Watch:  Plurilock FY2024 Earnings Call

Live Now:  
Contact us today.Phone: +1 888 776-9234Email: sales@plurilock.com

Cybersecurity Reference

Highlighted Solutions

Highlighted Threats

Highlighted Incidents

Topic Deep Dives

How Do I

Cybersecurity Glossary / Quick Reference

Threat and Attack Terms

Abuse of Trust

Access Broker (AB)

Account Enumeration

Account Misbinding

Account Recovery Abuse

Account Takeover (ATO)

Active Reconnaissance

Advanced Persistent Threat (APT)

Adversary Objectives

Adversary Tradecraft

Adversary-in-the-Middle (AiTM)

Anomalous Authentication

Application Layer Attack

Attack Lifecycle

Attack Path

Backdoor Account

Botnet

Brute Force Attack (BFA)

Business Logic Flaw

Cloud Misconfiguration

Command and Control (C2)

Compromise Path

Credential Exposure

Credential Harvesting

Credential Sharing

Credential Stuffing

Data Breach

Data Exfiltration Path

Defense Evasion

Denial of Service (DoS)

Deployment Attack Path

Dictionary Attack

Distributed Denial of Service (DDoS)

Domain Fronting

Employee Substitution

Exfiltration Readiness

Exploit Chaining

Exploit Kit

Exploit Readiness

Exploitability

Identity Spoofing

Inference Abuse

Initial Access Vector

Insider Threat

Intrusion

Lateral Movement

Lateral Privilege Escalation

License Sharing

Living-off-the-Land (LotL)

Memory Injection

Model Hallucination Risk

Payload

Phishing

Post-Exploitation

Prompt Injection

Ransomware

Remote Access Trojan (RAT)

Remote Code Execution (RCE)

Rootkit

Rubber Ducky Attack

Security Control Bypass

Silent Intrusion

Social Engineering

Spam

Spear Phishing

Tactics

Threat Actor

Threat Vector

Token Theft

Training Data Poisoning

Trojan Horse

Unauthorized Credential Use

User Carelessness

Virus

Voice Phishing (Vishing)

Watering Hole Attack

Worm

 

General Cybersecurity Terms

Abuse Case

Access Path Analysis

Account Hygiene

Active Defense

Adversary Emulation

Adversary Playbook

AI Attack Surface

AI Model Exposure

Alert Fatigue

Allowlisting

API Penetration Testing

API Security

Application Attack Surface

Application Hardening

Application Security Testing

Asset Attribution

Asset Discovery

Asset Exposure

Asset Inventory

Assume Breach

Attack Graph

Attack Hypothesis

Attack Path Enumeration

Attack Path Inheritance

Attack Preconditions

Attack Readiness

Attack Replay

Attack Scenario

Attack Simulation

Attack Success Criteria

Attack Surface

Attack Surface

Attack Surface Reduction (ASR)

Attribution

Authentication Context

Authentication Strength

Authorization Drift

Authorization Graph

Baseline Deviation

Behavior Drift

Black Box Testing

Blast Radius Analysis

Blue Team

Breach Containment

Breach Impact Analysis

Bring Your Own Device (BYOD)

Bug Bounty Program

Campaign Correlation

Campaign-Based Testing

Capability-Based Testing

Cloud Control Validation

Cloud Identity Drift

Cloud Native Security

Cloud Penetration Testing

Cloud Permission Sprawl

Cloud Risk Posture

Cloud Security Architecture

Cloud Security Assessment

Compromise Assessment

Compromise Dwell Analysis

Computer Emergency Response Team (CERT)

Conditional Access

Confidence Scoring

Configuration Drift

Container Security

Containment

Containment Strategy

Contextual Access Control

Contextual Threat Intelligence

Continuous Discovery

Continuous Identity Assurance

Continuous Monitoring

Continuous Red Teaming

Continuous Threat Exposure Management (CTEM)

