Cybersecurity English
Cybersecurity English Glossary
677 professional cybersecurity english terms with definitions, pronunciation and examples. Learn what each term means — free with Termify.
A
- ¿Qué es Abuso de lógica empresarial? The exploitation of legitimate business logic in applications to gain unauthorized advantages, often bypassing technical...
- ¿Qué es Acceso Entre Arrendatarios? The mechanism by which users, services, or applications are granted permission to access resources across different isol...
- ¿Qué es Acceso Justo a Tiempo? A privileged access management method that grants users temporary, time-bound, and auditable access rights to critical s...
- ¿Qué es Acción de remediación? Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to...
- ¿Qué es Acción de remediación? A specific corrective step taken to address a vulnerability, nonconformity, or security finding in cryptographic or PKI ...
- ¿Qué es Aceptación de riesgos? The formal decision to tolerate a known risk in cryptographic or PKI systems, typically documented through risk manageme...
- ¿Qué es Aceptación del riesgo? A formal decision to acknowledge and accept the consequences of a specific risk, typically documented and approved by au...
- ¿Qué es Actor de amenaza? An individual, group, or entity with the intent, capability, and opportunity to exploit vulnerabilities in cryptographic...
- ¿Qué es Acuerdo de clave? A cryptographic protocol that enables two or more parties to establish a shared secret key over an insecure channel, com...
- ¿Qué es Adherencia a políticas? The degree to which organizational personnel follow established internal policies, procedures, and standards.
- ¿Qué es Agregación de registros? Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into ...
- ¿Qué es Agregación de telemetría de red? The collection, normalization, and consolidation of network telemetry data (such as flow records, logs, or metrics) from...
- ¿Qué es Aislamiento de sesiones privilegiadas? The separation and monitoring of administrative sessions from standard user sessions to prevent misuse of privileged acc...
- ¿Qué es Aislamiento de Sistema Operativo Invitado? The practice of isolating virtual machines (guests) from each other and from the host system to prevent unauthorized acc...
- ¿Qué es Aislamiento de Tiempo de Ejecución de Contenedores? A set of controls and configurations that ensure each running container is logically and physically separated from other...
- ¿Qué es Aislamiento del Host? The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compro...
- ¿Qué es Aislamiento entre inquilinos? Security controls that strictly separate data, processes, and resources among different tenants in multi-tenant cloud or...
- ¿Qué es Aislamiento Remoto de Navegador? A security technique in which a user’s web browsing session is executed on a remote server, isolating all web content fr...
- ¿Qué es Aleatorización de puertos efímeros? A technique where ephemeral (temporary) TCP/UDP ports are assigned randomly to reduce the risk of port prediction attack...
- ¿Qué es Alerta de Configuración Incorrecta de Recursos? Automated notification generated when a cloud resource, such as storage or compute, is configured in a way that exposes ...
- ¿Qué es Alerta de escalada de privilegios? The process of generating real-time alerts whenever a user or process attempts to gain higher-level access than authoriz...
- ¿Qué es Alerta de Exfiltración de Datos? The real-time detection and notification of unauthorized attempts to transfer sensitive or regulated data out of protect...
- ¿Qué es Alerta de Seguridad? Automated or manual notification process by which a security system or analyst informs relevant personnel of detected su...
- ¿Qué es Algoritmo de firma? A cryptographic algorithm used to generate and verify digital signatures, ensuring data authenticity and integrity, such...
- ¿Qué es Algoritmo MAC? A cryptographic function that produces a short piece of information used to authenticate a message and provide integrity...
- ¿Qué es Alineación regulatoria? The degree to which organizational controls, processes, and policies conform to laws, regulations, and relevant industry...
- ¿Qué es Almacenamiento Criptográfico Defectuoso? A vulnerability where sensitive data is improperly encrypted, decrypted, or stored using weak cryptographic algorithms, ...
- ¿Qué es Almacenamiento Incorrecto de Secretos? A vulnerability where sensitive secrets, such as API keys or passwords, are stored in insecure locations, such as plaint...
- ¿Qué es Almacén de confianza? A repository of trusted root and intermediate certificates used by applications and systems to verify the authenticity o...
- ¿Qué es Almacén raíz? A trusted repository of root CA certificates used by operating systems and applications to validate the trustworthiness ...
- ¿Qué es Analítica de abuso de API? The use of data analysis techniques to monitor, identify, and report on abnormal or malicious usage patterns within API ...
- ¿Qué es Analítica de seguridad? Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical mo...
- ¿Qué es Ancla de confianza? A trusted entity (typically a root certificate authority) whose public key is used as the ultimate basis for validating ...
- ¿Qué es Anclaje de cadena? The process of ensuring that a certificate chain terminates at a trusted root certificate authority (trust anchor), as r...
- ¿Qué es Anomalía de Comportamiento de Red? An observed deviation from established patterns of normal network activity that may indicate the presence of malicious a...
- ¿Qué es Análisis de amenazas? Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilitie...
- ¿Qué es Análisis de Captura de Paquetes? The process of collecting and analyzing network packet data to detect threats, troubleshoot issues, and validate securit...
- ¿Qué es Análisis de Comportamiento del Usuario? Advanced analytics that monitor and analyze user activity patterns to detect insider threats, compromised accounts, and ...
- ¿Qué es Análisis de Comportamiento en Tiempo de Ejecución? Continuous monitoring and assessment of applications’ or systems’ activities during execution to detect anomalies or thr...
- ¿Qué es Análisis de código estático? The process of automatically analyzing source code or binaries for security vulnerabilities, coding errors, or policy vi...
- ¿Qué es Análisis de dependencias de código? The process of examining software dependencies for known vulnerabilities, outdated components, or license compliance iss...
- ¿Qué es Análisis de exposición? Systematic evaluation of cryptographic or PKI assets and their attack surface to determine points of exposure to vulnera...
- ¿Qué es Análisis de Flujos de Red? The process of collecting, monitoring, and analyzing metadata about network traffic flows to detect anomalies and threat...
- ¿Qué es Análisis de impacto? The process of identifying and evaluating the potential consequences and business impacts of threats, incidents, or poli...
- ¿Qué es Análisis de impacto? A structured assessment of the potential consequences or business disruption resulting from the exploitation of vulnerab...
- ¿Qué es Análisis de Imágenes de Contenedores? The process of automatically analyzing container images for vulnerabilities, malware, and policy violations before deplo...
- ¿Qué es Análisis de Incidentes? The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons l...
- ¿Qué es Análisis de malware? The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected...
- ¿Qué es Análisis de registros? The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to ...
- ¿Qué es Análisis de riesgos? The systematic process of identifying, evaluating, and prioritizing risks to organizational assets, considering likeliho...
- ¿Qué es Análisis Forense? The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analy...
- ¿Qué es Análisis forense? The application of specialized techniques to collect, preserve, and analyze digital evidence from information systems fo...
- ¿Qué es Apetito de riesgo? The level and type of risk an organization is willing to accept in pursuit of its objectives, as formally defined by sen...
- ¿Qué es Aplicación de Cuotas API? The process of applying limits to the number of API requests allowed for each user, application, or key, to prevent reso...
- ¿Qué es Aplicación de Enlace de Token? A security control requiring the cryptographic binding of authentication tokens to specific TLS sessions or client devic...
- ¿Qué es Aplicación de Gateway API? Operational policy and control enforcement at the API gateway layer, ensuring only validated and authorized API traffic ...
- ¿Qué es Aplicación de la política de segmentación? The application and monitoring of access control policies that govern traffic between network segments to minimize unaut...
- ¿Qué es Aplicación de Límite de Tasa API? A control that limits the number of API requests a client or application can make within a specific time frame to preven...
- ¿Qué es Aplicación de Mínimos Privilegios? The continuous process of restricting user, process, or system access rights to the minimum necessary to perform authori...
- ¿Qué es Aplicación de políticas? The process of ensuring that policies, standards, and procedures are implemented and followed within the organization, w...
- ¿Qué es Aplicación de Políticas en Endpoints? The application of security controls to endpoints (e.g., laptops, mobiles) to ensure compliance with organizational secu...
- ¿Qué es Aplicación de Reglas de Negocio? Implementation and monitoring of business logic controls within applications to prevent unauthorized or unintended actio...
- ¿Qué es Aplicación de Tiempo de Sesión? Policy and technical controls to ensure user sessions automatically expire after a defined period of inactivity, minimiz...
- ¿Qué es Aplicación del alcance del token? The process of restricting token privileges to the minimum necessary set of actions or resources, ensuring that access t...
- ¿Qué es Aplicación del Control de Acceso a la Red? The application of technical controls to regulate and restrict user, device, or service access to network resources, enf...
- ¿Qué es Aplicación del Lado del Cliente? Reliance on client-side logic to enforce security controls, which can be bypassed or manipulated, undermining the intend...
- ¿Qué es Archivo de exploits? A centralized and curated repository of documented exploits relevant to cryptographic or PKI environments, used for thre...
- ¿Qué es Arquitectura de Confianza Cero? A security model based on the principle that no user, device, or network component should be trusted by default. Enforce...
- ¿Qué es Arquitectura de Confianza Cero? A security model centered on the assumption that no user or device, inside or outside the network perimeter, is trusted ...
- ¿Qué es Arquitectura DNS Resiliente? A DNS infrastructure designed for high availability, redundancy, and resistance to attacks or failures, ensuring continu...
- ¿Qué es Arquitectura Zero Trust? A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verificati...
- ¿Qué es Aserción firmada? A digital statement or claim, such as an authentication response or attribute, that is cryptographically signed to ensur...
- ¿Qué es Asignación de VLAN de Cuarentena? The process of isolating endpoints identified as compromised or non-compliant by assigning them to a dedicated VLAN with...
- ¿Qué es Ataque de criptoanálisis? A method of attacking cryptographic systems by analyzing the algorithms and ciphertexts to extract secret keys or plaint...
- ¿Qué es Ataque de Manipulación de Parámetros? An attack technique where an adversary manipulates input parameters in client requests to alter application behavior, by...
