Access Control encompasses the policies, procedures, and technologies that regulate who can access resources and what actions they can perform. CISSP Relevance Domain 5 (Identity and Access Management) dedicates significant coverage to access control models, implementation, and management. For implementation… Read More
An Access Control List (ACL) is a table that defines which users or systems have permissions to access specific resources and what actions they can perform. File system ACLs specify read, write, and execute permissions for files and directories. Network… Read More
Annualized Loss Expectancy (ALE) estimates the expected financial loss from a specific threat over one year. ALE equals the Single Loss Expectancy (SLE) — the dollar value of a single incident — multiplied by the Annualized Rate of Occurrence (ARO)… Read More
Application whitelisting allows only explicitly approved software to execute on a system, blocking everything else by default. This is the inverse of traditional antivirus, which blocks known bad software while allowing everything else. Whitelisting assumes nothing is trusted unless specifically… Read More
Asymmetric Encryption uses mathematically related key pairs: a public key that can be freely distributed and a private key that must remain secret. Data encrypted with the public key can only be decrypted with the corresponding private key. This solves… Read More
The attack surface is the total sum of all points where an unauthorized user could attempt to enter or extract data from a system. This includes open ports, running services, APIs, and any exposure point accessible from outside the security… Read More
Attribute-Based Access Control (ABAC) grants access based on a combination of user attributes (department, clearance level), resource attributes (classification, sensitivity), and environmental attributes (time of day, device type, network location). ABAC evaluates policies against multiple attributes simultaneously to make fine-grained… Read More
An audit trail is a chronological record of system activity providing documentary evidence of the sequence of events within a system. Audit trails capture who did what, when, from where, and to which resources, creating an accountable record that supports… Read More
Authentication is the process of verifying the identity of a user, system, or entity. It answers the question “who are you?” before granting access to resources. Authentication factors fall into three categories: something you know (passwords, PINs), something you have… Read More
Authorization determines what an authenticated user is permitted to do. After verifying identity (authentication), the system checks permissions to decide whether the user can read a file, execute a command, or access a resource. Authorization enforces the principle of least… Read More
The Bell-LaPadula model is a formal security model developed for the US Department of Defense to enforce confidentiality in multilevel security systems. It defines access rules based on classification levels: no read up (subjects cannot read objects at higher classification)… Read More
Biometric authentication verifies identity using unique physical or behavioral characteristics — fingerprints, facial geometry, iris patterns, or voiceprints. Unlike passwords, biometric factors cannot be forgotten or shared. But unlike passwords, they also cannot be changed if compromised. Biometric system accuracy… Read More
Business Continuity encompasses the plans, processes, and procedures that enable an organization to continue critical operations during and after a disruptive event. Unlike disaster recovery which focuses on IT systems, business continuity addresses the entire organization including people, facilities, communications,… Read More
Business Impact Analysis (BIA) identifies critical business processes and determines the impact of their disruption over time. Unlike risk assessment which considers threats, BIA focuses on consequences. It answers: if this process stops, what happens after one hour, one day,… Read More
Chain of custody is the documented record tracking who collected, handled, transferred, and analyzed digital evidence from the moment of collection through any legal proceedings. A break in the chain can make evidence inadmissible in court and undermine an entire… Read More
Change Management is the structured process for requesting, reviewing, approving, implementing, and documenting changes to IT systems. Every modification—software updates, configuration changes, new deployments—follows defined procedures to minimize risk of outages, security vulnerabilities, and unintended consequences. The process typically includes… Read More
The CIA Triad represents the three foundational principles of information security: Confidentiality, Integrity, and Availability. CISSP Relevance The CIA Triad appears throughout all eight CISSP domains. Domain 1 introduces these concepts as the foundation for security program development. For deeper… Read More
Cloud Security Posture Management (CSPM) tools continuously monitor cloud environments for misconfigurations, compliance violations, and security risks. Misconfigured S3 buckets, overly permissive IAM roles, and publicly exposed databases are responsible for a significant portion of cloud breaches — CSPM tools… Read More