Counter-Incident Operations

Counterfactual Attack Modeling

Credential Lifecycle

Critical Asset Protection

Crown Jewel Analysis

Cryptographic Agility

Customer Identity and Access Management (CIAM)

Cyber Kill Chain

Cyber Resilience

Dark Web Monitoring

Data Access Path

Data at Rest

Data Contextualization

Data Exposure Risk

Data Flow Mapping

Data in Transit

Data Loss Prevention (DLP)

Data Usage Analytics

Defense-in-Depth

Defensibility Assessment

Defensible Security Program

Detection Confidence

Detection Coverage Mapping

Detection Efficacy

Detection Engineering

Detection Gap Analysis

Detection Latency

Detection-as-Code (DaC)

Device Trust Posture

Digital Exhaust

Digital Forensics and Incident Response (DFIR)

Digital Trust

Directory Services Hardening

Distributed Trust Model

DNS Security

Dwell Time

Emulation-Based Testing

Endpoint Detection and Response (EDR)

Endpoint Hardening

Environment Parity Risk

Environmental Drift

Ephemeral Asset Risk

Executive Tabletop

Exposure Management

Exposure Validation

Extended Detection and Response (XDR)

False Acceptance Rate (FAR)

False Negative

False Rejection Rate (FRR)

First Responder Playbook

Forensic Readiness

Forward Defense

Forward Incident Response

Fraud Signal Correlation

Full-Scope Red Team

Fuzzing

Gray Box Testing

High-Value Asset (HVA)

Hybrid Red Team

ICS and SCADA Security Testing

Identity and Access Management (IAM or IdM)

Identity Assurance

Identity Attack Surface

Identity Blast Radius

Identity Context

Identity Correlation

Identity Factor

Identity Lifecycle Risk

Identity Posture

Identity Proofing

Identity Threat Detection and Response (ITDR)

Identity-as-a-signal

In-Band

In-session detection

Incident Classification

Incident Escalation Matrix

Incident Response (IR)

Incident Response Team (IRT)

Incident Severity Rating

Incident Triage

Indicators of Compromise (IOC)

Information Flow Control

Information Security

Infrastructure Drift

Infrastructure Exposure

Insider Risk Program

Integrity Monitoring

Invisible Authentication

IP Data Mapping

IP Exposure Surface

Isolation Strategy

Just-Enough-Access (JEA)

Just-in-Time Access (JIT)

Kerberos

Kill Chain Disruption

Kill Chain Mapping

Kill Switch

Knowledge-Based Authentication (KBA)

Kubernetes Security

Lateral Exposure

Least Privilege Enforcement

Lessons Learned

Log Integrity

Logging Coverage

Machine Identity

Machine-to-Machine Identity (M2M)

Malware

Mean Time to Detect (MTTD)

Mean Time to Resolution (MTTR)

Misuse Case

Mitre ATT&CK Framework

Mobile Application Security Testing (MAST)

Mobile Penetration Testing

Model Integrity

Multi-factor Authentication

Network Penetration Testing

Non-Human Identity (NHI)

Non-repudiation

Operational Decision Latency

Operational Dwell Reduction

Operational Security Effectiveness

Operational Technology Security (OT Security)

Orphaned Account

Out-of-Band (OOB)

Out-of-Policy Access

Passive Authentication

 

Technology Terms

Account Lifecycle Management (ALM)

Account Provisioning

Active Directory Federation Services (ADFS)

Advanced Authentication

Air-Gapped Network

Alert Correlation

Amazon Web Services (AWS)

Anomaly Detection

Antivirus (AV)

API Gateway

Application Control

Application Security Posture Management (ASPM)

Artificial Intelligence (AI)

Artificial Neural Networks (ANN)

Attribute-Based Access Control (ABAC)

Behavioral Biometrics

Behavioral DLP

Biometrics

Breach and Attack Simulation (BAS)