- ¿Qué es Ataque de retransmisión de autenticación? A cyberattack in which authentication credentials are intercepted and forwarded (relayed) to impersonate a legitimate us...
- ¿Qué es Atribución de amenazas? Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific act...
- ¿Qué es Auditoría de Acceso en la Nube? Systematic logging and analysis of access events in cloud environments to ensure compliance, detect anomalies, and suppo...
- ¿Qué es Auditoría de cumplimiento? A systematic, independent review to determine whether activities and related results comply with planned arrangements, p...
- ¿Qué es Auditoría de seguridad? A formal, systematic review of an organization’s information systems, controls, and procedures to verify their effective...
- ¿Qué es Auditoría de seguridad? A formal, systematic review and verification of cryptographic and PKI processes, controls, and compliance with standards...
- ¿Qué es Autenticación Multifactor? A security mechanism requiring users to present two or more independent forms of evidence (factors) to verify their iden...
- ¿Qué es Autenticación mutua? A security process in which both entities in a communication verify each other's identities, typically using digital cer...
- ¿Qué es Autoevaluación de Controles? Short for 'Control Self-Assessment'—an internal process where departments evaluate the design and effectiveness of their...
- ¿Qué es Automatización de la orquestación de seguridad? The integration and automation of security processes, tools, and workflows to accelerate detection, investigation, and r...
- ¿Qué es Automatización de Playbook? The automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual...
- ¿Qué es Automatización de pruebas? The application of automated tools and scripts to perform repeatable, consistent validation of cryptographic functions, ...
- ¿Qué es Automatización de seguridad? Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—s...
- ¿Qué es Automatización del Descubrimiento de Activos? The automated identification and inventory of all devices, cloud resources, software, and services within an organizatio...
- ¿Qué es Autoridad de política? An entity within a PKI or trust framework responsible for defining, governing, and maintaining security and operational ...
- ¿Qué es Autoridad de validación? A trusted service or entity that provides real-time or historical status information about digital certificates, typical...
- ¿Qué es Autoridad Raíz? The top-level Certificate Authority (CA) in a PKI hierarchy whose root certificate is self-signed and serves as the ulti...
- ¿Qué es Autorización a nivel de función? A control mechanism that verifies a user’s or system’s permission for each specific API endpoint or business function be...
- ¿Qué es Aviso de privacidad? A formal document that informs individuals about how their personal data is collected, used, stored, and protected by th...
B
- ¿Qué es Base de datos de vulnerabilidades? A centralized, authoritative repository cataloging known cryptographic and PKI-related vulnerabilities, including CVEs, ...
- ¿Qué es Blindaje de Metadatos de Instancia? A security control that prevents unauthorized access to the metadata service of virtual machine or container instances, ...
- ¿Qué es Bloqueo de Scripts Maliciosos? The detection and prevention of unauthorized, harmful scripts (such as JavaScript, PowerShell, or macros) from executing...
- ¿Qué es Bloqueo de tráfico malicioso? Automated or manual actions taken to identify and prevent the flow of network traffic identified as malicious, including...
- ¿Qué es Brecha de seguridad? A missing or insufficient security control in cryptographic or PKI systems that exposes assets to risk, noncompliance, o...
- ¿Qué es Brecha regulatoria? Any deficiency or mismatch between current organizational controls, policies, or processes and those required by relevan...
C
- ¿Qué es CA subordinada? A Certificate Authority (CA) that is certified and authorized by a root or higher-level CA to issue digital certificates...
- ¿Qué es Cadena de ataque? A sequence of steps or techniques used by threat actors to exploit cryptographic or PKI weaknesses, progressing from ini...
- ¿Qué es Cadena de certificados? An ordered sequence of certificates, from an end-entity certificate up to the root authority, each certifying the next i...
- ¿Qué es Cadena de custodia? A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integri...
- ¿Qué es Calificación de riesgos? The process of quantifying and prioritizing risks by assigning numerical or qualitative values based on likelihood, impa...
- ¿Qué es Calificación de severidad? A standardized scale or categorization of the impact and urgency of vulnerabilities or incidents affecting cryptographic...
- ¿Qué es Canal de comando seguro? An encrypted, authenticated communication pathway used for transmitting privileged commands or control signals, as descr...
- ¿Qué es Canal de mando y control? A communications channel used by attackers or malware to issue instructions to compromised hosts, or by defenders for au...
- ¿Qué es Canal seguro? A communication path protected by cryptographic means, ensuring confidentiality, integrity, and authentication of data i...
- ¿Qué es Capacidad de detección? Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious acti...
- ¿Qué es Capacitación en concienciación? Education provided to personnel to raise awareness about security risks, threats, and safe practices, often as part of c...
- ¿Qué es Capacitación en seguridad? Instructional activities designed to equip personnel with the knowledge and skills to recognize, prevent, and respond to...
- ¿Qué es Carta de Seguridad? A formal document that defines the scope, authority, and responsibilities of the security function within an organizatio...
- ¿Qué es Categorización de activos? The process of classifying PKI and cryptographic assets based on value, criticality, sensitivity, and role within the or...
- ¿Qué es Categorización de incidentes? Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and ...
- ¿Qué es Catálogo de amenazas? A structured and curated inventory of recognized PKI or cryptographic threats, attack vectors, and related mitigation st...
- ¿Qué es Causa raíz? The fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through s...
- ¿Qué es Caza de amenazas? A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that e...
- ¿Qué es Caza de Amenazas Automatizada? The continuous, proactive, and algorithm-driven search for threats and anomalies in an environment, using automated tool...
- ¿Qué es Caza de amenazas en red? The proactive process of searching for hidden threats or adversaries within network traffic using behavioral analytics, ...
- ¿Qué es Centro de Fusión de Indicadores? A centralized facility or platform that aggregates, correlates, and analyzes cybersecurity indicators (such as IOCs) fro...
- ¿Qué es Certificación de accesos? A formal, periodic review process in which managers or data owners attest that users have the appropriate levels of acce...
- ¿Qué es Certificación de Salud de Endpoint? A process by which the health state of an endpoint device is cryptographically measured and validated before it is allow...
- ¿Qué es Certificado autofirmado? A digital certificate that is signed by the same entity whose identity it certifies, rather than by a trusted Certificat...
- ¿Qué es Certificado de atributo? A digital certificate that binds attribute information (such as roles or permissions) to a subject, separate from the id...
- ¿Qué es Certificado de CA? A digital certificate issued to a Certificate Authority, used to sign and validate other digital certificates within a P...
- ¿Qué es Certificado de dispositivo? A digital certificate issued to a device (such as a server, router, or IoT component) to authenticate its identity withi...
- ¿Qué es Certificado raíz? A self-signed digital certificate that identifies a trusted Certificate Authority (CA) at the apex of a certification ch...
- ¿Qué es Ciclo de Vida de Identidad de Máquina? The complete set of processes for creating, managing, renewing, and retiring machine identities (e.g., certificates, key...
- ¿Qué es Ciclo de Vida de la Alerta? The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalat...
- ¿Qué es Cierre de Incidente? The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and...
- ¿Qué es Cifrado de Almacenamiento en la Nube? The use of cryptographic techniques to protect data stored in cloud environments, ensuring confidentiality and integrity...
- ¿Qué es Cifrado de malla de servicios? End-to-end encryption of communications between services within a service mesh architecture, typically using mutual TLS ...
- ¿Qué es Cifrado de tejido de red? Encryption mechanisms applied to the entire data path within a network fabric, ensuring confidentiality and integrity of...
- ¿Qué es Cifrado de Transporte Mutuo? Encryption mechanism where both endpoints authenticate each other and establish encrypted transport, as defined in NIST ...
- ¿Qué es Cifrado híbrido? A cryptographic approach that combines asymmetric and symmetric encryption to leverage the advantages of both for secure...
- ¿Qué es Cifrado por bloques? A symmetric key encryption algorithm that encrypts data in fixed-size blocks, such as AES and 3DES.
- ¿Qué es Clasificación de activos? The process of categorizing cryptographic, PKI, and related assets based on sensitivity, criticality, and regulatory req...
- ¿Qué es Clasificación de datos? The process of categorizing data based on its sensitivity, value, and the impact to the organization if disclosed, alter...
- ¿Qué es Clasificación de datos? The systematic process of categorizing information based on sensitivity, criticality, and regulatory requirements to det...
- ¿Qué es Clasificación de seguridad? The categorization of data or assets based on sensitivity, value, and required level of protection, typically in alignme...
- ¿Qué es Clave de sesión? A temporary symmetric key used for a single communication session, providing confidentiality and integrity for exchanged...
- ¿Qué es Clave del emisor? The private key held by a Certificate Authority (CA) or issuer used to sign digital certificates and assert trust in a P...
- ¿Qué es Clave del sujeto? The cryptographic public key associated with the subject of a digital certificate, used to verify signatures or encrypt ...
- ¿Qué es Clave efímera? A cryptographic key generated for temporary use in a single session or operation, after which it is discarded and not re...
- ¿Qué es Clave precompartida? A symmetric key distributed to and shared by parties before communication begins, commonly used in VPNs, Wi-Fi WPA2-PSK,...
- ¿Qué es Clave privada? A confidential cryptographic key in an asymmetric key pair, used to sign or decrypt data, and must be kept secret to mai...
- ¿Qué es Clave pública? The openly distributed cryptographic key in an asymmetric key pair, used to verify digital signatures or encrypt data fo...
- ¿Qué es Clave simétrica? A cryptographic key used in symmetric encryption where the same key is used for both encryption and decryption operation...
- ¿Qué es Cobertura de escaneo? The extent to which cryptographic systems, PKI components, and related assets are included in vulnerability or configura...
- ¿Qué es Cobertura de pruebas? The extent to which cryptographic or PKI system components, use cases, and controls are validated by automated or manual...
- ¿Qué es Colisión de hash? An event where two different inputs produce the same output hash value from a cryptographic hash function, undermining d...
- ¿Qué es Comité de auditoría? A formally established group within an organization tasked with oversight of financial reporting, internal controls, ris...
- ¿Qué es Comité de gobernanza? A formal group of executives and stakeholders responsible for overseeing information security, compliance, and risk mana...
