given by the data controller for a specific purpose or duty that
involves the processing of personal data.

 Data Steward/Custodian: Data steward and data custodian are the two
roles given to the subject matter experts responsible for managing the
data on a daily basis.

 Data Protection Officer (DPO): The DPO is the security supervisor in
the organization who safeguards the organization's data.

 Data Classification: Data classification is the process of assigning
sensitivity levels to data while the data are being generated, modified,
saved, or passed over an information system.

 Data Access Control: Data access controls enable authentication and
authorization of users to access the data.

 Data Encryption: Protecting information by transforming it so that it
becomes unreadable for an unauthorized party.

 Data Masking: Protecting information by obscuring specific areas of
data with random characters or codes.  Data Resilience and Backup:
Making a duplicate copy of critical data to be used for restoring and
recovery purposes when the primary copy is lost or corrupted, either
accidentally or on purpose.

 Data Destruction: It involves destroying the data so that it cannot be
recovered and used for a wrong motive.

Data Retention: Data retention is the process of storing and maintaining
important information for meeting compliance and business data archival
requirements.

 Database Encryption: Database encryption is defined as a process of
converting a plain text database into a ciphertext database using
encryption techniques.

 Database Deidentification: Deidentification is the process of
segregating or replacing an entity's personal identity from the data
stored in a database.

 Data Sharing and Usage Agreement: A data sharing and usage agreement
is a documented agreement between a data provider and receiver, which
contains a clear understanding of what type of data is to be shared and
how the data must be handled.

 Data Backup: Data backup is the process of copying or storing
important data.  Data Backup Strategy: An ideal backup strategy
includes steps ranging from selecting the right data to conducting a
test data restoration drill.

 Differential Backup: Differential backup is the combination of a full
backup and an incremental backup.  Data Destruction Policy: A data
destruction policy ensures that the data stored on unused tapes, hard
disks, and other forms of electronic media are overwritten or destroyed
such that they are unreadable and cannot be accessed for unauthorized
purposes.

 Destroying: Destroying is a data destruction technique of physically
destructing the storage media through a variety of methods such as
disintegration, incineration, pulverizing, shredding, and pulping.

 Disposal: Disposal is a technique of eliminating information without
considering data destruction. This technique is applied to documents
containing nonconfidential information.

 Data Loss Prevention: Data loss prevention (DLP) includes a set of
software products and processes that do not allow users to send
confidential corporate data outside the organization.

 Destination Unreachable Message: If a datagram cannot be forwarded to
its destination, ICMP returns a destination unreachable message,
indicating to the sender that the datagram could not be properly
forwarded.

 Denial of Service Traffic Signatures: Traffic containing certain
signatures that indicate a DoS attempt that floods a server with a large
number of requests.

 Data Manipulation: It is a malicious activity in which attackers
modify, change, or alter valuable digital content or sensitive data
during transmission, instead of directly stealing the data from the
company.

 Digital Evidence: Digital evidence is defined as "any information of
probative value that is either stored or transmitted in a digital form".

 Data Analysis: Data analysis refers to the process of examining,
identifying, separating, converting, and modeling data to isolate useful
information.

 DNS Logs: A domain name system (DNS) server contains information that
enables users to obtain the appropriate IP address of their respective
websites.

 Dump Files: Dump files are compressed versions of system log files
that are recorded when a system crashes or is turned off unexpectedly.

 Dead Acquisition: Dead acquisition is defined as the acquisition of
data from a suspect machine that is powered off.

 Disaster Recovery: Disaster recovery (DR) refers to an organization's
ability to restore business data and applications after a disaster.

 Disaster Recovery Plan: A disaster recovery plan (DRP) is developed
for specific departments within an organization to help them to recover
from a disaster.

E

 External Threats: External attacks are performed by exploiting
vulnerabilities that already exist in a network, without the assistance
of insider employees.

 Exploit: A malicious code that breaches the system security via
software vulnerabilities to access information or install malware.

 Emotet: Emotet is a banking Trojan which can function both as a Trojan
by itself or as the downloader and dropper of other banking Trojans.

 Encryption Virus: Encryption viruses or cryptolocker viruses penetrate
the target system via freeware, shareware, codecs, fake advertisements,
torrents, email spam, and so on.

 Email Virus: An e-mail virus refers to computer code sent to you as an
e-mail attachment, which if activated, will result in some unexpected
and usually harmful effects, such as destroying specific files on your
hard disk and causing the attachment to be emailed to everyone in your
address book.

 Eavesdropping: Unauthorized listening of conversations or reading of
messages.  Elicitation: A technique of extracting information from the
victim by drawing them into normal and disarming conversations.

 Evil Twin: Evil Twin is a wireless AP that pretends to be a legitimate
AP by replicating another network name.

 Evidence Examiner/Investigator: Examines the evidence acquired and
sorts the useful evidence.  Evidence Documenter: Documents all the
evidence and the phases present in the investigation process.  Evidence
Manager: Manages the evidence in such a way that it is admissible in the
court of law.  Evidence Witness: Offers a formal opinion in the form of
a testimony in the court of law.  Efficacy Rates: Depends on technical
components, devices used to capture samples, algorithms used to compare
with references, and the environment in which the biometric sensor
operates.

