A systematic evaluation of an organization's information systems to identify vulnerabilities and risks.

The process of identifying, quantifying, and prioritizing vulnerabilities in a system.

The creation of code or techniques to take advantage of vulnerabilities in software or systems.

Implementing security measures to reduce vulnerabilities in a system, making it more resistant to attacks.

The identification, assessment, and prioritization of risks followed by coordinated efforts to minimize, monitor, and control their impact.

A structured approach to identifying and prioritizing potential threats to a system.

Simulated cyberattack on a system to evaluate its security defenses.

A security flaw that is unknown to the vendor and has no patch available at the time of discovery.

Tools and libraries that assist in developing and executing exploits against vulnerabilities.

A standardized method, such as CVSS, for assessing the severity of vulnerabilities.

Actions taken to reduce the severity or likelihood of a risk.

Adhering to laws, regulations, and guidelines relevant to cybersecurity practices.

The process of fixing or mitigating vulnerabilities in a system.

Manipulating individuals into divulging confidential information for fraudulent purposes.

A formalized set of rules and practices that dictate how an organization manages its security.

A device or software application that monitors network or system activities for malicious activities.

The overall process of risk management that includes risk identification, analysis, and evaluation.

A network security device that monitors and controls incoming and outgoing network traffic based on security rules.

The process of converting information into a code to prevent unauthorized access.

Analyzing software by executing it in a runtime environment to identify vulnerabilities.

Analyzing the source code or binaries of an application without executing it to find vulnerabilities.

A repository of known vulnerabilities, often used for research and remediation.

An event that indicates a potential breach of security policies or procedures.

Information about threats and threat actors that helps organizations prepare for and respond to potential attacks.

Analyzing software to understand its components and functionality, often to identify vulnerabilities.

Identifying unusual patterns or behaviors in data that may indicate a security threat.