Resources
The methods and processes used to manage subjects and their authentication and authorizations to access specific objects
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities
To physically separate or isolate a system from other systems or networks (verb)
The process of finding, fixing, and preventing security vulnerabilities at the application level, as part of the software development processes
A set of rules and protocols that allows different software applications to communicate with each other
A server that acts as an intermediary between clients and backend services, providing features such as authentication, authorization, rate limit, monitoring, and logging
A unique identifier used to authenticate and authorize access on an API
The set of ways in which an adversary can enter a system and potentially cause damage
The process of formally verifying or confirming the accuracy, authenticity, or compliance of a statement, document, or assertion
Information about a user's identity or attributes provided by an identity to service provider during the authentication process
The process of verifying the identity or other attributes of an entity (user, process, or device)
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource
The process of creating and maintaining backups of password manager data to prevent data loss
Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request
An access token used by non-human clients to access or authenticate protected resources or APIs
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator
An identity assigned to a software robot or bot, typically used to automate tasks or interactions with systems
A software component that extends the functionality of a web browser by adding features or capabilities
A fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits
Continuous Integration and Continuous Delivery (CI/CD) represents a modern software development and deployment practice aimed at streamlining the development process and ensuring the efficient, high-quality delivery of software applications
Credentials used by non-human clients, such as applications or services, to authenticate and access protected resources
A security mechanism that allows web browsers to request resources from a different origin domain
The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters
An electronic information and communications systems and services and the information contained therein
A malicious and deliberate attempt to breach the information system
An identity associated with a background process or service running on a computer system, often used for system maintenance, monitoring, or other administrative tasks
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information
A collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and data consumers across an organization
Distributed Denial-of-Service - a cybercrime in which the attacker floods a target with internet traffic to prevent users from accessing connected online services and sites
To revoke the authentication of; to cause no longer to be authenticated
The process of transforming ciphertext into its original plaintext
An attack that prevents or impairs the authorized use of information system resources or services
The combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services
An approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle
A denial of service technique that uses numerous systems to perform the attack simultaneously
A digital document used to certify the authenticity of a machine or identity, typically issued by a trusted certificate authority
Denial of Service
The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary
Temporary credentials or keys generated on-demand by secrets managers in response to authentication questions
The process of encoding data in such a way that only authorized parties can access and decrypt it
A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives
The unauthorized transfer of information from an information system
A technique to breach the security of a network or information system in violation of security policy
A mechanism that enables users to access multiple systems or services using a single set of credentials, typically managed by an identity provider
A capability to limit network traffic between networks and/or information systems
The distribution of mission-critical components or infrastructures across multiple geographic locations
Refers to the processes and policies used to manage identities, ensure compliance with regulations, and maintain control over user access and privileges
The level of detail in access control. Granular access control policies allow organizations to define fine-grained permissions for users and machines
Used to store and verify credentials like passwords by converting them into a fixed-size string of characters
The process of managing and provisioning an organization’s IT infrastructure using machine-readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.