A cold site is a backup facility that provides basic infrastructure — power, cooling, physical space, and network connectivity — but no pre-installed equipment or data. Recovering to a cold site requires shipping hardware, installing software, and restoring from backups,… Read More
Compliance means meeting requirements established by laws, regulations, industry standards, and contractual obligations. Healthcare organizations comply with HIPAA, payment processors with PCI DSS, and public companies with SOX. Non-compliance can result in fines, legal liability, loss of business, and reputational… Read More
Configuration Management establishes and maintains consistent settings for systems throughout their lifecycle. It tracks hardware components, software versions, and configuration parameters. Configuration baselines define approved states, and monitoring detects unauthorized deviations. Without configuration management, organizations lose visibility into what’s deployed… Read More
Containerization packages an application and all its dependencies into an isolated unit — a container — that runs consistently across different computing environments. Containers share the host operating system kernel but are isolated from each other through namespace and control… Read More
Continuity of Operations (COOP) refers to the planning and procedures that ensure an organization can maintain essential functions during and after a disruptive event. While disaster recovery focuses on restoring IT systems, COOP addresses how the organization keeps operating when… Read More
A covert channel is a communication pathway that transfers information in ways the system was not designed to allow, bypassing security policies by using resources in unintended ways. A covert storage channel manipulates the contents or existence of a storage… Read More
Cross-Site Scripting (XSS) is a web application vulnerability where attackers inject malicious scripts into pages viewed by other users. When a site fails to properly sanitize user-supplied content, an attacker can embed JavaScript that executes in visitors’ browsers, stealing session… Read More
A cryptographic hash is a fixed-length output produced by running data through a hash algorithm like SHA-256. The same input always produces the same hash, but even a single character change produces a completely different output — making hashes ideal… Read More
Cryptography is the science of protecting information by transforming it into a form unreadable without the appropriate key. Modern cryptography relies on mathematical problems that are computationally infeasible to solve without the correct key, such as factoring large prime numbers… Read More
Data Classification assigns labels to information based on sensitivity and the impact of unauthorized disclosure. Government systems typically use Unclassified, Confidential, Secret, and Top Secret. Commercial organizations might use Public, Internal, Confidential, and Restricted. Classification determines handling requirements, storage controls,… Read More
Data Loss Prevention (DLP) technologies identify, monitor, and protect sensitive data to prevent unauthorized disclosure. DLP inspects data at rest (storage), in motion (network traffic), and in use (endpoints) to detect policy violations. When sensitive data like credit card numbers… Read More
Data masking replaces sensitive data with realistic but fictional substitutes that preserve the format and structure of the original. A Social Security number might be masked as a different nine-digit number. Masked data can be used for testing, development, and… Read More
A data retention policy defines how long different categories of data must be kept before they can be securely deleted. Retention requirements come from regulatory mandates like HIPAA (six years for certain records) and SEC rules (seven years for financial… Read More
Data sovereignty refers to the principle that data is subject to the laws and governance of the country in which it is stored or processed. As organizations move workloads to cloud providers, data may physically reside in multiple jurisdictions simultaneously… Read More
Defense in depth is the security strategy of layering multiple independent controls so that the failure of any single control does not result in a successful breach. When an attacker breaks through the first line of defense, they encounter a… Read More
Defense in Depth is a security strategy that layers multiple protective mechanisms so that if one control fails, others continue to provide protection. CISSP Relevance Defense in Depth is a core concept in Domain 3 (Security Architecture and Engineering) and… Read More
Degaussing permanently erases data from magnetic storage media by exposing it to a powerful magnetic field that randomizes the magnetic alignment, making previously stored data unrecoverable. It is used for hard disk drives and magnetic tape at end of life… Read More
A Digital Certificate is an electronic document that binds a public key to an identity, verified and signed by a trusted Certificate Authority. When you connect to a website via HTTPS, the server presents its certificate proving it owns the… Read More
