Term 1
2FA
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
Acronym study
Terms 1–30 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 1
Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.
Term 2
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
Term 3
AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.
Term 4
ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.
Term 5
An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.
Term 6
Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.
Term 7
An Access Control List is a set of rules that decides which traffic is allowed or denied entry to a network or device.
Term 8
An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.
Term 9
Access Transparency is the practice of logging and monitoring all access requests to cloud service provider infrastructure by the provider's personnel, giving customers visibility into who accessed their data and when.
Term 10
Account lockout is a security feature that temporarily disables a user account after a set number of failed login attempts to prevent unauthorized access.
Term 11
Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.
Term 12
An Access Control List is a set of rules that determines who or what can access specific network resources or data.
Term 13
An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.
Term 14
An Administrative unit is a container in Microsoft Entra ID that allows you to delegate administrative permissions over a subset of users, groups, or devices, rather than the entire directory.
Term 15
Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that protects electronic data by converting readable information into a scrambled format that can only be unscrambled with the correct secret key.
Term 16
Adware is software that automatically displays or downloads unwanted advertisements, often bundled with free programs, and may track user behavior without clear consent.
Term 17
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
Term 18
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
Term 19
ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.
Term 20
An alert is a notification that something unusual or potentially harmful has happened in a computer system or network.
Term 21
Alert fatigue is the desensitization and overwhelming feeling security analysts experience when they receive so many security alerts that they begin to ignore or miss them.
Term 22
An Alias record is a DNS record type that maps a hostname to another hostname, seamlessly routing traffic to AWS resources like load balancers or CloudFront distributions.
Term 23
In incident response, analysis is the process of examining data and events to determine what happened, how it happened, and what actions to take.
Term 24
Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.
Term 25
Ansible is an open-source automation tool that IT professionals use to configure systems, deploy software, and manage infrastructure without needing to install agent software on every managed machine.
Term 26
Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.
Term 27
An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.
Term 28
An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.
Term 29
An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.
Term 30
Antivirus is software that detects, prevents, and removes malicious software (malware) from a computer or network.