Cybersecurity Glossary

Access control refers to the process of regulating and managing the permissions and privileges granted to users or entities for accessing systems, networks, applications, or data. It ensures that only authorized individuals or processes can gain entry and perform specific actions within an environment.

Access management involves the practices and techniques used to control and monitor user access to resources, systems, and information. It includes processes such as user provisioning, authentication, Authorisation, and privilege management to ensure that access is granted appropriately based on defined policies and security requirements.

An access token is a credential used in authentication to prove the identity of a user or application. It is typically obtained after successful authentication and is used to gain access to protected resources or services without the need to reauthenticate for every request.

Account lockout is a security measure that automatically disables an account temporarily or permanently after a specified number of failed login attempts. It helps protect against brute force attacks by preventing unauthorised access through repeated login attempts.

Active Directory security refers to the measures and practices implemented to protect the Active Directory (AD) service, which is a centralized directory service used in Windows-based networks. It involves securing the AD infrastructure, including domain controllers, user accounts, group policies, and access controls, to prevent unauthorised access, data breaches, or disruptions.

An advanced persistent threat (APT) is a sophisticated and stealthy cyberattack in which an unauthorised actor gains and maintains prolonged access to a targeted network or system. APTs are typically carried out by skilled and well-resourced adversaries who aim to remain undetected while stealing sensitive information, disrupting operations, or establishing persistent control.

A deliberate attempt to manipulate or deceive AI models by introducing specially crafted inputs or perturbations.

Adversarial machine learning refers to the study and practice of designing and deploying machine learning models that are robust against malicious attempts to manipulate or deceive them. It involves developing techniques to detect and defend against adversarial attacks, such as data poisoning, evasion, or model manipulation, which can undermine the accuracy and integrity of machine learning systems.

Adware is a type of software that displays unwanted advertisements to users. While adware is often considered a nuisance, some forms of adware may also collect user data or track browsing habits, raising privacy concerns.

Agent-based security refers to a security approach that involves deploying specialised software agents or agents within systems, networks, or endpoints to monitor, detect, and respond to security threats. These agents can perform various security functions, such as antivirus scanning, intrusion detection, or behaviour monitoring, to enhance overall security posture.

A step-by-step procedure or set of rules followed to solve a specific problem or perform a particular task.

Anomaly detection is a technique used to identify patterns or behaviours that deviate significantly from normal or expected patterns. In cybersecurity, anomaly detection is applied to detect suspicious or malicious activities, such as unusual network traffic, unauthorised access attempts, or abnormal system behaviour, which may indicate a security breach or threat.

Anonymity refers to the state of being unidentified or untraceable. In the context of cybersecurity, anonymity is often desired to protect privacy or hide one's identity while accessing online services, communicating, or browsing the internet.

Anti-malware refers to software or tools designed to detect, prevent, and remove malicious software, commonly known as malware, from computer systems or networks. Anti-malware solutions encompass antivirus, anti-spyware, and other security technologies to safeguard against various types of malware threats, such as viruses, worms, Trojans, ransomware, and spyware.

Anti-spoofing refers to techniques and measures employed to prevent or detect attempts to impersonate or forge the identity of a system, user, or network device. It involves implementing controls and protocols to verify the authenticity of communication sources and prevent unauthorised access or data manipulation through spoofing attacks.

Antispyware refers to software or tools designed to detect, block, and remove spyware, which is a type of malicious software that collects information without the user's consent. Antispyware solutions help protect against unauthorised data gathering, privacy violations, and other harmful activities associated with spyware.

Antivirus software, commonly known as an antivirus, is a security solution that detects, prevents, and removes computer viruses and other malware. Antivirus programs employ various techniques, such as signature-based scanning, heuristic analysis, and behavioural monitoring, to identify and eliminate malicious code that can harm computer systems or compromise data.

API authentication refers to the process of verifying the identity and credentials of an application or user accessing an API (Application Programming Interface). It ensures that only authorized entities can interact with the API and perform specific actions or retrieve data.

API security encompasses the measures, protocols, and best practices employed to protect APIs from unauthorised access, data breaches, or misuse. It involves securing API endpoints, implementing access controls, using encryption, and applying authentication and Authorisation mechanisms to ensure the integrity, confidentiality, and availability of API resources.

Application security focuses on protecting software applications from security vulnerabilities and threats throughout their development, deployment, and maintenance lifecycle. It involves implementing security controls, conducting code reviews, performing security testing, and applying secure coding practices to mitigate the risks associated with application-level attacks.

Application whitelisting is a security approach that allows only pre-approved or trusted applications to run on a system or network while blocking or preventing the execution of unauthorised or unverified programs. By limiting the software that can execute, application whitelisting helps mitigate the risks associated with malicious or unauthorised software installations.

APT group refers to a coordinated and organized group of threat actors or cybercriminals who conduct advanced persistent threats (APTs) against specific targets. These groups often possess advanced technical capabilities, resources, and knowledge, and they operate with specific objectives, such as espionage, financial gain, or disruption of critical infrastructure.

ARP spoofing, also known as ARP poisoning, is a technique used to manipulate or intercept network traffic by falsifying Address Resolution Protocol (ARP) messages. It enables an attacker to associate their own MAC address with the IP address of another network device, leading to potential unauthorised access, data interception, or network disruptions.

AI systems that possess the ability to understand, learn, and apply knowledge across a wide range of tasks and domains, similar to human intelligence.

The branch of computer science that aims to create intelligent machines capable of performing tasks that typically require human intelligence, such as learning, problem-solving, and decision-making.

Artificial intelligence (AI) in cybersecurity refers to the application of AI techniques, such as machine learning, natural language processing, and neural networks, to enhance the detection, analysis, and response to security threats. AI is utilized to improve threat intelligence, automate security operations, detect anomalies, and develop predictive capabilities to combat evolving cyber threats.

A computational model inspired by the structure and function of biological neural networks, used for pattern recognition, classification, and prediction tasks.

Asset management involves the identification, categorization, and tracking of an organisation's physical and digital assets, including hardware, software, data, and network resources. It encompasses practices for inventory management, risk assessment, vulnerability management, and ensuring the security and availability of assets.

Asset protection refers to the measures and strategies implemented to safeguard an organisation's critical assets, including information, systems, infrastructure, and intellectual property, from unauthorised access, theft, damage, or loss. It involves implementing security controls, access management, backup and recovery plans, and other protective measures based on the value and criticality of the assets.

An audit trail is a chronological record or log that captures and documents events, activities, or actions occurring within a system, network, or application. It provides a traceable history of user interactions, system events, configuration changes, or data access, which is crucial for forensic analysis, compliance, and security investigations.

Authentication is the process of verifying the identity of a user, device, or entity attempting to access a system, network, or application. It involves presenting credentials, such as usernames and passwords, biometrics, tokens, or certificates, and validating them against trusted sources to grant appropriate access privileges.

Authorisation, also known as access control, is the process of granting or denying permissions, privileges, or rights to authenticated users or entities based on their identities, roles, or attributes. It ensures that only authorized individuals or processes can access specific resources, perform actions, or exercise certain privileges within a system or network.

Neural network architectures used for unsupervised learning and dimensionality reduction. Autoencoders aim to learn a compressed representation of input data by training an encoder and a decoder network to reconstruct the original input, enabling efficient data compression and feature extraction.

Vehicles equipped with AI and sensors to operate and navigate without human intervention, such as self-driving cars.

A backdoor is a hidden or unauthorised access point or method deliberately inserted into a system, application, or network by design or as a result of a security vulnerability. Backdoors provide a way for attackers to bypass normal authentication or gain unauthorised access for malicious purposes.

Backing up refers to the process of creating copies of data or system configurations and storing them in a separate location or medium to protect against data loss, system failures, or disasters. Backups enable the restoration of data and systems to a previous state in case of accidental deletion, hardware failures, or other incidents.

Backing up data involves creating duplicate copies of critical information or files and storing them securely to prevent data loss in case of hardware failures, natural disasters, cyberattacks, or human errors. It is an essential practice for data protection, recovery, and business continuity purposes.

A key algorithm used to train neural networks by computing the gradients of the loss function with respect to the model's parameters. Backpropagation propagates the error back through the network, allowing for efficient parameter updates and learning.

Backup and recovery testing is the process of verifying the effectiveness and reliability of backup systems and procedures by simulating data loss or system failures and testing the recovery capabilities. It ensures that backups are properly created, stored, and can be successfully restored when needed.

Baiting is a social engineering technique that involves enticing or tricking individuals into taking a specific action, such as clicking on a malicious link or opening an infected file, by offering something of value or interest. Baiting attacks often rely on curiosity or the promise of rewards to manipulate victims into compromising their security.

A probabilistic framework used to make predictions and update beliefs based on prior knowledge and observed data. Bayesian inference involves calculating posterior probabilities by combining prior probabilities and likelihood functions, allowing for principled uncertainty estimation and decision-making.

Probabilistic graphical models that represent and analyze uncertain relationships between variables, using Bayesian inference for reasoning and decision-making.

Behaviour-based detection is a cybersecurity approach that focuses on analysing and monitoring the behaviour of systems, users, or entities to identify and respond to suspicious or abnormal activities indicative of a security threat. It involves establishing baseline behaviour patterns and using anomaly detection techniques to identify deviations and potential threats.

Behavioural analytics involves analysing patterns of human or system behaviour to detect anomalies, threats, or security risks. By establishing baseline behaviour and using statistical or machine learning techniques, behavioural analytics can identify deviations, unusual activities, or indicators of compromise that may go unnoticed by traditional security controls.

Behavioural biometrics refers to the analysis and measurement of unique behavioural patterns and characteristics, such as typing rhythm, mouse movements, voice patterns, or swipe gestures, to verify or authenticate the identity of an individual. It is a form of biometric authentication that relies on behavioural traits rather than physical attributes.

Systematic errors or prejudices in AI models or algorithms that can lead to unfair or discriminatory outcomes.

Extremely large and complex datasets that require advanced tools and techniques to store, process, and analyze.

Binary code is a computer representation of data or instructions using a binary system of ones (1) and zeros (0). It is the fundamental language understood by computers, and all software and data are ultimately converted to binary code for processing and execution by the computer's hardware.

Biometric authentication is a method of verifying an individual's identity based on their unique biological or behavioural characteristics. It uses biometric traits, such as fingerprints, facial features, iris patterns, voiceprints, or behavioural patterns, to authenticate users and grant access to systems, applications, or data.

Biometric data refers to unique physical or behavioural characteristics that can be used for biometric authentication or identification purposes. It includes attributes such as fingerprints, facial features, iris or retinal patterns, hand geometry, voiceprints, or behavioural patterns like keystroke dynamics or gait recognition.

A biometric identifier is a distinctive feature or characteristic used to uniquely identify an individual based on their biological or behavioural traits. Examples of biometric identifiers include fingerprints, handprints, facial features, voiceprints, DNA profiles, or iris patterns.

A biometric template is a digital representation or mathematical model generated from an individual's biometric data, such as fingerprints, iris patterns, or facial features. The template is securely stored and used for comparison and matching during biometric authentication or identification processes.

Biometrics refers to the science and technology of measuring and analysing unique physical or behavioural characteristics of individuals for authentication, identification, or surveillance purposes. It encompasses biometric data collection, processing, analysis, and matching algorithms to establish and verify identities.

A black hat hacker is an individual or group of hackers who engage in unauthorised activities, exploit vulnerabilities, and violate computer security for personal gain, malicious intent, or criminal activities. Black hat hackers typically operate with malicious intent and are associated with cybercrime and illicit activities.

A blacklist is a list of entities, such as IP addresses, domains, or applications, that are identified as malicious, unauthorised , or prohibited. It is used in various security systems, such as firewalls, email filters, or web filtering tools, to block or restrict access to listed entities.

Blockchain security refers to the protection and integrity of data stored within a blockchain network. It involves ensuring the confidentiality, immutability, and availability of transactions and blocks by using cryptographic techniques, consensus algorithms, and network controls to prevent tampering, unauthorised access, or fraud.

Bluetooth security encompasses the measures and protocols employed to secure wireless communication between Bluetooth-enabled devices. It includes authentication, encryption, and pairing mechanisms to protect against unauthorised access, data interception, or device manipulation over Bluetooth connections.

A bot, short for robot, is a software program or script that performs automated tasks or actions on the internet. Bots can be beneficial, such as search engine crawlers or chatbots, but they can also be malicious, such as malware bots or bots used in DDoS attacks or spam campaigns.

Bot detection refers to the process of identifying and distinguishing between human users and automated bots. It involves using various techniques, such as analysing user behaviour, fingerprinting, CAPTCHAs, or machine learning algorithms, to detect and mitigate the presence of malicious or unwanted bots.

A bot herder is an individual or group who controls and manages a network of compromised computers or devices, known as a botnet. Bot herders typically use botnets for malicious activities, such as DDoS attacks, spam distribution, information theft, or carrying out coordinated cyberattacks.

A botmaster is an individual or entity that controls and operates a network of compromised computers or bots, known as a botnet. The botmaster is responsible for issuing commands, coordinating bot activities, and exploiting the resources of the compromised systems for various malicious purposes.

A botnet is a network of compromised computers, servers, or devices that are under the control of a botmaster. Botnets are typically created by infecting devices with malware, allowing the botmaster to remotely control and coordinate the actions of the compromised devices, often for malicious activities.

A botnet attack is an orchestrated assault carried out by a botmaster using a network of compromised computers or devices. Botnet attacks can involve various malicious activities, such as DDoS attacks, spam campaigns, distributing malware, stealing sensitive information, or carrying out coordinated cyberattacks.

Browser extension security refers to the protection and integrity of browser extensions, which are add-ons or plugins that extend the functionality of web browsers. It involves vetting and verifying extensions, sandboxing their execution, and implementing security controls to prevent malicious or unauthorised extensions from compromising user privacy or security.

Browser security refers to the measures and practices implemented to protect web browsers from security vulnerabilities, malicious websites, and unauthorised access or activities. It involves keeping browsers updated, configuring secure settings, using secure browsing habits, and employing browser security extensions or add-ons.

A brute force attack is a trial-and-error method used by attackers to gain access to passwords, encryption keys, or sensitive data by systematically trying all possible combinations until the correct one is found. Brute force attacks rely on computational power to overcome password complexity and are often mitigated by implementing strong password policies and rate-limiting mechanisms.

Brute forcing is the act of systematically attempting all possible combinations or permutations to discover passwords, encryption keys, or other sensitive information. It is a common method used in password cracking, encryption breaking, or discovering cryptographic algorithms' weaknesses.

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary storage area) than it can handle, leading to the overflow of excess data into adjacent memory regions. Buffer overflows can be exploited by attackers to execute malicious code, overwrite memory contents, or crash a system, potentially leading to security vulnerabilities.

A buffer overflow attack is a type of security exploit in which an attacker deliberately inputs more data than a program or process can handle, causing the excess data to overflow into adjacent memory regions. By manipulating the overflowed data, an attacker can gain unauthorised access, execute arbitrary code, or compromise the system's security.

A bug bounty is a reward or incentive program offered by organisations to encourage individuals or security researchers to identify and report security vulnerabilities, bugs, or weaknesses in their software, systems, or networks. Bug bounties help organisations identify and fix vulnerabilities before they can be exploited by malicious actors.

CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart, is a security mechanism used to distinguish between human users and automated bots. It presents challenges or puzzles that are easy for humans to solve but difficult for bots, helping to prevent automated abuse, spam, or unauthorised access.

A certificate authority (CA) is a trusted third-party organisation or entity that issues digital certificates used in public key infrastructure (PKI). CAs verify the identity of entities and vouch for the authenticity of their public keys, enabling secure communication, authentication, and data encryption over the internet.

Certificate chaining is the process of validating a digital certificate by verifying its trustworthiness and authenticity through a sequence or chain of intermediate certificates leading to a trusted root certificate. Each certificate in the chain attests to the identity and validity of the subsequent certificate, establishing a trusted path of trust.

A certificate fingerprint, also known as a thumbprint, is a unique digital identifier derived from the content of a digital certificate. It is typically generated using cryptographic hash functions and serves as a concise representation of the certificate's contents. Certificate fingerprints are used to verify the integrity and authenticity of certificates.

Certificate pinning is a security technique that involves associating a specific digital certificate or its fingerprint with a specific domain or service. By pinning certificates, clients or applications can ensure that they only establish connections with servers presenting the expected certificates, protecting against potential man-in-the-middle attacks or certificate impersonation.

A certificate revocation list (CRL) is a list maintained by a certificate authority (CA) that contains the serial numbers or identifiers of digital certificates that have been revoked or are no longer valid. CRLs are used to inform clients or relying parties about certificates that should not be trusted due to compromise, expiration, or other reasons.

Certificate transparency is an open framework and set of protocols designed to improve the security and integrity of digital certificates. It provides a public log of issued certificates, enabling transparency, accountability, and early detection of malicious or fraudulent certificates.

An AI-powered software application designed to interact with users through text or speech, providing automated responses or assistance.

AI-based virtual agents designed to interact and communicate with humans through natural language. Chatbots utilize NLP techniques and dialogue systems to understand user queries and provide relevant responses or perform tasks.

A clean desk policy is a set of guidelines and procedures that promote the practice of keeping workspaces clear of sensitive or confidential information when not in use. It aims to prevent unauthorised access, information leakage, or data theft by ensuring that documents, media, or devices are properly secured or stored when unattended.

Clickjacking, also known as UI redressing or UI spoofing, is a technique used by attackers to trick users into clicking on a hidden or disguised element in a web page or application, usually resulting in unintended actions or disclosing sensitive information. Clickjacking attacks exploit the trust users place in visible elements and can be mitigated by implementing frame-busting techniques or web security headers.

The client-server model is a computing architecture in which clients (user devices or applications) request services or resources from servers (centralized systems or applications) over a network. The server provides the requested services, processes the data, and responds to the clients' requests. The client-server model forms the basis for many networked applications and services.

A cloud access security broker (CASB) is a security solution or service that acts as an intermediary between organisations and cloud service providers, providing visibility, control, and security enforcement for cloud-based applications and data. CASBs help organisations extend their security policies and controls to the cloud, ensuring compliance, data protection, and threat prevention.

Cloud backup refers to the process of storing copies of data or system backups in a cloud-based storage service. It provides an off-site, scalable, and convenient backup solution, allowing organisations to protect critical data from loss, disasters, or local hardware failures.

Cloud computing is a model for delivering computing services over the internet on-demand, allowing users to access scalable resources, applications, or infrastructure as a service. Cloud computing provides flexibility, cost-efficiency, and easy resource provisioning, but it also introduces security challenges that need to be addressed, such as data privacy, access control, and cloud-specific vulnerabilities.

Cloud security encompasses the practices, technologies, and controls used to protect data, applications, and infrastructure in cloud computing environments. It involves securing cloud-based resources, implementing access controls, encrypting data, managing identities, and ensuring compliance to mitigate the risks associated with cloud adoption.

A technique in unsupervised learning used to group similar data points together based on their inherent characteristics or patterns. Clustering algorithms aim to discover the underlying structure or relationships within data without prior knowledge of the class labels.

Code injection is a type of security vulnerability where an attacker inserts or injects malicious code into a legitimate application or system, leading to unexpected behaviours, unauthorised actions, or system compromise. Common types of code injection attacks include SQL injection, cross-site scripting (XSS), and remote code execution.

Code obfuscation is a technique used to intentionally obscure or transform the source code of an application or software to make it difficult for attackers to understand or reverse-engineer. Obfuscated code complicates analysis, reduces vulnerability exposure, and adds an extra layer of protection against reverse engineering or unauthorised modifications.