Certificate Authority (CA)

Cloud Access Security Broker (CASB)

Cloud Control Plane

Cloud Detection and Response (CDR)

Cloud Entitlement Management (CIEM)

Cloud Native Application Protection Platform (CNAPP)

Cloud Security Posture Management (CSPM)

Cloud Workload Protection Platform (CWPP)

Configuration Management Database (CMDB)

Continuous Access Evaluation (CAE)

Continuous Authentication

Counter Unmanned Aircraft Systems (C-UAS)

Cryptography

Data Encryption

Data Masking

Data Security Posture Management (DSPM)

Decision Automation

Decryption

Demilitarized Zone (DMZ)

Device-free MFA

DevSecOps Pipeline

Digital Certificate

Digital Signature

Dynamic Access Control

Dynamic Application Security Testing (DAST)

Egress Filtering

Encryption

Endpoint

Face ID or Facial Recognition

Federated Authorization

Federated Identity or Identity Federation

Fingerprint Scan

Firewall

Hashing

Honeypot

Host-Based Intrusion Detection System (HIDS)

Identity Control Plane

Identity Fabric

Identity Governance and Administration (IGA)

Identity Risk Engine

Identity Signal

Identity-Aware Proxy (IAP)

Industrial Control Systems (ICS)

Infrastructure as Code (IaC)

Integrated GRC Platform

Internet of Things (IoT)

Intrusion Detection System (IDS)

Intrusion Prevention System (IPS)

IT Asset Management (ITAM)

Key Management Service (KMS)

Keystroke Dynamics

Large Language Model (LLM)

Machine Learning

Managed Detection and Response (MDR)

Managed Security Service Provider (MSSP)

Micro-Segmentation

Mouse Dynamics

Multi-Tenancy

National Vulnerability Database (NVD)

Network Access Control (NAC)

Network Segmentation

Network-Based Intrusion Detection System (NIDS)

Next-Generation Firewall (NGFW)

Penetration Testing as a Service (PTaaS)

Policy Decision Point (PDP)

Policy Enforcement Point (PEP)

Policy-as-Code (PaC)

Proxy Server

Public Key Infrastructure (PKI)

Retina Scanner or Iris Scanner

Robotic Process Automation (RPA)

Runtime Application Self-Protection (RASP)

Secure Access Service Edge (SASE)

Secure Web Gateway (SWG)

Security Operations Center (SOC)

Security Orchestration, Automation, and Response (SOAR)

SMS Authentication

Software Composition Analysis (SCA)

Software Development Lifecycle (SDLC)

Software-Defined Perimeter (SDP)

Static Application Security Testing (SAST)

Step-up Authentication

Supervisory Control and Data Acquisition (SCADA)

Threat Feed

Threat Intelligence Platform (TIP)

Tokenization

Trust Evaluation Engine

User Friction

Virtual Desktop Infrastructure (VDI)

Virtual Private Network (VPN)

Vulnerability Scanning

Web Application Firewall (WAF)

Zero Trust Architecture (ZTA)

Zero Trust Network Access (ZTNA)

 

Compliance Terms

23 NYCRR 500

Access Governance

Access Review

Access Transparency

Annualized Loss Expectancy (ALE)

Application Risk Profiling

Asset Criticality

Asset Ownership

Attestation

Audit Evidence

Audit Fatigue

Audit Program

Audit Scope Creep

Audit Trail Integrity

Authentication Assurance Level (AAL)

Board Risk Appetite Statement

Board Risk Reporting

Business Continuity Plan (BCP)

Business Disruption Modeling

Business Impact Analysis (BIA)

Business-Aligned Risk

Capability Maturity Model (CMM)

Chain of Custody

Change Control

Chief Information Security Officer (CISO)

CIS Critical Security Controls (CIS CSC)

