Security terminology
Glossary of Computer & Information Security Terms
Concise definitions used in defensive cybersecurity, vulnerability management, and incident response.
| Term | Definition |
|---|---|
| CIA triad | Confidentiality, Integrity, Availability — core security objectives. |
| Vulnerability | A weakness that could be used to violate security goals. |
| Patch management | Process for testing and deploying updates to remediate vulnerabilities. |
| Zero Trust | Model that assumes no implicit trust; access is continuously verified. |
| MFA | Multi-factor authentication using two or more independent factors. |
| IAM | Identity and Access Management; control of identities and permissions. |
| SIEM | Centralized log collection and correlation for detection and investigation. |
| EDR | Endpoint Detection and Response; endpoint telemetry and response tooling. |
| Threat modeling | Structured approach to identify threats and mitigations during design. |
| CVE / NVD | Vulnerability identifiers (CVE) and database with metadata (NVD). |
| KEV | Catalog of vulnerabilities known to be exploited in the wild (CISA). |
| ATT&CK | Knowledge base describing adversary tactics and techniques. |
| SBOM | Inventory of software components for supply-chain visibility. |
| Incident response | Detect, contain, eradicate, and recover from security incidents. |