Digital forensics is the discipline of recovering, preserving, and analyzing electronic evidence in ways that maintain its integrity and admissibility for legal proceedings. Forensic investigators examine hard drives, memory, network logs, and cloud storage to reconstruct what happened during an… Read More
A Digital Signature is a cryptographic mechanism that provides authentication, integrity, and non-repudiation for digital documents and messages. The signer uses their private key to sign a hash of the document. Anyone can verify the signature using the signer’s public… Read More
Disaster Recovery (DR) focuses on restoring IT systems and data after a major disruption. While business continuity keeps the organization running, disaster recovery specifically addresses technology restoration—servers, networks, applications, and data. DR planning identifies critical systems, establishes recovery priorities, and… Read More
Discretionary Access Control (DAC) is an access control model where the owner of a resource decides who can access it and what they can do with it. Standard file system permissions on Windows and Unix/Linux systems implement DAC — the… Read More
Egress filtering controls and monitors outbound network traffic leaving an organization’s network, blocking or logging connections that violate security policy. While most organizations focus heavily on blocking inbound threats, egress filtering addresses the other half of attacker activity: communicating with… Read More
Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using mathematical algorithms and keys. Only parties with the correct decryption key can reverse the process. Encryption protects data confidentiality whether data is at rest (stored), in transit (network communications),… Read More
Endpoint Detection and Response (EDR) solutions continuously monitor activity on endpoints, recording process activity, file system changes, network connections, and registry modifications. When suspicious behavior occurs, EDR platforms alert analysts and provide the telemetry needed to investigate and contain the… Read More
An exploit is code or a technique that takes advantage of a vulnerability to cause unintended behavior — gaining unauthorized access, escalating privileges, crashing services, or executing arbitrary commands. A vulnerability is the weakness; an exploit is the mechanism that… Read More
Failover is the automatic switching to a standby system when a primary component fails or becomes unavailable. The defining characteristic is automation — failover happens without human intervention, which separates it from manual switchover procedures. For mission-critical systems, the time… Read More
Federated identity allows a user’s identity verified by one organization to be trusted and accepted by other organizations without requiring separate credentials for each. When you log into a third-party application using your Google or Microsoft account, federation is in… Read More
A Firewall is a network security device that monitors and controls traffic based on defined security rules. Firewalls enforce boundaries between trusted and untrusted networks, permitting authorized communications while blocking malicious or unauthorized traffic. They are fundamental to network security… Read More
Governance is the framework of policies, procedures, and organizational structures that direct and control security activities. It ensures security aligns with business objectives, resources are allocated appropriately, risks are managed consistently, and accountability is clear. Governance comes from the board… Read More
Hardening reduces a system’s attack surface by disabling unnecessary services, removing default accounts, applying security patches, restricting file permissions, and configuring security settings to meet established standards. A freshly installed operating system comes with many features enabled by default that… Read More
A Hash Function is a one-way mathematical algorithm that converts input data of any size into a fixed-size output (hash value or digest). The same input always produces the same hash, but even tiny changes produce completely different outputs. Hashing… Read More
A honeynet is a network of intentionally vulnerable and monitored systems designed to attract attackers and study their techniques. Where a honeypot is a single decoy system, a honeynet creates an entire deceptive environment of fake servers, workstations, and services… Read More
A hot site is a fully operational backup facility that mirrors the primary environment in real time, with identical hardware, software, network connectivity, and data. Operations can switch to the hot site within minutes or hours — sometimes automatically. Hot… Read More
Identity and Access Management (IAM) is the discipline of ensuring the right people have the right access to the right resources at the right time — and that this is provable, auditable, and revocable. IAM encompasses authentication (proving who you… Read More
Identity governance is the framework of policies, processes, and technologies that ensure the right people have the right access to the right systems at the right time, continuously reviewed, certified, and cleaned up when no longer needed. Access creep is… Read More
