A

Antivirus

software designed to detect and prevent computer viruses and other malware from entering and harming a system.

Application Security

the use of software, hardware and procedural methods to protect applications from external and internal threats.

Artificial Intelligence

the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making and translation between languages.

Asset

any item perceived as having value; includes both tangible items such as information systems and physical property, as well as intangibles such as intellectual property and data.

Attack Surface

the sum of the security risk exposure; it is the aggregate of all known, unknown and potential vulnerabilities and controls across all software, hardware, firmware and networks. A smaller attack surface can help make your organization less exploitable, reducing risk. A typical attack surface has complex interrelationships among three main areas of exposure: software attack surface, network attack surface and the often overlooked human attack surface.

Software Attack Surface

comprised of the software environment and its interfaces. These are the applications and tools available to authorized (and unauthorized) users.

Network Attack Surface

presents exposure related to ports, protocols, channels, devices (from routers and firewalls to laptops and smart phones), services, network applications (SaaS) and even firmware interfaces.

Human Attack Surface

humans have a range of complex vulnerabilities that are frequently exploited. One of the great strengths of highly secure organizations is their emphasis on communicating security awareness and safety principles to their employees, partners, supply chain and even their customers.

Authentication

the process or action of verifying the identity of a user or process.

Authorization

the function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular.