The FREE Cybersecurity Glossary by Thor Pedersen!

Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis: A strategic planning tool that helps identify internal and external factors that may affect an organization's performance. In a security context, strengths and weaknesses might refer to the capabilities and vulnerabilities of the current security infrastructure, while opportunities and threats could refer to emerging security technologies or evolving threat landscapes. This analysis aids in decision-making and strategy development to improve system security.

STRIDE Model: A threat modeling methodology used to identify potential security risks associated with a system or application. The acronym STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Each of these represents a class of threat that the model helps to identify, enabling the development of mitigation strategies and increasing the overall resilience of the system.

Strong authentication: A security control that uses multiple factors to verify a user's identity. It is used in access control to prevent unauthorized access to sensitive systems or data. Examples of strong authentication include using a combination of something the user knows (a password), something the user has (a security token or key), and something the user is (biometric data such as a fingerprint or facial recognition).

Structured query language (SQL): A programming language used for managing and manipulating data in relational databases. It is used in many industries, including finance, healthcare, and retail, to store and retrieve data from databases. Examples include using SQL to query a customer database for information, to update account balances in a financial system, or to track inventory levels in a supply chain.

Structured Query Language (SQL) Injection Attack: A type of cyber-attack that exploits vulnerabilities in a website's database by injecting malicious SQL code. It is used to gain unauthorized access to sensitive data, modify or delete it, or create new user accounts with elevated privileges. Examples of SQL injection attacks include inserting a malicious query into a login form to bypass authentication or inserting a malicious query into a database query to extract sensitive information.

Structured walkthrough: A comprehensive review process where the creators of a product or solution present it to their peers for critique and validation. In the context of security, it might involve walking through a new security protocol, a system design, or a piece of code to identify potential flaws or vulnerabilities. This practice promotes quality and consistency, reduces errors, and encourages knowledge sharing.