Incident Response is the organized approach to addressing and managing security incidents. When a breach occurs, phishing succeeds, or malware spreads, incident response procedures guide the organization through detection, containment, eradication, recovery, and lessons learned. Speed and coordination are essential… Read More
An insider threat originates from people who already have legitimate access — employees, contractors, partners, or former staff whose credentials were not properly revoked. Insider threats are particularly difficult to detect because the access itself is authorized. Insider threats fall… Read More
An Intrusion Detection System (IDS) monitors network traffic or system activity for malicious behavior and policy violations. When suspicious activity is detected, the IDS generates alerts for security analysts to investigate. Unlike firewalls that block traffic, IDS observes and reports… Read More
An Intrusion Prevention System (IPS) extends IDS capabilities by actively blocking detected threats rather than just alerting. Positioned inline with network traffic, IPS can drop malicious packets, terminate connections, or block source addresses in real time. This provides automated response… Read More
Kerberos is a network authentication protocol that uses tickets to allow nodes communicating over an insecure network to prove their identity securely. Developed at MIT and adopted as the default authentication protocol in Windows Active Directory, Kerberos enables single sign-on… Read More
Key Management encompasses the policies, procedures, and technology for handling cryptographic keys throughout their lifecycle. This includes key generation using secure random number generators, distribution through secure channels, storage in protected hardware or key vaults, rotation on defined schedules, and… Read More
Least Privilege is a security principle requiring that users, processes, and systems receive only the minimum permissions necessary to perform their functions. CISSP Relevance Least Privilege is emphasized in Domain 5 (Identity and Access Management) and Domain 7 (Security Operations)…. Read More
Least Privilege is a security principle requiring that users, processes, and systems receive only the minimum permissions necessary to perform their functions. A database administrator needs database access but not necessarily access to financial systems. A web server process needs… Read More
Log Management encompasses the collection, storage, protection, analysis, and retention of system and security logs. Logs record events including authentication attempts, system changes, network connections, and application activities. This data is essential for security monitoring, incident investigation, compliance, and forensics…. Read More
Malware is malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Categories include viruses (attach to programs and spread), worms (self-replicate across networks), trojans (disguised as legitimate software), ransomware (encrypts data for extortion), spyware (covert surveillance),… Read More
A man-in-the-middle (MitM) attack occurs when an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly. The attacker reads and sometimes modifies messages in transit without either party’s knowledge. Common MitM techniques include… Read More
Mandatory Access Control (MAC) is a security model where the operating system enforces access decisions based on labels assigned to subjects and objects. Unlike discretionary access control, users cannot override these decisions — the system determines who can access what… Read More
Maximum Tolerable Downtime (MTD) is the longest period an organization can survive without a particular system before the disruption causes unacceptable harm — financial loss beyond recovery, permanent customer defection, regulatory violation, or organizational failure. MTD sets the outer boundary… Read More
Multi-Factor Authentication (MFA) requires users to provide two or more verification factors from different categories before gaining access. The three categories are knowledge (passwords), possession (tokens, phones), and inherence (biometrics). Using two passwords is not MFA because both are knowledge… Read More
Need to Know restricts access to information based on job requirements, even if someone has appropriate security clearance. Having a Top Secret clearance does not grant access to all Top Secret information—you must also demonstrate a legitimate need for specific… Read More
Network segmentation divides a network into smaller, isolated zones so a breach in one area cannot spread freely. A flat network where every device can communicate with every other is a dream scenario for attackers who gain any foothold. Common… Read More
Non-repudiation is the security property that prevents a party from denying they took a specific action. If an employee sends an email, approves a transaction, or modifies a record, non-repudiation mechanisms ensure they cannot later claim the action never happened… Read More
Patch Management is the process of acquiring, testing, and deploying software updates to fix vulnerabilities and bugs. Vendors release patches when they discover security flaws; organizations must apply them before attackers exploit the vulnerabilities. Delays in patching are a leading… Read More