- ¿Qué es Compartición inadecuada de recursos? A security risk where system resources are shared without proper isolation or access controls, leading to unintended dat...
- ¿Qué es Comunicación de Incidentes? The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams...
- ¿Qué es Concesión Excesiva de Autorización? A security misconfiguration where a user or entity is assigned more access rights than necessary, violating the principl...
- ¿Qué es Confirmación de clave? A cryptographic process where parties confirm to each other that they possess the same secret key, usually as a final st...
- ¿Qué es Consejo de supervisión? A governing committee or group responsible for strategic direction, oversight, and monitoring of the organization’s risk...
- ¿Qué es Construcción de la cadena? The process of assembling a complete, ordered set of certificates from an end-entity certificate up to a trusted root, v...
- ¿Qué es Contaminación de parámetros HTTP? A web security vulnerability where multiple HTTP parameters with the same name are sent in a single request, potentially...
- ¿Qué es Contención de incidentes? The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement,...
- ¿Qué es Contención de malware? Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software w...
- ¿Qué es Contención de respuesta a incidentes? The process of isolating or restricting the impact of an active security incident to prevent further spread, as describe...
- ¿Qué es Contención por aislamiento de host? A network defense strategy to restrict or cut off network access for a compromised or suspicious host to prevent lateral...
- ¿Qué es Contenedor de clave? A logical or physical storage area used to hold cryptographic keys, often protected by access controls and used in softw...
- ¿Qué es Contexto de vulnerabilidad? The operational, environmental, and architectural conditions under which a cryptographic or PKI vulnerability may be pre...
- ¿Qué es Continuidad del negocio? A holistic management process that identifies potential threats and ensures organizational resilience by planning for co...
- ¿Qué es Control de Acceso Adaptativo? A dynamic security mechanism that adjusts access decisions in real-time based on user behavior, device health, risk cont...
- ¿Qué es Control de Acceso al Almacenamiento? Policies and mechanisms that restrict and monitor access to data storage systems, ensuring only authorized users or appl...
- ¿Qué es Control de acceso roto? A critical security flaw where access restrictions are incorrectly implemented, enabling users to perform actions or acc...
- ¿Qué es Control de Caché Incorrecto? Failure to configure cache settings securely, leading to the unintended storage or exposure of sensitive data in shared ...
- ¿Qué es Control de cambios? A formal process used to ensure that all modifications to systems, processes, or documents are introduced in a controlle...
- ¿Qué es Control de canonicalización de entrada? Processes that convert various possible input formats to a standard, canonical form before validation, helping to preven...
- ¿Qué es Control de cumplimiento? A specific policy, process, or technical measure implemented to ensure an organization meets applicable legal, regulator...
- ¿Qué es Control de Instancias Efímeras? Security controls and automation for governing short-lived, temporary compute instances to prevent persistence, limit at...
- ¿Qué es Control de mitigación? A technical or procedural safeguard implemented to reduce the likelihood or impact of cryptographic or PKI-related risks...
- ¿Qué es Control de Protección de Borde? Security mechanisms (e.g., firewalls, gateways) deployed at network perimeters to monitor and filter inbound and outboun...
- ¿Qué es Control de registro sensible? Procedures and mechanisms to ensure that confidential or regulated information is never written to logs, reducing the ri...
- ¿Qué es Control de Residencia de Datos? Policies and technical mechanisms that ensure organizational data is stored, processed, and managed in specific legal or...
- ¿Qué es Control de Suplantación de Usuario? Mechanisms and safeguards that prevent or detect unauthorized use of a legitimate user's identity within a system or app...
- ¿Qué es Coordinación de Respuesta? The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, a...
- ¿Qué es Coordinación de respuesta? Response Coordination is the organized management of communication, task allocation, and resource deployment among stake...
- ¿Qué es Copia de seguridad de clave? The secure process of creating a protected copy of a cryptographic key, enabling recovery if the original is lost or dam...
- ¿Qué es Correlación de Actividad en la Nube? The process of linking and analyzing disparate cloud events, logs, and telemetry to detect patterns indicative of threat...
- ¿Qué es Correlación de alertas? Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to i...
- ¿Qué es Correlación de Amenazas? The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships ...
- ¿Qué es Correlación de eventos? The process of analyzing and combining related security events from multiple sources to identify patterns indicative of ...
- ¿Qué es Cronología del incidente? A detailed chronological record of all events, actions, and system states related to a security incident, used for inves...
- ¿Qué es Cumplimiento criptográfico? Adherence to laws, regulations, and standards that govern cryptographic practices, algorithm usage, and key management, ...
- ¿Qué es Cumplimiento de esquema API? The practice of validating incoming and outgoing API requests and responses against a defined schema to prevent structur...
- ¿Qué es Cumplimiento de la política CORS? The process of strictly applying Cross-Origin Resource Sharing (CORS) policies to control which origins can interact wit...
- ¿Qué es Cumplimiento legal? The state of adhering to all applicable laws, regulations, and legal obligations relevant to an organization's business ...
- ¿Qué es Cumplimiento normativo? Adherence to laws, regulations, and standards applicable to the organization's operations and information security pract...
- ¿Qué es Curva elíptica? A type of algebraic curve used in public-key cryptography, providing strong security with smaller key sizes; the basis o...
- ¿Qué es Custodia de datos? The assignment of responsibility for the management, oversight, and protection of data assets to designated individuals ...
- ¿Qué es Código de conducta? A formal set of ethical and behavioral guidelines that define acceptable and unacceptable actions for personnel within a...
D
- ¿Qué es DDoS de Capa de Aplicación? A type of distributed denial-of-service attack that targets the application layer (OSI Layer 7) with malicious HTTP or A...
- ¿Qué es Debilidad de control? A flaw, gap, or insufficient strength in technical or procedural controls that may allow threats to compromise cryptogra...
- ¿Qué es Defensa contra Credential Stuffing? Measures and technologies to detect, block, and mitigate automated login attempts using stolen or reused username-passwo...
- ¿Qué es Defensa Contra la Toma de Cuentas? Security measures designed to detect and prevent unauthorized access to user accounts, including the use of MFA, behavio...
- ¿Qué es Defensa contra secuestro de sesión? Countermeasures and controls implemented to detect, prevent, and respond to session hijacking attacks, such as session f...
- ¿Qué es Deficiencia de control? A weakness in the design or operation of a control that prevents it from effectively mitigating risk or achieving compli...
- ¿Qué es Delegación de Consentimiento OAuth? Process by which a resource owner grants a client application delegated access to protected resources, based on explicit...
- ¿Qué es Depósito de clave? A key management process in which cryptographic keys are held in escrow by a trusted third party, enabling recovery unde...
- ¿Qué es Derivación de claves? A cryptographic process for generating one or more secret keys from a shared secret or password using a deterministic fu...
- ¿Qué es Descubrimiento de activos? The process of identifying and cataloging all PKI, cryptographic, or supporting assets within an organizational environm...
- ¿Qué es Descubrimiento de Endpoints de API? The process of identifying available API endpoints, often through automated tools or by analyzing documentation and appl...
- ¿Qué es Descubrimiento de inventario de activos? The process of systematically identifying, cataloging, and updating all IT and OT assets within an organization's enviro...
- ¿Qué es Descubrimiento de TI Sombra? The process of identifying unauthorized or unmanaged IT systems, applications, or services within an organization, typic...
- ¿Qué es Deserialización Insegura? A vulnerability where untrusted or tampered data is deserialized without proper validation, potentially leading to remot...
- ¿Qué es Despliegue de Parche Virtual? The process of applying security controls, such as firewall rules or IPS signatures, to mitigate vulnerabilities without...
- ¿Qué es Despliegue de parches? The distribution and installation of security updates to cryptographic or PKI-related systems to remediate vulnerabiliti...
- ¿Qué es Despliegue IPsec enrutado? An implementation of IPsec that leverages routing protocols to establish secure tunnels between network endpoints, suppo...
- ¿Qué es Detección de Amenazas en Línea? Real-time inspection of network traffic by security appliances placed directly in the data path to identify and block th...
- ¿Qué es Detección de anomalías? Anomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network tr...
- ¿Qué es Detección de Ataques de Repetición? A security mechanism to identify and block attempts where valid data transmissions are maliciously repeated or delayed, ...
- ¿Qué es Detección de canales encubiertos? The identification and monitoring of unauthorized communication channels that exploit legitimate network protocols or re...
- ¿Qué es Detección de Deriva de Configuración? The automated identification of unintended changes in system configurations from an approved baseline, used to prevent p...
- ¿Qué es Detección de explotación? The process of identifying and alerting on attempted or successful exploitation of vulnerabilities in cryptographic, PKI...
- ¿Qué es Detección de Incidentes? The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and n...
- ¿Qué es Detección de incidentes? The process of identifying and confirming security events indicating unauthorized activity or compromise of cryptographi...
- ¿Qué es Detección de manipulación de datos? Mechanisms and monitoring used to detect unauthorized or malicious modification of data in storage, transit, or processi...
- ¿Qué es Detección de relleno de credenciales? The identification and mitigation of automated attacks in which attackers use lists of compromised credentials to gain u...
- ¿Qué es Detección de rutas laterales? The process of identifying unauthorized lateral movement within a network, typically by monitoring for abnormal access o...
- ¿Qué es Detección de Secretos Estáticos? The process of identifying hardcoded or unchanging secrets such as API keys or passwords within source code or binaries.
- ¿Qué es Detección de tunelización DNS? The process of monitoring and identifying covert data exfiltration or command-and-control channels hidden within DNS que...
- ¿Qué es Detección y Respuesta en el Endpoint? A cybersecurity solution that monitors, detects, and responds to threats on endpoint devices in real time, integrating t...
- ¿Qué es Detección y Respuesta Gestionadas? A managed security service that provides continuous threat monitoring, detection, investigation, and active response to ...
- ¿Qué es Dispositivo HSM? A dedicated hardware device designed to securely generate, manage, and store cryptographic keys, and perform cryptograph...
- ¿Qué es Distribución de CRL? The mechanism and locations for making Certificate Revocation Lists (CRLs) available to PKI participants to check the re...