 Explicit Authorization: An explicit authorization maintains separate
authorization details for each resource request.

 Enterprise Information Security Policy (EISP): EISP drives an
organization's scope and provides direction to their security policies.

 Encryption Policy: Security professionals can encrypt the sensitive
application data, preventing users from gaining access to it.

 Electromagnetic Interference (EMI): EMI occurs when electronic
device's performance is interrupted or degraded due to electromagnetic
radiation or conduction.

 Electromagnetic Interference (EMI) Shielding: EMI shielding is a
coating on electronic equipment kept in metal boxes which block
emissions and radiation.

 East--West Traffic: East--west traffic is the network traffic between
the servers inside a data center or the traffic between data center.

 External Firewalls: External firewalls are used to limit access
between the protected network and the public network.

 Extended ACLs: Block or allow network packets by verifying the source
IP, destination IP, MAC address, and port numbers.

 Email Honeypots: Email honeypots are fake email addresses that are
specifically used to attract fake and malicious emails from adversaries.

Encapsulation: Encapsulation is the method in which protocols have
separate functions to communicate among each other by hiding the data.

 Encryption: Encryption to provide an additional layer of security to
data transmitted over the VPN. Encryption plays an important role when
sensitive data is carried over the Internet in an organization.

 Electronic Intelligence (ELINT): It includes information extracted
using electronic sensors, and it is mainly focused on the
noncommunication signal intelligence.

 External Assessment: External assessment examines the network from a
hacker's point of view to identify exploits and vulnerabilities
accessible to the outside world.

 Ethical Hacking: Ethical hacking is the practice of employing computer
and network skills in order to assist organizations in testing their
network security for possible loopholes and vulnerabilities.

 Extensible Configuration Checklist Description Format (XCCDF): XCCDF
is a language used for writing security contents such as checklists,
system configuration procedures, and benchmarks.

 Exception handling: Exception handling occurs when error conditions
interrupt the normal flow of a program's execution.

 Edge Computing: Edge computing is a distributed decentralized
computing model in which data processing is performed close to edge
devices.

 EAP Protocol: EAP is a request/response-based authentication framework
that employs authentication algorithms to validate identities.

 EAP-FAST: EAP-FAST performs flexible authentication via protected
tunnels.  EAP-TLS: EAP Transport Layer Security (TLS) is an IETF
open-standard Transport Layer Security (TLS) protocol that is well
suited for secure wireless authentication processes.

 EAP-TTLS: EAP Tunneled Transport Layer Security (TTLS) is an advanced
version of EAP TLS. As in PEAP, it utilizes a PKI certificate to build a
secure tunnel between the client and authentication server for safe key
exchange.

 Enterprise Mobility Management (EMM): EMM consists of tools and
technologies used in an organization to secure the data in employees'
personal (BYOD) and organizational devices.

 Ethernet: It is a type of LAN that consists of a wired connection
between computers in a small building, office, or campus.

 EtherCAT: Ethernet for Control Automation Technology (EtherCAT) is an
Ethernet-based fieldbus system that is appropriate for both hard and
soft real-time computing necessities in automation technology.

 Elliptic Curve Cryptography (ECC): ECC is a modern public-key
cryptography developed to avoid larger cryptographic key usage.

 Electronic Code Book (ECB) Mode: The ECB mode is a straightforward
process of encryption and decryption that requires plaintext, a secret
key, and a block cipher encryption algorithm.

 Extended validation (EV): EV certificates are issued by CAs for
securing online banking transactions, ecommerce, etc.

 Espionage: Corporate espionage is a central threat to organizations,
as competitors often aim to attempt to secure sensitive data through
open source intelligence gathering.

 Evidence Preservation: Evidence preservation refers to the proper
handling and documentation of evidence to ensure that it is free from
any contamination.

 Evidence Management: Evidence management helps in effectively
protecting the true state of an evidence. This is achieved by the proper
handling and documentation of the evidence.

Emergency Management: It refers to the procedures and actions
implemented after a crisis in order to safeguard people from harm.

 Enterprise Risk Management Framework (ERM): Enterprise Risk Management
(ERM) includes the methods and processes implemented by an organization
to minimize the impact of risks.

 Enterprise Network Risk Management Policy: Enterprise network risk
management policy assists in developing and establishing essential
processes and procedures to address and minimize information security
risks.

F

 File Virus: File viruses infect files executed or interpreted in the
system, such as COM, EXE, SYS, OVL, OBJ, PRG, MNU, and BAT files.

 File Extension Virus: File extension viruses change the extensions of
files.  FAT Virus: A FAT virus is a computer virus that attacks the
File Allocation Table (FAT), a system used in Microsoft products and
some other types of computer systems to access the information stored on
a computer.

 Fileless Malware: Fileless malware, also known as non-malware, infects
legitimate software, applications, and other protocols existing in the
system to perform various malicious activities.

 Fuzzing: Attackers use the fuzzing technique to repeatedly send some
random input to the target API to generate error messages that reveal
critical information.