Penetration Testing simulates real-world attacks to identify vulnerabilities that could be exploited. Unlike vulnerability scanning which identifies potential weaknesses, penetration testing actively attempts exploitation to demonstrate actual risk. Testers use the same techniques as attackers to find paths into systems… Read More
Phishing is a social engineering attack that uses deceptive emails, messages, or websites to trick victims into revealing sensitive information or taking harmful actions. Attackers impersonate trusted entities—banks, employers, service providers—to convince victims to enter credentials, transfer money, or download… Read More
Physical security encompasses measures that protect facilities, hardware, and personnel from physical threats including unauthorized entry, theft, vandalism, environmental hazards, and espionage. An attacker with physical access to a server can bypass most logical controls entirely. Physical security is layered:… Read More
Public Key Infrastructure (PKI) is the framework of policies, procedures, hardware, software, and roles for creating, managing, distributing, and revoking digital certificates. PKI enables entities to verify each other’s identities and establish encrypted communications without prior arrangement. It underpins HTTPS,… Read More
Privileged Access Management (PAM) controls, monitors, and audits access by accounts with elevated permissions — system administrators, database administrators, and service accounts that can make sweeping changes. These accounts are the highest-value targets for attackers. PAM solutions enforce just-in-time access,… Read More
A proxy server acts as an intermediary between clients and servers, forwarding requests on behalf of clients and returning responses. From the destination server’s perspective, the request comes from the proxy, not the original client. This provides privacy, enables content… Read More
Public Key Infrastructure (PKI) is the framework of hardware, software, policies, and procedures used to create, manage, distribute, store, and revoke digital certificates and manage public-key encryption. PKI makes it possible for two parties who have never met to establish… Read More
Quantum cryptography uses the principles of quantum mechanics to secure communications in ways that are theoretically impossible to intercept without detection. Quantum Key Distribution (QKD) allows two parties to generate a shared encryption key where any eavesdropping attempt disturbs the… Read More
Ransomware is malicious software that encrypts a victim’s files or systems and demands payment in exchange for the decryption key. Modern ransomware groups operate with negotiation teams and tiered pricing based on the size of the target organization. The threat… Read More
Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time. If the RPO is one hour, backups must occur at least hourly so that recovery loses no more than one hour of transactions. RPO answers:… Read More
Recovery Time Objective (RTO) is the maximum acceptable time that a system, application, or process can be unavailable after a disruption. If the RTO for email is four hours, the disaster recovery plan must restore email service within four hours… Read More
Residual risk is the risk that remains after security controls have been applied. No control eliminates risk entirely. Residual risk must be formally accepted by senior management before a system goes into production. Documenting residual risk is not a sign… Read More
Risk appetite is the amount and type of risk an organization is willing to accept in pursuit of its objectives. It is a strategic choice made by executive leadership and the board, not a technical determination. An aggressive fintech startup… Read More
Risk Assessment identifies and evaluates risks to organizational assets. The process inventories assets, identifies threats and vulnerabilities, estimates likelihood and impact, and calculates risk levels. Results inform decisions about which risks to address and how to allocate security resources. Quantitative… Read More
Risk Management is the ongoing process of identifying, assessing, and responding to risks that could impact organizational objectives. In information security, this means understanding threats to assets, evaluating vulnerabilities that could be exploited, and implementing controls to reduce risk to… Read More
Risk transfer is a risk response strategy where an organization shifts the financial consequences of a risk to another party. Cyber liability insurance is the most common form — the organization pays premiums to an insurer who agrees to cover… Read More
Role-Based Access Control (RBAC) assigns permissions to roles rather than individual users. A “Finance Analyst” role has access to financial systems, and anyone assigned that role inherits those permissions. When someone changes jobs, administrators modify role assignments rather than individual… Read More
The Secure Software Development Lifecycle (SSDLC) integrates security activities into every phase of software development. Instead of treating security as a final checkpoint before release, SSDLC makes it an ongoing responsibility shared by developers, security teams, and operations staff. Microsoft’s… Read More
Security architecture is the design discipline that aligns security capabilities with business requirements, defines security domains and their relationships, and establishes principles that guide technology and process decisions across an organization. A security architect designs the structure within which all… Read More