A cold boot attack is a method of extracting sensitive information, such as encryption keys or login credentials, from a computer's RAM (random-access memory) even after the system has been powered off or restarted. Attackers use specialised techniques to preserve the data in memory before it fades away, potentially bypassing security measures that rely on memory clearing upon system shutdown.

A cold site is a backup or disaster recovery facility that provides basic infrastructure and resources, such as physical space, power, and connectivity, but does not have active or pre-configured systems or data. Cold sites require longer recovery times compared to warm or hot sites, as the necessary systems and data need to be restored or deployed from backups.

Cold site recovery is a disaster recovery strategy that involves restoring critical systems, applications, and data in a cold site after a disruptive event or system failure. In cold site recovery, organisations rely on off-site backups and infrastructure resources to rebuild the IT environment, resulting in longer recovery times compared to warm or hot site strategies.

Cold storage refers to a storage method for long-term data retention, archiving, or backup that utilizes offline or disconnected storage devices or media, such as external hard drives, tape libraries, or optical discs. Cold storage is typically used for infrequently accessed data or information that requires long-term preservation while reducing the cost and power consumption associated with online storage.

Command and control (C&C) is a centralized infrastructure or communication system used by attackers or malware to manage compromised devices or networks. C&C servers enable attackers to issue commands, receive data, coordinate actions, and control the activities of infected systems or botnets.

Command injection is a security vulnerability that occurs when an attacker inserts malicious commands or code into an application or system command-line interface (CLI) input, resulting in the execution of unintended actions or arbitrary commands. Command injection attacks are typically carried out by manipulating input fields or parameters that are improperly validated or sanitized.

A computer emergency response team (CERT) is a group of cybersecurity experts, analysts, or incident responders responsible for handling and coordinating the response to cybersecurity incidents, vulnerabilities, or emergencies. CERTs provide incident response services, threat intelligence, guidance, and support to organisations or communities in managing and mitigating cyber threats.

A computer virus is a type of malicious software that replicates itself and spreads from one computer or system to another, often without the knowledge or consent of the user. Viruses can corrupt files, disrupt system operations, steal information, or perform other malicious activities, and they usually require human action to propagate.

The field of AI that focuses on enabling computers to understand and interpret visual information from images or videos. It involves tasks like object recognition, image classification, and image segmentation.

The use of AI algorithms and image analysis techniques to assist healthcare professionals in diagnosing diseases or conditions.

Confidentiality is one of the fundamental principles of information security, focusing on protecting data from unauthorised access, disclosure, or exposure. It ensures that sensitive or confidential information is only accessed or disclosed to authorized individuals or entities and is kept private from unauthorised parties.

A confidentiality agreement, also known as a non-disclosure agreement (NDA), is a legal contract between parties that outlines the terms and obligations regarding the protection of confidential or proprietary information shared between them. It helps maintain the confidentiality of sensitive information and prevents its unauthorised use or disclosure.

Container security refers to the protection and security measures applied to containerized applications or microservices deployed within containerization platforms, such as Docker or Kubernetes. It involves securing container images, implementing access controls, managing container runtime security, and monitoring container environments to prevent unauthorised access, data breaches, or container-specific vulnerabilities.

Content filtering is the process of selectively blocking, allowing, or restricting access to certain types of content or online resources based on predetermined policies or criteria. It is commonly used to enforce acceptable use policies, prevent access to malicious or inappropriate websites, or filter content for compliance or regulatory purposes.

Control system security, also known as industrial control system (ICS) security or SCADA security, focuses on protecting critical infrastructure, such as power plants, water treatment facilities, or manufacturing systems, from cyber threats. It involves securing supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), and other control system components to ensure their availability, integrity, and confidentiality.

A type of neural network commonly used for computer vision tasks, where it applies filters to input data to extract meaningful features.

A type of neural network designed for processing grid-like data, such as images or sequences. CNNs use convolutional layers to automatically learn spatial hierarchies of patterns or features from the input data.

Cookie security relates to the protection of HTTP cookies, which are small text files stored on a user's device by a website visited. Proper cookie security involves implementing measures to prevent unauthorised access or tampering with cookies, protecting sensitive information stored in cookies, and enforcing secure cookie handling practices to mitigate session hijacking or cross-site scripting (XSS) attacks.

Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject and execute malicious scripts into web pages or applications viewed by other users. XSS attacks can lead to unauthorised access, data theft, session hijacking, or the delivery of malicious content to unsuspecting users.

A technique used to assess the performance and generalization ability of a machine learning model. Cross-validation involves splitting the data into multiple subsets, training the model on a portion of the data, and evaluating its performance on the remaining data. It helps to estimate how well the model will perform on unseen data.

Cryptanalysis, also known as codebreaking or cryptographic analysis, is the practice of studying and analysing cryptographic systems to uncover weaknesses, vulnerabilities, or methods to decrypt or circumvent encryption. Cryptanalysis helps identify potential flaws in encryption algorithms or implementations and contributes to the development of stronger cryptographic techniques.

Cryptocurrency security encompasses the measures, practices, and technologies used to protect digital currencies, such as Bitcoin or Ethereum, from theft, fraud, or unauthorised access. It involves securing cryptocurrency wallets, implementing multi-factor authentication, using secure key management, and safeguarding against phishing or hacking attempts targeting cryptocurrency assets.

Cryptography is the science and practice of secure communication in the presence of adversaries. It involves the use of mathematical algorithms, encryption, and decryption techniques to protect data, ensure confidentiality, integrity, and authenticity, and enable secure communication or storage of information.

Cross-Site Request Forgery (CSRF) is a type of web security vulnerability where an attacker tricks a victim into unknowingly executing unwanted actions on a web application in which the victim is authenticated. CSRF attacks exploit the trust between a user's browser and a vulnerable website, potentially leading to unauthorised operations, data manipulation, or account compromise.

Cyber threat intelligence refers to information or insights about potential or current cyber threats, including tactics, techniques, procedures, vulnerabilities, or indicators of compromise (IOCs). Cyber threat intelligence helps organisations understand the threat landscape, proactively identify potential risks, and enhance their ability to detect, prevent, or respond to cyberattacks.

A cyberattack refers to a deliberate and malicious attempt to compromise the confidentiality, integrity, or availability of computer systems, networks, or data. Cyberattacks can target individuals, organisations, or even nations, and they encompass a wide range of activities, including malware infections, phishing, DDoS attacks, ransomware, or data breaches.

Cyberespionage, also known as cyberspying or intelligence hacking, is a form of cyberattack in which attackers infiltrate computer systems or networks to gain unauthorised access to sensitive information or intellectual property. The primary objective of cyberespionage is to gather intelligence, steal classified information, or gain a competitive advantage.

A cybersecurity framework is a structured set of guidelines, best practices, and standards that organisations can follow to assess, develop, and improve their overall cybersecurity posture. Frameworks provide a systematic approach to managing cybersecurity risks, implementing security controls, and aligning with industry-recognized security frameworks or regulatory requirements.

The dark web refers to a portion of the internet that is intentionally hidden and inaccessible through standard web browsers or search engines. It is often associated with illicit activities, illegal marketplaces, or forums where anonymity and privacy are prioritized, making it a hub for cybercrime, hacking tools, stolen data, and other malicious activities.

Data at rest refers to stored or inactive data that resides in persistent storage, such as hard drives, databases, or backup tapes, and is not actively being transmitted or processed. Protecting data at rest involves encryption, access controls, and security measures to prevent unauthorised access, data leakage, or theft.

Techniques used to increase the size or diversity of a dataset by artificially creating new data samples through modifications or transformations.

A data breach occurs when unauthorised individuals or entities gain access to sensitive or confidential data without proper Authorisation. Data breaches can result from cyberattacks, insider threats, or accidental disclosure, and they can lead to data theft, financial loss, reputational damage, or legal and regulatory consequences.

Data classification is the process of categorizing data based on its sensitivity, value, or criticality to an organisation. By classifying data, organisations can apply appropriate security controls, access restrictions, and protective measures based on the importance and sensitivity of the data.

Data encryption is the process of converting plaintext information into ciphertext using cryptographic algorithms. Encryption ensures that data is unreadable and unusable by unauthorised parties unless they possess the appropriate encryption keys. Data encryption provides confidentiality and helps protect sensitive information from unauthorised access or interception.

Data exfiltration, also known as data extrusion or data exfiltration, refers to the unauthorised extraction or theft of sensitive data from an organisation's network or systems. Attackers use various methods, such as malware, hacking, or social engineering, to transfer data out of the targeted environment, potentially leading to data breaches or loss of intellectual property.

Data integrity refers to the accuracy, completeness, and consistency of data throughout its lifecycle. It ensures that data remains unchanged and reliable, free from unauthorised modifications, corruption, or tampering. Data integrity is achieved through measures such as data validation, checksums, access controls, and backup and recovery mechanisms.

The process of manually annotating or tagging data with labels or annotations to create labeled datasets for supervised learning.

Data leakage, also known as data loss, data spill, or data exposure, refers to the unauthorised or unintentional release, disclosure, or transmission of sensitive or confidential data. Data leakage can occur through human error, insider threats, or security breaches, and it poses significant risks to an organisation's reputation, compliance, and privacy.

Data loss prevention (DLP) encompasses strategies, technologies, and processes implemented to prevent sensitive or confidential data from being lost, disclosed, or accessed by unauthorised individuals or entities. DLP solutions monitor and control data in motion, at rest, or in use to prevent data breaches, leakage, or unauthorised transfers.

Data masking is a technique used to protect sensitive data by replacing real data with fictional or obfuscated data while preserving its format and usability for non-production purposes. It helps organisations comply with privacy regulations and minimize the risk of data breaches during development, testing, or outsourcing activities, where real data is not necessary.

Data recovery is the process of retrieving or restoring data from damaged, corrupted, or inaccessible storage devices, such as hard drives, solid-state drives, or backup tapes. It involves using specialised techniques and software to recover lost or deleted data caused by accidental deletion, hardware failures, software errors, or malicious activities.

Data remanence refers to residual traces of data that remain on storage media even after it has been deleted or erased. It is a security concern because sensitive data can potentially be recovered using specialised techniques or tools. To mitigate the risk of data remanence, secure data destruction methods, such as overwriting or physical destruction of storage media, are employed.

Database auditing is the process of monitoring and recording activities that occur within a database system to ensure compliance, detect unauthorised access, and maintain data integrity. It involves tracking and logging events, such as user logins, data modifications, and administrative actions, to create an audit trail for investigation, forensic analysis, and compliance reporting.

Database encryption is the practice of encrypting sensitive data stored in a database to protect it from unauthorised access or disclosure. It involves applying encryption algorithms to the data at rest, ensuring that even if the database is compromised, the encrypted data remains unreadable without the appropriate decryption keys.

Database security refers to the measures and controls implemented to protect databases from unauthorised access, data breaches, or other security threats. It includes various security mechanisms such as access controls, encryption, authentication, auditing, and activity monitoring to ensure the confidentiality, integrity, and availability of the data stored in databases.

Deception technology, also known as decoy technology, involves deploying deceptive elements within an organisation's network or systems to mislead and divert potential attackers. These decoys can include fake systems, data, or credentials that appear legitimate to lure attackers away from valuable assets and provide early detection and threat intelligence about ongoing attacks.

A machine learning algorithm that uses a hierarchical structure of decision nodes and branches to model decisions or classifications. Decision trees are easy to interpret and can handle both numerical and categorical data.

Decryption is the process of converting encrypted or ciphered data back into its original, readable form using a decryption algorithm and the appropriate decryption key. It is the reverse process of encryption and is necessary to access and interpret encrypted data.

A subfield of machine learning that utilizes artificial neural networks with multiple layers to learn and extract high-level representations from complex and large-scale data, enabling the development of highly accurate models for tasks such as image and speech recognition.

Deepfake refers to synthetic media, such as videos, images, or audio, that are created or manipulated using deep learning techniques, particularly generative adversarial networks (GANs). Deepfakes can be used to create realistic but fake content, including forged videos or audio recordings of individuals saying or doing things they never actually did. Deepfakes pose significant challenges for authentication, trust, and the spread of disinformation.

Defence in depth is a cybersecurity strategy that involves layering multiple security controls and measures throughout an organisation's systems, networks, and data. Each layer provides a different level of protection, and if one layer is breached, other layers are still in place to mitigate the risk. This approach aims to increase the overall security posture by adding redundancy and complexity to deter, detect, and respond to attacks effectively.

A denial-of-service (DoS) attack is an attempt to disrupt the availability or performance of a computer system, network, or service by overwhelming it with a flood of illegitimate requests, traffic, or resource consumption. The objective is to exhaust system resources, such as bandwidth, processing power, or memory, rendering the target unable to respond to legitimate requests or causing a complete system crash.

Deobfuscation is the process of reversing or unravelling obfuscated code or data to reveal its original form and purpose. It is often used in reverse engineering or malware analysis to understand the functionality and behaviour of obfuscated software or to detect hidden malicious code.

Device management refers to the administration, configuration, and control of various devices, such as computers, mobile devices, or Internet of Things (IoT) devices, within an organisation's network. It involves tasks such as inventory management, software distribution, patching, policy enforcement, and monitoring to ensure the security and proper functioning of the devices.

A digital certificate, also known as a public key certificate, is a digital document that binds an entity's identity (such as an organisation or individual) to a public key. It is used in public key infrastructure (PKI) systems to verify the authenticity and integrity of digital communications and transactions. Digital certificates are issued by certificate authorities (CAs) and are an essential component of secure communication over networks.

Digital footprint refers to the trail of data or information that an individual or organisation leaves behind while using digital services, applications, or devices. It includes online activities, interactions, posts, transactions, and other digital records that can be tracked, collected, and analysed. Managing and protecting one's digital footprint is important for privacy and security.

Digital forensics, also known as computer forensics, is the process of collecting, analysing , and preserving digital evidence from computers, storage devices, or digital systems to investigate and reconstruct events related to cybercrimes or security incidents. It involves techniques such as data recovery, data analysis, and forensic tools to uncover evidence and support legal proceedings or incident response.

Digital rights refer to the legal and ethical rights of individuals or organisations regarding the use, access, distribution, and protection of digital information, content, or intellectual property. Digital rights encompass issues such as copyright, privacy, data protection, freedom of expression, and access to information in the digital realm.

Digital rights management (DRM) refers to technologies, systems, or measures used to protect and control the use, distribution, or access to digital content, such as music, movies, or e-books. DRM aims to enforce copyright restrictions, prevent unauthorised copying or sharing, and manage licensing and usage rights associated with digital content.

A digital signature is a cryptographic mechanism used to authenticate the integrity and origin of digital messages, documents, or transactions. It involves using a private key to generate a unique digital signature that can be verified using the corresponding public key. Digital signatures provide non-repudiation, ensuring that the signer cannot deny their involvement in the signed content.

The process of reducing the number of input variables or features in a dataset while preserving important information. Dimensionality reduction techniques, such as Principal Component Analysis (PCA) and t-SNE, help to overcome the curse of dimensionality, improve computational efficiency, and visualize high-dimensional data.

Disaster recovery refers to the process and set of strategies and procedures designed to restore critical systems, data, and operations after a natural or man-made disaster, such as a fire, flood, hardware failure, or cyber attack. It involves planning, backup and replication of data, offsite storage, and recovery strategies to minimize downtime and ensure business continuity.

A DMZ, or Demilitarized Zone, is a network segment or subnetwork that acts as a buffer zone between an organisation's internal network and an external network, typically the internet. The DMZ is designed to host publicly accessible services, such as web servers, while providing an additional layer of security by isolating the internal network from direct external access.

DNS filtering is a technique used to control or block access to specific websites or content by inspecting and filtering DNS (Domain Name System) requests. It involves using DNS filtering services or deploying DNS filtering software or appliances to enforce policies, block malicious domains, or prevent access to inappropriate or unauthorised content.

DNS poisoning, also known as DNS spoofing or DNS cache poisoning, is an attack that manipulates the DNS system to redirect legitimate domain name resolution requests to malicious or unauthorised IP addresses. By compromising the DNS cache or injecting false DNS records, attackers can redirect users to fake websites, intercept communications, or perform other malicious activities.

DNS security refers to the practices, protocols, and technologies implemented to protect the Domain Name System (DNS) from vulnerabilities, attacks, and unauthorised access. It includes measures such as DNSSEC (DNS Security Extensions) for data integrity and authentication, DNS filtering for content control, and DNS firewalls or threat intelligence to detect and prevent DNS-based attacks.

DNSSEC (DNS Security Extensions) is a set of protocols and extensions to the DNS system that provides data integrity, authentication, and validation of DNS responses. It uses cryptographic signatures to ensure that DNS data is not tampered with during transit and that the responses come from authorized DNS servers. DNSSEC helps prevent DNS hijacking, DNS spoofing, and other attacks that manipulate DNS responses.

Domain hijacking, also known as domain theft or domain hijack, is an attack that involves unauthorised changes to the registration of a domain name, typically by gaining control over the domain owner's account credentials. The attacker can modify the domain's DNS settings, transfer ownership, or redirect traffic to malicious websites. Domain hijacking can lead to service disruptions, phishing, or reputation damage.

Domain reputation refers to the assessment of a domain name's trustworthiness, credibility, and reliability based on its historical behaviour, security practices, and online presence. Domain reputation can impact email deliverability, website ranking in search engines, and user trust. Monitoring and maintaining a positive domain reputation is important for maintaining online visibility and protecting against abuse or blacklisting.

Doxing, short for "dropping documents," is the malicious act of publicly disclosing or publishing private and personal information about an individual or organisation without their consent. This includes sensitive information such as home addresses, phone numbers, email addresses, or financial details. Doxing is often carried out as a form of harassment, revenge, or to facilitate other cybercrimes.

A drive-by download is a type of web-based attack where malware is automatically downloaded and installed on a user's device without their knowledge or consent, simply by visiting a compromised or malicious website. Drive-by downloads exploit vulnerabilities in web browsers, plugins, or operating systems to deliver and execute malicious code, often with the aim of infecting the device or stealing sensitive information.

Dumpster diving refers to the practice of searching through discarded physical materials, such as printed documents, papers, or electronic devices, in search of sensitive or valuable information. Attackers may target dumpsters or trash bins outside organisations to find documents, hard drives, or other items that contain confidential information that can be exploited for identity theft, corporate espionage, or other malicious purposes.

Eavesdropping, also known as interception or sniffing, is the unauthorised act of secretly listening to or monitoring private communications, such as phone calls, instant messages, or network traffic. Eavesdropping attacks can occur over wired or wireless networks and aim to capture sensitive information, such as passwords, financial data, or confidential business communications.

The deployment of AI models and algorithms on edge devices or local servers, enabling real-time processing and decision-making without relying on cloud services.

A paradigm where data processing and analysis are performed on or near the devices or sensors at the edge of a network, reducing latency and bandwidth requirements.

Email authentication refers to a set of techniques and protocols used to verify the authenticity and integrity of email messages and their senders. It helps prevent email spoofing, phishing, and email-based attacks. Common email authentication methods include SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance).

Email encryption is the process of encrypting the contents of an email message to protect its confidentiality and integrity during transit. It ensures that only authorized recipients can access and read the email by encrypting the message using encryption algorithms and keys. Email encryption safeguards sensitive information, such as personal data, financial details, or classified information, from unauthorised access or interception.

