A
Access Control Technical
Security technique that regulates who or what can view or use resources in a computing environment. Includes authentication, authorization, and audit mechanisms.
Advanced Persistent Threat (APT) Technical
Prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. Typically associated with nation-state actors.
Authentication Technical
Process of verifying the identity of a user, device, or system. Methods include passwords, biometrics, tokens, and multi-factor authentication (MFA).
Authorization Technical
Process of determining what actions or resources an authenticated user is permitted to access. Follows authentication in the security process.
Availability Concept
The assurance that systems and data are accessible to authorized users when needed. One of the three pillars of the CIA Triad.
B
Backdoor Technical
Hidden method for bypassing normal authentication to gain unauthorized access to a system. May be intentionally installed or created by malware.
Botnet Technical
Network of compromised computers controlled remotely by an attacker. Used for DDoS attacks, spam distribution, and cryptocurrency mining.
Brute Force Attack Technical
Attack method that tries every possible combination of passwords or encryption keys until the correct one is found.
Business Email Compromise (BEC) Attack
Sophisticated scam targeting businesses with suppliers/customers, where attackers impersonate executives to authorize fraudulent transfers.
C
CERT-In Legal/India
Indian Computer Emergency Response Team. National nodal agency for cybersecurity incident response under Section 70B of IT Act 2000.
CIA Triad Concept
Foundational security model comprising Confidentiality, Integrity, and Availability. Guides security policy and control design.
Confidentiality Concept
Ensuring information is accessible only to those authorized to access it. Achieved through encryption, access controls, and data classification.
Consent (DPDPA) Legal/India
Under DPDPA 2023, free, specific, informed, unconditional, and unambiguous indication of Data Principal's wishes for processing their personal data.
Cryptography Technical
Practice of securing information by transforming it into unreadable format using mathematical algorithms. Includes encryption, hashing, and digital signatures.
CVSS (Common Vulnerability Scoring System) Technical
Industry standard for assessing severity of security vulnerabilities. Scores range from 0.0 (informational) to 10.0 (critical).
D
Data Fiduciary Legal/India
Under DPDPA 2023, any person who alone or with others determines the purpose and means of processing personal data.
Data Principal Legal/India
Under DPDPA 2023, the individual to whom the personal data relates. The data subject whose data is being processed.
Data Protection Board Legal/India
Regulatory body established under DPDPA 2023 to adjudicate complaints and impose penalties for data protection violations.
DDoS (Distributed Denial of Service) Attack
Attack that overwhelms a target with traffic from multiple sources, making services unavailable to legitimate users.
Defense in Depth Concept
Security strategy using multiple layers of controls throughout an IT system. If one layer fails, others continue providing protection.
Digital Forensics Technical
Process of identifying, preserving, analyzing, and presenting digital evidence in a manner acceptable in legal proceedings.
DPDPA 2023 Legal/India
Digital Personal Data Protection Act 2023. India's comprehensive data protection law establishing rights for individuals and obligations for data processors.
E
Encryption Technical
Process of converting plaintext data into ciphertext using cryptographic algorithms, making it unreadable without the decryption key.
Endpoint Detection and Response (EDR) Technical
Security solution that monitors endpoints for suspicious activities and provides automated response capabilities.
Exploit Technical
Code or technique that takes advantage of a vulnerability in software or hardware to cause unintended behavior.
G-H
GRC (Governance, Risk, Compliance) Framework
Integrated approach to organizational governance, enterprise risk management, and regulatory compliance.
Hashing Technical
One-way cryptographic function that converts input data into a fixed-size string. Used for integrity verification and password storage.
Honeypot Technical
Decoy system designed to attract attackers and study their methods without risking actual production systems.
I
IDS/IPS Technical
Intrusion Detection System monitors for malicious activity; Intrusion Prevention System also blocks detected threats automatically.
Incident Response Process
Organized approach to addressing and managing the aftermath of a security breach or cyberattack.
Insider Threat Threat
Security risk posed by individuals within an organization—employees, contractors, or partners with authorized access.
Integrity Concept
Ensuring data has not been altered in an unauthorized manner. One of the three pillars of the CIA Triad.
IOC (Indicator of Compromise) Technical
Forensic data that identifies potentially malicious activity. Examples include file hashes, IP addresses, and domain names.
IT Act 2000 Legal/India
Information Technology Act 2000. India's primary legislation for electronic commerce and cybercrime, amended in 2008.
L-M
Least Privilege Concept
Security principle that users should have only the minimum access rights necessary to perform their job functions.
Malware Threat
Malicious software designed to damage, disrupt, or gain unauthorized access. Includes viruses, worms, trojans, ransomware.
MFA (Multi-Factor Authentication) Technical
Authentication method requiring two or more verification factors: something you know, have, or are.
MITRE ATT&CK Framework
Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
N-P
NIST Framework
National Institute of Standards and Technology. US agency that publishes widely-adopted cybersecurity frameworks and guidelines.
Penetration Testing Technical
Authorized simulated cyberattack to evaluate security of systems. Also called pen testing or ethical hacking.
Personal Data Legal
Under DPDPA 2023, any data about an individual who is identifiable by or in relation to such data.
Phishing Attack
Social engineering attack using fraudulent communications to trick victims into revealing sensitive information.
R-S
Ransomware Threat
Malware that encrypts victim's files and demands payment for the decryption key. Major threat to organizations globally.
RBAC (Role-Based Access Control) Technical
Access control method where permissions are assigned to roles rather than individuals. Users inherit permissions from assigned roles.
Section 43 (IT Act) Legal/India
IT Act section providing civil remedy for unauthorized access, data theft, virus introduction. Compensation up to ₹5 crore.
Section 66 (IT Act) Legal/India
IT Act section criminalizing computer-related offenses done dishonestly or fraudulently. Imprisonment up to 3 years.
Separation of Duties Concept
Security principle dividing critical tasks among multiple people to prevent fraud, errors, and abuse.
SIEM Technical
Security Information and Event Management. Technology providing real-time analysis of security alerts from applications and network hardware.
Significant Data Fiduciary Legal/India
Under DPDPA 2023, Data Fiduciary designated by government based on volume/sensitivity of data processed. Subject to additional obligations.
SOC (Security Operations Center) Technical
Centralized unit that monitors, detects, analyzes, and responds to cybersecurity incidents using technology and processes.
Social Engineering Attack
Psychological manipulation of people into performing actions or divulging confidential information.
Spear Phishing Attack
Targeted phishing attack directed at specific individuals or organizations using personalized information.
SQL Injection Attack
Code injection attack that exploits vulnerabilities in database-driven applications by inserting malicious SQL statements.
T-Z
Threat Intelligence Technical
Evidence-based knowledge about existing or emerging threats to assets. Used to inform security decisions.
Threat Hunting Technical
Proactive security practice of searching through networks to detect threats that evade automated security solutions.
Two-Factor Authentication (2FA) Technical
Authentication requiring exactly two verification factors. Subset of multi-factor authentication.
VAPT Technical
Vulnerability Assessment and Penetration Testing. Combined approach to identify and exploit security weaknesses.
VPN (Virtual Private Network) Technical
Technology creating encrypted connection over less secure network, enabling secure remote access to internal resources.
Vulnerability Technical
Weakness in a system, application, or process that can be exploited by a threat to gain unauthorized access.
Zero-Day Technical
Previously unknown vulnerability that is exploited before the vendor has released a patch. Highly valuable to attackers.
Zero Trust Framework
Security model based on "never trust, always verify." Requires strict identity verification for everyone accessing resources.