A framework for managing and controlling access to resources systems, and data based on the identities of users, machines, or services
An intermediary service that facilitates federated authentication and authorization between identity and service providers
The process of establishing trust relationships between identity and service providers to enable federated identity management
The process of correlating user identities across different domains or systems
A trusted entity responsible for authenticating users and issuing tokens or assertions that can be used across various services
Industrial Internet of Things - the collection of sensors, instruments and autonomous devices connected through the internet to industrial applications
An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets
The processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection
The process of connecting secrets managers with other systems, applications, or cloud services to automate the retrevial or use of secrets
The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred
A compact, URL-safe means of representing claims to be transferred between two parties, commonly used for secure authentication
The process of regularly changing cryptographic keys or credentials to mitigate the risk of unauthorized access and improve security
The principle of providing users, machines, or services with only minimal level of access necessary to perform their tasks
A unique identifier attached to a machine or a device, typically consisting of cryptographic keys
An identity associated with a machine learning algorithm or model, used to authenticate or authorize access to data, resources, or computational resources
Communication between non-human entities, such as machines, devices, or applications, without direct human intervention
A single, strong password used to encrypt and unlock the contents of a password manager or vault
A man-in-the-middle attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating
A security method that requires users or machines to provide two or more forms of authentication to access a system or application
National Institute of Standards and Technology
A non-human identity refers to digital identities assigned to machines, applications, services, or other automated processes rather than individual users. These identities allow machines to authenticate and access resources securely, as in microservices or cloud applications
Open Authorization standard - an open-standard authorization protocol or framework that provides applications the ability for secure designated access
An authorization framework that enables secure access to resources over HTTP
Refers to software that is installed and run on computers on the premises of the person or organization using the software, rather than at a remote facility such as a server farm or cloud
The hardware and software systems used to operate industrial control devices
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications
An over-provisioned account has more access privileges than necessary for its role or function. This creates a security risk, as the excess privileges could be exploited by attackers or lead to unintentional access to sensitive systems
A tool provided by password managers to create strong, randomized passwords that are difficult to guess or crack
A software tool or service designed to securely store, manage, and retrieve passwords or other sensitive information
A colloquial term for penetration test or penetration testing.
A proxy is an intermediary that routes requests between a client and a server, often used for security, logging, or anonymization
A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm
A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet
In workload management, a quota refers to the predefined limits set on resources that a user, machine, or application can access. For instance, quotas may restrict the number of API calls, storage usage, or the number of machines a user can provision within a cloud environment
A mechanism used to restrict the number of API requests a client can make within a specific time period
A method of access controls where permissions are assigned to roles, and users or entities are assigned to their roles
An identity assigned to a software robot or bot used for automating repetitive tasks or workflows
An XML based standard for exchanging authentication and authorization data between identity providers and service providers
A federal program that encourages small businesses to engage in research and development for solutions that could help the government and have potential for commercialization
A software development methodology that places security concerns first in planning and development
Any sensitive piece of information that should be protected from unauthorized access
The process of periodically updating secrets to mitigate the risk of unauthorized access or misuse
A centralized service or tool used to store, manage, or distribute sensitive information
The practice of maintaining multiple versions of secrets to facilitate rollback, auditing, and compliance requirements
The use of information technology in place of manual processes for cyber incident response and management
An identity used by applications or services to authenticate and authorize their interactions with other services
A unique identifier assigned to a service platform or workload, typically associated with control policies
A system, application, or service that relies on an identity provider for authentication and authorization
Authentication mechanism used between services or applications to establish trust and securely exchange information
A mechanism that allows users to authenticate once and gain access to multiple systems or services without needing to re-authenticate
Security Operations Center - an intelligence hub for the company, gathering data from across the organization's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritize and respond to potential cybersecurity threats
Secure Shell (SSH) keys are cryptographic keys used for secure remote access to machines or systems
The process of synchronizing data between multiple devices or platforms to ensure consistency or accessibility
A cryptographic protocol that provides secure communication over a computer network
Transport Layer Security or Secure Sockets Layer certificates provide secure communication over a network by encrypting data transmitted between machines
A piece of data used for authentication or authorization, typically issued by an identity provider or authentication service
A mutual agreement or configuration between identity providers and service providers that establish trust and enables federated identity management
An authentication method that requires user to provide two forms of verification to access an account or system
A unified approach to identity and access management that spans multiple environments, platforms, and services. This can also unify user and non-human identities. It enables organizations to manage identities and access controls consistently across on-premises, cloud, and hybrid environments, providing seamless identity lifecycle management and access governance
A secure repository or container used to store and manage sensitive information, such as passwords, cryptographic keys, certificates, and API tokens
In the NICE Framework, cybersecurity work where a person conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
A specific task, application, or process running on a machine or within a computing environment, often associated with cloud based or distribution systems
A standard defining the format of public key certificates. These certificates are used in cryptographic systems (like SSL/TLS) to securely verify identities through a trusted certificate authority (CA)
A cybersecurity approach that assumes no trust by default, requiring continuous verification and authentication of users, devices, and applications before granting access to resources