 Familiarity or Liking: Familiarity or liking implies that people are
more likely to be persuaded to do something when they are asked by
someone whom they like.

 Forensic Investigator: Responsible for maintaining forensics readiness
across an organization and implementing effective IH&R.

 Financial Auditor: Responsible for calculating the costs involved in
an incident.  Fingerprint Scanning: Compares two fingerprints for
verification and identification on the basis of the patterns on the
finger.

 Face Recognition: Uses facial features to identify or verify a person.
 False Acceptance Rate (FAR): Percentage of identification occurrences
in which an unauthorized user gains access to the resources.

 False Rejection Rate (FRR): Percentage of identification occurrences
in which an authorized user is denied access to the resources.

 Failure To Capture (FTC): Ratio of the number of times the system does
not capture the samples presented to it to the total number of samples
presented.

 Failure to Enroll (FTE): Ratio of the number of users that are not
enrolled in the system to the total number of users presented to the
system.

 Freedom of Information Act (FOIA): The Freedom of Information Act
(FOIA) has provided the public the right to request access to records
from any federal agency.

 Firewall Management Policy: Firewall management policy defines access,
management, and monitoring of firewalls in the organization.

 Fire Fighting Systems: Firefighting systems mainly deal with detecting
and alerting the occupants to the fire incidents.

 Fire Detection System: Fire detection system helps detect a fire
incident before letting the fire spread.  Flame Detectors: Flame
detectors mainly deal with the detection of flames in a fire incident.

Fire Suppression: A fire suppression system is used to quench the fire
without much human interaction.  Fire Extinguisher: Fire extinguishers
deal with extinguishing fires at the initial stage.  Foam-Water
Sprinkler System: It is a special type of sprinkling system that
contains "foam-water" sprinklers that release a solution or mixture of
foam and water at a specified flow rate when activated.

 Firewall: Firewall is a software or hardware, or a combination of
both, which is generally used to separate a protected network from an
unprotected public network.

 Firewall Access Control Lists (ACLs): A firewall access control list
(ACL) is a collection of rules or conditions to allow or deny inbound
and outbound network traffic.

 False Positive (No attack -- Alert): A false positive occurs if an
event triggers an alarm when no actual attack is in progress.

 False Negative (Attack -- No Alert): A false negative is a condition
that occurs when an IDS fails to react to an actual attack event.

 Foreign Instrumentation Signals Intelligence (FISINT): This form of
intelligence is gathered from the interception of nonhuman communication
systems emitting some sort of signals or radiations.

 Fault Tolerance: Strategy applied to software design (or system
design) to permit system to continue functioning even in the presence of
faults by enhancing its robustness.

 Fault Detection: Closely linked to fault tolerance, used in detecting
faults and producing appropriate responses of system behavior. Examples
include system monitors, safety monitors, built-in tests, loop-back
tests, etc.

 Fault Removal: Removes faults during design process. Examples include
error detection, verification through inspection, built-in testing,
correction functions, etc.

 Fault Avoidance: Avoids errors that contribute to system faults during
the development process.  Function-as-a-Service (FaaS): This cloud
computing service provides a platform for developing, running, and
managing application functionalities without the complexity of building
and maintaining necessary infrastructure (serverless architecture).

 Fog Computing: Fog computing is a distributed and independent digital
environment in which applications and data storage are positioned
between data sources (devices generating data) and a cloud service.

 Frequency-Hopping Spread Spectrum (FHSS): FHSS, also known as
frequency-hopping code-division multiple access (FH-CDMA), is a method
of transmitting radio signals by rapidly switching a carrier among many
frequency channels.

 Full Device Encryption: Full disk encryption is a security feature
that can encrypt all the information stored on any storage medium within
a mobile device.

 Field Sensors: Field sensors collect information to determine and
measure process parameters such as temperature, pressure, flow.

 Final Control Elements: Final control elements implement the actions
determined by the logic controller to bring the system to a safe state.

 FTE: Fault Tolerant Ethernet (FTE) is designed to provide rapid
network redundancy, and each node is connected twice to a single LAN
through dual network interfaces.

 Federated Blockchain or Consortium Blockchain: It is a partially
decentralized blockchain in which a group of individuals or
organizations, rather than a single entity as in private blockchains,
create and manage separate blockchain networks.

 Full Data Backup: This is also called a normal backup. It copies all
files and compresses them to save space.

File-Level Encryption: Encryption of data stored in files/folders. 
Forwarded Event Log: This includes events that are received from other
systems present on the same network.

 First Responder: The term "first responder" refers to the individuals
who arrive first at the crime scene and gain access to the victim's
computer system after the incident report.

 Forensic Investigation Process: A methodological approach to
investigate, seize, and analyze digital evidence and then manage the
case from the time of search and seizure to reporting the investigation
result.

 Forensic Data Acquisition: Forensic data acquisition is a process of
imaging or collecting information from various media in accordance with
certain standards for analyzing its forensic value.

G

 Gray Hats: Individuals who work both offensively and defensively at
various times.  Gaining Access: Gaining access refers to the point
where the attacker obtains access to the operating system or
applications on the target computer or network.