Email filtering is the process of inspecting and analysing incoming and outgoing email messages to detect and block spam, phishing attempts, malware, or other unwanted or malicious content. Email filtering solutions use various techniques, including content analysis, blacklisting, whitelisting, reputation-based filtering, and heuristics to classify and filter emails based on predefined rules and policies.

Email security encompasses measures and technologies implemented to protect email communication from unauthorised access, tampering, data loss, or other security risks. It involves deploying secure email gateways, spam filters, encryption, digital signatures, and user awareness training to mitigate the risks of phishing, malware, data breaches, or email-based attacks.

Encryption is the process of converting plain or readable data into an unreadable format known as ciphertext using encryption algorithms and keys. It is used to protect the confidentiality and integrity of sensitive information during storage, transmission, or processing. Encryption ensures that even if data is intercepted or accessed by unauthorised parties, it remains secure and unusable without the appropriate decryption key.

An encryption algorithm is a mathematical procedure or set of rules used to encrypt and decrypt data. It defines how plaintext is transformed into ciphertext and vice versa. Encryption algorithms can vary in complexity, strength, and suitability for different security requirements. Common encryption algorithms include Advanced Encryption Standard (AES), RSA, and Triple Data Encryption Standard (3DES).

An encryption key is a piece of data or a secret value used in encryption algorithms to transform plaintext into ciphertext or vice versa. The key is required for the encryption process to produce the ciphertext and for the decryption process to recover the original plaintext. The strength and secrecy of the encryption key are crucial to maintaining the security of encrypted data.

Endpoint detection and response (EDR) is a cybersecurity solution or technology that focuses on detecting, investigating, and responding to security incidents or threats on endpoints, such as desktops, laptops, servers, or mobile devices. EDR solutions provide real-time monitoring, threat intelligence, behavioural analysis, and incident response capabilities to identify and mitigate advanced threats and targeted attacks.

An endpoint device, also known as an end device or edge device, refers to any computing device or hardware that connects to a network and serves as the entry point for data communication. Examples of endpoint devices include desktop computers, laptops, smartphones, tablets, servers, IoT devices, or any other network-connected device where data is generated, processed, or consumed.

Endpoint encryption involves encrypting data stored on or transmitted from endpoint devices to protect it from unauthorised access, loss, or theft. It ensures that sensitive information remains secure, even if the device is lost, stolen, or compromised. Endpoint encryption solutions use encryption algorithms and keys to encrypt files, folders, hard drives, or entire devices, providing an additional layer of data protection.

Endpoint protection, also known as endpoint security, refers to the security measures and solutions implemented to protect endpoints, such as computers, mobile devices, or servers, from cybersecurity threats. Endpoint protection solutions typically include antivirus software, firewalls, intrusion detection/prevention systems, vulnerability assessment, patch management, and device control mechanisms to detect, prevent, and remediate security incidents.

Endpoint security encompasses the strategies, practices, and technologies used to protect endpoints, such as desktops, laptops, mobile devices, or servers, from various cybersecurity risks and threats. It focuses on securing the endpoint devices, data stored on or transmitted from them, and the users accessing the endpoints. Endpoint security aims to prevent unauthorised access, data breaches, malware infections, and other endpoint-related vulnerabilities.

A machine learning technique that combines predictions from multiple models (ensemble members) to make more accurate and robust predictions. Ensemble methods, such as bagging and boosting, reduce the risk of overfitting and improve generalization by leveraging the diversity and collective knowledge of the individual models.

The study and application of moral principles and guidelines to ensure the responsible development and deployment of AI systems. Ethical considerations in AI involve addressing issues such as fairness, transparency, privacy, bias mitigation, and societal impact, with the goal of promoting the ethical use of AI technology.

Evasion techniques are methods employed by attackers to avoid detection, bypass security controls, or exploit vulnerabilities without triggering alarms or raising suspicion. These techniques can involve obfuscating malicious code, utilizing encryption, polymorphism, or anti-analysis measures, or exploiting weaknesses in security solutions. Evasion techniques are used to increase the success rate of attacks and make it difficult for security systems to detect or block them.

AI systems designed to replicate the knowledge and decision-making processes of human experts in a specific domain. Expert systems use rules, heuristics, and knowledge representation to provide advice, solve problems, or make recommendations.

The ability to understand and interpret the decisions and actions made by AI systems, particularly when complex models are involved.

The field of research that aims to develop AI systems and algorithms that can provide transparent and understandable explanations for their decisions and actions. XAI techniques help to increase trust, accountability, and interpretability of AI systems, enabling users to understand the reasoning behind AI-generated outcomes.

An exploit is a piece of software, code, or technique used by attackers to take advantage of vulnerabilities or weaknesses in software applications, operating systems, or networks. Exploits can allow unauthorised access, privilege escalation, denial-of-service (DoS), or execution of arbitrary code. Attackers often develop or utilize exploits to carry out successful attacks against targeted systems.

Exploit development involves creating or designing software exploits to take advantage of vulnerabilities in software applications, protocols, or systems. Exploit developers analyse vulnerabilities, understand their root causes, and design specific code or techniques to exploit those vulnerabilities. Exploit development can be performed by both attackers seeking to compromise systems and security researchers aiming to uncover and patch vulnerabilities.

An exploit kit is a collection of pre-packaged malicious software or tools that automate the process of delivering and exploiting vulnerabilities in target systems. Exploit kits typically include various exploits, payloads, and techniques to exploit common vulnerabilities found in web browsers, plugins, or other software components. They are often distributed through compromised websites, malicious advertisements, or email spam campaigns.

Exploit mitigation refers to the techniques, strategies, and security measures implemented to reduce the impact or likelihood of successful exploitation of vulnerabilities in software applications or systems. It involves implementing security controls, such as sandboxing, address space layout randomization (ASLR), data execution prevention (DEP), or stack canaries, to make it more difficult for attackers to exploit vulnerabilities and execute arbitrary code.

The process of selecting and transforming relevant information or characteristics from raw data to make it suitable for analysis by an AI system.

File integrity checking is the process of verifying the integrity and authenticity of files by comparing their current state with a known, trusted reference. It involves calculating cryptographic hashes or checksums of files and comparing them against previously recorded values to detect any unauthorised changes, corruption, or tampering. File integrity checking helps ensure the integrity and security of files, especially critical system files or configurations.

File integrity monitoring (FIM) is a security practice that involves continuously monitoring and detecting changes or modifications to files, directories, or system configurations. FIM solutions use cryptographic hashes or checksums to establish a baseline of known-good file states and generate alerts or take action when unauthorised modifications occur. FIM helps detect unauthorised changes, malware infections, or suspicious activities that could indicate a security breach.

Fileless malware, also known as memory-based malware, refers to malicious code or techniques that reside in a computer's memory and execute without leaving traces on the file system. Fileless malware leverages legitimate processes, scripts, or system components to carry out malicious activities, making it difficult to detect and eradicate. It often uses techniques like PowerShell-based attacks, script injection, or living-off-the-land techniques to evade traditional security solutions.

A firewall is a network security device or software that acts as a barrier between an internal network and external networks, such as the internet. It examines incoming and outgoing network traffic based on predetermined security rules and policies to allow or block specific connections or data packets. Firewalls help protect against unauthorised access, network threats, and unwanted network communications by enforcing access control and traffic filtering.

Firewall configuration refers to the process of setting up, defining, and managing the rules, policies, and settings of a firewall to regulate network traffic and provide network security. It involves defining access control rules, specifying allowed or denied network connections, configuring port and protocol settings, creating network address translation (NAT) rules, and managing security zones. Proper firewall configuration is essential to ensure effective network protection and traffic control.

Firewall rules, also known as access control rules, are a set of predefined instructions or policies that dictate how a firewall should handle incoming or outgoing network traffic. These rules specify criteria such as source and destination IP addresses, ports, protocols, and other parameters to determine whether to allow, block, or apply additional actions to network connections. Firewall rules are the primary mechanism for controlling network traffic and enforcing security policies.

A firewall ruleset review is the process of examining, evaluating, and analysing the rules and configurations of a firewall to ensure their accuracy, effectiveness, and alignment with security policies. The review includes assessing the necessity and relevance of existing rules, identifying potential misconfigurations, eliminating unused or obsolete rules, and verifying proper rule ordering and prioritization. Regular ruleset reviews help maintain a robust and efficient firewall configuration.

Forensic analysis, or digital forensics, involves collecting, analysing , and interpreting digital evidence to investigate and reconstruct events related to cybersecurity incidents, criminal activities, or legal disputes. Forensic analysis techniques include data recovery, log analysis, memory forensics, network packet analysis, malware analysis, and other investigative procedures to establish a chain of custody and support legal proceedings or incident response efforts.

Forensic imaging refers to the process of creating a complete and verifiable copy or image of a digital storage device, such as a hard drive, solid-state drive, or mobile device, for forensic analysis or evidence preservation purposes. The imaging process captures not only the visible data but also the hidden or deleted data and metadata associated with the device. Forensic imaging ensures the integrity and authenticity of the original data while allowing investigators to perform analysis without altering the original evidence.

Forensics analysis, also known as digital forensics analysis, is the examination and interpretation of digital evidence collected during a forensic investigation. It involves analysing data, logs, network traffic, system artifacts, and other sources of digital evidence to reconstruct events, identify perpetrators, establish timelines, and gather intelligence for legal or incident response purposes. Forensics analysis combines various techniques, tools, and expertise from multiple disciplines to uncover the truth and support investigations.

Full disk encryption (FDE) is a security technique that encrypts the entire contents of a storage device, such as a hard drive or solid-state drive, to protect the data stored on it. FDE ensures that data remains encrypted at rest and is only accessible with the appropriate decryption key or passphrase. Even if the device is lost, stolen, or accessed without Authorisation, the encrypted data remains unreadable.

Fuzz testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random inputs to a program to identify vulnerabilities, software bugs, or unexpected behaviour. Fuzz testing aims to trigger crashes, errors, or security weaknesses that could be exploited by attackers. By subjecting software to various inputs, including malformed data, fuzz testing helps identify and address potential security and reliability issues.

Fuzz testing tools are software applications or frameworks specifically designed to automate the process of generating and injecting malformed or unexpected inputs into target programs or systems for fuzz testing purposes. These tools streamline the fuzzing process, manage test cases, track results, and provide reports on identified vulnerabilities or crashes. Examples of popular fuzz testing tools include American Fuzzy Lop (AFL), Peach Fuzzer, and libFuzzer.

Fuzzing, also known as fuzz testing, is a software testing technique that involves providing invalid, unexpected, or random inputs to a program to identify vulnerabilities, software bugs, or unexpected behaviour. Fuzzing aims to trigger crashes, errors, or security weaknesses that could be exploited by attackers. By subjecting software to various inputs, including malformed data, fuzzing helps identify and address potential security and reliability issues.

A type of neural network architecture consisting of a generator and a discriminator, trained together to generate realistic synthetic data.

A class of neural network architectures that consists of a generator network and a discriminator network that compete against each other. GANs are used to generate realistic synthetic data, such as images or text.

An iterative optimization algorithm used to train machine learning models by minimizing a loss function. Gradient descent updates the model's parameters in the direction of steepest descent of the loss function gradient, gradually converging towards the optimal set of parameters.

Gray box testing is a software testing approach that combines elements of black box testing and white box testing. In gray box testing, testers have partial knowledge of the internal workings of the system being tested. They have access to limited information, such as specifications, documentation, or code snippets, which allows them to design test cases and scenarios with a deeper understanding of the system's internals. Gray box testing combines the advantages of both black box and white box testing techniques.

A gray hat hacker is an individual who operates between the realms of ethical hacking and malicious hacking. Gray hat hackers may engage in unauthorised activities to identify and expose vulnerabilities or security weaknesses in systems or networks. Although their intentions may be good, their actions may still be illegal or unethical, as they operate without explicit permission. Gray hat hackers often notify organisations about the vulnerabilities they discover, but they do not always follow responsible disclosure practices.

Grayware refers to software applications or programs that exhibit behaviours that may be considered unwanted or potentially harmful, but do not meet the strict criteria of malware. Grayware includes adware, spyware, browser extensions, or other software that may display excessive advertisements, collect user data without consent, or exhibit behaviours that compromise user privacy or system performance. Although grayware may not be as malicious as malware, it can still have negative impacts on user experience and security.

Grayware protection refers to the measures, software, or security solutions implemented to detect, block, or mitigate the risks associated with grayware. It involves deploying antivirus software, anti-spyware tools, or endpoint protection solutions that can identify and remove grayware from systems, as well as educating users about potential risks and providing guidelines for safe software installation and usage.

Greylisting is a spam filtering technique used to reduce the volume of incoming spam emails by temporarily rejecting or deferring email messages from unknown senders or unrecognized sources. When an email is greylisted, the sending server is instructed to retry the delivery later. Legitimate email servers typically comply with the retry request and successfully deliver the message, while many spam servers do not. Greylisting helps reduce spam by relying on the fact that most spam servers do not retry delivery.

A hacker is an individual who possesses advanced knowledge and skills in computer systems, networks, programming, or security and uses this expertise to gain unauthorised access to systems, manipulate or exploit vulnerabilities, or conduct malicious activities. The term "hacker" can refer to both individuals engaged in malicious activities (black hat hackers) and those who use their skills for ethical purposes, such as finding and fixing security vulnerabilities (white hat hackers).

Hacking refers to the practice of gaining unauthorised access, manipulating systems, networks, or software, or exploiting vulnerabilities for various purposes. Hacking can involve activities such as bypassing security controls, extracting sensitive information, modifying data, or disrupting services. Hacking techniques can be used for both malicious and ethical purposes, and the legality and ethics of hacking activities depend on the intentions and permissions involved.

A hardware backdoor is a hidden or intentionally designed entry point or vulnerability in a hardware device, such as a computer, networking equipment, or Internet of Things (IoT) device. A hardware backdoor provides unauthorised access to the device, bypassing security measures. Hardware backdoors can be implanted during the manufacturing process or added later by attackers, and they pose significant risks to the confidentiality, integrity, and security of the affected devices and the systems they are connected to.

A hardware security module (HSM) is a dedicated physical or logical device that provides secure storage, cryptographic operations, and key management services. HSMs are designed to protect and manage encryption keys, perform secure cryptographic operations, and enforce security policies. They are commonly used in enterprise environments, financial institutions, or applications that require high levels of security and protection for sensitive data and cryptographic processes.

A hash function is a mathematical function that takes an input (data) and produces a fixed-size string of characters, called a hash value or hash code. The hash function converts the input data into a unique representation that is typically of a fixed length. Hash functions are widely used in various security applications, such as data integrity verification, password storage, digital signatures, and message authentication codes (MACs).

A hash value, also known as a hash code or checksum, is the output generated by a hash function after processing an input (data). Hash values are unique representations of the input data, typically of a fixed length. Even a small change in the input data will produce a significantly different hash value. Hash values are commonly used for data integrity verification, fingerprinting, password hashing, or as identifiers in data structures like hash tables.

A honeynet is a purposefully created network or system that imitates a real production environment, designed to attract and monitor unauthorised or malicious activities. Honeynets are used for security research, intrusion detection, and capturing information about the techniques, tools, and behaviours used by attackers. By analysing the activities in a honeynet, organisations can gain valuable insights into new attack techniques, vulnerabilities, or emerging threats.

A honeypot is a decoy system or network component designed to attract and deceive attackers. Honeypots simulate vulnerable or enticing resources, such as servers, services, or files, to lure attackers into interacting with them. The activities within a honeypot are closely monitored to gather information about attacker behaviour, tactics, and tools. Honeypots are valuable tools for studying and understanding attackers' techniques, improving incident response, and enhancing overall security defences.

A honeypot network is a collection of interconnected honeypots deployed within a network infrastructure to detect and monitor unauthorised activities, intrusions, or attacks. By deploying multiple honeypots at different network locations, organisations can gain a broader view of attackers' activities, patterns, and the scope of their attacks. Honeypot networks enhance threat intelligence, provide early warning signs of potential attacks, and assist in forensic analysis and incident response efforts.

A honeytoken, also known as a tripwire or canary token, is a piece of false or specially created information that is intentionally planted within a system or network to detect unauthorised access, data leakage, or insider threats. Honeytokens can be unique documents, fake user accounts, or files that, when accessed or used, trigger an alert or indicate malicious activity. Honeytokens serve as early indicators of compromise and provide insights into potential security breaches.

A host-based intrusion detection system (HIDS) is a security solution or software installed on individual host systems, such as servers, workstations, or endpoints, to monitor and detect suspicious or malicious activities occurring on the host. HIDS agents analyse system logs, file changes, network connections, and other host-related events to identify indicators of unauthorised access, malware infections, or abnormal behaviour. HIDS helps detect and respond to intrusions at the host level.

Host-based security refers to the security measures, configurations, and solutions implemented on individual host systems to protect them from various threats and vulnerabilities. It includes practices such as hardening the host operating system, applying security patches, configuring firewalls, implementing antivirus software, and enabling host-based intrusion detection or prevention systems. Host-based security focuses on protecting the integrity, confidentiality, and availability of the individual hosts and the data they store or process.

A configuration parameter set before the learning process begins, affecting the behavior and performance of an AI model.

Parameters that are not learned by the machine learning algorithm itself but are set by the user before training. Hyperparameters control the behavior and performance of the model, such as learning rate, regularization strength, or the number of hidden layers in a neural network. Hyperparameter tuning is the process of finding the optimal values for these parameters.

Identity and access management (IAM) encompasses the policies, processes, and technologies used to manage and control digital identities and their access to resources within an organisation's IT environment. IAM systems include user provisioning, authentication, Authorisation, role-based access control (RBAC), password management, and user lifecycle management. IAM ensures that only authorized individuals can access the appropriate resources and helps protect against unauthorised access and data breaches.

Identity theft is a crime in which an individual's personal information, such as their name, Social Security number, credit card details, or other identifying data, is stolen or impersonated for fraudulent purposes. Identity theft can lead to financial loss, credit damage, reputational harm, and various forms of fraudulent activity, including unauthorised transactions, account takeovers, or the creation of fake identities. Protecting personal information and practicing secure online behaviours are crucial in mitigating the risks of identity theft.

The process of identifying and classifying objects or patterns within digital images. Image recognition techniques utilize computer vision and machine learning algorithms to analyze visual content and extract meaningful information.

Incident containment is the process of taking immediate actions to prevent an ongoing security incident from spreading, causing further damage, or compromising additional systems or data. It involves isolating affected systems or networks, disconnecting compromised devices from the network, suspending malicious processes or activities, and implementing containment measures, such as firewall rules or access restrictions. Incident containment aims to minimize the impact and scope of a security incident while allowing for effective incident response and investigation.

Incident handling refers to the organized and systematic approach taken by organisations to address and respond to security incidents effectively. Incident handling involves identifying and classifying incidents, containing and mitigating the impact, investigating the root causes, eradicating the threats, and restoring normal operations. It also includes documenting the incident, preserving evidence for forensic analysis, and implementing measures to prevent future incidents.

Incident management is a structured process for managing and resolving security incidents in a coordinated and efficient manner. It encompasses the activities of identifying, analysing , prioritizing, and responding to incidents, as well as communicating with stakeholders, coordinating resources, and tracking incident progress. The goal of incident management is to minimize the impact of incidents, restore services, and ensure a timely and effective response to security events or breaches.

Incident response is an organized approach to addressing and managing the aftermath of a security incident or data breach. It involves a coordinated effort by incident response teams to contain and mitigate the incident, investigate the cause, gather evidence, communicate with stakeholders, and implement remediation measures. Incident response aims to minimize the impact of incidents, restore operations, preserve data integrity, and prevent future incidents through lessons learned and security improvements.