A Security Audit is an independent examination of security controls, policies, and practices against established criteria. Internal audits are conducted by the organization’s own audit function, while external audits involve independent third parties. Audits verify that controls exist, operate effectively,… Read More
Security awareness training educates employees about security threats, organizational policies, and their individual responsibilities in protecting information and systems. People remain the most targeted entry point for attackers — phishing, vishing, and social engineering attacks succeed because they exploit human… Read More
Security Awareness Training educates employees about security threats, policies, and their role in protecting organizational assets. Training covers topics like phishing recognition, password security, data handling, physical security, and incident reporting. The goal is building a security-conscious culture where employees… Read More
A security baseline is the minimum set of security controls every system must meet before deployment — the floor, not the ceiling. It defines what secure enough to connect means for a given organization or system type. Baselines are drawn… Read More
Security by Design means building security controls into systems from the beginning rather than adding them after development is complete. Security is far cheaper and more effective when it shapes design decisions from the start. In practice, developers consider authentication,… Read More
A security control is any safeguard or countermeasure designed to protect the confidentiality, integrity, or availability of information and systems. Controls are classified by type: preventive stop attacks, detective identify attacks in progress, and corrective restore systems after an incident…. Read More
A security framework is a structured set of guidelines, standards, and best practices that organizations use to manage cybersecurity risk systematically. Rather than building a security program from scratch, organizations adopt frameworks that provide proven structures and measurable criteria for… Read More
Security metrics are quantitative measurements used to evaluate the effectiveness of a security program, track progress toward security goals, and communicate security posture to leadership. Good metrics are specific, measurable, and tied to business outcomes rather than just technical activity… Read More
Security operations encompasses the ongoing activities required to maintain the security posture of an organization — monitoring for threats, responding to incidents, managing vulnerabilities, conducting investigations, and keeping security technologies functioning. Where security architecture designs the protective structure, security operations… Read More
A Security Operations Center (SOC) is a centralized team responsible for monitoring, detecting, analyzing, and responding to security incidents around the clock. SOC analysts watch dashboards fed by SIEM platforms, investigate alerts, escalate confirmed incidents, and coordinate response efforts. Mature… Read More
A Security Operations Center (SOC) is the centralized function that monitors, detects, investigates, and responds to security events. SOC analysts watch dashboards, investigate alerts, hunt for threats, and coordinate incident response. The SOC serves as the organization’s security nerve center,… Read More
A Security Policy is a high-level document that defines the organization’s security objectives, scope, roles and responsibilities, and commitment to protecting information assets. Policies are approved by senior management and establish the foundation for all other security documentation. They state… Read More
A security token is a physical or digital object used to prove identity during authentication. Physical tokens generate time-based one-time passwords (TOTP) that change every 30 seconds. Digital tokens like OAuth bearer tokens are strings of data that grant access… Read More
Separation of Duties (SoD) divides critical tasks among multiple people so that no single individual can complete a high-risk process alone. The person who requests a purchase order cannot also approve it. The developer who writes code cannot deploy it… Read More
Security Information and Event Management (SIEM) aggregates log data from across the enterprise, correlates events to identify threats, and provides dashboards and alerts for security operations. SIEM combines Security Information Management (SIM) for log collection and analysis with Security Event… Read More
Single Sign-On (SSO) allows users to authenticate once and access multiple applications without re-entering credentials. A user logs into the corporate identity provider in the morning and can then access email, file shares, HR systems, and cloud applications seamlessly throughout… Read More
Social Engineering manipulates people into performing actions or divulging confidential information. Rather than exploiting technical vulnerabilities, attackers exploit human psychology—trust, helpfulness, fear, urgency, and authority. Techniques include pretexting (fabricated scenarios), baiting (malware-laden devices), tailgating (following through secured doors), and quid… Read More
