The FREE Cybersecurity Glossary by Thor Pedersen!

Security testing: The evaluation of a system or network's resilience against potential security threats and vulnerabilities. It assesses the system's ability to resist unauthorized access, handle unexpected inputs without failing, maintain data privacy, and ensure business continuity. Examples include penetration testing, vulnerability scanning, and security auditing, with the goal of identifying weak spots that could be exploited by malicious actors.

Security through Obscurity: A criticized practice that relies on keeping security mechanisms secret as the main method of protection. It is generally considered inadequate because once the obscurity is bypassed, there are no other defenses. Effective security should not depend solely on the secrecy of its implementation but rather on robust, tested, and transparent methods. Security through obscurity is best paired with a 'defense in depth' approach.

Security zone: A portion of a network that has specific security policies enforced. This division can be physical or virtual and is used to segregate different types of data, systems, or resources based on their sensitivity or the level of trust. For example, a company might have a zone for more secure data, such as financial or customer information, which is separated from less secure zones containing non-sensitive data.

Self-Encrypting Drive (SED): A storage device that automatically encrypts the data it contains without requiring any action from the user. It employs hardware-based encryption, where the encryption key is never stored in the computer's operating system. Instead, the key is kept within the drive's controller. This feature offers significant protection against data breaches, especially in cases where physical drives are lost or stolen, as it renders the data unreadable without the correct encryption key.

Sensitive information: Data that must be protected due to its confidentiality, integrity, or availability requirements. Examples can range from personal information such as social security numbers, financial data, and health records to proprietary business details like trade secrets or unpublished financial results. The unauthorized disclosure, alteration, or destruction of sensitive information can result in financial loss, damage to reputation, legal penalties, or even pose threats to personal safety.

Sensitivity: The quality or measure of the potential impact that could result from unauthorized access, modification, or loss of data. It is often determined by legal, ethical, or business requirements and is used to guide decisions around the level of security controls that should be applied to protect specific types of data. Higher sensitivity information generally warrants more stringent security measures.