Indicators of Compromise (IOCs) are artifacts, patterns, or evidence that indicate the presence or occurrence of a security incident or compromise. IOCs can include IP addresses, domain names, file hashes, registry entries, network traffic patterns, or other characteristics associated with malicious activity or known attack methods. IOCs are used to detect and identify threats, facilitate incident response, and enhance threat intelligence by correlating and analysing various security events and data sources.

An information security management system (ISMS) is a framework of policies, procedures, guidelines, and controls designed to manage and protect an organisation's information assets and ensure the confidentiality, integrity, and availability of information. An ISMS encompasses the processes of risk assessment, risk treatment, security controls implementation, incident response, and continuous improvement. It provides a systematic and structured approach to managing information security in line with organisational objectives and regulatory requirements.

Infrastructure as code (IaC) security focuses on ensuring the security and integrity of infrastructure components, such as virtual machines, containers, networks, or cloud resources, that are provisioned and managed through code and automation. IaC security involves implementing security controls, vulnerability management, secure configurations, access controls, and code review practices to minimize the risks associated with misconfigurations, vulnerabilities, or unauthorised access in the infrastructure-as-code environment.

Infrastructure security refers to the protection of an organisation's underlying IT infrastructure, including physical and virtual components, networks, servers, storage systems, and associated devices. It encompasses measures and controls implemented to prevent unauthorised access, data breaches, disruptions, or compromises to critical infrastructure components. Infrastructure security includes network security, server hardening, access controls, intrusion detection, logging and monitoring, and vulnerability management to ensure the confidentiality, integrity, and availability of infrastructure resources.

An insider threat refers to the risk posed by individuals within an organisation who have authorized access to systems, networks, or data and may intentionally or unintentionally misuse that access to cause harm, compromise security, or disclose sensitive information. Insider threats can include employees, contractors, or business partners. Mitigating insider threats involves implementing security controls, monitoring user activities, enforcing least privilege, conducting user awareness training, and creating a culture of security and trust.

Insider threat detection involves the use of technology, processes, and monitoring techniques to identify and detect potential insider threats within an organisation's systems and networks. It includes analysing user behaviour, network traffic, access logs, and other indicators to identify anomalies, suspicious activities, or deviations from normal behaviour that may indicate insider threats. Insider threat detection helps organisations proactively identify and respond to potential risks and insider-based attacks.

Insider threat prevention involves implementing security measures, policies, and controls to mitigate the risks posed by insiders with authorized access to systems, networks, or data. Prevention strategies include enforcing least privilege, implementing strong access controls, conducting background checks, implementing separation of duties, monitoring and auditing user activities, providing user awareness training, and creating a culture of security and accountability. Insider threat prevention aims to reduce the likelihood of insider incidents and minimize their impact on an organisation.

Integrity is one of the fundamental principles of information security and refers to the accuracy, consistency, and trustworthiness of data or information throughout its lifecycle. Data integrity ensures that information is complete, unaltered, and free from unauthorised modification or tampering. Maintaining data integrity involves implementing safeguards, such as access controls, encryption, backups, and audit trails, to prevent unauthorised changes, detect data tampering, and ensure the reliability and authenticity of information.

Intelligent security analytics combines advanced analytics techniques, machine learning algorithms, and threat intelligence to analyse vast amounts of security data and identify patterns, anomalies, or indicators of potential security threats or incidents. It helps security teams detect and respond to emerging threats, automate security event analysis, prioritize alerts, and provide actionable insights for incident response and decision-making. Intelligent security analytics enhances the effectiveness and efficiency of security operations and helps organisations stay ahead of evolving threats.

The network of interconnected physical devices embedded with sensors, software, and connectivity, enabling them to collect and exchange data.

Internet of Things (IoT) security focuses on protecting the security and privacy of IoT devices, networks, and data. IoT security addresses the unique challenges posed by interconnected devices, such as sensors, wearables, industrial equipment, or smart home devices, which can be vulnerable to attacks and pose risks to both individuals and organisations. It includes securing IoT devices, network communications, data encryption, access controls, firmware updates, and managing the lifecycle security of IoT deployments.

Intrusion detection is the process of monitoring and analysing network traffic, system events, or user activities to detect signs of unauthorised access, malicious activities, or security breaches. Intrusion detection systems (IDS) are deployed to identify known attack patterns, anomalies, or indicators of compromise that may indicate an ongoing or attempted intrusion. Intrusion detection helps organisations detect and respond to security incidents in a timely manner and mitigate the impact of attacks.

An intrusion detection system (IDS) is a security solution or software that monitors network traffic, system events, or user activities to detect signs of unauthorised access, malicious activities, or security breaches. IDS solutions analyse patterns, signatures, or anomalies in network packets, logs, or behaviour to identify potential threats or indicators of compromise. IDS can operate in real-time or offline and provide alerts or trigger automated responses to mitigate security incidents.

Intrusion prevention refers to the techniques, technologies, and controls used to proactively detect and block or prevent unauthorised access, malicious activities, or security breaches. Intrusion prevention systems (IPS) are deployed to analyse network traffic, detect known attack patterns or signatures, and block or mitigate threats in real-time. IPS solutions often combine intrusion detection capabilities with automated response mechanisms to actively protect networks and systems from attacks and unauthorised activities.

An intrusion prevention system (IPS) is a security solution or software that monitors network traffic, detects potential threats or anomalies, and actively blocks or mitigates security breaches in real-time. IPS combines the functions of an intrusion detection system (IDS) with automated response mechanisms to prevent unauthorised access, malicious activities, or exploits. IPS solutions analyse network packets, behaviour, or signatures to identify and proactively block potential threats, enhancing the security posture of organisations.

IP address filtering is a network security technique that involves selectively allowing or blocking network traffic based on the source or destination IP addresses. IP address filtering can be implemented using firewall rules, routers, or other network devices to restrict access to specific IP addresses or ranges. It helps organisations control network communications, prevent unauthorised access, or block traffic from known malicious IP addresses.

IP filtering, also known as packet filtering, is a network security technique that involves selectively allowing or blocking network traffic based on specific IP addresses, protocols, ports, or other criteria. IP filtering can be implemented using firewalls, routers, or other network devices to control network communications and enforce security policies. By filtering network traffic, organisations can protect against unauthorised access, block malicious traffic, or restrict network communication to authorized sources.

IPsec (Internet Protocol Security) is a suite of protocols and cryptographic techniques used to secure IP communications by providing authentication, integrity, and confidentiality. IPsec can be used to establish secure virtual private networks (VPNs) or secure communication channels between network devices. It encrypts and authenticates IP packets, preventing eavesdropping, tampering, or unauthorised access to network traffic. IPsec is widely used to enhance the security of internet-based communications and protect sensitive data.

An IPsec tunnel is a secure, encrypted communication channel established between two endpoints over an IP network. The IPsec tunnel encapsulates and encrypts network packets, protecting them from unauthorised access or tampering while traversing untrusted networks, such as the internet. IPsec tunnels are commonly used for secure remote access, site-to-site VPN connections, or securing communication between network devices across public or private networks.

IT governance refers to the processes, policies, and frameworks that organisations establish to ensure that IT activities align with business objectives, comply with regulations, and effectively manage IT risks. IT governance encompasses decision-making, resource allocation, performance measurement, and accountability for IT investments, projects, and operations. It provides a structured approach to aligning IT strategies with business goals, optimizing IT investments, and ensuring the effective and efficient use of IT resources.

JavaScript security focuses on protecting web applications and users from malicious or unauthorised JavaScript code that can be executed within a browser environment. JavaScript security includes secure coding practices, input validation, output encoding, client-side input sanitization, and protection against cross-site scripting (XSS) attacks. It also involves using content security policies, sandboxing, and secure coding frameworks to prevent the execution of malicious JavaScript code and protect against client-side vulnerabilities.

Kerberos authentication is a network authentication protocol that provides secure authentication for client-server applications or systems in a distributed computing environment. Kerberos uses cryptographic techniques to authenticate clients and servers, issuing tickets that validate their identities and grant access to specific resources. It ensures the confidentiality and integrity of authentication information, reducing the risk of password-based attacks and unauthorised access to systems or data.

Key escrow is a process in which a trusted third party, such as a government agency or a designated entity, holds a copy of encryption keys used for secure communications or data protection. Key escrow allows authorized parties to access encrypted data or communications by obtaining the decryption keys from the escrow agent, usually under specific legal or exceptional circumstances. Key escrow is a controversial topic due to concerns about privacy, security, and potential abuse of access to encryption keys.

Key management refers to the processes, procedures, and policies involved in generating, storing, distributing, and revoking cryptographic keys used for encryption, decryption, authentication, or digital signatures. Effective key management practices include key generation, secure key storage, key distribution, key rotation, and key revocation. Key management ensures the confidentiality, integrity, and availability of encryption keys and is critical to maintaining the security of cryptographic systems and protecting sensitive data.

A key management service (KMS) is a centralized system or platform that provides secure key storage, generation, distribution, and management functions for cryptographic keys used in various applications, systems, or services. KMSs offer key lifecycle management, access controls, encryption/decryption capabilities, and integration with other cryptographic services. KMSs simplify the complexities of key management, enhance key security, and facilitate the use of encryption in organisations' systems and applications.

A keylogger, or keystroke logger, is a type of malicious software or hardware device designed to record and monitor keystrokes typed on a computer or mobile device. Keyloggers can capture sensitive information, such as passwords, credit card numbers, or personal messages, without the user's knowledge or consent. Keyloggers can be used for malicious purposes, such as identity theft, espionage, or unauthorised access. Detecting and removing keyloggers requires robust security measures and regular system scans.

Keystroke dynamics, also known as keystroke biometrics or typing biometrics, is a behavioural biometric authentication method that analyses a user's typing patterns, rhythms, or keystroke timing to verify their identity. Keystroke dynamics capture unique patterns in how individuals type on a keyboard, including factors such as key press duration, intervals between keystrokes, and typing speed. By comparing these patterns against enrolled user profiles, keystroke dynamics can authenticate users and detect anomalies that may indicate unauthorised access or fraudulent activity.

Keystroke injection refers to a technique used by certain types of malicious software or hardware devices to simulate or inject keystrokes into a target system or application. By emulating user input, keystroke injection attacks can automate malicious actions, perform unauthorised actions, or bypass security controls. Keystroke injection attacks are often used in combination with social engineering techniques to compromise systems, steal sensitive information, or gain unauthorised access.

Keystroke logging, also known as keylogging, is the process of recording and monitoring keystrokes typed on a computer or mobile device. Keyloggers can be implemented as software or hardware devices and capture all keystrokes, including passwords, usernames, emails, and other sensitive information. Keystroke logging can be used for various purposes, including legitimate monitoring and forensic analysis, but it is also a technique employed by malicious actors to gather sensitive data or engage in unauthorised activities.

A structured representation of knowledge, typically using a graph-based data model, to capture and organize information for AI applications.

The process of structuring and organizing information in a way that can be effectively used by AI systems. Knowledge representation techniques aim to capture and model human knowledge, enabling machines to reason, infer, and make intelligent decisions.

Layered security, also referred to as defence in depth, is an approach to cybersecurity that involves implementing multiple layers of security controls and measures throughout an organisation's systems, networks, and applications. Each layer provides an additional line of defence, and if one layer is breached, other layers can still provide protection. Layered security includes a combination of technologies, processes, policies, and user awareness, such as firewalls, intrusion detection systems, access controls, encryption, and regular security updates. The goal is to create a comprehensive and robust security posture that mitigates the risk of various threats and vulnerabilities.

The principle of least common mechanism is a security design principle that states that the mechanisms shared by multiple users or components should be minimised to reduce the potential impact of a security breach. By minimizing the commonalities among users or components, the principle aims to limit the potential for unauthorised access or compromise. For example, in a multi-user system, each user should have their own unique account and privileges rather than sharing a common account. This principle helps prevent unauthorised access, privilege escalation, and the spread of security breaches.

Least privilege is a security principle that advocates granting users or entities the minimum level of privileges or access rights necessary to perform their authorized tasks or functions. Users should only be given the specific permissions and access required to fulfill their job responsibilities, and additional privileges should not be granted by default. By applying the principle of least privilege, organisations can limit the potential damage caused by compromised accounts or malicious actors, reduce the attack surface, and maintain tighter control over access to critical systems, data, and resources.

A logic bomb is a type of malicious code or software program that is designed to execute a specific malicious action when a certain condition or trigger event occurs. Logic bombs are typically embedded within legitimate programs and remain dormant until the predetermined condition is met, such as a specific date, time, or user action. Once triggered, the logic bomb may perform destructive actions, delete or modify data, or disrupt system operations. Logic bombs are often used as a form of sabotage or to cause financial or reputational harm.

A logic bomb trigger is the specific condition or event that activates a logic bomb, causing it to execute its intended malicious actions. The trigger can be based on various factors, such as a specific date and time, a certain user action, the presence or absence of certain files, or the occurrence of a specific system event. The trigger serves as the activation mechanism for the logic bomb, initiating the malicious activities programmed within the code.

A programming paradigm that uses mathematical logic to represent and solve problems. Logic programming languages, such as Prolog, facilitate the development of rule-based systems and reasoning engines.

A subset of AI that focuses on the development of algorithms and models that allow computers to learn and make predictions or decisions based on patterns and data, without being explicitly programmed.

Machine learning in cybersecurity refers to the application of machine learning algorithms and techniques to analyse large volumes of security data, detect patterns, identify anomalies, and make predictions or decisions to prevent, detect, and respond to cybersecurity threats. Machine learning algorithms can be trained on historical data to recognize known attack patterns and indicators of compromise, and they can also adapt and learn from new data to detect emerging or unknown threats. Machine learning is used in various cybersecurity domains, such as malware detection, anomaly detection, user behaviour analytics, and threat intelligence.

Machine learning-based detection is an approach to cybersecurity threat detection that utilizes machine learning algorithms and models to identify patterns, behaviours, or characteristics associated with security threats. By training on large datasets of known security incidents, machine learning models can learn to recognize common attack patterns or anomalies in network traffic, system logs, user behaviour, or other data sources. Machine learning-based detection can enhance the accuracy and efficiency of threat detection by automating the analysis of vast amounts of security data and identifying indicators of potential threats or breaches.

Malicious software, commonly known as malware, refers to any software or code specifically designed to cause harm, compromise security, or perform unauthorised actions on a computer, network, or device. Malware includes various types, such as viruses, worms, Trojans, ransomware, spyware, adware, and rootkits. Malware can be spread through infected email attachments, malicious websites, software vulnerabilities, or social engineering techniques. Its goals may include data theft, system disruption, financial fraud, or unauthorised access.

Malvertising, a combination of "malicious" and "advertising," refers to the distribution of malicious software or code through online advertisements. Attackers exploit legitimate ad networks or inject malicious code into legitimate ads to deliver malware to unsuspecting users who click on the ads or visit compromised websites. Malvertising often involves social engineering techniques to trick users into clicking on malicious ads or downloading malware. It poses a significant threat to both individuals and organisations and requires effective ad blocking, web filtering, and user awareness to mitigate the risks.

Malware analysis is the process of examining and studying malicious software to understand its functionality, behaviour, and potential impact. Malware analysts use various techniques and tools to reverse-engineer malware, extract its code, analyse its behaviour in controlled environments (such as sandboxes), and identify its capabilities, infection vectors, or communication mechanisms. Malware analysis helps security professionals develop effective countermeasures, detect new malware variants, and improve incident response and mitigation strategies.

Malware sandboxing is a technique used to execute potentially malicious software or code within a controlled and isolated environment, called a sandbox. Sandboxing allows security analysts to observe the behaviour and actions of malware without exposing the underlying system or network to its potential risks. By running malware in a controlled environment, analysts can monitor its activities, track its network connections, and capture its actions to understand its behaviour, identify its capabilities, and develop appropriate countermeasures.

A man-in-the-middle (MITM) attack is a type of attack where an attacker secretly intercepts and possibly modifies communication between two parties who believe they are directly communicating with each other. The attacker positions themselves between the two parties and can intercept, eavesdrop on, or alter the information being exchanged. MitM attacks can occur in various scenarios, such as on unsecured public Wi-Fi networks, compromised network infrastructure, or through the use of malicious software. MitM attacks can lead to the theft of sensitive information, unauthorised access, or the injection of malicious content.

A mathematical framework used for modeling decision-making problems involving sequential actions and uncertain outcomes. MDPs are employed in reinforcement learning to formulate and solve optimization problems in dynamic environments.

Mobile device management (MDM) is a comprehensive approach to managing and securing mobile devices, such as smartphones, tablets, or laptops, within an organisation's network or infrastructure. MDM solutions provide centralized control and administration of mobile devices, allowing organisations to enforce security policies, configure settings, deploy applications, and remotely manage and monitor devices. MDM helps protect sensitive data, enforce security controls, and ensure compliance with organisational policies on mobile devices used within the enterprise.

Multi-factor authentication (MFA), also known as two-factor authentication (2FA) or multi-step verification, is a security mechanism that requires users to provide multiple forms of identification or verification to gain access to a system, application, or data. MFA combines different factors, such as something the user knows (e.g., a password), something the user possesses (e.g., a physical token or mobile device), or something inherent to the user (e.g., biometric data). MFA adds an additional layer of security beyond traditional username and password authentication, mitigating the risks of password-based attacks and unauthorised access.

The process of generating human-like text or language by computers. NLG systems analyze data and generate coherent and contextually appropriate text, enabling applications such as automated report generation or chatbot responses.

The area of AI concerned with enabling computers to understand, interpret, and generate human language. It involves tasks such as language translation, sentiment analysis, and speech recognition.

The ability of AI systems to comprehend and extract meaning from human language, including syntactic and semantic analysis.

Network access control (NAC) is a security approach that enforces policies to control and manage devices attempting to connect to a network. NAC solutions authenticate and evaluate the compliance of devices, such as laptops, smartphones, or IoT devices, before granting them access to the network. NAC systems enforce security policies, ensure devices are free from malware or vulnerabilities, and provide visibility and control over network access. NAC helps protect against unauthorised access, enforce security standards, and maintain the integrity of network resources.

Network architecture refers to the design and structure of a computer network, including its components, protocols, and connectivity. It defines the layout, organisation, and interconnections of devices, servers, routers, switches, and other network elements. Network architecture plays a crucial role in establishing the security, scalability, performance, and reliability of a network. It includes considerations such as network segmentation, secure protocols, access controls, intrusion detection systems, and disaster recovery mechanisms.

Network security encompasses measures and practices designed to protect the integrity, confidentiality, and availability of data and resources within a computer network. It involves implementing various security controls, such as firewalls, intrusion detection/prevention systems, access controls, encryption, and network monitoring. Network security aims to prevent unauthorised access, detect and respond to security incidents, protect against network-based attacks, and ensure the secure transmission and storage of data across networks.

Network segmentation is the practice of dividing a computer network into smaller, isolated subnetworks to enhance security, control access, and contain the impact of security incidents. By segmenting a network, organisations can separate critical systems or sensitive data from the rest of the network, restrict communication between segments, and apply tailored security controls to each segment. Network segmentation helps limit lateral movement by attackers, reduces the attack surface, and prevents the spread of threats within the network.

Network segregation refers to the isolation of different network segments or zones to enhance security and prevent unauthorised access or lateral movement. Segregation involves placing network resources, such as servers, devices, or services, into separate logical or physical segments, often connected through firewalls or routers. Each segment has its own security controls, access policies, and trust levels. Network segregation helps contain security incidents, limit the impact of breaches, and control communication between different parts of the network.