- ¿Qué es Divulgación de vulnerabilidades? The process by which security vulnerabilities are reported to the relevant organization, vendor, or public, typically fo...
- ¿Qué es Divulgación Involuntaria de Información? The accidental or unauthorized exposure of sensitive data due to flawed application logic, misconfigurations, or insuffi...
- ¿Qué es Documentación de Alerta? The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outc...
- ¿Qué es Documentación de Incidentes? The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cyberse...
- ¿Qué es Documentación de políticas? The comprehensive collection and maintenance of all written policies, procedures, and standards governing security, risk...
E
- ¿Qué es Ejercicio Tabletop? A discussion-based incident response simulation where team members review and role-play their actions and decisions for ...
- ¿Qué es Elusión del Límite de Frecuencia? A technique or vulnerability where attackers evade rate limiting controls to send more requests than intended, potential...
- ¿Qué es Emulación de Adversario? The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection...
- ¿Qué es Encadenamiento de exploits? The sequential use of multiple exploits to bypass security mechanisms and gain unauthorized access to cryptographic or P...
- ¿Qué es Encapsulado de Funciones Serverless? The security practice of encapsulating serverless functions within wrappers or middleware to enforce policy, perform inp...
- ¿Qué es Enriquecimiento de alertas? The process of adding contextual information to security alerts, such as asset details, user context, or threat intellig...
- ¿Qué es Entrada de PIN? The act of securely entering a personal identification number (PIN) into a trusted hardware or software interface for au...
- ¿Qué es Enumeración de ataques? The process of systematically identifying and cataloging all possible attack vectors and threat actors relevant to a cry...
- ¿Qué es Enumeración de red? The systematic identification and cataloging of networked assets, hosts, and services, including cryptographic and PKI i...
- ¿Qué es Envoltura de clave? The process of encrypting one cryptographic key with another key to securely transport or store keys, typically used for...
- ¿Qué es Escalada de Alerta? The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the curren...
- ¿Qué es Escalada de Caso? The process of transferring a security incident or case to a higher-level team or authority due to severity, complexity,...
- ¿Qué es Escalada de privilegios? An attack or exploit in which a user or application gains higher access rights or privileges than intended by system pol...
- ¿Qué es Escalada de privilegios? The process by which a threat actor gains unauthorized elevated access rights within cryptographic or PKI systems.
- ¿Qué es Escalado de incidentes? The formal process of transferring a detected security incident to higher-level personnel or specialized teams for furth...
- ¿Qué es Escaneo de cumplimiento? An automated scan of cryptographic or PKI systems to verify conformity with regulatory and industry requirements.
- ¿Qué es Escaneo de evaluación de compromiso? A security scan that evaluates systems for indicators of compromise (IoCs), persistent threats, or policy violations, as...
- ¿Qué es Escaneo de Vulnerabilidades Sin Agente? A vulnerability assessment performed without installing agents on target systems, using network, API, or credentialed sc...
- ¿Qué es Escenario de ataque? A detailed narrative describing a potential attack vector or sequence of actions that a threat actor may use to exploit ...
- ¿Qué es Esquema de Autorización Roto? A security flaw where access control logic is incomplete or inconsistent, enabling unauthorized users to gain access to ...
- ¿Qué es Esquema de firma? A cryptographic algorithm for creating and verifying digital signatures, specifying mathematical processes and key struc...
- ¿Qué es Estado de los parches? The documented and regularly updated record of the deployment, verification, and compliance of cryptographic or PKI-rela...
- ¿Qué es Estado de revocación? The current validity state of a digital certificate, indicating whether it has been revoked by the issuing certificate a...
- ¿Qué es Estado de revocación? The current validity state of a digital certificate as determined by a recognized Certificate Authority (CA), typically ...
- ¿Qué es Estado en línea? In cryptography/PKI, refers to the real-time validity of a digital certificate or credential as determined by protocols ...
- ¿Qué es Estrategia de Contención? A set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing furth...
- ¿Qué es Estrategia de Defensa en Capas? An approach that uses multiple, overlapping security controls at different layers (network, application, endpoint) to pr...
- ¿Qué es Estrategia de limitación de API? A structured approach to limit the number of API requests made by a client or IP within a specified timeframe, preventin...
- ¿Qué es Estrategia de mitigación? A structured approach involving technical, administrative, or procedural controls to reduce the likelihood or impact of ...
- ¿Qué es Estrategia de seguridad? A high-level plan that defines how an organization will protect its information assets, meet regulatory obligations, and...
- ¿Qué es Etiquetado de Recursos en la Nube? The process of assigning metadata labels to cloud resources to facilitate access management, cost allocation, compliance...
- ¿Qué es Evaluación de amenazas? A structured process for identifying, evaluating, and prioritizing potential threats to an organization's assets, operat...
- ¿Qué es Evaluación de amenazas? A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operati...
- ¿Qué es Evaluación de brechas? A structured review that compares current security controls and practices against required standards or frameworks to id...
- ¿Qué es Evaluación de compromiso? Compromise Assessment is the comprehensive evaluation of an organization’s systems, networks, and data to identify evide...
- ¿Qué es Evaluación de controles? A formal evaluation of the design and effectiveness of security controls to determine whether they are operating as inte...
- ¿Qué es Evaluación de controles? A systematic assessment of technical and procedural security controls in cryptographic and PKI environments to determine...
- ¿Qué es Evaluación de explotación? The evaluation of identified vulnerabilities in cryptographic or PKI assets to determine the likelihood and potential im...
- ¿Qué es Evaluación de impacto? A systematic analysis of the consequences that an identified risk or incident could have on business operations, assets,...
- ¿Qué es Evaluación de Postura del Dispositivo? The evaluation of a device's security state, such as patch levels, configurations, and presence of security controls, be...
- ¿Qué es Evaluación de proveedores? A structured evaluation of third-party providers’ security, compliance, and risk management practices prior to and durin...
- ¿Qué es Evaluación de referencia? A comprehensive evaluation of the security posture of PKI and cryptographic systems against established industry baselin...
- ¿Qué es Evaluación de riesgos? The process of assessing the potential impact and likelihood of identified risks to determine their significance and gui...
- ¿Qué es Evaluación de sanciones? The formal process of determining and imposing financial or legal penalties for non-compliance with regulatory or contra...
- ¿Qué es Evaluación de seguridad? A systematic evaluation of the security posture of systems, networks, and processes to identify vulnerabilities, threats...
- ¿Qué es Evaluación de vulnerabilidades? A systematic process for identifying, classifying, and evaluating vulnerabilities in information systems, cryptographic ...
- ¿Qué es Evasión de elusión de detección? Techniques used by threat actors to evade or bypass security detection mechanisms such as IDS, IPS, or endpoint protecti...
- ¿Qué es Evidencia de mitigación? Documented proof that specific technical or administrative actions have effectively addressed and reduced the risk of cr...
- ¿Qué es Evidencia de remediación? Documented proof that a PKI or cryptographic vulnerability or deficiency has been addressed and corrective actions were ...
- ¿Qué es Excepción de parche? A formally documented decision to temporarily or permanently not apply a specific patch to a PKI or cryptographic system...
- ¿Qué es Excepción de política? A formally approved, documented deviation from an established security policy, typically granted on a temporary basis wi...
- ¿Qué es Explotación de asignación masiva? A vulnerability where an attacker assigns values to object properties that should not be directly set by the user, often...
- ¿Qué es Exposición a amenazas? The degree to which a PKI or cryptographic system is vulnerable or visible to potential threat actors, based on controls...
- ¿Qué es Exposición a exploits? The state in which PKI or cryptographic systems are vulnerable to a known exploit, due to unpatched or misconfigured com...
- ¿Qué es Exposición de credenciales? The unauthorized disclosure or leak of authentication credentials or cryptographic secrets (such as private keys or cert...
- ¿Qué es Exposición de datos sensibles? A risk where confidential or regulated data is unintentionally disclosed through insecure APIs, weak encryption, or impr...
- ¿Qué es Exposición de Funciones Sensibles? A flaw where critical application functions, such as admin features or payment operations, are accessible to unauthorize...
- ¿Qué es Exposición excesiva de datos? A security weakness where APIs expose more data than necessary to clients, increasing the risk of sensitive information ...
- ¿Qué es Extracción de clave? The process of obtaining a cryptographic key from a hardware or software source, typically for backup, migration, or for...
F
- ¿Qué es Fatiga de alertas? Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitiv...
- ¿Qué es Fecha límite de remediación? The maximum time allowed to fully address a vulnerability or nonconformity in PKI or cryptographic environments, as defi...
- ¿Qué es Federación de Nube Híbrida? The operational model enabling secure interoperability and resource management across multiple private and public cloud ...
- ¿Qué es Fijación de certificado? A security technique that restricts which certificates are considered valid for a particular service or domain, by stori...
- ¿Qué es Fijación de Certificado en la Nube? A security technique that restricts applications or devices to accept only specific trusted certificates or public keys ...
- ¿Qué es Filtrado de Tráfico Saliente? The process of monitoring and controlling outgoing network traffic to block unauthorized, malicious, or policy-violating...
- ¿Qué es Filtrado de vector de acceso? A network defense technique that restricts or monitors traffic based on access vectors such as protocol, port, and direc...
- ¿Qué es Flujo de autenticación roto? A security flaw in authentication workflows allowing users to bypass, disrupt, or abuse login and identity verification ...
- ¿Qué es Flujo de Incidentes? A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection...
- ¿Qué es Flujo de remediación? Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or inci...
- ¿Qué es Flujo de Respuesta? A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection thro...
- ¿Qué es Flujo de trabajo de remediación? A formalized sequence of steps for resolving cryptographic or PKI vulnerabilities, including assignment, tracking, verif...
- ¿Qué es Frecuencia de escaneo? The rate at which cryptographic assets or PKI-enabled systems are scanned or assessed for vulnerabilities, exposures, or...
G
- ¿Qué es Gateway de Seguridad API? A dedicated service or device that provides centralized security controls for APIs, including authentication, authorizat...