Software Defined Networking (SDN) separates the control plane — which decides where traffic goes — from the data plane — which actually forwards the traffic. In traditional networking, both functions live in the same physical device. SDN centralizes control in… Read More
Spear phishing is a targeted form of phishing where attackers research specific individuals and craft highly personalized messages designed to deceive that particular target. Unlike mass phishing campaigns with generic lures, spear phishing emails reference the target’s name, role, colleagues,… Read More
SQL injection is an attack where malicious SQL code is inserted into a query an application sends to its database. When user input is not properly validated, an attacker can manipulate the query to extract data, bypass authentication, modify records,… Read More
Steganography is the practice of hiding a secret message within an ordinary file so that the existence of the message is concealed. Unlike encryption, which protects the content of a message, steganography hides the fact that a message exists at… Read More
A supply chain attack targets less-secure elements in a software or hardware supply chain rather than attacking the final target directly. The SolarWinds breach of 2020 is the defining example: attackers compromised a software update mechanism used by thousands of… Read More
Symmetric Encryption uses the same key for both encryption and decryption. Both parties must possess the shared secret key before communicating securely. Symmetric algorithms are fast and efficient, making them suitable for encrypting large amounts of data. The challenge is… Read More
Third-party risk management (TPRM) identifies, assesses, and controls risks introduced by vendors, suppliers, contractors, and partners who access an organization’s systems or data. Organizations cannot outsource accountability — a vendor breach that exposes customer data is still the organization’s problem… Read More
A Threat is any potential cause of an unwanted incident that could result in harm to a system, organization, or individual. Threats can be natural (earthquakes, floods), human (hackers, disgruntled employees), or environmental (power failures, HVAC malfunctions). Threat actors range… Read More
Threat intelligence is evidence-based knowledge about existing or emerging threats — who the attackers are, what techniques they use, which industries they target, and what indicators signal their activity. Good threat intelligence is specific, timely, and actionable. Threat intelligence comes… Read More
Threat modeling is a structured process for identifying, evaluating, and prioritizing potential threats to a system before they are exploited. Frameworks like STRIDE systematically work through how attackers might target an application or infrastructure. Done well, threat modeling shifts security… Read More
Tokenization replaces sensitive data with a randomly generated placeholder called a token. The token has no mathematical relationship to the original data, so stealing it provides no value to an attacker. A secured token vault maintains the mapping between tokens… Read More
A Virtual Private Network (VPN) creates an encrypted tunnel over public networks, enabling secure communication between endpoints. Remote workers use VPN to connect securely to corporate resources over the internet. Organizations use site-to-site VPNs to link office locations over public… Read More
A Vulnerability is a weakness in a system, application, or process that could be exploited by a threat to cause harm. Vulnerabilities exist in software (unpatched code, buffer overflows), configurations (default passwords, open ports), processes (lack of access reviews), and… Read More
Vulnerability Assessment systematically identifies security weaknesses in systems, applications, and configurations. Automated scanners probe networks for known vulnerabilities, missing patches, weak configurations, and exposed services. Results prioritize findings based on severity, exploitability, and business impact. Unlike penetration testing, vulnerability assessment… Read More
Vulnerability disclosure is the process by which security researchers report discovered vulnerabilities to affected vendors or the public. Responsible disclosure involves privately notifying the vendor first, giving them a defined time period to develop a patch before details are made… Read More
Zero Trust is a security model that eliminates implicit trust based on network location. It assumes breach and verifies every access request regardless of where it originates. CISSP Relevance Zero Trust connects Domain 3 (Security Architecture), Domain 4 (Network Security),… Read More
Zero Trust is a security model that eliminates implicit trust based on network location. Traditional security assumed that users and devices inside the corporate network were trustworthy. Zero Trust assumes breach and verifies every access request regardless of where it… Read More
A zero-day vulnerability is a software flaw unknown to the vendor with no patch available. Attackers who discover zero-days can exploit them freely until the vendor learns of the issue and releases a fix. Zero-days are among the most dangerous… Read More