Cloud Identity Governance

Compensating Control

Compliance Evidence Automation

Compliance Gap Analysis

Compliance Mapping

Compliance Scope Definition

Configuration Baseline

Continuous Authorization

Continuous Authorization to Operate (cATO)

Continuous Controls Monitoring (CCM)

Control Cost Efficiency

Control Coverage Gap

Control Effectiveness

Control Framework

Control Inheritance

Control Objective

Control Overlap

Control Rationalization

Control Testing

Control Validation

Control-to-Risk Traceability

Crisis Decision Velocity

Crisis Management

Cyber Operating Model

Cyber Risk Appetite

Cyber Risk Economics

Cyber Risk Quantification (CRQ)

Cyber Risk Register

Cyber Supply Chain Risk Management (C-SCRM)

Cybersecurity Maturity Assessment

Cybersecurity Maturity Model Certification (CMMC)

Data Access Governance (DAG)

Data Classification

Data Minimization

Data Residency

Data Retention Policy

Data Risk Scoring

Data Sovereignty

DevSecOps Maturity Model

Disaster Recovery Plan (DRP)

Dodd-Frank Act

Dynamic Risk Scoring

eDiscovery

Electronic Health or Medical Records (EHR or EMR)

Electronic Protected Health Information (ePHI or PHI)

Enterprise Risk Management (ERM)

Enterprise Risk Register

Entitlement Review

Evidence Collection

Evidence Freshness

Executive Cyber Fluency

Factor Analysis of Information Risk (FAIR)

Family Educational Rights and Privacy Act (FERPA)

Federal Information Security Management Act (FISMA)

Federal Risk and Authorization Management Program (FedRAMP)

FFIEC Infosec Booklet

Financial Risk Modeling

FIPS Publication 200

Fourth-Party Exposure

Fourth-Party Risk

Governance

Governance Framework

Governance, Risk, and Compliance (GRC)

Gramm-Leach-Bliley Act (GLBA)

Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA)

Incident Response Plan (IRP)

Inherent Risk

Intellectual Property (IP)

IP Concentration Risk

ISO 27001

Key Performance Indicator (KPI)

Key Risk Indicator (KRI)

Loss Event Frequency (LEF)

Loss Magnitude

Material Cyber Risk

Materiality Threshold

Mission Impact Modeling

Multi-Cloud Governance

National Futures Association Rulebook (NFA Rulebook)

National Institute of Standards and Technology Publication 800-171 (NIST 800-171)

National Institute of Standards and Technology Publication 800-53

NIST Cybersecurity Framework (NIST CSF)

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP v5)

Operational Dependency Risk

Operational Resilience

Payment Card Industry Data Security Standard (PCI DSS)

Plan of Action and Milestones (POA&M)

Probable Loss Exposure (PLE)

Recovery Point Objective (RPO)

Recovery Time Objective (RTO)

Regulatory Compliance

Residual Risk

Risk Acceptance

Risk Acceptance Rationale

Risk Aggregation

Risk Aggregation Bias

Risk Communication

Risk Confidence Interval

Risk Decomposition

Risk Distribution Curve

Risk Heat Map

Risk Mitigation

Risk Normalization

Risk Owner

Risk Scenario Modeling

Risk Sensitivity Analysis

Risk Signal Quality

Risk Transfer

Risk Treatment

Risk Velocity

Sarbanes Oxley Act (SOX Act)

Scenario Severity Modeling

Securities and Exchange Commission (SEC)

Security Control Baseline

Security Control Ownership

Security Policy

Security Program Maturity

Security ROI

Service Organization Control 2 (SOC 2)

Shared Responsibility Model

Software Bill of Materials (SBOM)

Stakeholder Impact Mapping

Supervisory Expectation Mapping

System Security Plan (SSP)

Third-Party Risk Management (TPRM)

Tolerance Threshold

Top Risk Narrative

Uncertainty Modeling

Vendor Concentration Risk

Vendor Risk Assessment

Zero Trust Maturity Model

 

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.