- ¿Qué es Generación de nonce? The process of generating a unique, unpredictable, and usually random number (nonce) used once per cryptographic protoco...
- ¿Qué es Gestión automatizada de parches? A systematic approach that uses software tools to automatically identify, acquire, test, and deploy security patches acr...
- ¿Qué es Gestión de Casos? The process of documenting, tracking, and resolving security incidents or investigations within a structured platform, e...
- ¿Qué es Gestión de Certificados de Dispositivo? The process of issuing, deploying, renewing, and revoking digital certificates used to authenticate and secure devices w...
- ¿Qué es Gestión de claves? The set of processes and mechanisms for generating, distributing, storing, using, rotating, archiving, and destroying cr...
- ¿Qué es Gestión de claves? The set of processes and mechanisms used for the secure generation, distribution, storage, rotation, and destruction of ...
- ¿Qué es Gestión de crisis? Coordinated organizational actions and communication aimed at containing, resolving, and recovering from severe security...
- ¿Qué es Gestión de Cumplimiento? The coordinated set of processes and controls designed to ensure adherence to legal, regulatory, and internal policy req...
- ¿Qué es Gestión de Derechos de Infraestructura? A process and toolset for discovering, controlling, and auditing permissions and access rights across cloud and hybrid i...
- ¿Qué es Gestión de excepciones? A formal process for documenting, assessing, approving, and monitoring deviations from standard policies or controls, en...
- ¿Qué es Gestión de excepciones? The systematic process of identifying, logging, resolving, and reporting deviations from expected information security o...
- ¿Qué es Gestión de Identidades con Privilegios? A security discipline and toolset focused on discovering, controlling, and monitoring accounts with elevated access righ...
- ¿Qué es Gestión de incidentes? A structured process for identifying, assessing, responding to, and recovering from security incidents to minimize impac...
- ¿Qué es Gestión de Incidentes? A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including...
- ¿Qué es Gestión de Incidentes? The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, era...
- ¿Qué es Gestión de Incidentes? A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security inc...
- ¿Qué es Gestión de Inscripción de Dispositivos? The process of registering and configuring devices to ensure compliance with security policies before granting access to...
- ¿Qué es Gestión de parches? A formal process for the identification, acquisition, testing, and deployment of patches to correct vulnerabilities in c...
- ¿Qué es Gestión de roles? The process of defining, assigning, and controlling user roles and associated privileges within systems to enforce least...
- ¿Qué es Gestión de solicitudes preflight? The process of managing HTTP preflight requests (OPTIONS method) sent by browsers to check CORS permissions before the a...
- ¿Qué es Grabación de Sesiones Privilegiadas? The logging and monitoring of all actions performed during privileged sessions, such as administrative or root access, t...
- ¿Qué es Guardia a nivel de interfaz? A security control that enforces policy, filtering, or access restrictions at a specific network interface, segmenting a...
I
- ¿Qué es IAM del Proveedor de Nube? Identity and access management systems and controls provided by cloud service vendors, enabling secure authentication, a...
- ¿Qué es Identificador del emisor? A unique value or distinguished name that identifies the Certificate Authority (CA) or entity that issues a digital cert...
- ¿Qué es Impacto en el negocio? The effect or consequence an incident, risk, or change has on an organization's operations, assets, individuals, or repu...
- ¿Qué es Impacto en la Privacidad? The effect of a process, project, or system on the privacy of individuals, often measured and documented through a forma...
- ¿Qué es Implementación de Honeynet de Decepción? The setup of a network of decoy systems and services designed to lure, detect, and analyze attacker behavior.
- ¿Qué es Importación de clave? The process of securely bringing a cryptographic key into a software or hardware cryptographic module, typically in comp...
- ¿Qué es Imposición de Encabezados de Seguridad? The application of mandatory HTTP response headers (such as CSP, HSTS, X-Frame-Options) to protect web applications from...
- ¿Qué es Indicador de riesgo? A measurable signal or metric used to identify, quantify, or monitor risks affecting cryptographic or PKI assets, suppor...
- ¿Qué es Informe de cumplimiento? The process of preparing and delivering evidence-based reports to demonstrate adherence to regulatory, legal, and contra...
- ¿Qué es Informe de remediación? A formal document detailing the corrective actions taken to address identified cryptographic or PKI vulnerabilities, inc...
- ¿Qué es Informe de riesgos? The process of collecting, analyzing, and communicating information about risk exposures, controls, and mitigation activ...
- ¿Qué es Informática Forense? The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to suppor...
- ¿Qué es Infraestructura PKI? A system of hardware, software, policies, and procedures needed to create, manage, distribute, use, store, and revoke di...
- ¿Qué es Ingeniería de Detección? The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify t...
- ¿Qué es Inspección de Token OAuth? A protocol mechanism defined in RFC 7662 that allows resource servers to query an authorization server about the status ...
- ¿Qué es Inspección de Tráfico Cifrado? A process that enables the examination of encrypted network traffic to detect threats, enforce policies, and prevent dat...
- ¿Qué es Instrumentación dinámica de código? The process of inserting monitoring hooks or logic into running code to analyze application behavior, detect anomalies, ...
- ¿Qué es Integración de servicio de atestación? The process of connecting systems to trusted attestation services that validate the integrity and security posture of cl...
- ¿Qué es Inteligencia de Amenazas? Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, a...
- ¿Qué es Inteligencia de amenazas? Curated, actionable knowledge regarding cryptographic or PKI-related threats, including adversary tactics, relevant indi...
- ¿Qué es Inteligencia de Amenazas en Endpoint? The real-time collection and analysis of threat indicators and adversary tactics from endpoint devices to enhance detect...
- ¿Qué es Inteligencia de amenazas en la nube? The process of gathering, analyzing, and operationalizing information about cloud-specific threats, adversary tactics, a...
- ¿Qué es Intento de explotación? An unauthorized action or sequence initiated by a threat actor to actively test or leverage a cryptographic or PKI vulne...
- ¿Qué es Intercambio automatizado de indicadores? The automatic exchange of cyber threat indicators between organizations and trusted partners using standardized formats ...
- ¿Qué es Intermediación de Seguridad SaaS? A security model and technology platform that intermediates access between enterprise users and SaaS applications, enfor...
- ¿Qué es Intermediario de Acceso a la Nube? A security policy enforcement point between cloud service users and providers that ensures enterprise security requireme...
- ¿Qué es Inventario de activos? A comprehensive list of all information assets within an organization, including hardware, software, data, and supportin...
- ¿Qué es Inventario de activos? A comprehensive, up-to-date record of all hardware, software, certificates, cryptographic modules, and other PKI-relevan...
- ¿Qué es Inventario de activos inadecuado? A failure to maintain a complete, accurate, and up-to-date list of all hardware, software, and cloud assets, leading to ...
- ¿Qué es Inventario de ataques? A comprehensive, regularly updated list or database of all known attack techniques, tools, or vectors relevant to crypto...
- ¿Qué es Investigación de Alerta? The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response acti...
- ¿Qué es Investigación de Alerta? The structured process of examining the source, context, and impact of a security alert to determine its validity, root ...
- ¿Qué es Investigación de exploits? The investigative process of analyzing, discovering, and documenting methods by which vulnerabilities in PKI or cryptogr...
- ¿Qué es Investigación de incidentes? A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a s...
- ¿Qué es Inyección de Proceso? A technique used by attackers or legitimate tools to inject code into the address space of another process, enabling cod...
L
- ¿Qué es Limitación de tasa API? A security control mechanism that restricts the number of API requests from a user or client within a specified timefram...
- ¿Qué es Limitación de tasa inadecuada? A security weakness where APIs or web services do not sufficiently restrict the frequency or volume of requests, allowin...
- ¿Qué es Lista de control de acceso? A table or data structure used to specify permissions attached to system objects, defining which users or processes are ...
- ¿Qué es Lista de exploits? An authoritative and frequently updated catalog of all known exploits that could target cryptographic or PKI assets, inc...
- ¿Qué es Lista de revocación JWT? A security control that maintains a list of invalidated JSON Web Tokens (JWTs), preventing previously issued tokens from...
- ¿Qué es Límite de confianza de terceros? A defined security demarcation between an organization’s internal systems and those of third-party entities, used to enf...
- ¿Qué es Línea base de configuración segura? A documented set of secure settings and parameters for systems or applications, serving as a reference point for complia...
- ¿Qué es Línea base de seguridad? A documented set of minimum security controls or configurations established as a standard for systems, services, or proc...
- ¿Qué es Línea base de seguridad? A set of minimum security controls and configurations established for cryptographic or PKI systems to ensure compliance ...
- ¿Qué es Línea de ética? A confidential reporting mechanism that allows employees and third parties to report ethical or compliance concerns anon...
M
- ¿Qué es Madurez del control? A measure of how well an internal control is designed, implemented, and operating as intended to mitigate risk and meet ...
- ¿Qué es Mala configuración de seguridad? A common vulnerability where systems, servers, or applications are deployed with insecure default settings, incomplete c...
- ¿Qué es Mala configuración de seguridad? A failure to implement correct or secure settings in cryptographic, PKI, or network assets, resulting in exposure to exp...
- ¿Qué es Malla de Seguridad de Microservicios? A distributed security framework that provides consistent identity, policy enforcement, and encrypted communication acro...
- ¿Qué es Manejo de datos? The processes and procedures for collecting, processing, storing, transmitting, and disposing of data in a secure and co...
- ¿Qué es Manejo Incorrecto de Errores? Failure to securely process or sanitize application errors, leading to information disclosure or security bypass opportu...
- ¿Qué es Manipulación de Recursos API? The unauthorized modification or manipulation of API resources, typically by altering request parameters or payloads to ...
- ¿Qué es Manual de caza de amenazas? A documented, repeatable procedure outlining hypothesis-driven threat hunting steps, data sources, detection logic, and ...
- ¿Qué es Mapeo de controles? The process of linking controls to regulatory, policy, or framework requirements to demonstrate compliance and facilitat...
- ¿Qué es Mapeo de controles? The process of aligning cryptographic or PKI controls with regulatory frameworks, standards, or organizational requireme...
