The FREE Cybersecurity Glossary by Thor Pedersen!

Threat event: An instance in which a threat agent actively exploits a vulnerability, potentially causing damage or disruption to a system or network. This could be a cyber-attack like a denial of service, a phishing attempt, or a ransomware attack. Understanding potential threat events and their impact helps in designing preventative controls and effective response strategies.

Threat hunting: The proactive search for signs of malicious activity within a system or network that haven't been detected by traditional security solutions. It involves using analytics and threat intelligence to identify abnormalities or indicators of compromise, helping to uncover stealthy, advanced threats that may have bypassed initial security defenses.

Threat intelligence: Knowledge that allows organizations to understand the risks of cyber threats, such as adversaries, campaigns, incidents, tactics, techniques, and procedures (TTP). This intelligence can be used to prepare, prevent, and identify potential cyber threats looking to take advantage of valuable resources.

Threat Intelligence - External: Data collected from outside the organization's network about current or emerging threats. This could include information from industry forums, security news feeds, threat databases, or intelligence-sharing groups, offering insights into the broader threat landscape to enhance the organization's defense strategy. By having outsider information on threats beyond simply what an organization has experienced themselves, any organization can use that information to develop a more proactive security approach and mitigate issues before they occur and jeopardize the organization.

Threat Intelligence - Internal: Information about potential risks that come from within an organization. This can include suspicious activities or behavior patterns of employees, contractors, or other individuals with access to the organization's resources. Gathering and analyzing internal threat intelligence can help an organization to proactively detect and respond to insider threats, thereby reducing potential damage.

Threat modeling: The process of identifying, understanding, and addressing potential threats in a prioritized way. It involves creating a conceptual model of the system or application, including data flow and connectivity, and then identifying assets, threats, and vulnerabilities within this model. The purpose is to mitigate possible security risks during the design phase of a system rather than after deployment.