An attack surface is the total number of ways an attacker can try to gain unauthorised access to a computer system, network, or application. It includes all the points where someone could try to enter or extract data, such as websites, software interfaces, hardware devices, and even employees. Reducing the attack surface means closing or…
Lateral movement is a technique where an attacker, after gaining initial access to a computer or network, moves sideways within the environment to access additional systems or data. This often involves using stolen credentials or exploiting weak security on other devices. The goal is to find valuable information or gain higher privileges without being detected.
Privilege escalation is a process where someone gains access to higher levels of permissions or control within a computer system or network than they are meant to have. This usually happens when a user or attacker finds a weakness in the system and uses it to gain extra powers, such as the ability to change…
Threat intelligence is information collected, analysed, and used to understand current and potential cyber threats. It helps organisations know what types of attacks are happening, who might be behind them, and how to protect their systems. This knowledge allows security teams to make better decisions and respond more effectively to cyber incidents.
Zero Trust Architecture is a security approach that assumes no user or device, inside or outside an organisation’s network, is automatically trustworthy. Every request to access resources must be verified, regardless of where it comes from. This method uses strict identity checks, continuous monitoring, and limits access to only what is needed for each user…
Access control is a security technique that determines who or what can view or use resources in a computing environment. It sets rules that allow or block certain users from accessing specific information or systems. This helps protect sensitive data and prevents unauthorised use of resources.
A cryptographic hash function is a mathematical process that takes any amount of digital data and creates a fixed-size string of characters, which appears random. This process is designed so that even a small change in the original data will result in a completely different output. The function is also one-way, meaning it is practically…
Public key cryptography is a method for securing digital communication by using two different keys. One key is public and can be shared with anyone, while the other key is private and kept secret. Messages encrypted with the public key can only be decrypted with the matching private key, ensuring that only the intended recipient…
Identity verification is the process of confirming that a person is who they claim to be. This often involves checking official documents, personal information, or using digital methods like facial recognition. The goal is to prevent fraud and ensure only authorised individuals can access certain services or information. Reliable identity verification protects both businesses and…
Access control management is the process of deciding who can use or view certain resources, data, or areas within a system, building, or network. It involves setting up rules and systems that determine which users have permission to perform specific actions, such as reading, editing, or deleting information. This helps organisations protect sensitive information and…