A computational model inspired by the human brain's structure and function, consisting of interconnected artificial neurons that process and transmit information.

Computational models inspired by the structure and function of the human brain, consisting of interconnected nodes (neurons) organized in layers. They process information and learn by adjusting the strengths of connections (weights) between neurons.

Non-repudiation is a security concept that ensures that the parties involved in a transaction or communication cannot deny their involvement or the authenticity of the exchanged information. It provides proof of the integrity and origin of data, preventing the sender or recipient from denying their actions or the validity of a digital transaction. Non-repudiation mechanisms, such as digital signatures or transaction logs, provide strong evidence of the authenticity, integrity, and accountability of electronic communications or transactions.

OAuth (Open Authorisation) is an open standard protocol that allows users to grant authorized access to their resources, such as personal information or social media accounts, to third-party applications or services without sharing their credentials (e.g., username and password). OAuth enables secure and controlled Authorisation, authentication, and access delegation across different systems or platforms. It provides a framework for users to grant temporary access tokens to authorized applications while maintaining control over their personal information and minimizing the risk of unauthorised access.

An OAuth token is a credential or access token issued by an OAuth Authorisation server to an application after a user has granted permission for the application to access specific resources or perform certain actions on their behalf. OAuth tokens are used by applications to authenticate and authorize their interactions with other systems or APIs without requiring the user's credentials for each request. OAuth tokens have a limited lifespan and can be revoked by the user, providing control and security over third-party access to user resources.

An open port refers to a network communication endpoint or service that is actively listening and ready to accept incoming connections. Ports are identified by numeric values and are associated with specific network protocols or services. An open port indicates that a particular service or application is running and accessible on a specific network address. Open ports can be potential entry points for unauthorised access or exploitation if they are not properly secured or if the associated services have vulnerabilities.

An open redirect is a vulnerability that allows an attacker to redirect users from one website or web application to an untrusted or malicious website. Open redirects are often caused by improper validation or sanitization of user-supplied input in redirect URLs. Attackers can craft malicious URLs that exploit open redirect vulnerabilities to trick users into visiting phishing sites, downloading malware, or disclosing sensitive information. Proper input validation and secure coding practices are necessary to mitigate the risk of open redirect vulnerabilities.

Open-source security refers to the measures, practices, and considerations associated with the security of Open-source software. It encompasses activities such as code review, vulnerability assessment, patch management, and secure deployment of Open-source components. Open-source security emphasizes the importance of community-driven collaboration, transparency, and timely response to vulnerabilities or security incidents within Open-source projects. It also highlights the need for organisations to implement proper controls and due diligence when using Open-source software in their environments.

Operating system (OS) hardening is the process of configuring an operating system to reduce its attack surface and strengthen its security posture. OS hardening involves applying security best practices, such as disabling unnecessary services, removing or securing default accounts, applying security patches, configuring access controls, enabling audit logging, and implementing additional security measures provided by the operating system. OS hardening helps protect against common vulnerabilities and provides a more secure foundation for running applications and services.

A phenomenon in ML where a model becomes excessively specialized to the training data, resulting in poor generalization to new, unseen data.

Phenomena that occur during machine learning when a model performs poorly due to either excessive complexity or lack of flexibility. Overfitting happens when a model fits the training data too closely and fails to generalize well to unseen data. Underfitting occurs when a model is too simple to capture the underlying patterns and fails to learn from the training data effectively.

Packet sniffing, also known as network sniffing or packet capturing, is the process of intercepting and analysing network traffic packets to inspect their content, gather information, or capture sensitive data. Packet sniffing can be performed using specialised software or hardware tools that capture and analyse network packets as they traverse a network interface. While packet sniffing has legitimate uses, such as network troubleshooting and monitoring, it can also be used for malicious purposes, such as capturing unencrypted passwords or sensitive information.

Password cracking is the process of attempting to recover or guess a password by systematically testing different combinations of characters until the correct password is found. Password cracking can be performed using various techniques, such as dictionary attacks (trying commonly used passwords), brute force attacks (trying all possible combinations), or rainbow table attacks (using precomputed tables of hashed passwords). Password cracking is often used by attackers to gain unauthorised access to user accounts or sensitive information. Strong passwords, password complexity requirements, and proper password storage mechanisms help mitigate the risk of password cracking.

A password policy is a set of rules and requirements that govern the creation, management, and use of passwords within an organisation or system. Password policies define criteria such as password length, complexity, expiration, reuse restrictions, and account lockout rules. By enforcing a strong password policy, organisations can enhance the security of user accounts, reduce the risk of password-based attacks, and promote good password hygiene among users. Regular password policy enforcement, user education, and password management tools are essential components of an effective password policy.

Password policy enforcement refers to the mechanisms and processes in place to ensure that users adhere to the defined password policy within an organisation or system. Password policy enforcement may include technical controls, such as password complexity checks, expiration mechanisms, account lockout after failed login attempts, and password history checks. It also involves user awareness and education about the importance of password security and compliance with the password policy. Password policy enforcement helps maintain the integrity and security of user accounts and reduces the risk of password-related attacks.

Password spraying is a technique used in password attacks where an attacker attempts a small number of commonly used passwords against a large number of user accounts. Unlike traditional brute force attacks, which involve trying all possible password combinations for a single user account, password spraying aims to bypass account lockout policies by avoiding excessive failed login attempts. Attackers use lists of common passwords or previously breached passwords to increase the chances of success. Strong password policies, multi-factor authentication, and account lockout mechanisms can help mitigate the risk of password spraying attacks.

Patch management is the process of acquiring, testing, deploying, and monitoring software updates, known as patches, to fix vulnerabilities, address software bugs, or improve the functionality of systems, applications, or devices. Patch management involves identifying vulnerable software, tracking patch releases, assessing the impact and compatibility of patches, and implementing a systematic approach to apply patches across an organisation's infrastructure. Effective patch management helps mitigate the risk of exploitation through known vulnerabilities and ensures that systems are up to date with the latest security fixes.

Patch testing is the practice of evaluating software patches or updates in a controlled environment before deploying them to production systems or critical environments. Patch testing involves conducting thorough testing procedures to ensure that the patch does not introduce new issues, conflicts with existing software or configurations, or adversely affects system stability or performance. Testing patches helps organisations minimize the potential disruption or negative impact that could result from deploying faulty or incompatible patches. It ensures that patches are validated and reliable before being applied to production systems.

In the context of cybersecurity, a payload refers to the malicious component or code within a cyber attack. The payload is the part of the attack that performs the intended malicious action, such as data theft, system compromise, unauthorised access, or the execution of destructive commands. The payload can be delivered through various means, including email attachments, infected files, malicious URLs, or compromised websites. Understanding the payload is crucial for detecting, analysing , and mitigating cyberattacks.

A penetration tester, also known as an ethical hacker or white hat hacker, is a security professional who assesses the security of systems, networks, applications, or infrastructure by simulating real-world attacks. Penetration testers use various tools, techniques, and methodologies to identify vulnerabilities, exploit weaknesses, and gain unauthorised access to test environments. The goal of penetration testing is to evaluate the effectiveness of security controls, discover vulnerabilities before malicious actors do, and provide recommendations to improve the overall security posture of an organisation.

Penetration testing, often referred to as pen testing or ethical hacking, is a proactive security assessment technique that involves simulating real-world attacks on systems, networks, applications, or infrastructure to identify vulnerabilities and assess the effectiveness of security controls. Penetration testing is conducted by skilled security professionals who use various methods, tools, and techniques to exploit weaknesses, gain unauthorised access, and assess the impact of potential attacks. The results of penetration testing provide valuable insights into an organisation's security vulnerabilities and help prioritize remediation efforts.

Penetration testing tools are software applications or frameworks designed to assist security professionals in performing penetration testing activities. These tools automate and facilitate the identification of vulnerabilities, the exploitation of weaknesses, and the assessment of security controls. Penetration testing tools can include vulnerability scanners, network scanners, password crackers, exploit frameworks, wireless analysis tools, and forensic analysis utilities. The selection and use of appropriate penetration testing tools depend on the specific testing objectives, the target environment, and the skills and expertise of the tester.

A personal firewall is a security software application or hardware device designed to protect an individual user's computer or device from unauthorised network access and malicious activities. Personal firewalls monitor inbound and outbound network traffic, apply access control policies, and block or allow connections based on predefined rules. They help prevent unauthorised access to the system, detect and block malicious traffic, and provide an additional layer of defence against network-based attacks. Personal firewalls are commonly used in home or individual user environments to enhance the security of personal devices and data.

Phishing is a cyberattack technique where attackers impersonate trustworthy entities, such as legitimate organisations, to deceive individuals into revealing sensitive information, such as passwords, usernames, credit card details, or social security numbers. Phishing attacks are typically carried out through fraudulent emails, instant messages, or malicious websites that mimic legitimate sources. The aim of phishing attacks is to trick users into clicking on malicious links, opening malicious attachments, or providing personal information, which can then be used for identity theft, financial fraud, or unauthorised access.

Phishing awareness training is an educational program designed to educate users about the risks of phishing attacks, how to identify phishing attempts, and best practices for safe online behaviour. Phishing awareness training aims to raise awareness among individuals and organisations about the tactics, techniques, and red flags associated with phishing attacks. It provides guidance on identifying suspicious emails, avoiding phishing scams, and reporting phishing incidents. Phishing awareness training is an essential component of a comprehensive cybersecurity awareness program to help users become more vigilant and resilient against phishing threats.

Phishing simulation is a proactive security measure that involves the creation and execution of simulated phishing campaigns to test the awareness, response, and susceptibility of individuals within an organisation to phishing attacks. Phishing simulations mimic real phishing emails or scenarios to assess user behaviour, identify vulnerabilities, and measure the effectiveness of security awareness training programs. Phishing simulations help organisations evaluate their readiness to detect and resist phishing attacks, identify areas for improvement, and reinforce security best practices among employees.

Physical access control refers to the measures, processes, and techniques used to restrict or manage physical access to physical premises, facilities, or sensitive areas within an organisation. Physical access control includes various mechanisms, such as security guards, badges, access cards, biometric systems, surveillance cameras, locks, and barriers. The goal of physical access control is to prevent unauthorised individuals from entering restricted areas, protect physical assets and resources, ensure employee safety, and maintain the confidentiality and integrity of sensitive information.

Physical security encompasses the measures and practices implemented to protect physical assets, facilities, resources, and personnel from unauthorised access, theft, damage, or threats. Physical security measures can include physical barriers, access controls, surveillance systems, security personnel, alarm systems, video monitoring, and environmental controls. Physical security aims to safeguard critical infrastructure, data centres, offices, storage areas, and other physical assets from physical breaches, intrusions, theft, natural disasters, or other physical risks.

A ping sweep, also known as an ICMP sweep, is a network scanning technique that involves sending Internet Control Message Protocol (ICMP) echo request messages (pings) to a range of IP addresses to determine which hosts are online or reachable. Ping sweeps can be performed using specialised tools or command-line utilities. The responses received indicate the presence of active hosts, allowing administrators to identify live systems, assess network connectivity, or detect unauthorised devices. Ping sweeps can be used for network troubleshooting, reconnaissance, or security auditing purposes.

Port scanning is the process of systematically scanning a computer network to identify open ports on target systems. Port scanning can be performed using automated tools or scripts that send network requests to specific ports on target IP addresses. By examining the responses received, port scanning helps identify listening services, protocols, or potential vulnerabilities on networked devices. Port scanning is used for network security assessments, vulnerability assessments, and network troubleshooting, but it can also be employed by attackers to identify potential entry points for exploitation.

Privacy refers to the right of individuals to control the collection, use, and disclosure of their personal information. In the context of cybersecurity, privacy involves protecting personal data from unauthorised access, use, or disclosure by implementing appropriate technical and organisational measures. Privacy considerations encompass compliance with privacy laws and regulations, data protection practices, secure data handling, consent management, data minimization, and transparency in data processing. Protecting privacy helps maintain individuals' autonomy, trust, and control over their personal information in an increasingly digital and interconnected world.

A privacy breach, also known as a data breach or security incident, occurs when there is unauthorised access, disclosure, or loss of personal information, resulting in a potential compromise of privacy. Privacy breaches can happen due to various factors, including cyberattacks, insider threats, human error, system vulnerabilities, or physical theft. The consequences of privacy breaches can be significant, leading to identity theft, financial fraud, reputational damage, or legal and regulatory repercussions. Organisations must have incident response plans, security controls, and proactive measures in place to prevent and respond to privacy breaches effectively.

A privacy policy is a statement or document that outlines an organisation's practices and commitments regarding the collection, use, storage, and disclosure of personal information. Privacy policies inform individuals about how their personal data is handled, the purposes for which it is collected, the types of information collected, the security measures in place, and their rights and options for controlling their data. Privacy policies are essential for transparency, compliance with privacy regulations, and building trust between organisations and individuals whose data is being collected or processed.

Privacy-enhancing technologies (PETs) are tools, techniques, or methodologies designed to protect individual privacy by minimizing or eliminating the collection, use, or disclosure of personal information. PETs aim to provide individuals with control over their personal data while still enabling the delivery of desired services or functionality. Examples of PETs include encryption, anonymization techniques, identity management systems, data minimization approaches, secure protocols, and privacy-preserving data analysis methods. PETs play a crucial role in ensuring privacy in various contexts, such as healthcare, financial services, and online interactions.

A private key, in the context of public key cryptography, is a secret cryptographic key that is kept confidential and known only to the owner. Private keys are used in asymmetric encryption algorithms, where different keys are used for encryption and decryption. The possession of the private key enables the decryption of data encrypted with the corresponding public key. Private keys are essential for ensuring the confidentiality, integrity, and authenticity of communications, digital signatures, and secure transactions.

Statistical models that represent the probabilistic relationships between random variables using directed or undirected graphs. Probabilistic graphical models, such as Bayesian networks and Markov networks, are used for reasoning under uncertainty and performing probabilistic inference.

A protocol analyser, also known as a network analyser or packet sniffer, is a tool or software application used to capture, analyse, and decode network traffic in real time. Protocol analysers intercept network packets, extract relevant data, and provide insights into network protocols, communications, and potential issues. Protocol analysers help troubleshoot network connectivity problems, identify network misconfigurations, investigate network performance issues, or analyse network security incidents. They are valuable tools for network administrators, security professionals, and network protocol developers.

A proxy server acts as an intermediary between client devices and servers, facilitating client-server communication. When a client sends a request to access a server, the request is first sent to the proxy server, which then forwards the request to the appropriate server on behalf of the client. Proxy servers can provide various functionalities, such as caching, content filtering, access control, anonymization, or load balancing. From a security perspective, proxy servers can enhance privacy, protect against certain types of attacks, and provide an additional layer of security by isolating clients from direct contact with servers.

A public key, in the context of public key cryptography, is a key that is made available to others for encryption or verification purposes. Public keys are part of an asymmetric encryption algorithm, where different keys are used for encryption and decryption. The public key can be freely distributed and used by anyone to encrypt data or verify digital signatures created with the corresponding private key. Public keys enable secure communication, confidentiality, and integrity in various applications, including secure email, digital certificates, and secure web browsing.

Public key cryptography, also known as asymmetric cryptography, is a cryptographic system that uses a pair of mathematically related keys, a public key and a private key, for secure communication and data protection. Public key cryptography allows for encryption and decryption of data using different keys. The public key is widely distributed and used for encryption, while the private key is kept secret and used for decryption. Public key cryptography provides confidentiality, integrity, and authenticity in various applications, including secure messaging, digital signatures, and secure online transactions.

Public key infrastructure (PKI) is a framework of policies, procedures, hardware, software, and services that enable the creation, distribution, management, and revocation of digital certificates and public-private key pairs. PKI provides the infrastructure necessary for implementing secure communication, authentication, and data protection using public key cryptography. PKI supports the issuance and verification of digital certificates, certificate authorities (CAs), certificate revocation lists (CRLs), and other components required for secure and trusted communication in various domains, such as e-commerce, online banking, and secure email.

Public Wi-Fi security refers to the protection of data and privacy when connecting to and using public Wi-Fi networks, such as those found in coffee shops, airports, or hotels. Public Wi-Fi networks are inherently insecure and can be vulnerable to various attacks, such as eavesdropping, man-in-the-middle attacks, or spoofing. To enhance public Wi-Fi security, individuals should use secure and encrypted connections (e.g., HTTPS), avoid transmitting sensitive information over unsecured networks, and consider using virtual private networks (VPNs) to create secure tunnels for their internet traffic.

QR code security refers to the measures and practices implemented to ensure the integrity, authenticity, and safety of Quick Response (QR) codes. QR codes are two-dimensional barcodes that can store various types of information, such as website URLs, product details, or contact information. QR code security involves protecting against the generation or distribution of malicious QR codes that may lead to phishing websites, malware downloads, or unauthorised access. Users should be cautious when scanning QR codes from unknown or untrusted sources and use QR code scanning apps that provide security features and verify the content before execution.

Quantum cryptography, also known as quantum key distribution (QKD), is a cryptographic method that leverages the principles of quantum mechanics to secure communication channels. Quantum cryptography provides provable security against eavesdropping and interception by exploiting the fundamental properties of quantum mechanics, such as the uncertainty principle and the no-cloning theorem. QKD enables the generation and distribution of encryption keys with high security guarantees, ensuring the confidentiality and integrity of data transmitted over the network. Quantum cryptography is an emerging field that holds promise for future secure communication systems resistant to quantum computing attacks.

A rainbow table is a precomputed table of encrypted passwords or hash values used in password cracking attacks. Rainbow tables are created by generating and storing a vast number of possible plaintext-to-hash pairs. These tables can then be used to quickly look up the original password corresponding to a given hash value, significantly speeding up the password cracking process. To mitigate the effectiveness of rainbow table attacks, secure password storage techniques, such as salted hashing or adaptive hashing algorithms, should be used.

Ransomware is a type of malicious software (malware) that encrypts a victim's files or locks their entire system, holding it hostage until a ransom is paid. Ransomware attacks often involve the encryption of critical files or systems, rendering them inaccessible until a decryption key is provided by the attacker upon payment. Ransomware can be delivered through various vectors, including email attachments, malicious downloads, or exploit kits. Preventative measures against ransomware include regular data backups, robust security software, user education, and the use of software patches and updates to address vulnerabilities.

Ransomware negotiation refers to the process of communication and negotiation with attackers or ransomware operators after a ransomware attack has occurred. Negotiation may involve attempts to lower the ransom amount, verify the decryption capability, establish payment terms, or request proof of data decryption before making payment. Ransomware negotiation is a delicate and complex process, often involving specialised expertise and the involvement of law enforcement agencies or professional incident response teams. Organisations may choose to engage in negotiation to minimize the impact of an attack or explore alternative recovery options.

Real-time monitoring, also known as continuous monitoring, is an ongoing process of observing, analysing , and responding to events or activities in real time. In the context of cybersecurity, real-time monitoring involves the proactive and continuous collection, analysis, and correlation of security-related events, logs, or data from various sources, such as network devices, systems, applications, or user activities. Real-time monitoring enables the timely detection of security incidents, anomalies, or threats, allowing for immediate response and mitigation actions to minimize potential damage or unauthorised access.

AI systems that suggest personalized recommendations to users based on their preferences, behavior, and historical data.