 Gait Analysis: Uses patterns of locomotion exhibited by moving limbs
while walking or running are different among different individuals.

 Gramm-Leach-Bliley Act (GLBA): The Gramm-Leach-Bliley Act (GLB Act or
GLBA) is a United States federal law that requires financial
institutions to explain how they share and protect their customers'
private information.

 Gray-box Testing: Gray-box penetration testing is the most common
approach toward application security that tests the vulnerabilities an
attacker can find and exploit.

 Global System for Mobile Communications (GSM): It is a universal
system used for mobile data transmission in wireless networks worldwide.

 Global Positioning System (GPS): GPS is a radio navigation and
positioning system based on satellite communication.

 Geolocation: Geolocation is a technology that can identify the
real-world geographical location of users or devices when connected to
the Internet.

 Geofencing: Geofencing is a technique through which mobile-application
marketers utilize the location of the user to gather information.

 GE-SRTP: GE-SRTP (Service Request Transport Protocol), developed by GE
Intelligent Platforms, is used to transfer data from PLCs, and runs on a
selected number of GE PLCs that turn digital commands into physical
actions.

 Government Access to Keys (GAK): GAK means that software companies
will give copies of all keys (or at least a sufficient proportion of
each key that the remainder could be cracked) to the government.

H

 Hacktivist: Individuals who promote a political agenda by hacking,
especially by using hacking to deface or disable website.

 Hacker Teams: A consortium of skilled hackers having their own
resources and funding. They work together in synergy for researching the
state-of-the-art technologies.

 Hacking: Hacking refers to exploiting system vulnerabilities and
compromising security controls to gain unauthorized or inappropriate
access to a system's resources.

 Hash Injection/Pass-the-Hash (PtH) Attack: A hash injection/PtH attack
allows an attacker to inject a compromised hash into a local session and
use the hash to validate network resources.

Hybrid Attack: This type of attack depends on the dictionary and brute
force attacks.  Horizontal Privilege Escalation: Acquiring the same
privileges that have already been granted, by assuming the identity of
another user with the same privileges.

 Hoax Letters: Emails that issue warnings to the user about new
viruses, Trojans, or worms that may harm the user's system

 Hybrid Warfare: The use of uncommon procedures such as cyber warfare
as a component of a multi-domain warfighting tactic to damage and
disable an adversary without direct conflict.

 Hash Collision Attack: A hash collision attack is performed by finding
two different input messages that result in the same hash output.

 Hardware Tokens: Physical devices such as a key fob or USB dongle
having an in-built token; used as an authentication factor for accessing
any type of restricted resources.

 HMAC-based One-time Password (HOTP): An HOTP is an event-based OTP,
where the input seed is static, and the moving factor is based on a
counter.

 Health Insurance Portability and Accountability Act (HIPAA): The HIPAA
Privacy Rule provides federal protections for the individually
identifiable health information held by covered entities and their
business associates and gives patients an array of rights to that
information.

 Heat Detectors: Heat detectors are used to detect and respond to
thermal energy generated due to fire incidents.

 HVAC (Heating, Ventilation, and Air Conditioning): HVAC systems
control the surrounding environment in a room or building especially
humidity, temperature, and air flow.

 Hot and Cold Aisles: A hot and cold aisle is an arrangement of server
racks and networking equipment to manage cold and hot air flow.

 Hyper Text Transfer Protocol Secure (HTTPS): The HTTPS protocol is
widely used across the Internet to secure network communication.

 Hardware Firewalls: A hardware firewall is either a dedicated
stand-alone hardware device or it comes as part of a router.

 Host-based Firewalls: A host-based firewall is a software-based
firewall that can filter inbound/outbound traffic of an individual
computer on which it is installed and checks for any malicious activity
throughout the network.

 Host Intrusion Detection Systems (HIDS): HIDS is installed on a
specific host and is used to monitor, detect, and analyze events
occurring on that host.

 Hybrid Intrusion Detection Systems (Hybrid IDS): A hybrid IDS is a
combination of both HIDS and NIDS.  Honeypot: A honeypot is a computer
system on the Internet intended to attract and trap those who attempt
unauthorized or illicit utilization of the host system to penetrate an
organization's network.

 High-Interaction Honeypots: Unlike their low-and medium-interaction
counterparts, high-interaction honeypots do not emulate anything; they
run actual vulnerable services or software on production systems with
real OS and applications.

 Honeynets: Honeynets are networks of honeypots. They are very
effective in determining the entire capabilities of the adversaries.

 Hardware VPNs: Hardware-based VPNs are separate devices that consist
of individual processors and hardware firewalls.

 Hybrid VPN: Hybrid VPNs are those with trusted VPNs as part of the
secure VPNs. They implement different network components of an
organization at the same time in order to confirm security at very low
costs.

Hub-and-Spoke VPN Topology: In hub-and-spoke technology, the main
organization is considered the hub, and its remote offices are
considered the spokes. The spokes access the VPN through the hub.

 Hybrid Hunting: Hybrid hunting can be a combination of any of the
above-mentioned hunting types that yields a productive output.

