A code, sequence of commands, or piece of software designed to take advantage of weakness in the system.

A potential danger or harmful event that could negatively affect the CIA of the network or data

a specific method or pathway used by an attacker to gain unauthorized access to a computer system

A weakness or flaw in a system, application, or network that could be taken advantage of by an attacker

The likelihood and potential impact of a harmful event happening to the network or data.

Employing multiple layers of security controls, each designed to detect and prevent attacks at different stages

users should only have access to the minimum resources necessary to perform their intended tasks

Every access must be authenticated and authorized before being granted access to resources

Assigning different jobs to different servers.

The process of reducing the attack surface of devices, systems or networks.

Physical security measure that prevents unauthorized access by using an enclosed space with two interlocking doors

Ensures that no party in a communication can later deny their participation or the authenticity of their actions

The process of identifying threats and vulnerabilities and then defining countermeasures to prevent them.

Enables organizations to administer and maintain portable devices and drives and even wipe them, if stolen.

A physical security device designed to prevent theft or unauthorized removal of electronic devices like laptops, desktops

Ensuring that authorized users can access data and systems when they need them. Part of the CIA triad.

The protection from unauthorized access. Part of the CIA triad.

Records user activity and resource usage. Part of the AAA framework

Maintaining the accuracy and trustworthiness of data. Part of the CIA triad

Determines which resources a user can access after successfully authentication. Part of the AAA framework

Requires users to prove their identity using two or more distinct authentication factors before gaining access

A numeric code used for "what you know" factor of authentication and access control

Unique biological or behavioral characteristics based on the "what you are" authentication factor

Physical device or software app, that generate unique codes for "what you have" factor of authentication

A physical card with an embedded chip that can be used for "what you have" factor of authentication

An injection of a bogus destination for an IP address

An on-path attack where a Trojan horse installed on a victim's computer can modify web transactions.

Uses specific database language statements run for the purpose of getting or changing information in a

database

Type of ransomware that prevents access to files.

The overloading of a reserved space for data that can overwrite other parts of memory or grant unauthorized access

having backup systems and processes in place to ensure continued operation and data integrity in the event of a failure or cyberattack.

Copies all changes made since the last full backup

creates a complete copy of all data, including files, folders, and evvven the operating system, to a different location

isolates a computer or network from other networks, particularly the internet, to protect sensitive data

only backs up changes made since the previous backup