Glossary

The process of verifying the identity of a user or system to ensure they are who they claim to be.

Advantages gained from gathering and analyzing user information, such as improved user experience or personalized services.

A simple substitution cipher where each letter in the plaintext is shifted a certain number of places down or up the alphabet.

Trusted third-party organizations that issue and manage digital certificates, verifying the identity of entities online.

Copies of data stored in a separate location to protect against data loss due to hardware failure, cyberattacks, or accidental deletion.

The process of converting encrypted, coded information back into its original, readable form using a specific key.

Measures taken to protect physical computing devices and the data they contain from unauthorized access, theft, or damage.

Electronic documents used to verify the ownership of a public key and confirm the identity of a website or individual.

The process of transforming information into a secure code to prevent unauthorized access, making it unreadable without the correct key.

Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.

A complex historical cipher system used by the French, known for its sophisticated substitution and permutation techniques.

Risks associated with gathering and storing user information, including privacy breaches, identity theft, or exploitation.

A category of authentication factor based on something the user is, typically biometric data like fingerprints, facial scans, or voice recognition.

Practices and technologies used to protect data transmitted over the internet, especially on public or unsecured networks.

The covert recording of keystrokes made on a keyboard, typically to steal passwords or other sensitive information.

A category of authentication factor based on something the user knows, such as a password, PIN, or security question answer.

A broad term for any software designed to disrupt, damage, or gain unauthorized access to a computer system.

A security system that requires a user to provide two or more verification factors from different categories to gain access.

Controls that determine what actions a user or application is allowed to perform on a system or with specific data.

Information about an individual, often collected online, that can reveal aspects of their identity or behavior.

Any data that can be used to identify a specific individual, either directly or indirectly.

A deceptive attempt to trick individuals into revealing sensitive information by impersonating a trustworthy entity, often via email.

A category of authentication factor based on something the user has, such as a physical token, smartphone, or smart card.

An encryption method that uses a pair of keys: a public key for encryption and a private key for decryption.

An unauthorized wireless access point installed on a network, often by an attacker, to intercept network traffic.

Patches or new versions released by software developers to fix bugs, improve performance, and address security vulnerabilities.

Passwords that are difficult to guess or crack, typically long and composed of a mix of uppercase and lowercase letters, numbers, and symbols.

An encryption method where the same secret key is used for both encrypting and decrypting the data.

The process of monitoring an individual's online activities, location, or behavior, often for targeted advertising or analytics.

A framework or system that establishes how trust is managed and verified within a network or security infrastructure, often involving digital certificates.

Programs designed to detect, prevent, and remove malicious software from a computer system.

Malicious software that attaches itself to legitimate programs and requires user action to spread and activate.

Self-replicating malicious software that can spread independently across networks without requiring user interaction.