- ¿Qué es Mapeo de datos? The structured process of identifying, documenting, and connecting the flow of data elements across systems, application...
- ¿Qué es Mapeo de Identidad de Recursos? The process of associating digital resources (such as VMs, APIs, or storage objects) with unique, verifiable identities ...
- ¿Qué es Mapeo de Identidad Federada? A process that links a user’s identity and credentials across multiple trusted identity providers, enabling Single Sign-...
- ¿Qué es Mapeo de Identidad Federada? A process that links user identities from external or partner identity providers to local systems, enabling single sign-...
- ¿Qué es Mapeo de políticas? The process in PKI where certificate policies from one CA are mapped to equivalent policies in another, allowing interop...
- ¿Qué es Mapeo de procesos? A systematic technique for visually documenting and analyzing business or IT processes, their sequence, stakeholders, in...
- ¿Qué es Mapeo de procesos? A structured method of visually documenting and analyzing processes, including their steps, controls, and responsible pa...
- ¿Qué es Marcado de Aserción de Seguridad? An XML-based framework (SAML) for exchanging authentication and authorization data between security domains, commonly us...
- ¿Qué es Marcado temporal de paquetes? The process of attaching accurate time information to network packets for logging, monitoring, forensic analysis, and la...
- ¿Qué es Marco de confianza? A formal structure of policies, roles, rules, and standards that define how trust is established, maintained, and evalua...
- ¿Qué es Marco de control? A structured set of governance, risk, and compliance (GRC) policies, processes, and controls aligned to industry standar...
- ¿Qué es Marco de cumplimiento? An integrated system of standards, guidelines, and procedures designed to help an organization meet all relevant legal, ...
- ¿Qué es Marco de políticas? A structured set of overarching policies, standards, and guidelines that governs how information security, compliance, a...
- ¿Qué es Marco de responsabilidad? A structured set of responsibilities, roles, and processes that ensure individuals and teams are answerable for security...
- ¿Qué es Marco de secreto directo? A cryptographic protocol property ensuring that compromise of long-term keys does not compromise past session keys, as r...
- ¿Qué es Matriz de Riesgo? A graphical tool that maps risk likelihood and impact to prioritize mitigation and support risk management decisions.
- ¿Qué es Mecanismo de Cierre de Sesión Incorrecto? A logout process that fails to fully invalidate all session tokens and authentication artifacts, allowing potential sess...
- ¿Qué es Minimización de datos? The principle and practice of limiting personal or sensitive data collection, processing, and retention to only what is ...
- ¿Qué es Mitigación automatizada de amenazas? The use of automated controls, tools, and workflows to detect, respond to, and neutralize cyber threats in real time, mi...
- ¿Qué es Mitigación de Amenazas Persistentes? A set of proactive and reactive controls aimed at detecting, containing, and eradicating advanced persistent threats (AP...
- ¿Qué es Mitigación de ataques de repetición? Security controls implemented to detect and prevent replay attacks, where previously valid data transmissions are malici...
- ¿Qué es Mitigación de Escape de Hypervisor? A set of security controls and techniques that prevent or detect attempts by virtual machines to break out of hypervisor...
- ¿Qué es Mitigación de exploits? Technical and procedural controls implemented to reduce or eliminate the risk of exploitation of vulnerabilities in cryp...
- ¿Qué es Mitigación de Incidentes? Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradi...
- ¿Qué es Mitigación de redirecciones abiertas? Security controls that detect and prevent web applications from redirecting users to untrusted external URLs, reducing t...
- ¿Qué es Modelado adaptativo de paquetes? A dynamic network management technique that adjusts packet flows based on real-time bandwidth, latency, or application p...
- ¿Qué es Modelado de amenazas? A structured methodology to identify, analyze, and address potential threats and vulnerabilities in information systems ...
- ¿Qué es Modelado de Amenazas? A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organizat...
- ¿Qué es Modelado de amenazas? A structured process to identify, categorize, and prioritize potential threats to cryptographic systems or PKI deploymen...
- ¿Qué es Modelado de ruta de ataque? The systematic mapping and simulation of possible routes an adversary might take to compromise assets, used to assess ri...
- ¿Qué es Modelo de gobernanza? A documented structure that defines roles, responsibilities, decision-making processes, and authority for managing infor...
- ¿Qué es Monitoreo de abuso de API? Continuous observation and analysis of API traffic to detect misuse patterns, abuse, or automated attacks, such as scrap...
- ¿Qué es Monitoreo de Acceso a Credenciales? The process of continuously tracking, analyzing, and alerting on access to credentials (passwords, tokens, secrets) in o...
- ¿Qué es Monitoreo de Integridad de Host? Continuous assessment of a host system’s files, processes, and configurations to detect unauthorized changes, tampering,...
- ¿Qué es Monitoreo Este-Oeste? Continuous inspection and analysis of lateral (intra-network) data flows within an organization's internal environment t...
- ¿Qué es Monitorización de seguridad? Continuous observation, collection, and analysis of security events and data across information systems to detect threat...
- ¿Qué es Motor de amenazas? An automated software module that aggregates, analyzes, and correlates threat intelligence related to cryptographic or P...
- ¿Qué es Motor de clasificación de tráfico? A system or module that automatically identifies, categorizes, and labels network traffic based on protocols, applicatio...
- ¿Qué es Motor de escaneo? A dedicated software module or appliance that performs automated vulnerability, compliance, or configuration scans on cr...
- ¿Qué es Métrica de exposición? A quantitative value representing the degree of risk, visibility, or attack surface present in PKI or cryptographic asse...
- ¿Qué es Módulo de Plataforma de Confianza? A hardware security chip designed to securely store cryptographic keys, certificates, and perform integrity checks to en...
N
- ¿Qué es Nivel de función roto? An API vulnerability where improper function-level authorization allows attackers to access or execute functions beyond ...
- ¿Qué es Nivel de objeto roto? A critical API vulnerability where improper access controls allow attackers to manipulate or access objects belonging to...
- ¿Qué es Nombre del sujeto? The distinguished name (DN) in a digital certificate that uniquely identifies the certificate holder or entity, as speci...
- ¿Qué es Notificación de Amenaza? Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by...
- ¿Qué es Notificación de incidente? The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incide...
- ¿Qué es Notificación de Incidentes? The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, re...
- ¿Qué es Notificación de Incumplimiento? The formal process of informing affected parties, regulators, and other stakeholders about a confirmed data breach, in a...
- ¿Qué es Notificación de riesgo? A formal alert generated to inform stakeholders of emerging or realized PKI or cryptographic risks, often automated with...
- ¿Qué es Notificación de Seguridad? The formal process of communicating significant security events or incident statuses to designated stakeholders or regul...
- ¿Qué es Nube Privada Virtual? A logically isolated section of a public cloud where organizations can launch resources in a virtual network that they d...
O
- ¿Qué es Objetivo de control? A specific statement of the desired result or purpose that a control is intended to achieve, forming the basis for asses...
- ¿Qué es Objeto directo inseguro? A vulnerability where applications expose internal object references, such as file or database keys, directly to users w...
- ¿Qué es Obsolescencia de versión de API? The process and risk associated with retiring or deprecating old API versions, often resulting in unsupported endpoints ...
- ¿Qué es OCSP stapling? A TLS extension that allows servers to send a time-stamped OCSP response for their certificate during handshake, improvi...
- ¿Qué es Operaciones de Ciberengaño? Deliberate use of decoys, traps, and misinformation within an organization's environment to detect, divert, and analyze ...
- ¿Qué es Operaciones de Seguridad? All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond ...
- ¿Qué es Origen de ruta BGP? The original source Autonomous System (AS) that advertises a specific IP prefix into the global BGP routing table, valid...
- ¿Qué es Orquestación de respuesta adaptativa? The automated coordination and execution of security responses that dynamically adjust based on incident severity and co...
- ¿Qué es Orquestación de Seguridad? The automated coordination and integration of security tools, processes, and workflows to accelerate response and improv...
- ¿Qué es Oráculo aleatorio? A theoretical black box model that responds to every unique query with a truly random response, used as an idealized com...
P
- ¿Qué es Panel de cumplimiento? A real-time visualization tool that aggregates and displays the status of cryptography and PKI controls, risks, incident...
- ¿Qué es Panel de riesgos? A real-time interface that aggregates, visualizes, and monitors PKI or cryptographic risks, vulnerabilities, and remedia...
- ¿Qué es Panorama de amenazas? The evolving set of potential threats, adversary capabilities, and attack vectors relevant to cryptographic and PKI ecos...
- ¿Qué es Par de claves? A set of two mathematically linked cryptographic keys, typically consisting of a public key for encryption/verification ...
- ¿Qué es Pasarela de Cifrado en la Nube? A security appliance or service that encrypts sensitive data before it is transferred to cloud services, ensuring confid...
- ¿Qué es Pasarela de frontera segura? A security-hardened network device or configuration that manages and filters traffic entering or leaving the network per...
- ¿Qué es Pasarela de Servicio Honeypot? A dedicated network gateway or proxy that directs traffic to and from honeypot resources, isolating deceptive assets fro...
- ¿Qué es Perfilado de tráfico anómalo? The identification and categorization of network traffic patterns that deviate from established baselines to detect pote...
- ¿Qué es Perímetro Definido por Software? A cybersecurity framework that dynamically creates one-to-one network connections between users and resources using iden...
- ¿Qué es Período de validez? The designated timeframe during which a cryptographic certificate or key is considered valid and trusted for use, after ...
- ¿Qué es Pivotaje de Inteligencia de Amenazas? The analytic process of using one indicator (such as an IP, domain, or hash) as a starting point to discover related thr...
- ¿Qué es Plan de Mitigación? A documented strategy detailing specific actions and controls to reduce the likelihood or impact of identified risks.
- ¿Qué es Plan de monitoreo? A documented approach outlining processes, tools, and responsibilities for continuously observing and assessing security...
- ¿Qué es Plan de remediación? A formal strategy that outlines actions, responsibilities, and timelines to correct identified security or compliance de...
- ¿Qué es Plan de Remediación? A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected sy...
- ¿Qué es Plan de remediación? A documented set of actions, responsibilities, and timelines designed to resolve identified cryptographic or PKI vulnera...