 Human Intelligence (HUMINT): The human intelligence is a form of
information that is collected by means of interpersonal communication.

 Host-based Assessment: Host-based assessments are a type of security
check that involve conducting a configuration-level check to identify
system configurations, user directories, file systems, registry
settings, and other parameters to evaluate the possibility of
compromise.

 HTTP Strict Transport Security (HSTS): HSTS enables web servers to
force web browsers to interact with them using HTTPS. With the HSTS
header option, all insecure HTTP connections are automatically converted
into HTTPS connections.

 Hypervisor/Virtual Machine Monitor: An application or firmware that
enables multiple guest operating systems to share a host's hardware
resources.

 Hybrid Cloud: It is a cloud environment comprised of two or more
clouds (private, public, or community) that remain unique entities but
are bound together to offer the benefits of multiple deployment models.

 Hotspot: These are places where wireless networks are available for
public use.  HaLow: This is another variant of the Wi-Fi standard; it
provides an extended range, making it useful for communications in rural
areas.

 HSCP: Hybrid SCP (Secure Copy Protocol) is developed for transmitting
larger file sizes at high speed on long-distance and wideband
infrastructure.

 HART-IP: The HART-IP protocol is used to integrate Wireless HART
gateways and HART multiplexers tightly and efficiently for sending and
receiving digital information.

 Homomorphic Encryption: Homomorphic encryption allows users to secure
and leave their data in an encrypted format even while it is being
processed or manipulated.

 Hardware-based Encryption: Hardware-based encryption uses computer
hardware for assisting or replacing the software when the data
encryption process is underway.

 HSM: Hardware security module (HSM) is an additional external security
device that is used in a system for crypto-processing and can be used
for managing, generating, and securely storing cryptographic keys.

 Hard Drive Encryption: Hard drive encryption is a technology where the
data stored in the hardware can be encrypted using a wide range of
encryption options.

 HMAC: Hash-based message authentication code (HMAC) is a type of
message authentication code (MAC) that uses a cryptographic key along
with a cryptographic hash function.

 Hierarchical Trust Model: This trust model is an inverted tree-like
structure in which one master CA called a root is the initial point of
trust.

 Hybrid Trust Model: This trust model is a combination of peer-to-peer
and hierarchical trust models, in which root CAs perform peer-to-peer
tasks by sharing public keys.

 Hybrid blockchain: It is a combination of both private and public
blockchain.  Hashing/Salting: Cryptographic hashes transform any type
of data with a unique fixed string length using hashing algorithms such
as MD5 and SHA.

 Hot Backup (Online): It is also called as dynamic backup or active
backup. In a hot backup, the system continues to perform the backup even
when the user is accessing the system.

Internal Threats: These threats are performed by insiders within the
organization such as disgruntled or negligent employees and harm the
organization intentionally or unintentionally.

 Industrial Spies: Individuals who perform corporate espionage by
illegally spying on competitor organizations and focus on stealing
information such as blueprints and formulas.

 Insider: Any employee (trusted person) who has access to critical
assets of an organization.  Injector: This program injects exploits or
malicious code available in the malware into other vulnerable running
processes and changes the method of execution to hide or prevent its
removal.

 IoT Trojans: Internet of things (IoT) refers to the inter-networking
of physical devices, buildings, and other items embedded with
electronics.

 Intrusive Virus: Intrusive viruses overwrite the host code completely
or partly with the viral code.  Integer Overflows: An integer overflow
occurs when an arithmetic function generates and attempts to store an
integer value larger than the maximum value that the allocated memory
space can store.

 Input handling: Input handling is defined as the verification of
application functionalities such as validation, filtering, sanitizing,
encryption, and decryption of input data.

 Insider Attacks: Involve using privileged access to violate rules or
intentionally cause a threat to the organization's information or
information systems.

 Infrastructure: Infrastructure refers to the hardware or software used
in the network by the target that has a connection with the adversary.

 IP Address Spoofing: IP spoofing refers to changing the source IP
addresses so that the attack appears to be coming from someone else.

 Injection Flaws: Injection flaws are web application vulnerabilities
that allow untrusted data to be interpreted and executed as part of a
command or query.

 Insecure SSL Configuration: Vulnerabilities in SSL configuration may
allow attackers to perform MITM attacks.

 Intimidation: Intimidation refers to an attempt to intimidate a victim
into taking several actions by using bullying tactics.

 Impersonation: Impersonation is a common human-based social
engineering technique where an attacker pretends to be a legitimate or
authorized person.

 Instant Chat Messenger: Gathering personal information by chatting
with a selected user online to get information such as birth dates and
maiden names.

 Identity Theft: Identity theft is a crime in which an imposter steals
your personally identifiable information such as name, credit card
number, social security or driver's license numbers, etc. to commit
fraud or other crimes.

 Influence Campaigns: Influence campaigns are defined as the
accumulation of tactical data about a target, along with the
distribution of propaganda to gain a competitive edge over an adversary.

 Information Security: Information security is a state of well-being of
information and infrastructure in which the possibility of theft,
tampering, and disruption of information and services is low or
tolerable.

