A cognitive model used by the threat intelligence community to describe a specific event. It is based on the notion that an event has four characteristics.

A fairly simple design, with the top row of the matrix covering activities such as initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, command and control, exfiltration, and impact.

Malware that denies access to the victim data, threatening to publish or delete it unless a ransom is paid

A model developed as a military form of engagement framework. This model has a series of distinct steps that an attacker uses during a cyberattack.

A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object, also known as white box testing.

A method of software testing that examines the functionality of an application without peering into its internal structures or workings, also known as black box testing.

A test methodology that focuses on cloud infrastructure, which can create exposure from network, application, and configuration vulnerabilities that can result in external access to company credentials, internal systems, and sensitive data.

A test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object, also known as gray box testing.

The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.

A technique used to identify hosts/host attributes and associated vulnerabilities.

An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

An Individual or organization having a right, share, claim, or interest in a system or in its possession of characteristics that meet their needs and expectations.

An Individual or organization having a right, share, claim, or interest in a system or in its possession of characteristics that meet their needs and expectations. 

A technique used to identify hosts/host attributes and associated vulnerabilities.

The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.

A collection of interconnected computer networks.

A collection of interconnected computer networks.

The latest iteration of cellular technology, engineered to greatly increase the speed and responsiveness of wireless networks.

The application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks.

A cognitive model used by the threat intelligence community to describe a specific event.

A technique used to identify hosts/host attributes and associated vulnerabilities.

The ability for an attacker to maneuver and go deeper within your network to attain data and information. 

The the exploitation of a bug or flaw that allows for a higher privilege level than what would normally be permitted.

An information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.