- ¿Qué es Plan de Respuesta? A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity ...
- ¿Qué es Planificación de resiliencia? The strategic process of designing and implementing measures to ensure an organization can adapt, recover, and continue ...
- ¿Qué es Plantilla de certificado? A predefined configuration for certificate attributes and extensions, used by CAs to automate and standardize certificat...
- ¿Qué es Plataforma confiable? A computing environment equipped with hardware and software components (e.g., TPM, secure boot) designed to ensure integ...
- ¿Qué es Plataforma de Protección de Cargas de Trabajo? A cloud-native security solution that provides visibility and real-time protection for workloads—such as virtual machine...
- ¿Qué es Playbook de Seguridad? A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or ...
- ¿Qué es Política de Acceso Condicional? A security rule that grants or blocks access to resources based on specific conditions such as user location, device pos...
- ¿Qué es Política de Aislamiento de Cargas de Trabajo? A security policy that enforces strict logical and sometimes physical separation of workloads to prevent unauthorized ac...
- ¿Qué es Política de certificado? A set of rules and practices that indicates the applicability of a certificate to a particular community or class of app...
- ¿Qué es Política de Compartición de Recursos? A set of security rules and access controls governing how digital resources such as data, storage, and APIs are shared a...
- ¿Qué es Política de Cuarentena de Endpoints? A defined set of rules for isolating endpoints that exhibit suspicious or non-compliant behavior to prevent them from ac...
- ¿Qué es Política de Cuarentena de Endpoints? A formalized set of procedures and controls for isolating endpoints exhibiting signs of compromise or non-compliance fro...
- ¿Qué es Política de emisión? A formal document or set of rules that defines the procedures and requirements for issuing digital certificates within a...
- ¿Qué es Política de Firewall de Host? A defined set of rules and configurations that control inbound and outbound network traffic at the individual host or VM...
- ¿Qué es Política de firma? A set of technical and procedural requirements governing the creation, validation, and management of digital signatures ...
- ¿Qué es Política de gestión de credenciales? A formal set of rules and procedures for creating, storing, rotating, and revoking authentication credentials to ensure ...
- ¿Qué es Política de Listas Blancas de Aplicaciones? A security control that restricts the execution of software to only pre-approved applications, preventing unauthorized o...
- ¿Qué es Política de Microsegmentación? A granular security approach that divides networks into isolated segments at the workload or application level, enforcin...
- ¿Qué es Política de Microsegmentación? A set of rules that define fine-grained network zones and enforce isolation between workloads to limit lateral movement.
- ¿Qué es Política de retención? A documented set of rules defining how long information or records must be retained to comply with regulatory, legal, or...
- ¿Qué es Política de Seguridad Sin Servidor? A set of security controls and guidelines specifically designed to protect serverless computing architectures by restric...
- ¿Qué es Port Knocking Dinámico? A security technique requiring a dynamic, pre-defined sequence of connection attempts to specific ports before granting ...
- ¿Qué es Postura de seguridad? The overall status of an organization’s cybersecurity policies, controls, capabilities, and readiness to detect, prevent...
- ¿Qué es Postura de Seguridad en la Nube? The overall security status and configuration of cloud services, assets, and workloads in accordance with organizational...
- ¿Qué es Preparación ante Incidentes? The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recove...
- ¿Qué es Preparación de Respuesta? The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity in...
- ¿Qué es Preservación de Evidencias? The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for i...
- ¿Qué es Prevención de dispersión de secretos? The implementation of processes and tools to prevent sensitive secrets—such as API keys, credentials, and certificates—f...
- ¿Qué es Prevención de Escape de Contenedores? Security controls and mechanisms implemented to prevent processes within a container from breaching isolation boundaries...
- ¿Qué es Prevención de exploits? A set of technical and procedural controls to proactively prevent exploitation of vulnerabilities in cryptographic and P...
- ¿Qué es Prevención de filtración de tokens? Measures and controls implemented to prevent authentication or authorization tokens from being inadvertently exposed, in...
- ¿Qué es Prevención de Intrusiones en el Host? A security solution deployed on host systems to proactively detect, block, and log malicious activity, such as exploits ...
- ¿Qué es Prevención de Movimiento Lateral? Techniques and controls designed to detect and stop an adversary’s efforts to move laterally within a network after init...
- ¿Qué es Prevención de Pérdida de Datos? A suite of technologies and policies designed to detect, monitor, and prevent the unauthorized transmission or disclosur...
- ¿Qué es Prevención de Repetición de Tokens? Security controls and techniques that ensure tokens, such as authentication or session tokens, cannot be reused by attac...
- ¿Qué es Priorización de alertas? The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable e...
- ¿Qué es Priorización de Incidentes? The classification and ranking of security incidents based on risk, severity, and potential business impact to determine...
- ¿Qué es Priorización de riesgos? The process of ranking identified risks based on their likelihood, potential impact, and organizational risk appetite to...
- ¿Qué es Priorización de riesgos? The structured process of ranking risks to cryptographic and PKI systems based on likelihood, impact, and exposure, to g...
- ¿Qué es Priorización de vulnerabilidades? The process of ranking discovered cryptographic and PKI vulnerabilities according to risk, exploitability, business impa...
- ¿Qué es Procesador criptográfico? A hardware device or chip specifically designed to perform cryptographic operations such as encryption, decryption, sign...
- ¿Qué es Proceso de control? A series of coordinated actions and procedures implemented to manage and mitigate risk by enforcing policies and securit...
- ¿Qué es Proceso de Investigación? A structured series of analytical steps undertaken by security teams to determine the scope, cause, and impact of a cybe...
- ¿Qué es Proceso de Validación HMAC? A procedure using Hash-based Message Authentication Code (HMAC) to verify data integrity and authenticity during transmi...
- ¿Qué es Propiedad de los datos? The formal assignment of authority and accountability for data assets to specific individuals or roles within an organiz...
- ¿Qué es Propiedad del riesgo? The assignment of accountability and authority for managing identified risks to a specific individual or organizational ...
- ¿Qué es Protección Antimanipulación en Endpoint? A security feature that prevents unauthorized users or malware from disabling, modifying, or bypassing endpoint security...
- ¿Qué es Protección Contra Amenazas API? A set of security mechanisms designed to detect, block, and mitigate malicious activity targeting application programmin...
- ¿Qué es Protección contra la repetición de texto cifrado? A security mechanism that detects and blocks the reuse of captured ciphertext to prevent replay attacks in encrypted com...
- ¿Qué es Protección contra repetición de sesión? Controls and mechanisms designed to prevent attackers from capturing and reusing legitimate session tokens or data packe...
- ¿Qué es Protocolo de Atestación Remota? A cryptographic protocol that enables a verifier to remotely validate the integrity and trustworthiness of a device or s...
- ¿Qué es Protocolo de Federación de Identidad? A standardized mechanism allowing multiple organizations or domains to securely share and validate user identities using...
- ¿Qué es Proveedor de seguridad gestionada? An external organization that delivers outsourced security monitoring, management, and incident response services for cl...
- ¿Qué es Provisionamiento de usuarios? The process of creating, managing, and assigning user accounts and privileges within an organization's IT systems in acc...
- ¿Qué es Proxy consciente de identidad? A security proxy that enforces access controls and authentication based on user or device identity before allowing acces...
- ¿Qué es Proxy de terminación TLS? A network device or service that decrypts incoming TLS traffic at the network edge, forwarding unencrypted traffic inter...
- ¿Qué es Prueba de credenciales? The process of validating the strength, configuration, and authenticity of credentials used within cryptographic or PKI ...
- ¿Qué es Prueba de penetración? An authorized and controlled simulated attack on cryptographic and PKI systems, conducted to identify exploitable vulner...
- ¿Qué es Prueba de seguridad? The process of evaluating cryptographic, PKI, and supporting systems for compliance with security requirements, through ...
- ¿Qué es Puerta de Acceso Remoto? A secured network device or service that brokers and controls remote user access to internal organizational resources, e...
- ¿Qué es Puerta de Enlace de Correo Electrónico Seguro? A dedicated security appliance or cloud service that monitors, filters, and blocks malicious email content (spam, phishi...
- ¿Qué es Punto de decisión de política? A logical component in access control architectures (e.g., ABAC, RBAC) that evaluates access requests against policy rul...
- ¿Qué es Puntuación de Confianza del Dispositivo? A security metric that evaluates the trustworthiness of a device based on hardware, software, configuration, compliance ...
- ¿Qué es Puntuación de riesgo? The quantitative or qualitative assignment of a value to a risk, based on the likelihood and impact of vulnerabilities w...
- ¿Qué es Puntuación de Riesgo Dinámica? A continuous process that calculates the real-time security risk posed by users, devices, or applications based on behav...
- ¿Qué es Pérdida de Datos? The unintended or unauthorized destruction, corruption, or loss of data, potentially resulting in business disruption or...
R
- ¿Qué es Rastro de auditoría? A chronological record of system activities and user actions, providing documented evidence to support accountability, t...
- ¿Qué es Rastro de auditoría insuficiente? A deficiency in logging or tracking system activities that undermines the ability to reconstruct security events, invest...
- ¿Qué es Raíz de confianza de hardware? A cryptographic foundation embedded in hardware (e.g., TPM, HSM, or secure enclave) that provides immutable security anc...
- ¿Qué es Reanudación de sesión? A TLS or secure channel mechanism that enables clients and servers to reuse a previously negotiated session state for fa...
- ¿Qué es Recertificación de acceso? A formal process to periodically review and validate user access rights to systems and data to ensure only authorized pe...
- ¿Qué es Recopilación de pruebas? The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, fol...
- ¿Qué es Recopilación forense de endpoint? The process of acquiring and preserving digital evidence from cloud or on-premises endpoints in a manner consistent with...
- ¿Qué es Recuperación de clave? A controlled process for restoring lost or inaccessible cryptographic keys, typically from a secure backup or escrow, fo...
- ¿Qué es Recuperación de incidentes? The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security...
- ¿Qué es Red de Engaño Distribuida? A security architecture that uses distributed decoys, honeypots, and lures throughout the network or cloud to detect, de...