 Integrity: The trustworthiness of data or resources in terms of
preventing improper or unauthorized changes.

 Information Assurance: IA principles act as enablers for an
organization's security activities to protect and defend its network
from security attacks.

Incident Handling and Response (IH&R) Team: A centralized IH&R team will
perform vulnerability analysis, establish well-defined security
policies, detect indicators of compromise, handle legal issues, manage
public relations, and provide proper reports regarding the incident.

 Information Security Officer (ISO): Responsible for all IH&R
activities in the context of overall organizational information
security.

 Incident Manager (IM): Analyze and review incident handling processes
from managerial and technical perspectives.

 Incident Coordinator: Connect different stakeholders affected by
incidents, such as the incident handling team, the legal team, the human
resources team, clients, and vendors.

 Internal Auditor: Ensure that an organization complies with the
regulations, business standards, and laws of its regions of operation.

 Incident Responder: Responsible for the measures to be taken when an
incident occurs.  Incident Analyzer: Analyzes the incidents based on
their occurrence.  Identity and Access Management (IAM): IAM is
responsible for providing the right individual with right access at the
right time.

 Identity: Identity refers to a set of attributes linked to an entity
that can be stored and authenticated digitally

 Identity Provider (IdP): A service that can store, manage, and verify
the digital identities of an individual.  Identity Management: Identify
Management involves storing and managing user attributes in their
repositories.

 Identity Repository: The user repository is a database where
attributes related to the users\' identities are stored.

 Iris Scanning: Analyzes the colored part of the eye suspended behind
the cornea.  Implicit Authorization: Implicit authorization provides
access to the resources indirectly.  Issue Specific Security Policy
(ISSP): ISSP directs the audience on the usage of technology-based
systems with the help of guidelines.

 Information Protection Policy: Information protection policy defines
guidelines for processing, storing, and transmitting sensitive
information.

 Information System Security Policy: Information system security policy
defines guidelines to safeguard an organization's information systems
from malicious use

 Internet Usage Policy: Internet usage policy governs the way the
organization's Internet connection is used by every device on the
network.

 Internet Protocol Security (IPsec): Internet Protocol Security (IPsec)
is a set of protocols that the Internet Engineering Task Force (IETF)
developed to support the secure exchange of packets at the IP layer.

 IMAPS: Secure IMAP (IMAPS) provides security to email communications
using SSL/TLS.  Internet Security Association and Key Management
Protocol (ISAKMP): It is a key protocol in the IPsec architecture that
establishes the required security for various communications over the
Internet.

 Internal Bastion Host: Internal bastion hosts reside inside the
internal network of an organization. They can be single-homed or
multi-homed bastion hosts.

 Internal Firewalls: Internal firewalls/internal network segmentation
firewalls are used to protect one network segment from others in the
internal network and ensure the application of stateful inspection and
policies for the traffic that traverses through the internal network.

Intrusion Detection and Prevention System (IDS/IPS): An intrusion
detection and prevention system (IDS/IPS) is a network security
appliance that inspects all inbound and outbound network traffic for
suspicious patterns that might indicate a network or system security
breach.

 Interval-based IDS: Interval-based or offline analysis refers to the
storage of the intrusion-related information for further analysis.

 Internet Key Exchange (IKE): IPsec relies on IKE for secure key
exchange and authentication.  Indicators of Compromise (IoCs):
Indicators of compromise (IoCs) are the artifacts of network security
incidents.

 Industry Association and Vertical Communities: Information is
collected from various threat intelligence sharing communities where the
organizations share intelligence information among each other.

 Internal Assessment: An internal assessment involves scrutinizing the
internal network to find exploits and vulnerabilities.

 Information Systems Security Assessment Framework: The Information
Systems Security Assessment Framework evaluates an organization's
information security processes and policies.

 Input Validation: Input validation is the process of verifying and
testing user inputs of the application that come from untrusted data
sources.

 Image Forgery: In an image forgery attack, the adversary gains access
to the registry server and tampers the Docker image.

 Infrastructure-as-a-Service (IaaS): This cloud computing service
enables subscribers to use on-demand fundamental IT resources, such as
computing power, virtualization, data storage, and network.

 Identity-as-a-Service (IDaaS): This cloud computing service offers
authentication services to the subscribed enterprises and is managed by
a third-party vendor to provide identity and access management services.

 Industrial, Scientific, and Medical (ISM) Band: This band is a set of
frequencies used by the international industrial, scientific, and
medical communities.

 IEEE802.1X: IEEE802.1X is an IEEE standard that offers an
authentication method based on ports over the data link layer to users
who are attempting to access a local area network (LAN) or wireless
local area network (WAN).

 Infrared (IR): IR is a wireless technology for transferring data
between two devices in the digital form within a short range of up to 5
m.

 Internet of Things (IoT): Internet of Things (IoT), also known as
Internet of Everything (IoE), refers to the network of devices having IP
addresses and the capability to sense, collect, and send data using
embedded sensors, communication hardware and processors.

 6LoWPAN: IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN)
is an Internet protocol used for communication between smaller and
low-power devices with limited processing capacity, such as various IoT
devices.

 ICS: The Industrial Control System (ICS) is an essential part of every
industrial process and critical infrastructure found in industry.

 IPv4/IPv6: IPv4 is a connectionless protocol used in packet-switched
networks. IPv6 is used for packet-switched internetworking, which
provides end-to-end datagram transmission across multiple IP networks.

 ICCP (IEC 60870-6): ICCP (Inter-Control Center Communications
Protocol) (IEC 60870-6) provides a set of standards and protocols for
covering ICS or SCADA communication in power system automation.

 IEC 61850: IEC 61850 is a common protocol that enables
interoperability and communications between the IEDs at electrical
substations.

ISA/IEC 62443: ISA/IEC 62443 provides a flexible framework for
addressing and mitigating current and future security vulnerabilities in
industrial automation and control systems.

 Interconnection Security Agreements (ISA): An ISA is a mutual
agreement between an organization and a third party when they decide to
connect their IT systems.

 Incremental Data Backup: Only files that have been changed or created
after the last backup are copied to the backup media.

 IP Parameter Problem: The parameter problem occurs when invalid data
exist in the fields of an IP header.  Informational Traffic Signature:
Traffic containing certain signatures that may appear suspicious but
might not be malicious.

 Incident Response: Incident response (IR) is the process of taking
organized and careful steps when reacting to a security incident.

 Incident Response Plan: The IR plan determines the future course of
action for establishing, managing, and strengthening incident response
capabilities.

 Incident Analysis and Validation: Analysis and validation will help in
determining the affected resources and data, systems, networks, servers,
services; impact on the business; and different types of losses.

 Incident Classification: IH&R team classifies the incidents based on
factors such as severity, affected resources, attack methodology, nature
of the incident, criticality of the systems impacted, and legal and
regulatory requirements.

 Incident Prioritization: Prioritization determines the sequential
process of attending or responding to security incidents. Incidents are
prioritized based on the potential technical impact, criticality of the
affected resources, and impact on the business.

 Incident Containment: Incident containment involves controlling the
effect of the incident immediately after its occurrence.

 Incident Impact Assessment: "Incident impact assessment" refers to the
process of determining all types of losses that occur due to an
incident.

 Incident Documentation: The IH&R team should document various
processes while handling and responding to an incident.

 Intellectual Property Theft: It is the process of stealing trade
secrets, copyrights, or patent rights of an asset or a material
belonging to individuals or entities.

 Investigation Phase: Considered to be the main phase of the computer
forensics investigation, the investigation phase involves acquisition,
preservation, and analysis of the evidentiary data to identify the crime
source and the culprit.

 IPFIX: Internet Protocol Flow Information Export (IPFIX) is an
industry standard that is based on NetFlow version 9.

 Incident Management: Incident Management (IM) enables an organization
to analyze, identify, and respond to and prevent such incidents.

 Inherent Risk: Inherent risk defines the risk that exists before
controls are implemented.  ISO 27005: ISO 27005 provides information
guidelines designed to provide broadly acceptable guidance for
information security risk management.

 ISO 31000: ISO 31000 is a framework that provides generic guidelines
for enterprise risk management (ERM) with a universally recognized risk
paradigm for practitioners and companies.

J

 Jamming Signal Attack: Jamming is an attack performed on a wireless
network to compromise it.  Jailbreaking iOS: Jailbreaking is defined as
the process of installing a modified set of kernel patches that allows
users to run third-party applications not signed by the OS vendor.

 Job Rotation: Involves the rotation of employees among different job
roles with the intention of improving their skills and ability to work
in different roles and departments.

 Jump Servers: A jump server, also referred to as a jump host, is an
intermediary gateway inside a secure location on a network that is used
to connect to, or access devices or hosts located in another security
zone such as a DMZ.

K

 Keylogger: Keystroke loggers are programs or hardware devices that
monitor each keystroke as the user types on a keyboard, logs onto a
file, or transmits them to a remote location.

 Keylogging: Keylogging is a method of recording the keys typed on a
keyboard, and it provides sensitive information such as system
passwords.

 KNOB Attack: Exploiting a vulnerability in Bluetooth to eavesdrop all
the data being shared, such as keystrokes, chats, and documents.

 Known-plaintext Attack: Attacker has knowledge of some part of the
plain text; using this information, the key used to generate ciphertext
is deduced to decipher other messages.

 Kerberos: Kerberos is a client-server model that is implemented for
authenticating requests in computer networks.

 Kubernetes: Kubernetes, also known as K8s, is an open-source,
portable, extensible, orchestration platform developed by Google for
managing containerized applications and microservices.

 Kubernetes Node: A Kubernetes node is a worker machine that contains
the services required to run the pods and is managed by master
components.

 Key Stretching: Key stretching refers to processes used to make a weak
key stronger, usually by making it longer. This technique helps in
defending against brute-force attacks.

 Key Management: Key management is the process of managing
cryptographic keys in a cryptosystem. The key management process
includes the generation, exchange, storage, usage, archival, revocation,
and destruction of keys using cryptographic algorithms.

 Key Escrow: Key escrow is the process of keeping secret keys with a
certified third-party that serves as a backup for cryptographic keys.

