The practice of protecting systems, networks, and data from digital attacks, ensuring confidentiality, integrity, and availability.

A structured initiative designed to educate employees about cybersecurity threats and best practices to mitigate risks.

Any potential danger that could exploit a vulnerability to cause harm to a system or organization.

A weakness in a system that can be exploited by threats to gain unauthorized access or cause damage.

A tactic used by cybercriminals to deceive individuals into providing sensitive information through fake emails or websites.

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.

A type of malware that encrypts a victim's files and demands payment for the decryption key.

Manipulative tactics used to trick individuals into divulging confidential information.

The process of converting data into a coded format to prevent unauthorized access.

A security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A formal document that outlines an organization’s rules and procedures for maintaining security.

An incident where unauthorized access to sensitive data occurs, leading to potential data loss or exposure.

An additional layer of security requiring not just a password and username but also something that only the user has.

The practice of protecting information by mitigating risks related to its use, disclosure, and destruction.

Adhering to laws, regulations, and guidelines relevant to an organization’s business processes.

The process of identifying, analyzing, and evaluating risks to an organization’s information assets.

Educational resources developed to teach employees about cybersecurity practices and policies.

Individuals or groups with an interest in the security practices of an organization, including employees and owners.

A strategic outline detailing how to roll out a cybersecurity program effectively.

Metrics used to evaluate the success of an organization in achieving its objectives.

An ongoing effort to enhance products, services, or processes over time.

A plan to convey important cybersecurity messages to employees and stakeholders effectively.

Techniques used to involve and motivate employees in cybersecurity training and awareness.

The process of testing a program or material on a small scale before full implementation.

Systems for collecting input from participants to improve training and awareness initiatives.