Recovery time objective (RTO) is a metric that defines the maximum acceptable downtime for a system, service, or application following a disruptive event or disaster. RTO represents the target timeframe within which an organisation aims to recover its critical operations and resume normal business functions after an incident. The RTO is defined based on the recovery capabilities, business requirements, and criticality of the organisation's assets. Effective disaster recovery and business continuity planning involve setting appropriate RTOs, establishing recovery strategies, and implementing measures to meet the defined recovery objectives.

A type of neural network designed to process sequential data by maintaining internal memory, making it suitable for tasks such as natural language processing and speech recognition.

Neural networks that can process sequential data by utilizing feedback connections. RNNs maintain internal memory, allowing them to capture dependencies and context over time, making them suitable for tasks like speech recognition and language modeling.

Red teaming is a cybersecurity practice that involves an independent group or team of professionals simulating the actions and mindset of potential attackers to evaluate the effectiveness of security measures, identify vulnerabilities, and test an organisation's defences. Red teaming goes beyond traditional penetration testing by emulating the tactics, techniques, and procedures of real-world adversaries. Red teams conduct comprehensive assessments, including reconnaissance, social engineering, network exploitation, and physical security tests, providing organisations with valuable insights into their security strengths and weaknesses.

A type of supervised learning that models the relationship between input variables and continuous output variables. Regression algorithms are used to predict numerical values or estimate trends based on training data.

Techniques used to prevent overfitting in machine learning models by adding additional constraints or penalties to the loss function. Regularization methods, such as L1 and L2 regularization, encourage the model to be simpler and reduce the influence of irrelevant features, improving generalization and reducing the risk of overfitting.

A type of machine learning where an agent learns to make decisions by interacting with an environment. It learns through trial and error, receiving feedback in the form of rewards or penalties, with the goal of maximizing cumulative rewards.

Remote access refers to the ability to connect to and use computer systems or networks from a location external to the physical infrastructure. Remote access allows users to access resources, applications, or data remotely, typically over the internet, providing flexibility and convenience. Secure remote access solutions, such as virtual private networks (VPNs), secure shell (SSH), or remote desktop protocols (RDP), establish encrypted tunnels or secure connections to protect the confidentiality and integrity of data transmitted between the remote user and the accessed system or network.

Remote code execution (RCE) is a security vulnerability that allows an attacker to execute arbitrary code or commands on a targeted system or application from a remote location. RCE vulnerabilities can be exploited to gain unauthorised access, control compromised systems, launch further attacks, or perform malicious actions. RCE vulnerabilities are typically the result of software flaws, such as buffer overflows, command injection, or deserialization vulnerabilities. To mitigate the risk of remote code execution, software developers should follow secure coding practices, promptly apply patches and updates, and implement strong input validation and sanitization techniques.

A response plan, also known as an incident response plan (IRP) or a cyber incident response plan (CIRP), is a predefined set of actions and procedures that outline how an organisation should respond to and handle security incidents or cyber-attacks. Response plans provide a structured approach to detecting, containing, eradicating, and recovering from security incidents, minimizing the impact on business operations, and restoring normalcy. Response plans typically include roles and responsibilities, communication channels, incident triage processes, containment strategies, forensics procedures, and steps for stakeholder notification and coordination.

Reverse engineering is the process of analysing a technology, software, or system to understand its design, functionality, or behaviour by examining its components, code, or structure. In the context of cybersecurity, reverse engineering often involves decompiling or disassembling software binaries to examine their inner workings, identify vulnerabilities, extract sensitive information, or uncover hidden functionality. Reverse engineering can be used for both defensive and offensive purposes, such as vulnerability research, malware analysis, software patching, or the development of exploits or countermeasures.

Risk assessment is the process of identifying, analysing , and evaluating potential risks or vulnerabilities to determine their likelihood and potential impact on an organisation's assets, operations, or objectives. Risk assessment involves identifying assets, threats, vulnerabilities, and potential consequences. It helps prioritize risks, define risk mitigation strategies, allocate resources, and make informed decisions to manage and mitigate risks effectively. Risk assessments are integral to establishing a risk management framework and ensuring the protection and resilience of an organisation's critical assets and information.

Risk management is the ongoing process of identifying, assessing, prioritizing, and mitigating risks to minimize potential harm and maximize opportunities within an organisation. Risk management involves identifying and analysing risks, evaluating their potential impact, implementing risk mitigation measures, and continuously monitoring and reviewing the effectiveness of risk controls. Risk management aims to strike a balance between risk tolerance, business objectives, and resource allocation, enabling informed decision-making and proactive management of potential threats or vulnerabilities.

Risk mitigation is the process of implementing measures and strategies to reduce or eliminate potential risks or vulnerabilities within an organisation. Risk mitigation focuses on minimizing the likelihood or impact of identified risks through preventative actions, controls, or countermeasures. Risk mitigation strategies can include implementing security controls, conducting training and awareness programs, applying patches and updates, adopting redundant systems, developing incident response plans, or transferring risk through insurance. Risk mitigation aims to reduce the potential negative impact of risks and ensure the continuity and resilience of business operations.

The interdisciplinary field that combines AI and engineering to design, develop, and operate robots capable of interacting with their physical environment.

The use of software robots or AI systems to automate repetitive, rule-based tasks traditionally performed by humans.

A rogue access point refers to an unauthorised wireless access point that is connected to an organisation's network without proper Authorisation or oversight. Rogue access points are typically set up by individuals with malicious intent to gain unauthorised access to network resources, capture sensitive information, or launch attacks. Rogue access points can be established by insiders or external individuals who exploit security weaknesses or deploy malicious wireless devices. Organisations should implement wireless intrusion detection systems (WIDS) or wireless intrusion prevention systems (WIPS) to detect and mitigate rogue access points.

Rogue software, also known as rogueware or scareware, refers to malicious software that masquerades as legitimate or useful software but actually performs unwanted or harmful actions on a user's system. Rogue software often tricks users into installing it by presenting itself as antivirus software, system optimization tools, or fake security alerts. Once installed, rogue software may perform actions such as displaying fake security warnings, capturing personal information, delivering malware, or extorting money from victims. Users should exercise caution when downloading software and use reputable sources to minimize the risk of encountering rogue software.

Root cause analysis (RCA) is a systematic process of investigating and identifying the underlying causes or factors contributing to a security incident, system failure, or undesirable outcome. RCA involves examining the event, gathering data, analysing dependencies, identifying contributing factors, and determining the fundamental cause or causes that led to the incident. Root cause analysis aims to address the underlying issues and implement corrective actions to prevent similar incidents from recurring in the future. It is an essential component of incident response, continuous improvement, and risk management.

A root certificate, in the context of public key infrastructure (PKI), is a digital certificate issued by a trusted certificate authority (CA). Root certificates serve as the foundation of trust in a PKI hierarchy. They are used to verify the authenticity and integrity of other certificates issued by the CA, including server certificates, client certificates, and intermediate certificates. Root certificates are pre-installed or manually trusted by operating systems, web browsers, and other software to establish trust in the identity and legitimacy of websites, applications, or entities that present certificates signed by the trusted root CA.

A rootkit is a type of malicious software (malware) that is designed to conceal its presence or the presence of other malicious components on a compromised system. Rootkits typically provide privileged access or control over the operating system, allowing attackers to gain persistent access, hide malicious activities, and maintain control over the compromised system. Rootkits often modify system files, system calls, or kernel components to evade detection by traditional antivirus software or security controls. Detection and removal of rootkits require specialised tools and techniques that go beyond traditional malware scanning.

Salting is a technique used in cryptography and password storage to add random data (salt) to passwords or plaintext before applying a one-way hash function. The salt is a randomly generated value that is unique for each password or plaintext input. Salting enhances the security of password storage by preventing the use of precomputed tables, such as rainbow tables, for password cracking. Each password or plaintext, when combined with a unique salt, produces a unique hash, making it more challenging and time-consuming for attackers to crack passwords through brute-force or dictionary attacks.

A sandbox is a controlled and isolated environment where applications, processes, or files can be executed or tested without affecting the underlying system or network. Sandboxing provides a secure environment to analyse the behaviour of potentially malicious software, test untrusted applications, or conduct vulnerability research. Sandbox environments restrict access to system resources, limit network connectivity, and monitor the activities of the sandboxed processes. Sandboxing helps prevent the spread of malware, isolate potentially risky actions, and enhance the overall security of systems and networks.

Secure coding, also known as secure software development, refers to the practice of writing software code in a way that minimizes security vulnerabilities and protects against potential exploitation. Secure coding involves following secure coding guidelines, using secure programming techniques, and employing best practices to address common software security issues, such as input validation, output encoding, secure session management, secure error handling, and secure cryptographic implementations. Secure coding practices aim to prevent common software vulnerabilities, reduce the attack surface, and ensure the overall security and reliability of software applications.

Secure Sockets Layer (SSL) is a deprecated cryptographic protocol that provided secure communication over a network, typically the internet. SSL has been replaced by Transport Layer Security (TLS), which is the current industry-standard protocol for secure communication. SSL/TLS protocols establish an encrypted connection between a client and a server, ensuring the confidentiality and integrity of data transmitted between them. SSL certificates, issued by certificate authorities (CAs), are used to authenticate the identity of the server and enable secure communication. SSL/TLS is widely used for securing sensitive online transactions, web browsing, and data transfers.

A security audit is a systematic and comprehensive evaluation of an organisation's security controls, policies, procedures, and infrastructure to assess their effectiveness, identify vulnerabilities, and ensure compliance with security standards, regulations, or best practices. Security audits involve reviewing security configurations, analysing security logs, conducting vulnerability assessments, testing access controls, and evaluating the overall security posture of an organisation. The findings from security audits help organisations identify weaknesses, prioritize remediation efforts, and enhance their security posture to mitigate risks and protect against threats.

Security awareness refers to the knowledge, understanding, and vigilance individuals have regarding cybersecurity risks, best practices, and their role in maintaining a secure environment. Security awareness programs aim to educate and empower individuals to make informed decisions, detect potential threats, and adopt security measures to protect themselves and the organisation. Security awareness encompasses various topics, such as phishing awareness, password hygiene, secure browsing, social engineering awareness, data protection, and incident reporting. Building a culture of security awareness helps establish a resilient defence against evolving cyber threats.

A security breach, also known as a data breach or security incident, occurs when there is unauthorised access, disclosure, or loss of sensitive information or the compromise of security controls, systems, or infrastructure. Security breaches can result from cyberattacks, human error, insider threats, or physical breaches. The impact of a security breach can be significant, including the exposure of sensitive data, financial losses, reputational damage, regulatory penalties, and legal consequences. Organisations should have incident response plans and security controls in place to prevent, detect, and respond to security breaches effectively.

A security control, also known as a security measure or security safeguard, refers to a specific measure or mechanism implemented to protect assets, systems, or data and mitigate potential security risks or threats. Security controls can be technical, administrative, or physical in nature. Examples of security controls include firewalls, intrusion detection systems, access controls, encryption, authentication mechanisms, security policies, security awareness training, video surveillance, and security audits. The selection and implementation of appropriate security controls depend on the specific risks, compliance requirements, and the organisation's overall security objectives.

A security incident refers to any adverse event or occurrence that poses a potential threat to the confidentiality, integrity, or availability of an organisation's information assets, systems, or networks. Security incidents can include cyberattacks, unauthorised access, malware infections, data breaches, system failures, physical breaches, or policy violations. Security incidents require a coordinated response, including detection, containment, eradication, and recovery efforts, to minimize the impact and restore normal operations. Effective security incident management is crucial for mitigating risks, preserving evidence, and preventing further damage or unauthorised access.

Security incident management is the process of planning, coordinating, and executing activities to detect, respond to, contain, and recover from security incidents effectively. Security incident management involves establishing incident response plans, defining roles and responsibilities, implementing incident detection and reporting mechanisms, conducting investigations, and coordinating remediation efforts. The goal of security incident management is to minimize the impact of security incidents, restore normal operations, preserve evidence for forensic analysis, and improve the organisation's overall security posture based on lessons learned from incidents.

A security incident response plan (SIRP), also known as an incident response plan (IRP) or cyber incident response plan (CIRP), is a predefined set of procedures and guidelines that outline the steps to be taken in response to a security incident. The SIRP provides a structured approach for detecting, responding to, containing, and recovering from security incidents, aiming to minimize damage, restore services, and prevent future incidents. The SIRP typically includes roles and responsibilities, communication protocols, incident categorization, escalation procedures, containment strategies, forensics processes, and coordination with stakeholders or external entities.

Security information and event management (SIEM) is a technology solution or platform that combines security event management (SEM) and security information management (SIM) capabilities to provide comprehensive visibility into security events and facilitate centralized monitoring, analysis, and reporting of security-related logs and data from various sources. SIEM systems collect and correlate data from network devices, systems, applications, and security controls to identify security incidents, detect anomalies, generate alerts, and support incident response activities. SIEM plays a vital role in proactive threat management, compliance monitoring, and security incident detection and response.

A security operations centre (SOC) is a centralized facility or team responsible for monitoring, detecting, analysing , and responding to security events and incidents within an organisation's networks, systems, and applications. SOC teams employ a combination of technology, processes, and skilled personnel to actively monitor security alerts, investigate potential threats, triage incidents, and coordinate response activities. The SOC serves as a command centre for incident response, threat intelligence analysis, vulnerability management, and continuous monitoring of the organisation's security posture.

A security patch, also known as a patch or a hotfix, is a software update or code modification that addresses a security vulnerability, bug, or weakness in a system, application, or software component. Security patches are released by vendors or developers to fix identified vulnerabilities and prevent potential exploitation. Applying security patches in a timely manner is essential to protect against known security risks and maintain the integrity and security of systems and applications. Organisations should have patch management processes in place to assess, prioritize, test, and deploy security patches efficiently.

A security policy is a documented set of rules, guidelines, procedures, and best practices that define how an organisation protects its information assets, systems, networks, and resources. Security policies establish the framework for managing and maintaining the organisation's security posture, specifying requirements for data protection, access controls, incident response, employee responsibilities, and acceptable use of technology resources. Security policies help ensure consistency, accountability, and compliance with relevant regulations, standards, or industry best practices, and guide the implementation of security controls and practices throughout the organisation.

Security through obscurity is a concept that relies on keeping the details or inner workings of a system, software, or cryptographic algorithm secret as a means of providing security. The idea is that by keeping the information about the system or algorithm unknown, it becomes more difficult for attackers to exploit its vulnerabilities or weaknesses. However, security through obscurity is generally considered a weak form of security because it does not rely on the inherent strength of the system or algorithm but rather on the secrecy of its implementation. It is widely accepted that security should be based on strong cryptographic algorithms, secure design principles, and robust security practices, rather than relying solely on obscurity.

A security token is a physical or digital device used to authenticate an individual's identity for access to secure systems, networks, or resources. Security tokens provide an additional layer of security beyond traditional username and password authentication. Physical security tokens can be in the form of smart cards, USB tokens, or hardware tokens that generate one-time passwords. Digital security tokens can be software-based applications or mobile apps that generate unique authentication codes. Security tokens help protect against unauthorised access, phishing attacks, and password-based vulnerabilities by requiring possession of the token in addition to knowledge of a password.

A security token service (STS) is a component or service that issues security tokens used for authentication and Authorisation in distributed computing environments. STS acts as a trusted third party that facilitates the exchange of security tokens between parties, allowing for secure communication and access to protected resources. STS plays a crucial role in identity and access management (IAM) systems, enabling single sign-on (SSO), federated identity, and interoperability between different security domains. STS implementations often leverage standard protocols, such as Security Assertion Markup Language (SAML) or OAuth, for secure token exchange.

A learning paradigm that combines labeled and unlabeled data to train AI models, reducing the need for extensive labeled data.

A technique that determines the sentiment or subjective opinion expressed in text, typically for tasks like sentiment classification, opinion mining, or social media analysis. Sentiment analysis helps to extract insights from large volumes of text data.

Server security refers to the protection of servers, which are computer systems or software applications that provide services or resources to clients or other systems. Server security involves implementing appropriate security controls, configurations, and practices to safeguard server infrastructure from unauthorised access, data breaches, service disruptions, or exploitation. This includes hardening server configurations, applying security patches and updates, configuring access controls and authentication mechanisms, monitoring server logs, and conducting regular vulnerability assessments. Server security aims to ensure the confidentiality, integrity, and availability of server resources and data.

Session hijacking, also known as session stealing or session sidejacking, is an attack where an attacker intercepts or steals an authenticated session between a client and a server. By gaining control of the session, the attacker can impersonate the legitimate user, access sensitive information, perform unauthorised actions, or manipulate data. Session hijacking attacks often exploit vulnerabilities in session management mechanisms, network protocols, or session identifiers. To mitigate session hijacking, secure session management practices such as the use of secure cookies, encryption, and session expiration policies should be implemented.

Shoulder surfing is the act of visually eavesdropping on someone else's screen or keyboard to gain unauthorised access to sensitive information, such as passwords, PINs, or personal data. Shoulder surfing attacks can be conducted in public places, crowded environments, or by individuals who are in close physical proximity to the target. Protecting against shoulder surfing involves practicing good screen privacy by using privacy screens or adjusting screen angles, shielding keyboards when entering sensitive information, and being vigilant of potential eavesdroppers in public settings.

A side-channel attack is a type of attack that exploits information leaked through unintended channels, such as power consumption, electromagnetic emissions, timing variations, or acoustic signals, to extract sensitive information or gain unauthorised access. Side-channel attacks target the physical implementation of cryptographic algorithms or security mechanisms rather than directly attacking the algorithm itself. Examples of side-channel attacks include power analysis attacks, timing attacks, and electromagnetic radiation analysis. Countermeasures against side-channel attacks involve implementing secure cryptographic implementations, noise generation, or using countermeasures such as masking or blinding techniques.

Single sign-on (SSO) is an authentication mechanism that enables users to access multiple systems, applications, or resources using a single set of login credentials. With SSO, users authenticate once, typically through a centralized identity provider, and obtain access to multiple systems or services without the need to provide credentials for each individual application. SSO improves user experience, reduces password fatigue, and simplifies identity management for both users and administrators. It also allows for centralized access control, audit trails, and enhanced security through consistent authentication and Authorisation mechanisms.

Single sign-out, also known as global logout or federated logout, is a functionality provided by single sign-on (SSO) systems that allows users to terminate their authenticated sessions across multiple applications or systems with a single action. When a user initiates a single sign-out, all active sessions associated with their SSO credentials are invalidated, ensuring that the user is logged out from all integrated applications or services. Single sign-out helps maintain security by ensuring that users do not inadvertently leave their authenticated sessions active on shared or public devices.

A hypothetical future point where AI and technology advancements reach a level that surpasses human capabilities and understanding.

Smishing is a type of phishing attack that targets individuals through text messages (SMS) or multimedia messaging service (MMS) on mobile devices. Smishing messages often attempt to deceive users into divulging sensitive information, clicking on malicious links, or downloading malware by impersonating legitimate entities, such as banks, government agencies, or service providers. Users should exercise caution when receiving unsolicited messages, avoid clicking on suspicious links, and refrain from sharing personal or financial information through text messages. It is important to verify the authenticity of any message before taking any action to mitigate the risk of smishing attacks.

Social engineering is the psychological manipulation of individuals to trick them into divulging sensitive information, performing actions, or bypassing security controls. Social engineering attacks exploit human vulnerabilities rather than technical weaknesses, relying on deception, persuasion, or manipulation. Common social engineering techniques include phishing, pretexting, baiting, tailgating, or impersonating trusted individuals or entities. Mitigating social engineering attacks requires user education, awareness training, implementing strong authentication mechanisms, and maintaining a culture of security vigilance within an organisation.

