Cybersecurity A to Z

APT's are a sophisticated form of attack perpetrated by a bad actor in order to breach an organizations network.

Software that operates in the background of an individuals computer that tracks and recommends various advertisements.

The total sum of all possible security risks within an organizations infrastructure.

A collection of compromised computers used to conduct large scale cyber attacks.

The process of repeatedly trying login credentials in the hopes of eventually gaining unauthorized access to an individuals account

Bring Your Own Device. Many individuals bring their personal devices to the office or use them for business operations.

All of the hardware, software, and network devices that make cloud and virtualization possible.

The Cybersecurity Maturity Model Certification. A process of ensures certain measures of security are maintained across the DoD.

A host, endpoint, network device, or any other asset that has been corrupted or exploited by a cyber criminal.

Bits of cached information regarding an individuals website preferences and other metadata.

Bad actors use the hardware resources of compromised hosts to farm crypto currency in the background.

An attempt made by cyber criminals to compromise an organization, halt production, steal information using exploits within an IT system.

Insurance used to manage the recovery costs of a data breach or other security incident.

The step-by-step process in which cyber criminals exploit an organizations IT systems.

The process of implementing controls and policies to mitigate cyber vulnerabilities within an organization.

CompTIA is a non-profit organization that provides education and certifications in the IT industry. CorpInfoTech is a trusted partner of CompTIA.

CorpInfoTech is the first organization to become CIS accredited. Learn more about what this means.

The Cyber AB is the accreditation body of the DoD that oversees the CMMC program.

Controlled Unclassified Information (CUI) is sensitive data provided by the government to contractors.

The dark web is the part of the internet where users can access unindexed web content anonymously through special web browsers like TOR.

A security incident involving the theft of an organizations private data or information.

A subsection of the internet that is not public facing. It usually requires login credentials to access.

A cyber attack that involves bad actors bombarding a server with false requests to overload operations and cause disruptions.

A form of phishing where a cyber criminal replicates a trusted person or organizations website to trick individuals.

Domain-based Message Authentication Reporting & Conformance (DMARC) is an email security protocol that protects against domain-spoofing.

Any device that connects to the internet.

A tool or process cyber criminals can use to breach your organization.

The translation of ordinary, readable data in an encoded format to ensure the safety and integrity of data.

Identity theft occurs when a bad actor steals personal identifiable information to pose as the individual.

A plan for how to respond to a security incident to help mitigate damages.

A security threat that comes from within your organization. It could be an employee falling for a phishing scam, or a poor password.

The internet of things refers to any device connected to the network. TV's, dishwashers, and refrigerators can be on the IoT.

Malicious software used to steal an individuals data.

An organization who aids in managing IT services and technology support.

MFA is an additional layer of authentication that moves beyond a simple username and password.

A type of cyber attack where a bad actor listens in on two targets' network activity.

Managing and securing the mobile devices used in your organization.

Securing the traffic that is sent inside and outside of your organizations network.

Implementing good password habits like changing passwords, using complex phrases, etc.

The planning and implementation of patches and updates for your hardware and software assets.

An outside organization attempts to breach your network to find vulnerabilities that need to be fixed.

A cyber attack that involved cyber criminals using psychological manipulation to gain a foothold into an organization.

The idea that users should only have access to the network resources they need to do their job and nothing more.

A type of malware that encrypts the victims data and holds it hostage until they pay a ransom to the cyber criminal.

Bad actors use this business model to sell or lease their ransomware code to less experienced hackers to use in their attacks.

A software that allows a user to connect to a desktop remotely.

A tactic used by cyber criminals to manipulate victims into giving up information or access.

A more targeted form of phishing that attacks a specific person or organization.

A cyber attack where criminals attack a third party vendor or supplier to gain access to other organizations in the supply chain.

Laws protecting organizations from litigation as a result of a cyber incident.

A malicious actor or individual who seeks to breach an organization and cause their IT systems harm.

The process of finding, remediating,and monitoring vulnerabilities to protect your organization.

Zero Trust is a security concept that requires all users to be authenticated and authorized before being granted access to applications and data.