Security Concepts A–Z

Welcome to Cyber Security Street’s Security Concepts A–Z, your comprehensive encyclopedia for everything in the digital defense universe. Whether you’re decoding the fundamentals of encryption, unraveling zero-trust architecture, or exploring the anatomy of ransomware, this section is built to empower every level of cyber enthusiast. Each article in our A–Z library breaks down complex security ideas into clear, actionable insights — blending technical precision with real-world relevance. From authentication to virtualization, from phishing to quantum cryptography, every concept is explained in a way that connects the dots between innovation, protection, and strategy. Whether you’re an IT pro reinforcing a company’s digital perimeter or a newcomer curious about how cyber threats work, this collection equips you with the knowledge to stay informed, alert, and one step ahead. The alphabet of security isn’t just a glossary — it’s the foundation of your digital defense mindset.

1. CIA Triad: Confidentiality, Integrity, Availability—core goals of any security program.

2. Least privilege: give users/services only the access they need, nothing more.

3. Defense-in-depth: stack controls (network, endpoint, identity, data) to reduce single points of failure.

4. Patch cadence: apply critical security updates within days, not weeks.

5. MFA first: protect all remote, admin, and email access with multi-factor authentication.

6. Network segmentation: isolate critical assets from general user networks.

7. Backups 3-2-1: three copies, two media types, one offsite/immutable.

8. Secure defaults: disable unused services/ports; deny by default, allow by exception.

9. Logging basics: centralize logs (auth, network, EDR) and retain for investigations.

10. User education: regular phishing drills and clear reporting channels reduce risk.

1. Phishing: social-engineering emails lure credentials—verify sender, hover links.

2. Ransomware: encrypts files and exfiltrates data—backups + EDR + least privilege.

3. Business Email Compromise: invoice/payment fraud—out-of-band verification is key.

4. Supply chain: compromised vendor updates propagate risk—SBOMs and code signing help.

5. Insider threats: misuse of legitimate access—monitor anomalies, enforce separation of duties.

6. Credential stuffing: reused passwords attacked at scale—MFA and password hygiene.

7. Zero-day exploits: unknown bugs weaponized—virtual patching, behavior detection.

8. Cloud misconfig: public buckets, lax IAM—automated posture management.

9. IoT exposure: weak defaults and seldom patched—network isolation and updates.

10. Data exfiltration: covert uploads—DLP, egress filtering, TLS inspection (where lawful).

1. EDR/XDR: endpoint and extended detection with behavioral analytics.

2. SIEM: centralizes log collection, correlation, and alerting.

3. SOAR: automates playbooks to speed response and reduce alert fatigue.

4. WAF: shields web apps from OWASP Top 10 issues and layer-7 abuse.

5. SAST/DAST: scan code and running apps to find vulnerabilities early.

6. Secret scanners: detect hardcoded keys/tokens across repos and pipelines.

7. CSPM: cloud posture checks for misconfigurations and risky identities.

8. PAM: just-in-time admin access and session recording for high-risk ops.

9. DLP: monitor and control sensitive data movement and storage.

10. MDM/MAM: govern device compliance, encryption, and app policies.

1. SQL injection: unsanitized input manipulates queries—use parameterized statements.

2. XSS: untrusted scripts run in browsers—encode output, set CSP, sanitize inputs.

3. CSRF: forged requests abuse sessions—CSRF tokens and SameSite cookies.

4. SSRF: server fetches attacker-controlled URLs—allowlist egress, metadata protections.

5. Deserialization bugs: crafted objects execute code—use safe serializers and validations.

6. Path traversal: “../” reads arbitrary files—normalize paths, restrict roots.

7. Insecure direct object references: predictable IDs expose data—use access checks.

8. Race conditions: timing flaws corrupt state—locks, idempotency, transaction controls.

9. API abuse: unthrottled endpoints scraped or brute-forced—rate limiting, auth scopes.

10. JWT pitfalls: weak signing, long TTL—rotate keys, short expiries, audience checks.

1. Honeytokens: fake credentials/data to detect intruders when used.

2. Canary releases: limit blast radius by slow-rolling new builds.

3. Chaos engineering for security: inject faults to test resilience.

4. Deception networks: lure attackers into instrumented traps.

5. Privacy-by-design: minimize collection, encrypt at rest and in transit.

6. Zero trust: verify explicitly, use continuous risk-based access.

7. Homomorphic encryption (intro): compute on encrypted data—emerging use cases.

8. Secure enclaves: isolate sensitive code/data in hardware-protected memory.

9. Algorithm agility: plan for crypto migrations as standards evolve.

10. Red vs. Blue vs. Purple: collaborative exercises improve detection and response.

Q: What’s the fastest way to cut breach risk?
A: MFA everywhere, patch critical vulns quickly, and remove standing admin rights.

Q: Is antivirus still relevant?
A: Signature AV alone isn’t—pair with EDR/XDR and application control.

Q: How do I start zero trust?
A: Map identities and apps, enforce MFA, segment, and adopt continuous verification.

Q: Are passwords dead?
A: Moving toward passkeys and phishing-resistant auth, but passwords linger—manage them well.

Q: How often should we run tabletop exercises?
A: Quarterly for core incidents; update playbooks after each run.

Q: What’s the best backup strategy vs ransomware?
A: Offline/immutable copies, frequent tests, and clear RTO/RPO targets.

Q: How do I secure APIs?
A: Authn/authz for every call, rate limits, schema validation, and inventory tracking.

Q: What logs matter most?
A: Authentication, privilege changes, endpoint alerts, network egress, cloud control plane.

Q: How do we measure security?
A: Mean time to detect/respond, patch SLAs, phishing fail rates, coverage of controls.

Q: Where do I focus first?
A: Identity/MFA, email security, endpoint protection, and critical patch management.

View Product Reviews

Cyber Security Streets

News Street Network

Powered by Redhawks Media

Social