A social media policy is a set of guidelines and rules established by an organisation to govern the use of social media platforms by employees, contractors, or other representatives of the organisation. Social media policies define acceptable use of social media, specify guidelines for protecting the organisation's reputation, address privacy concerns, establish rules for disclosing proprietary information, and outline the consequences for policy violations. Social media policies help protect the organisation's brand, intellectual property, and sensitive information while promoting responsible and professional use of social media platforms.

Social media security refers to the protection of individuals' and organisations' social media accounts and activities from various security risks, including unauthorised access, data breaches, identity theft, phishing attacks, or reputation damage. Social media security involves implementing strong passwords, enabling two-factor authentication (2FA), being cautious of accepting friend or connection requests from unknown individuals, carefully managing privacy settings, avoiding sharing sensitive information publicly, and being vigilant of phishing attempts or malicious links. Maintaining awareness of social media security best practices helps minimize the risks associated with social media usage.

The software-defined perimeter (SDP) is a security framework and architecture that dynamically creates secure, micro-segmented network connections between users and resources based on their identity, device posture, and other contextual factors. SDP focuses on user-centric, zero-trust principles and replaces traditional network-centric security models. By establishing secure, encrypted connections on a per-session basis, SDP provides enhanced security, visibility, and control over network access, reducing the attack surface and preventing unauthorised access. SDP can be particularly useful for securing remote or cloud-based environments where traditional perimeter-based security measures may be insufficient.

Spam refers to unsolicited and unwanted messages, typically sent in bulk, such as email spam, instant messages, or text messages. Spam messages are often commercial in nature, advertising products, services, or fraudulent schemes. Spam can also include malicious attachments, links to phishing websites, or malware downloads. Effective spam filtering solutions and email security practices can help reduce the impact of spam by blocking or diverting these messages to spam folders, minimizing the risk of falling victim to scams, malware, or unwanted solicitations.

Spam email, also known as junk email, is unsolicited and often mass-mailed messages sent to a large number of recipients. Spam emails typically contain advertising content, scams, or malicious links or attachments. Spam emails can be used for phishing attacks, spreading malware, or attempting to trick recipients into disclosing sensitive information or performing unauthorised actions. To combat spam email, users should exercise caution when opening email attachments or clicking on links, regularly update their spam filters, and avoid responding to or interacting with suspicious or unsolicited messages.

A spam filter is a software or system that is designed to detect and filter out spam or unwanted email messages. Spam filters analyse incoming emails based on various criteria, such as sender reputation, content analysis, blacklists, whitelists, and machine learning algorithms, to determine the likelihood of a message being spam. Spam filters automatically divert detected spam messages to a separate spam folder, quarantine them, or block them altogether, reducing the amount of unwanted or malicious email reaching the user's inbox. Spam filters help protect users from scams, phishing attacks, malware, and unwanted solicitations.

Spear phishing is a targeted form of phishing attack where an attacker sends highly customized and personalized phishing emails to specific individuals or groups within an organisation. Spear phishing emails are carefully crafted to appear legitimate and often impersonate trusted entities or individuals known to the recipients. The goal of spear phishing is to trick targeted individuals into revealing sensitive information, providing access credentials, or executing actions that can be exploited by the attacker. Protecting against spear phishing requires user education, strong email security measures, and implementing advanced threat detection and prevention technologies.

The technology that enables computers to convert spoken language into written text. Speech recognition systems use techniques such as acoustic modeling and language modeling to accurately transcribe spoken words or commands.

Spoofing is a technique used in cyberattacks to falsify or manipulate data, network communications, or the identity of a sender to deceive recipients, gain unauthorised access, or bypass security measures. Examples of spoofing include email spoofing, IP spoofing, caller ID spoofing, or website spoofing. Spoofing attacks can be used for phishing, identity theft, distributing malware, or performing reconnaissance. Implementing strong authentication mechanisms, email validation protocols, network access controls, and robust security measures can help mitigate the risks associated with spoofing attacks.

Spyware is malicious software (malware) that is designed to covertly monitor a user's activities, gather sensitive information, and transmit it to an external entity without the user's consent or knowledge. Spyware can be installed on a user's device through malicious downloads, infected websites, or bundled with legitimate software. Spyware can capture keystrokes, record browsing habits, collect login credentials, capture personal information, or control the user's device remotely. To protect against spyware, users should employ up-to-date anti-malware solutions, practice safe browsing habits, and exercise caution when downloading or installing software from untrusted sources.

Spyware removal refers to the process of detecting and eliminating spyware or other types of malicious software (malware) from a system or device. Spyware removal involves using dedicated anti-spyware or anti-malware software to scan the system, identify and quarantine or remove any detected spyware infections. Spyware removal also includes cleaning up any traces or remnants of the spyware, restoring system settings, and ensuring that the device is secure and free from unauthorised monitoring or data collection.

SQL injection is a type of web application vulnerability that allows attackers to manipulate or inject malicious SQL queries into an application's database. SQL injection attacks exploit improper handling of user input within SQL statements, enabling attackers to modify, disclose, or delete data, bypass authentication mechanisms, or execute arbitrary commands within the database. Preventing SQL injection requires secure coding practices, such as parameterized queries or prepared statements, input validation and sanitization, and minimizing the exposure of database-related errors or information to users.

An SSL certificate, also known as a digital certificate, is a digital document that authenticates the identity of a website or web server and establishes an encrypted connection between the client's browser and the server. SSL certificates are issued by trusted certificate authorities (CAs) and contain information about the website owner, the CA's digital signature, and the cryptographic keys used for encryption. SSL certificates enable secure communication by encrypting data transmitted between the client and the server, protecting it from interception or tampering. SSL certificates play a crucial role in establishing trust and ensuring the confidentiality and integrity of online transactions and communications.

An SSL/TLS certificate is a digital certificate that enables secure communication over the internet using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. SSL/TLS certificates authenticate the identity of websites or web servers and establish an encrypted connection between the client and the server, ensuring the confidentiality, integrity, and authenticity of data transmitted over the network. SSL/TLS certificates are issued by trusted certificate authorities (CAs) and are used to enable secure browsing, online transactions, and data transfers. Websites or applications that use SSL/TLS certificates are identified by the "https//" prefix in the URL and display a padlock symbol in the browser's address bar.

The SSL/TLS handshake is a process that occurs at the beginning of an SSL/TLS communication session between a client (e.g., a web browser) and a server. During the handshake, the client and server exchange information, negotiate encryption algorithms, and verify each other's identity using SSL/TLS certificates. The handshake involves multiple steps, including the client's hello, server's hello, key exchange, certificate verification, and session establishment. The SSL/TLS handshake ensures the secure establishment of an encrypted connection, sets up the parameters for secure communication, and enables the client and server to authenticate each other.

SSL/TLS protocols, such as SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3, are cryptographic protocols that provide secure communication over a network, typically the internet. SSL/TLS protocols establish an encrypted connection between a client and a server, protecting the confidentiality and integrity of data transmitted between them. Each SSL/TLS protocol version introduces security improvements, algorithm enhancements, and stronger encryption mechanisms. TLS 1.2 and TLS 1.3 are the most widely supported and recommended versions due to their stronger security features and resistance to known vulnerabilities.

Steganalysis is the practice of detecting and analysing hidden messages or information concealed within digital media, such as images, audio files, or documents, using steganography techniques. Steganalysis techniques involve examining the suspicious media for signs of manipulation or hidden data, identifying statistical anomalies, analysing the file structure, or using specialised software tools to extract and analyse hidden information. Steganalysis plays a role in digital forensics, data leakage prevention, and detecting potential covert communication channels or malicious activities.

Steganography is the practice of concealing or hiding sensitive or confidential data within other non-secret data or media to prevent detection or interception. Steganography techniques involve embedding the secret data within digital images, audio files, video files, or documents without visibly altering their appearance or quality. Steganography can be used for covert communication, data exfiltration, or as a means to bypass security controls. Detecting steganography requires specialised tools and techniques that can analyse and reveal hidden information within digital media.

A variant of gradient descent that updates the model's parameters using a random subset of the training data at each iteration. SGD is computationally efficient and is commonly used in large-scale machine learning tasks.

Stuxnet is a highly sophisticated computer worm that was discovered in 2010 and is considered one of the most complex cyber weapons ever created. Stuxnet specifically targeted industrial control systems (ICS), particularly those used in Iran's nuclear program. The worm exploited multiple vulnerabilities and used advanced techniques to compromise and manipulate programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems, ultimately causing physical damage to centrifuges used in uranium enrichment. Stuxnet highlighted the potential impact of cyberattacks on critical infrastructure and raised awareness about the importance of protecting industrial control systems.

A type of ML where the algorithm learns from labeled examples, with known inputs and corresponding desired outputs.

Supply chain security focuses on securing the end-to-end lifecycle of products, services, or software throughout the supply chain process. It involves implementing measures to mitigate the risks associated with third-party vendors, suppliers, or service providers, ensuring the integrity, confidentiality, and availability of the components or services acquired from external sources. Supply chain security includes processes such as vendor assessment, secure procurement, secure development practices, third-party risk management, and ongoing monitoring and auditing of suppliers or vendors. Protecting the supply chain helps prevent the introduction of counterfeit, tampered, or malicious components or services that could compromise the overall security of an organisation's products or systems.

A supervised learning algorithm used for classification and regression tasks. SVMs find optimal hyperplanes in a high-dimensional space to separate or classify data points based on their features.

An AI approach inspired by the collective behavior and intelligence observed in social insect colonies, where a group of simple agents collaboratively solves complex problems.

A system backup is the process of creating copies or snapshots of critical system files, data, or configurations to protect against data loss, system failures, or disasters. System backups are typically stored in separate locations or on separate storage media to ensure redundancy and enable recovery in case of data corruption, hardware failures, malware attacks, or natural disasters. System backups can be performed using various methods, such as full backups, incremental backups, or differential backups. Regular and reliable system backups are essential for disaster recovery, business continuity, and the restoration of systems and data to a previous state.

System logs, also known as event logs or audit logs, are records of events, activities, or transactions that occur within a computer system, network, or application. System logs capture information such as user logins, system processes, security events, errors, warnings, and system-level activities. System logs are critical for troubleshooting, forensic analysis, incident response, and compliance monitoring. They provide a historical record of system events, enabling administrators to detect anomalies, identify security incidents, and analyse system behaviour for performance optimization or security auditing purposes.

Tailgating, also known as piggybacking, is a physical security breach that occurs when an unauthorised person follows an authorized individual into a restricted area without proper authentication or Authorisation. Tailgating takes advantage of the trust established with the authorized person, allowing the unauthorised person to gain unauthorised access to secure areas. Tailgating can be mitigated by implementing access control measures, such as access cards, turnstiles, security personnel, and user awareness training to encourage individuals to adhere to proper access procedures and report suspicious behaviour.

Tamper detection refers to the capability of a system or device to detect and alert when unauthorised physical access or tampering attempts occur. Tamper detection mechanisms are designed to safeguard the integrity and security of physical assets, such as computers, servers, routers, or sensitive equipment. Tamper detection mechanisms can include seals, tamper-evident stickers, intrusion detection sensors, tamper-resistant screws, or specialised circuits that trigger an alert or initiate countermeasures when tampering is detected. Tamper detection helps protect against physical attacks, unauthorised modifications, or tampering that could compromise the confidentiality, integrity, or availability of sensitive systems or data.

Definition

A threat actor, also known as an attacker or malicious actor, refers to an individual, group, organisation, or entity that poses a threat to the security of systems, networks, or data. Threat actors can range from script kiddies and hacktivists to organized cybercrime groups, state-sponsored attackers, or insiders. Threat actors employ various attack techniques, tools, or motives to exploit vulnerabilities, compromise systems, steal data, disrupt operations, or gain unauthorised access. Understanding the capabilities, motivations, and techniques of different threat actors is crucial for developing effective security strategies and defences.

Threat hunting is a proactive cybersecurity approach that involves actively and iteratively searching for indications of compromise or potential security threats within an organisation's systems, networks, or data. Threat hunting goes beyond traditional security monitoring and incident response by actively seeking out advanced threats or hidden indicators of compromise that may evade automated detection systems. Threat hunting involves collecting and analysing data from various sources, using threat intelligence, employing advanced analytics, and conducting manual investigations to identify, mitigate, and remediate potential security threats before they cause significant damage.

Threat intelligence refers to information about potential or existing cyber threats, including their indicators, tactics, techniques, and procedures (TTPs), motives, and capabilities. Threat intelligence is gathered from various sources, such as security researchers, security vendors, security incident reports, open-source intelligence (OSINT), or specialised threat intelligence providers. Threat intelligence is used to enhance threat detection, improve incident response, support vulnerability management, and inform security strategies and decision-making. It enables organisations to stay informed about emerging threats, understand the threat landscape, and take proactive measures to protect their systems, networks, and data.

Threat modelling is a systematic approach to identify and evaluate potential threats, vulnerabilities, and risks associated with a system, application, or network. Threat modelling involves analysing the system's architecture, components, data flows, and trust boundaries to identify potential attack vectors, entry points, and weaknesses that could be exploited by threat actors. The goal of threat modelling is to understand the system's security posture, prioritize security controls, and guide the development of mitigating measures to address identified threats. Threat modelling can be performed using various methodologies, such as STRIDE, DREAD, or the Microsoft Threat Modelling Tool.

Time-based One-Time Password (TOTP) is a two-factor authentication (2FA) mechanism that uses a time-based algorithm to generate a unique, one-time password for each authentication attempt. TOTP is based on the time-synchronization between the authentication server and the client device, typically through the use of a shared secret key and a clock. TOTP codes are time-limited and change every few seconds, providing an additional layer of security beyond traditional passwords. TOTP is commonly used in the form of authentication apps on mobile devices, such as Google Authenticator or Authy.

Token-based authentication is a method of authentication that uses a unique token to verify the identity of a user or system. A token can be a physical device, such as a smart card or hardware token, or a digital token, such as a software-generated code or cryptographic key. Token-based authentication is often used as a form of two-factor authentication (2FA) or multi-factor authentication (MFA), where the possession of the token is combined with knowledge-based authentication (such as a password) to enhance security. Tokens can provide an extra layer of protection against unauthorised access, as they are typically more difficult to replicate or compromise than passwords alone.

Tokenization is a data protection technique that replaces sensitive data, such as credit card numbers or personal identifiers, with unique tokens that have no meaning or value outside the context of the system or process using them. Tokenization helps reduce the risk associated with storing or transmitting sensitive data by separating the data from the tokenization system. The sensitive data is stored securely in a centralized location (often referred to as a token vault), while tokens are used in applications or databases that require limited or no access to the original sensitive data. Tokenization can help minimize the impact of data breaches, as stolen tokens cannot be used to retrieve the original sensitive information.

The Tor network, also known as The Onion Router, is a decentralized network of volunteer-operated servers that anonymizes internet traffic and provides users with privacy and anonymity. The Tor network routes internet traffic through a series of encrypted relays, making it difficult to trace the origin of the communication. Tor is often used to access websites, services, or content anonymously, bypass censorship, or protect privacy. While the Tor network can offer anonymity, it can also be abused for illicit activities, and certain types of attacks can compromise the anonymity of Tor users.

Traffic analysis is the process of monitoring and analysing network traffic patterns, volumes, and behaviours to gain insights into the flow of data, identify anomalies, detect potential threats, or understand system performance. Traffic analysis involves collecting and examining network data, such as packet headers, flow records, or log files, to identify patterns or trends that may indicate suspicious activities, congestion points, bottlenecks, or performance issues. Traffic analysis techniques can be used for network troubleshooting, capacity planning, intrusion detection, and network security monitoring to maintain the availability, reliability, and security of network infrastructure.

The practice of leveraging knowledge gained from one task or domain to improve learning or performance in another related task or domain. It enables models to leverage pre-trained features and knowledge for faster and more effective learning.

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a computer network, typically the internet. TLS ensures the confidentiality, integrity, and authenticity of data transmitted between a client and a server by encrypting the data and verifying the identity of the parties involved. TLS is widely used to secure web browsing (HTTPS), email communication (SMTPS, POP3S, IMAPS), virtual private networks (VPNs), and other network services. TLS has evolved from its predecessor, Secure Sockets Layer (SSL), and is implemented using various cipher suites and protocol versions to provide strong encryption and secure communication channels.

A Trojan downloader, also known as a dropper, is a type of malware that is designed to download and install additional malicious software onto a victim's system without their knowledge or consent. Trojan downloaders are typically disguised as legitimate files or applications and often use social engineering techniques to trick users into executing them. Once executed, the Trojan downloader connects to a command-and-control server to retrieve instructions and payloads, which can include various types of malware, such as ransomware, spyware, or botnet agents. Trojan downloaders can be distributed through malicious email attachments, compromised websites, or other malware infections.

A Trojan horse, or simply Trojan, is a type of malware that masquerades as a legitimate file or program to deceive users into executing it. Unlike viruses or worms, Trojans do not replicate themselves but rely on social engineering techniques to trick users into installing or executing them. Once inside a system, Trojans can perform a variety of malicious actions, such as stealing sensitive information, gaining unauthorised access, launching distributed denial-of-service (DDoS) attacks, or providing backdoor access for attackers. Trojans are often distributed through email attachments, software downloads from untrusted sources, or by exploiting vulnerabilities in software or operating systems.

A trusted platform module (TPM) is a hardware-based security component that provides a secure environment for cryptographic operations, secure storage of keys and certificates, and hardware-based integrity measurement capabilities. TPM is typically implemented as a microchip on the motherboard of a computer or other devices and works in conjunction with software to enhance system security. TPMs can be used for various security functions, such as disk encryption, secure boot, platform integrity checks, remote attestation, or key management. TPMs help protect against unauthorised access, tampering, or exploitation of sensitive data and system components.

Two-factor authentication (2FA), also known as multi-factor authentication (MFA), is an authentication method that requires users to provide two or more different types of credentials to verify their identity. These credentials typically fall into three categories something the user knows (e.g., a password), something the user has (e.g., a security token or mobile device), or something the user is (e.g., biometric data like fingerprints). By combining multiple authentication factors, 2FA enhances security by adding an additional layer of protection beyond passwords alone. It helps prevent unauthorised access even if passwords are compromised.

The two-man rule, also known as the four-eyes principle or dual control, is a security practice that requires the presence and agreement of two authorized individuals to perform certain critical or sensitive operations. The two-man rule is often used in environments where the risk of unauthorised actions or errors could have severe consequences, such as in nuclear facilities, financial institutions, or military operations. The goal of the two-man rule is to prevent unauthorised or malicious actions by ensuring that no single individual has the sole authority or knowledge required to perform critical tasks or access sensitive information.

The opposite of overfitting, where a model is too simple and fails to capture the underlying patterns or complexities of the data.

Unified threat management (UTM) refers to a comprehensive approach to network security that combines multiple security functions into a single integrated solution. A UTM appliance or device typically includes features such as firewall, intrusion detection and prevention, antivirus and anti-malware, virtual private networking (VPN), content filtering, and data loss prevention (DLP) capabilities. UTM solutions aim to simplify security management, streamline deployment, and provide centralized visibility and control over network security. By consolidating security functionalities into one platform, UTM helps organisations enhance their security posture and reduce complexity.

An unpatched vulnerability refers to a security weakness or flaw in software, firmware, or hardware that has been discovered but remains unaddressed by an official patch or update from the vendor or developer. Unpatched vulnerabilities can be exploited by attackers to gain unauthorised access, execute malicious code, or perform other types of malicious activities. Organisations and users are at risk until a patch or mitigation is released to address the vulnerability. It is crucial to regularly apply security patches and updates to mitigate the risk of exploitation from unpatched vulnerabilities.

