Term 31
API security
API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.
Acronym study
Terms 31–60 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 31
API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.
Term 32
An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.
Term 33
AppArmor is a Linux kernel security module that restricts programs to a predefined set of resources using mandatory access control (MAC) policies.
Term 34
Application deployment is the process of making a software application available for use, typically by installing, configuring, and activating it on target devices or servers.
Term 35
An ARM template is a JSON file that defines the infrastructure and configuration for Azure resources, enabling repeatable and consistent deployments.
Term 36
ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.
Term 37
ARP poisoning is a network attack where an attacker sends fake Address Resolution Protocol messages to link their MAC address with a legitimate IP address, enabling them to intercept, modify, or stop data on a local network.
Term 38
Artifact Registry is a managed service for storing, managing, and securing container images and other software packages in a centralized repository.
Term 39
In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.
Term 40
Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.
Term 41
Assume breach is a security mindset where an organization operates as if attackers have already compromised their network, shifting focus to rapid detection, containment, and damage limitation rather than only prevention.
Term 42
Assured Workloads is a set of cloud security controls that help organizations run sensitive workloads in a trusted, verified environment on Google Cloud.
Term 43
The attack chain (or kill chain) is a model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Term 44
Attack simulation training is a Microsoft 365 security tool that lets IT administrators run realistic phishing and password-attack campaigns against their own users to identify vulnerabilities and improve security awareness.
Term 45
Attack surface reduction is a set of security practices that minimizes the number of ways an attacker can access or exploit a system by removing unnecessary features, locking down configurations, and controlling software behavior.
Term 46
An attack vector is the specific path or method a cyber attacker uses to gain unauthorized access to a computer system or network.
Term 47
An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.
Term 48
An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.
Term 49
An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.
Term 50
Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.
Term 51
Authentication, Authorization, and Accounting (AAA) is a security framework that controls who can access a network or system, what they are allowed to do, and tracks what they actually did.
Term 52
An authentication log is a record of all attempts to verify a user's identity when accessing a system, including successes, failures, and associated metadata.
Term 53
An authenticator app is a software application on your phone or computer that generates temporary codes used to prove your identity when logging into online accounts.
Term 54
Authorization determines what an authenticated user is allowed to do within a system, such as accessing files, running programs, or changing settings.
Term 55
A file on a server that stores the public keys of users who are allowed to log in without a password using SSH key-based authentication.
Term 56
Availability is the measure of how often a system or service is operational and accessible when needed, typically expressed as a percentage of uptime.
Term 57
AWS Audit Manager is a service that automatically collects evidence from your AWS accounts to help you prove that you are following security and compliance rules, making audits easier and faster.
Term 58
AWS Config is a service that continuously records, evaluates, and reports on changes to your AWS resources so you can maintain a secure and compliant infrastructure.
Term 59
AWS Config Rules are customizable, automated checks that continuously evaluate your AWS resource configurations against desired compliance or security policies and alert you when a resource is noncompliant.
Term 60
AWS Firewall Manager is a centralized security management service that lets you configure and enforce firewall rules across all accounts and resources in your AWS organization from a single place.