- Advanced Encryption Standard (AES) A widely used symmetric encryption standard adopted by the U.S. government and numerous organizations worldwide. It operates on blocks of data and uses a secret key that can be 128, 192, or 256 bits in length. With its strong security properties and efficient performance, AES is an integral part of many protocols and systems for securing data in transit and at rest, making it a fundamental element in safeguarding sensitive information against unauthorized access.
- Advanced Persistent Threat (APT) A sophisticated, systematic, and long-term cyberattack campaign that targets specific entities with the intent to steal information or disrupt operations. APTs are typically conducted by nation-states or state-sponsored groups and are characterized by their stealth and persistence. These attackers use a variety of techniques to gain access to a network, maintain a foothold, and exfiltrate data without being detected over extended periods. APTs require a high degree of expertise and resources to conduct and are considered a significant threat to national security, large corporations, and critical infrastructure.
- Adversary An individual, group, or entity that seeks to compromise the security of a system, network, or organization for malicious purposes. Adversaries may have various motivations, including financial gain, espionage, disruption of services, or the achievement of political or ideological goals. They can employ a range of tactics, techniques, and procedures, from brute force attacks and phishing to more sophisticated methods like advanced persistent threats.
- Advisory A formal communication, often issued by a trusted security organization, vendor, or government entity, that provides information about a specific security issue, such as a newly discovered vulnerability, a novel threat, or a best practice for securing a system or network. Advisories play a crucial role in raising awareness of security risks and helping organizations respond effectively to maintain their security posture.
- Advisory Policy A type of policy that provides strategic guidance on actions to be taken to achieve certain objectives, often within the context of security best practices. Unlike mandatory policies that dictate specific requirements, advisory policies typically offer recommendations and guidance for improving security. They can cover a wide range of topics, from password complexity and user behavior to disaster recovery strategies and incident response procedures.
- Adware A type of software that displays or downloads advertising content, often without the user's consent. While not always malicious, adware can negatively impact user experience by consuming system resources, causing slowdowns, and inundating the user with unwanted ads. Some forms of adware may also track user behavior or collect personal data without appropriate disclosure, posing privacy risks.
- Agent A software program that performs a specific task on behalf of a user or another program. It is commonly used in distributed computing systems, where multiple agents communicate and coordinate to accomplish a larger goal. For example, an agent on a network may monitor traffic and alert a security administrator of any potential threats.
- Aggregation The process of combining multiple data sources or objects into a single, more comprehensive representation. It is used in data analysis and reporting to provide a more comprehensive view of a specific topic or phenomenon. For example, an aggregation of sales data may show overall trends and patterns across different regions or product categories.
- Agile A methodology often used in software development that emphasizes flexibility, collaboration, customer satisfaction, and rapid delivery. Rather than planning the entire project in detail from the start, Agile encourages adaptive planning, evolutionary development, early delivery, and continuous improvement. This approach can significantly benefit security practices by integrating security considerations into the development process from the beginning and enabling rapid response to changing threats.
- Alert A notification generated by a security system in response to a detected event or condition that may indicate a potential security issue. Alerts are designed to draw attention to anomalies, such as attempted unauthorized access, suspicious network traffic, or deviations from normal system behavior. They play a crucial role in incident response by enabling timely detection and remediation of security incidents.
Share our FREE glossary with your friends and study buddies.
Disclaimer: The glossary is for informational purposes only, we are not liable for any errors or omissions, if you find errors please contact us.