A machine learning approach where models learn from unlabeled data, seeking patterns or structures within the data without explicit labels or guidance. It is used for tasks like clustering, dimensionality reduction, and anomaly detection.

User access control, also known as access control or user Authorisation, is the process of granting or restricting user access to resources, systems, or data based on their identity, role, and permissions. User access control mechanisms ensure that users can only access the information and perform actions that are necessary for their job responsibilities and level of authority. User access control involves implementing authentication mechanisms (such as passwords or biometrics) to verify user identity and Authorisation mechanisms (such as access control lists or role-based access control) to define and enforce user permissions. User access control is a fundamental aspect of maintaining the confidentiality, integrity, and availability of data and resources.

User awareness training, also known as security awareness training or cybersecurity training, is the process of educating and informing users about potential security risks, best practices, and policies to promote safe and secure computing practices. User awareness training aims to raise awareness of common threats, such as phishing, social engineering, and malware, and provide users with the knowledge and skills to recognize and respond to security incidents effectively. User awareness training often covers topics such as password security, email hygiene, safe web browsing, data protection, and incident reporting. By empowering users with security knowledge, organisations can significantly reduce the risks associated with human error and improve overall security posture.

User behaviour analytics (UBA), also known as user and entity behaviour analytics (UEBA), is an approach to cybersecurity that leverages advanced analytics and machine learning techniques to detect and analyse patterns of user behaviour to identify potential security threats or insider threats. UBA solutions collect and analyse data from various sources, such as log files, network traffic, and user activity logs, to establish baseline behaviour profiles for individual users or entities. By monitoring deviations from normal behaviour patterns, UBA can detect anomalies, suspicious activities, or indicators of compromise. UBA helps organisations proactively identify and respond to security incidents and enhance threat detection capabilities.

Virtual machine security refers to the protection of virtual machines (VMs) and their underlying infrastructure from security threats and vulnerabilities. VMs are software-based instances that emulate physical computers and can run multiple operating systems or applications on a single physical server. Virtual machine security involves implementing security measures at different layers, including the hypervisor, guest operating systems, and virtual network infrastructure. It includes measures such as securing VM images, applying security patches and updates, isolating VMs from each other, monitoring VM activity, and implementing network segmentation and access controls within virtualised environments. Virtual machine security helps ensure the confidentiality, integrity, and availability of virtualised systems and data.

A virtual private network (VPN) is a secure and encrypted connection that allows users to access a private network or the internet securely over a public network, such as the internet. VPNs create a secure tunnel between the user's device and the destination network, encrypting the data and protecting it from interception or unauthorised access. VPNs are commonly used to enhance privacy, protect sensitive information, bypass geographic restrictions, or enable secure remote access to corporate networks. By using VPNs, users can establish secure connections even when accessing public Wi-Fi networks or other untrusted networks.

A virus is a type of malicious software (malware) that is designed to self-replicate by inserting copies of itself into other programs, files, or the boot sector of a computer's hard drive. Viruses are often spread through infected email attachments, downloads from untrusted sources, or compromised websites. Once a virus infects a system, it can perform various malicious actions, such as corrupting files, stealing data, disrupting system operations, or spreading to other systems. Antivirus software and regular system updates are essential for detecting and removing viruses and preventing their spread.

A virus signature, also known as a malware signature or a pattern, is a unique identifier or characteristic code that represents a specific virus or malware variant. Virus signatures are used by antivirus software to identify and detect known viruses or malware during scanning or real-time protection. Antivirus programs compare the files or data being scanned with an extensive database of virus signatures to determine if there is a match. Virus signatures are regularly updated by antivirus vendors to keep pace with new and evolving threats.

A VPN client is a software application or device that enables users to establish a virtual private network (VPN) connection with a VPN server. The VPN client is installed on the user's device, such as a computer, smartphone, or tablet, and allows them to securely access the VPN network and its resources. The VPN client encrypts the user's internet traffic and routes it through the VPN server, providing privacy, anonymity, and protection against unauthorised access or interception. VPN clients can support various VPN protocols, such as OpenVPN, IPSec, or L2TP, and may offer additional features like automatic connection, split tunneling, or kill switch functionality.

VPN tunneling, also known as encapsulation, is the process of creating a secure, encrypted connection, or tunnel, between the user's device and a remote VPN server. When a VPN connection is established, the user's data is encapsulated within an encrypted tunnel that protects it from being intercepted or accessed by unauthorised parties. VPN tunneling protocols, such as IPSec, OpenVPN, or WireGuard, are responsible for establishing and maintaining the encrypted tunnel. VPN tunneling ensures the confidentiality and integrity of data transmitted between the user's device and the VPN server, regardless of the network they are connected to.

A vulnerability refers to a weakness or flaw in a system, network, application, or process that can be exploited by threat actors to compromise the security, integrity, or availability of the target. Vulnerabilities can arise from programming errors, misconfigurations, design flaws, or outdated software versions. Exploiting vulnerabilities can lead to unauthorised access, data breaches, system crashes, or the execution of arbitrary code. It is crucial to identify and address vulnerabilities through practices such as regular security patching, vulnerability scanning, penetration testing, and secure coding to minimize the risk of exploitation.

Vulnerability assessment is the process of identifying and evaluating vulnerabilities within a system, network, or application. It involves systematically scanning and analysing the target environment to discover potential weaknesses, misconfigurations, or security flaws that could be exploited by attackers. Vulnerability assessments utilize automated tools, manual inspection, and security expertise to identify vulnerabilities, assign severity levels, and provide recommendations for remediation. By conducting vulnerability assessments regularly, organisations can gain visibility into their security posture, prioritize remediation efforts, and reduce the risk of successful attacks.

Vulnerability management is a comprehensive practice that involves identifying, assessing, prioritizing, mitigating, and monitoring vulnerabilities within an organisation's systems, networks, and applications. Vulnerability management encompasses activities such as vulnerability scanning, patch management, configuration hardening, risk analysis, and incident response planning. The goal of vulnerability management is to proactively reduce the organisation's exposure to potential threats by minimizing the attack surface and promptly addressing known vulnerabilities. By implementing an effective vulnerability management program, organisations can enhance their security posture and minimize the likelihood and impact of successful attacks.

A WAF bypass refers to the circumvention or evasion of a web application firewall (WAF) to launch an attack against a target application. WAFs are designed to protect web applications by filtering and monitoring incoming web traffic, detecting and blocking malicious requests or known attack patterns. However, sophisticated attackers may employ various techniques, such as input validation bypass, encoding manipulation, or obfuscation, to evade detection by the WAF and successfully exploit vulnerabilities in the target application. WAF bypass techniques highlight the need for continuous monitoring, tuning, and updating of WAF configurations to effectively defend against emerging attack vectors.

War dialling is a technique used to identify and exploit insecure or unauthorised access points, such as modems or telephone lines, by systematically dialling a range of phone numbers to discover connections. In war dialling, an automated tool or script sequentially dials phone numbers, attempting to establish a connection with devices that may have modems or remote access capabilities. This technique is primarily used to identify vulnerable or unprotected systems that can be targeted for unauthorised access, data theft, or other malicious activities. War dialling highlights the importance of securing remote access points and disabling unused or unnecessary modem connections.

War driving is the practice of searching for and mapping wireless networks, typically Wi-Fi networks, by driving or walking around with a wireless-enabled device and scanning for available networks and their associated information. War driving can be performed using specialised software and hardware tools that detect and log wireless network signals, including the network name (SSID), signal strength, encryption type, and potentially other metadata. The collected information can be used to identify vulnerable or misconfigured wireless networks, perform unauthorised access, or conduct further network analysis. War driving serves as a reminder for organisations to secure their wireless networks and implement strong encryption, access controls, and monitoring mechanisms.

A watering hole attack is a targeted cyber attack strategy that involves compromising websites or web resources that are frequently visited by a specific group of users or individuals of interest. The attackers identify websites that are likely to be visited by their intended targets and inject malicious code or malware into those websites. When the target users visit the compromised websites, their systems may become infected with malware or be redirected to a malicious site designed to exploit vulnerabilities. Watering hole attacks rely on the trust established by the targeted users with the compromised websites, making them unsuspecting victims. Organisations and users can mitigate the risk of watering hole attacks by keeping their systems and software up to date, implementing strong web filtering and security measures, and maintaining user awareness of potential threats.

A watering hole website refers to a legitimate website that has been compromised by attackers with the intention of distributing malware or launching targeted attacks. Attackers identify websites that are likely to be visited by their intended victims or target audience and inject malicious code into these websites. When users visit the compromised watering hole website, their systems may be infected with malware or be subjected to further exploitation. Watering hole attacks are particularly effective when targeting specific industries, organisations, or user communities. Users should exercise caution and ensure their systems are adequately protected when accessing websites, even those that are considered trustworthy or reputable.

Watermarking is the process of embedding a unique and identifiable mark or pattern into digital content, such as images, videos, or documents, to indicate ownership, authenticity, or copyright protection. Watermarks are often visible, such as text or logos overlaid on the content, but they can also be invisible, embedded within the data itself. Watermarking can deter unauthorised use or distribution of copyrighted material and provide a means of tracking and identifying the source of leaked or unauthorised content. Digital watermarking techniques can be used for various purposes, including content protection, digital rights management (DRM), or forensic analysis.

A web application firewall (WAF) is a security solution designed to protect web applications from various attacks, including SQL injection, cross-site scripting (XSS), and other web-based vulnerabilities. A WAF sits between the web application and the client, inspecting incoming and outgoing web traffic and applying a set of security rules to filter and block potentially malicious requests. WAFs can detect and block attacks in real-time, protecting web applications from unauthorised access, data breaches, or compromise. WAFs may employ techniques such as signature-based detection, behaviour analysis, input validation, or anomaly detection to identify and mitigate web-based threats.

A web application security scanner is an automated tool or software designed to assess the security of web applications by scanning and analysing their code, configuration, and behaviour. Web application security scanners simulate attacks and vulnerabilities to identify potential weaknesses or security flaws in web applications. They examine various aspects, including input validation, authentication mechanisms, access controls, SQL injection, cross-site scripting (XSS), and other common web vulnerabilities. By running automated scans, web application security scanners help identify security issues that could be exploited by attackers and assist developers in addressing those vulnerabilities.

Web browser security refers to the measures and technologies implemented within web browsers to protect users from online threats, such as malicious websites, drive-by downloads, or phishing attacks. Web browser security features may include sandboxing, which isolates web content from the underlying operating system, secure browsing modes that restrict potentially harmful activities, anti-phishing filters to detect and warn about malicious websites, pop-up blockers, download reputation checks, and support for secure protocols like HTTPS. Keeping web browsers updated with the latest security patches, using trusted browser extensions, and practicing safe browsing habits are crucial for maintaining web browser security.

Web filtering, also known as content filtering, is the process of controlling or blocking access to websites, web content, or specific web-based activities based on predefined rules or policies. Web filtering is commonly used to enforce acceptable use policies, restrict access to inappropriate or malicious websites, prevent data leakage, or comply with regulatory requirements. Web filtering can be implemented using various techniques, such as URL blacklisting or whitelisting, keyword filtering, category-based filtering, or dynamic content analysis. By filtering web content, organisations can reduce exposure to web-based threats, improve productivity, and enforce security and compliance measures.

Whaling is a form of phishing attack that specifically targets high-profile individuals, such as executives, senior management, or individuals with significant authority or access to sensitive information within an organisation. Whaling attacks aim to deceive and trick these individuals into divulging confidential information, such as login credentials, financial details, or sensitive corporate data. Whaling attacks often employ sophisticated social engineering techniques, such as impersonating a trusted colleague, executive, or external business contact, to gain the target's trust and manipulate them into taking actions that benefit the attacker. Whaling attacks require heightened awareness, user training, and robust security measures to mitigate the risk of successful compromise.

Wi-Fi eavesdropping, also known as wireless sniffing or wireless packet capture, is the unauthorised interception and monitoring of wireless network traffic. Attackers use specialised software or devices to capture and analyse data packets transmitted over Wi-Fi networks. By eavesdropping on Wi-Fi communications, attackers can potentially capture sensitive information, such as login credentials, financial data, or confidential communications. To mitigate the risk of Wi-Fi eavesdropping, organisations and users should employ strong encryption protocols (e.g., WPA2 or WPA3), regularly change Wi-Fi passwords, and avoid using unsecured public Wi-Fi networks.

Wi-Fi security refers to the measures and protocols used to protect wireless networks and the devices connected to them from unauthorised access, data interception, or other security threats. Wi-Fi security mechanisms include encryption protocols, such as WPA2 (Wi-Fi Protected Access 2) or WPA3, that provide confidentiality and integrity of wireless communications. Other security measures include strong and unique Wi-Fi passwords, disabling SSID broadcasting, MAC address filtering, and implementing network segmentation or VLANs to separate different types of devices or users. Maintaining up-to-date firmware on Wi-Fi routers and using intrusion detection or prevention systems can further enhance Wi-Fi security.

A wireless access point (WAP) is a device that allows wireless devices, such as laptops, smartphones, or tablets, to connect to a wired network through Wi-Fi. A WAP acts as a bridge between the wireless and wired networks, enabling wireless clients to access network resources, such as the internet or shared files. Wireless access points are commonly used in homes, offices, public spaces, and other environments where wireless connectivity is required. To ensure security, WAPs should be properly configured with strong encryption, unique passwords, and appropriate access controls to prevent unauthorised access or misuse of the wireless network.

Wireless security encompasses the measures and practices implemented to protect wireless networks, devices, and data from unauthorised access, interception, or manipulation. Wireless security includes aspects such as Wi-Fi security protocols (e.g., WPA2, WPA3), encryption, authentication mechanisms, network segmentation, strong and unique passwords, regular firmware updates, intrusion detection and prevention systems, and user education. By implementing robust wireless security measures, organisations and users can safeguard their wireless networks and ensure the confidentiality, integrity, and availability of wireless communications.

A worm is a type of self-replicating malware that can spread independently across computer networks or systems without requiring user interaction. Worms exploit vulnerabilities in operating systems or network protocols to gain access to target systems and then propagate by creating copies of themselves and infecting other vulnerable devices. Worms can cause significant harm, including network congestion, system instability, data loss, or the installation of additional malicious software. Protecting against worms involves maintaining up-to-date software patches, using network firewalls, employing intrusion detection systems, and practicing safe computing practices, such as avoiding suspicious email attachments or downloading files from untrusted sources.

X.509 is a widely used standard for digital certificates that establish the identity and authenticity of entities in computer networks. X.509 certificates are commonly used for secure communication protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL). An X.509 certificate contains information about the certificate holder, such as their name, public key, issuer, digital signature, and validity period. X.509 certificates are issued by certificate authorities (CAs) and are used to verify the identity of entities and facilitate secure communication by ensuring the integrity and confidentiality of data transmitted over networks.

The field of research that aims to develop AI systems and algorithms that can provide transparent and understandable explanations for their decisions and actions. XAI techniques help to increase trust, accountability, and interpretability of AI systems, enabling users to understand the reasoning behind AI-generated outcomes.

Cross-Site Request Forgery (XSRF or CSRF) is an attack that tricks authenticated users of a website into unknowingly executing malicious actions on their behalf. In an XSRF attack, an attacker crafts a malicious website or link that, when accessed by the victim, makes requests to a target website where the victim is authenticated. These requests can include actions such as changing account settings, making financial transactions, or performing other unintended activities. To prevent XSRF attacks, web developers implement security measures like anti-CSRF tokens, which require clients to provide additional information with each request to verify its authenticity and prevent unauthorised actions.

Zero-day defence, also known as zero-day protection or zero-day mitigation, refers to the measures and strategies employed to defend against zero-day vulnerabilities and associated attacks. Zero-day vulnerabilities are security flaws in software or systems that are unknown to the vendor or developer and do not have an available patch or fix. Zero-day attacks take advantage of these vulnerabilities before they are discovered or patched, making them particularly dangerous. To defend against zero-day attacks, organisations can implement various strategies, including network and host-based intrusion detection systems, behaviour-based analysis, threat intelligence feeds, sandboxing, and vulnerability management practices. Timely security updates, threat monitoring, and proactive security measures are essential in mitigating the risks posed by zero-day vulnerabilities.

A zero-day exploit refers to the exploitation of a previously unknown vulnerability in software or systems. Zero-day exploits are called "zero-day" because developers or vendors have zero days to fix or patch the vulnerability before it is exploited. Attackers discover and exploit these vulnerabilities before the affected organisation or software developer becomes aware of them. Zero-day exploits can cause significant damage, enabling unauthorised access, data breaches, or the installation of malware. Protecting against zero-day exploits requires a multi-layered security approach, including regular software updates, network monitoring, intrusion detection systems, and behaviour-based analysis to detect and block suspicious activities or exploit attempts.

A zero-day patch refers to a security update or patch released by a software vendor or developer to fix a previously unknown vulnerability that is being actively exploited or has the potential to be exploited. Zero-day patches are developed and released under emergency circumstances to provide a swift resolution to zero-day vulnerabilities. Organisations and users are advised to apply zero-day patches as soon as they become available to mitigate the risk of exploitation. Promptly applying patches can help close the security gap and protect systems and data from the potential harm caused by zero-day vulnerabilities and associated attacks.

A zero-day vulnerability, also known as a zero-day exploit or zero-day flaw, is a software vulnerability or security weakness that is unknown to the software vendor or developer. It refers to a security flaw for which there is no available patch or fix. Zero-day vulnerabilities are highly valuable to attackers because they are not yet known by the affected organisation or software developer, giving them a significant advantage in launching targeted attacks. These vulnerabilities can be exploited to gain unauthorised access, execute malicious code, or perform other nefarious activities. Detecting and mitigating zero-day vulnerabilities require proactive security practices, such as vulnerability research, threat intelligence, penetration testing, and close collaboration between security researchers, vendors, and affected organisations.

In the context of cybersecurity, a zombie refers to a compromised computer or device that is under the control of a remote attacker, typically as part of a botnet. Zombies, also known as bots, are often infected with malware, such as a Trojan horse or a botnet agent, that allows the attacker to remotely control and manipulate the compromised system. Attackers use zombie computers to launch coordinated attacks, distribute spam emails, perform distributed denial-of-service (DDoS) attacks, or engage in other malicious activities without the owner's knowledge. Preventing and mitigating zombie infections require robust security measures, including regular software updates, antivirus software, and network intrusion detection and prevention systems.

Zombie malware, also known as bot malware, is a type of malicious software (malware) that infects computers or devices and turns them into zombies or bots under the control of a remote attacker. Zombie malware is typically designed to establish a botnet, which is a network of compromised devices, to carry out coordinated attacks or other malicious activities. Once infected, the compromised devices can be used to distribute spam, launch DDoS attacks, steal sensitive information, or participate in other nefarious activities. Protecting against zombie malware requires up-to-date antivirus software, regular security patching, and user awareness about safe computing practices.

A zombie network, also known as a botnet, is a collection of compromised computers or devices that are under the control of a remote attacker. These compromised devices, often referred to as zombies or bots, are typically infected with malware that allows the attacker to control them remotely. The attacker can use the zombie network to carry out various malicious activities, such as launching DDoS attacks, spreading spam emails, distributing malware, or stealing sensitive information. Zombie networks can be vast and include thousands or even millions of compromised devices. Detecting and mitigating zombie networks require collaboration between security researchers, internet service providers (ISPs), and law enforcement agencies to identify and neutralize the command-and-control infrastructure used by attackers.