A cryptographic key used for both encryption and decryption in symmetric encryption systems. Secret keys must remain confidential to both parties, as compromise exposes all protected communications and data.

A cybersecurity framework category focused on designing, developing, and building secure information systems. Secure provisioning integrates security controls throughout development lifecycles rather than adding them after deployment.

Managing security controls as code within DevOps processes and CI/CD pipelines. Security as code enforces policies programmatically in cloud-native environments, ensuring consistent security configurations across automated deployments.

Using technology to execute security processes without manual intervention, including incident response, policy enforcement, and threat detection. Automation reduces response times, eliminates human error, and enables security teams to focus on complex threats.

Formal rules governing acceptable use of information assets and defining required security controls. Security policies establish organizational security posture, compliance requirements, and consequences for violations while guiding technology implementations.

Strategic oversight of an organization's information security program, including policy development, resource allocation, risk management, and incident planning. Security program management aligns technical controls with business objectives and regulatory requirements.

Security Information and Event Management systems aggregating logs from multiple sources for correlation, analysis, and alerting. SIEM platforms provide centralized visibility but require significant tuning and analyst expertise to be effective.

Distinctive patterns identifying specific threats, files, or behaviors used by security tools for detection. Signature-based detection effectively identifies known threats but fails against zero-day attacks and polymorphic malware.

Security Orchestration, Automation, and Response platforms integrating security tools and automating incident response workflows. SOAR systems coordinate actions across multiple tools, reducing manual tasks and accelerating threat containment.

Security Operations Centers serving as centralized hubs for monitoring, detecting, analyzing, and responding to security incidents. SOCs combine people, processes, and technology to maintain continuous threat vigilance.

Psychological manipulation tactics deceiving individuals into divulging confidential information or performing actions compromising security. Social engineering exploits human trust rather than technical vulnerabilities, making awareness training critical for defense.

Confidence that software operates as intended without vulnerabilities introduced during development or deployment. Software assurance encompasses secure coding practices, testing, verification, and supply chain security throughout software lifecycles.

Development practices integrating security controls, testing, and validation throughout software creation. Security engineering applies threat modeling, code review, and vulnerability testing to prevent flaws before production deployment.

Unsolicited bulk messages sent indiscriminately through email, messaging, or other electronic communications. Spam consumes bandwidth, enables phishing attacks, and delivers malware while overwhelming legitimate communications.

Unauthorized disclosure or transfer of classified or sensitive information to uncleared systems or personnel. Spillage incidents require immediate containment, investigation, and remediation to prevent further exposure.

Falsifying source identities in communications to impersonate trusted entities and bypass security controls. Spoofing attacks include email address forgery, IP address manipulation, and caller ID falsification for social engineering.

Malicious software secretly installed on systems to monitor user activity, collect sensitive information, or track behaviors without consent. Spyware compromises privacy and can enable identity theft or corporate espionage.

The combination of technologies, tools, and platforms an organization uses to deliver services or protect systems. Security stacks often include multiple point solutions requiring integration for comprehensive protection.

Industrial control systems managing geographically dispersed infrastructure like power grids, water treatment, and manufacturing processes. SCADA security requires protecting operational technology from cyber threats while maintaining safety and reliability.

The network of organizations, processes, and resources involved in creating and delivering products or services from suppliers to customers. Supply chain security addresses risks from compromised vendors, components, or software dependencies.

Identifying, assessing, and mitigating risks introduced through vendor relationships, third-party software, and hardware components. Supply chain risk management addresses threats from compromised suppliers, counterfeit components, and malicious insertions.

Encryption methods using identical keys for both encryption and decryption operations. Symmetric algorithms like AES provide fast encryption but require secure key distribution mechanisms since key compromise exposes all protected data.

A cryptographic key performing both encryption and decryption in symmetric encryption systems. Symmetric keys require secure exchange between parties and must be rotated regularly to maintain security.

Managing and maintaining servers, networks, and IT infrastructure to ensure availability, performance, and security. System administrators configure access controls, apply patches, monitor systems, and respond to technical issues.

Assurance that systems function as intended without unauthorized manipulation or corruption. System integrity controls detect tampering, verify configurations, and ensure systems remain trustworthy throughout their operational lifecycle.

The process of designing, creating, testing, and deploying information systems throughout their lifecycle. Secure systems development integrates security requirements from initial design through implementation and maintenance.

Translating business needs into technical specifications and system designs. Requirements planning ensures security controls address organizational risks while supporting operational objectives and compliance mandates.

Evaluating system security through testing, integration assessment, and ongoing monitoring. Security analysis identifies vulnerabilities, validates controls, and ensures systems maintain appropriate protection throughout their lifecycle.

Designing secure system structures that address security requirements while supporting business functionality. Security architecture defines how components interact, where controls apply, and how threats are mitigated.