 Key Risk Indicators (KRI): A key risk indicator (KRI) is an important
component of an effective risk management process that shows the
riskiness of an activity.

L

 Logic Bomb Virus: A logic bomb is a virus that is triggered by a
response to an event, such as the launching of an application or when a
specific date/time is reached, where it involves logic to execute the
trigger.

 Legacy Platform Vulnerabilities: Legacy platform vulnerabilities are
caused by obsolete or familiar codes.  LDAP Injection: LDAP injection
is an attack method in which websites that construct LDAP statements
from user-supplied input are exploited for launching attacks.

 Login/Credential Stuffing Attacks: Attackers often target login and
validating systems because attacks on these systems are difficult to
detect and stop using typical API security solutions.

 LDAPS: It uses SSL/TLS protocols to provide security to LDAP data.

Logical Segmentation: Logical segmentation utilizes VLANs, which are
isolated logically without considering the physical locations of
devices.

 Low-interaction Honeypots: Low-interaction honeypots emulate only a
limited number of services and applications of a target system or
network.

 Layer 2 Tunneling Protocol (L2TP): Permits multiprotocol to be
encrypted and sent across any medium supporting point-to-point delivery.

 L2TP Encapsulation: The PPP frame is encapsulated using a L2TP header
and an UDP header.  Load Balancer: A load balancer/server farm/server
pool is a device responsible for distributing network traffic across
multiple servers in a distributed system.

 Least Connections: The least connections algorithm is a load balancing
algorithm that chooses the server with the least number of active
connections by sending a request to the server.

 LEAP: Lightweight EAP (LEAP) is a proprietary version of EAP developed
by Cisco.  Light-Fidelity (Li-Fi): Li-Fi is a Visible Light
Communications (VLC) system that uses common household light bulbs for
data transfer at a very high speed of 224 Gbps.

 LTE-Advanced: LTE-Advanced is a standard for mobile communication that
provides enhancement to LTE, focusing on providing higher capacity in
terms of data rate, extended range, efficiency, and performance.

 LPWAN: Low Power Wide Area Networking (LPWAN) is a wireless
telecommunication network, designed to provide long-range communications
between two endpoints.

 LoRaWAN: A Long Range Wide Area Network (LoRaWAN) is used to support
applications such as mobile, industrial machine-to-machine, and secure
two-way communications for IoT devices, smart cities, and healthcare
applications.

 LWM2M: Lightweight Machine-to-Machine (LWM2M) is an application-layer
communication protocol used for application-level communication between
IoT devices; it is used for IoT device management.

 Logic Solvers: Logic solvers are helpful in deciding the necessary
action to be taken based on the gathered information.

 Lightweight Cryptography: Lightweight cryptographic algorithms are
aimed at low-complexity applications such as RFID tags, sensor-based
applications, and other IoT-based applications.

 Log: Log is a collection of information/ data on events generated in
the form of audit trail by the various components of information system
such as network, applications, OS, service, etc.

 Logging: Logging is the process of recording and storing logs of the
events that occur in the network.  Local logging: Local logging
involves logging user activities in the host machine. In other words, it
is the process of writing logs into files stored on the local disk.

 Linux Logs: Linux logs are a record of any activity or event in Linux
OS.  Log Files : Log files are system generated reports that contain
information related to user activities or events that occur in software
applications, OSes, servers, or network communication.

 Live Acquisition: The live data acquisition process involves the
collection of volatile data from devices when they are live or powered
on.

 Logical Acquisition: Logical acquisition allows an investigator to
capture only selected files or file types of interest to the case.

M

 Malvertising: Embedding malware in ad-networks that display across
hundreds of legitimate, high-traffic sites.

Malicious Code: A command that defines malware's basic functionalities
such as stealing data and creating backdoors.

 Malware: Malware is malicious software that damages or disables
computer systems and gives limited or full control of the systems to the
malware creator for the purpose of theft or fraud.

 Mobile Trojans: Mobile Trojans are malicious software that target
mobile phones.  Multipartite Virus: A multipartite virus combines the
approach of file infectors and boot record infectors and attempts to
simultaneously attack both the boot sector and the executable or program
files.

 Macro Virus: Macro viruses infects Microsoft Word or similar
applications by automatically performing a sequence of actions after
triggering an application.

 Metamorphic Virus: Metamorphic viruses are programmed such that they
rewrite themselves completely each time they infect a new executable
file.

 Misconfigurations/Weak Configurations: Misconfiguration is the most
common vulnerability and is mainly caused by human error. It allows
attackers to break into a network and gain unauthorized access to
systems.

 Memory Leaks: A memory leak or resource leak is an unintended class of
memory consumption that occurs when a programmer fails to erase an
assigned block of memory when no longer required.

 Maintaining Access: Maintaining access refers to the phase when the
attacker tries to retain their ownership of the system.

 Man-in-the-Middle Attack: The man-in-the-middle attack is used to
intrude into an existing connection between systems and intercept the
messages being exchanged.

 MAC Spoofing/Duplicating/Cloning: A MAC duplicating/cloning att