- ¿Qué es Red de Superposición Segura? A logically separated, secured network built on top of an existing network to provide enhanced security controls and iso...
- ¿Qué es Redes Seguras de Contenedores? The practice of applying security controls, segmentation, and encrypted communication to the networking layer between co...
- ¿Qué es Reducción de riesgos? The application of technical, administrative, or physical controls in cryptographic and PKI environments to lower the li...
- ¿Qué es Reducción del radio de impacto? Limiting the potential impact of a security breach by isolating assets and implementing controls that constrain the effe...
- ¿Qué es Reensamblaje de fragmentos IP? The process of reconstructing fragmented IP packets into their original form for delivery, inspection, or security analy...
- ¿Qué es Reenvío Seguro de Paquetes? The practice of transmitting data packets across networks in a manner that maintains confidentiality, integrity, and aut...
- ¿Qué es Reflejo de Tráfico en la Nube? A cloud-native capability that duplicates network traffic to analysis tools for monitoring, threat detection, and compli...
- ¿Qué es Registro de Actividad en la Nube? The process of capturing, storing, and analyzing logs of user actions, system events, and resource access within cloud e...
- ¿Qué es Registro de auditoría? The process of recording security-related events, operations, or accesses within a cryptographic or PKI environment to p...
- ¿Qué es Registro de auditoría? The systematic recording of events and user actions in information systems to enable traceability, accountability, and f...
- ¿Qué es Registro de eventos de seguridad? The systematic recording of security-related activities, alerts, and incidents within systems or networks to support det...
- ¿Qué es Registro de Incidentes? The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate ...
- ¿Qué es Registro de riesgos? A central repository listing identified organizational risks, their likelihood, impact, mitigation actions, and responsi...
- ¿Qué es Relleno de firma? A method of formatting a message or hash before digital signature creation, used to prevent certain attacks and ensure c...
- ¿Qué es Remediación Basada en Políticas? Automated or manual corrective actions triggered by predefined policies to mitigate detected security incidents or confi...
- ¿Qué es Renovación de certificado? The process of issuing a new certificate for an entity before the expiration of the current certificate, maintaining con...
- ¿Qué es Repetición de ataque? The process of re-enacting a recorded or theoretical attack vector against PKI or cryptographic systems to test detectio...
- ¿Qué es Repetición de ataque? A controlled reproduction of a previously observed or simulated attack scenario targeting cryptographic or PKI assets, u...
- ¿Qué es Reporte de Incidente? The formal process of documenting and communicating information about detected security incidents to relevant stakeholde...
- ¿Qué es Reporte de Incidentes? The formal communication process for notifying internal or external authorities about detected security incidents, as re...
- ¿Qué es Resistencia cuántica? The property of cryptographic algorithms to withstand attacks by quantum computers, typically achieved by using post-qua...
- ¿Qué es Respondedor en línea? A network service that provides real-time certificate status information, typically using the Online Certificate Status ...
- ¿Qué es Respuesta a incidentes? The structured approach to managing and addressing cybersecurity incidents, with processes for detection, containment, e...
- ¿Qué es Respuesta a Incidentes? A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of lim...
- ¿Qué es Respuesta a Incidentes en la Nube? A structured approach to managing and mitigating security incidents in cloud environments, including preparation, detect...
- ¿Qué es Respuesta a Phishing? Coordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential res...
- ¿Qué es Respuesta de Seguridad? Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accord...
- ¿Qué es Restricción de API Privilegiada? Controls that limit access to sensitive API endpoints or functions to only those users or services with explicit privile...
- ¿Qué es Restricción de Audiencia JWT? A security control ensuring a JWT token is only accepted by the intended recipients (audiences), preventing token reuse ...
- ¿Qué es Resultado de escaneo? The output or findings generated by automated or manual scans of PKI or cryptographic systems for vulnerabilities, compl...
- ¿Qué es Resumen de mensaje? A fixed-length, unique output value generated by applying a cryptographic hash function to a message, used for verifying...
- ¿Qué es Retención de datos? The set of policies and procedures governing how long organizational data must be kept, archived, or deleted in complian...
- ¿Qué es Retención de Registros? The process and policy of securely retaining security event and audit logs for a defined period to ensure availability f...
- ¿Qué es Retención legal? A directive to preserve all forms of relevant information when litigation or investigation is reasonably anticipated.
- ¿Qué es Retroalimentación de cifrado? A block cipher mode of operation (CFB) that turns a block cipher into a self-synchronizing stream cipher, providing conf...
- ¿Qué es Reversión de parche? The process of reverting cryptographic or PKI system components to a previous version when a deployed patch introduces i...
- ¿Qué es Revisión de Controles? An assessment of security controls to determine their effectiveness, adequacy, and proper implementation within the orga...
- ¿Qué es Revisión de Incidentes? A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to ide...
- ¿Qué es Revisión de la gestión? A formal evaluation conducted by senior management to assess the adequacy and effectiveness of security, compliance, and...
- ¿Qué es Revisión de Política? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- ¿Qué es Revisión de Política? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- ¿Qué es Revisión regulatoria? A systematic evaluation of processes, policies, and controls to ensure alignment with applicable regulatory requirements...
- ¿Qué es Riesgo de terceros? The exposure to potential harm or loss resulting from external vendors, suppliers, contractors, or service providers who...
- ¿Qué es Riesgo regulatorio? The potential for losses or legal penalties resulting from non-compliance with laws, regulations, or mandatory standards...
- ¿Qué es Rotación Automática de Claves? A security control that automatically replaces cryptographic keys at predefined intervals to minimize the risk of key co...
- ¿Qué es Rotación de certificado? The managed transition from an expiring or old certificate to a new certificate in a way that minimizes service interrup...
- ¿Qué es Rotación de clave? The scheduled process of replacing cryptographic keys with new keys to limit the period a compromised key can be misused...
- ¿Qué es Rotación de claves? The scheduled or event-driven replacement of cryptographic keys in a system to reduce exposure from key compromise and e...
- ¿Qué es Rotación de claves API? The operational practice of periodically replacing and invalidating existing API keys to minimize the risk of key compro...
- ¿Qué es Ruta de certificados? An ordered sequence of certificates from the end-entity certificate to a trusted root certificate, used to establish tru...
S
- ¿Qué es Secreto directo? A cryptographic property ensuring that the compromise of long-term keys does not compromise past session keys, providing...
- ¿Qué es Segmentación basada en roles? A network security practice dividing network resources or data access based on user or device roles, enforcing least pri...
- ¿Qué es Segmentación de red? The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, perform...
- ¿Qué es Segmentación de red en la nube? The practice of dividing cloud-based network environments into distinct, isolated segments to enforce security boundarie...
- ¿Qué es Segmentación de Red en la Nube? The process of dividing a cloud network into isolated segments or zones to control traffic flow and limit lateral moveme...
- ¿Qué es Segmentación de Red Virtual? The division of a physical network into multiple logical networks using virtualization techniques to isolate traffic and...
- ¿Qué es Segregación del plano de datos? The separation of the data forwarding path from management and control planes within network infrastructure to improve s...
- ¿Qué es Seguimiento de Incidentes? The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure ac...
- ¿Qué es Seguimiento de la remediación? The process of monitoring and documenting the status and effectiveness of actions taken to correct identified vulnerabil...
- ¿Qué es Seguimiento de remediación? The ongoing process of monitoring and managing corrective actions taken to resolve identified security or compliance iss...
- ¿Qué es Seguridad de Contenedores de Aplicaciones? Practices and controls for securing containerized applications and environments, including image scanning, runtime prote...
- ¿Qué es Seguridad de Escritorio Virtual? Practices, controls, and technologies used to secure virtual desktop infrastructure (VDI) and virtual desktops in cloud ...
- ¿Qué es Seguridad de intercambio de Internet? The collective security controls, policies, and operational measures implemented at an Internet Exchange Point (IXP) to ...
- ¿Qué es Seguridad de la capa de transporte? A cryptographic protocol designed to provide secure communication over a computer network, protecting data in transit vi...
- ¿Qué es Seguridad de Service Mesh? A set of controls, policies, and tools for ensuring secure communication, authentication, and authorization between micr...
- ¿Qué es Sellado de tiempo? The process of recording the exact date and time that a digital document or transaction was created or signed, often wit...
- ¿Qué es Sensor recolector de flujos? A network device or software agent that passively gathers, aggregates, and forwards network flow records (such as NetFlo...
- ¿Qué es Separación de funciones? A risk management control principle that divides critical tasks and privileges among multiple individuals to reduce oppo...
- ¿Qué es Servicio de Aislamiento de Navegador? A security mechanism that isolates end-users’ web browsing activity from the endpoint or corporate network by running br...
- ¿Qué es Servicio de Aislamiento del Navegador? A security control that runs browser sessions in isolated, remote containers or sandboxes to protect endpoints from web-...
- ¿Qué es Servicio de Gestión de Claves? A centralized service or system that creates, stores, rotates, and manages cryptographic keys used for securing data at ...
- ¿Qué es Servicio de inscripción? A trusted PKI component that manages requests for digital certificates, validates identity, and issues or renews certifi...
- ¿Qué es Servicio de tokenización? A security process or managed solution that replaces sensitive data elements with non-sensitive equivalents (tokens), of...
- ¿Qué es Servidor de Políticas NAC? A core component of network access control (NAC) systems, responsible for evaluating endpoint posture, enforcing securit...
- ¿Qué es SIEM Nativo en la Nube? A Security Information and Event Management platform built specifically for cloud architectures, offering elastic scalab...
- ¿Qué es Simulación de adversario? Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, t...
- ¿Qué es Simulación de amenazas? The practice of emulating real-world attacks on cryptographic or PKI infrastructure to test defenses, validate response ...
- ¿Qué es Simulación de Ataque? A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defense...
- ¿Qué es Simulación de ataque? The process of emulating real-world cyberattacks against cryptographic infrastructure or PKI environments to evaluate de...
- ¿Qué es Simulación de explotación? A controlled emulation of exploit attempts against cryptographic or PKI vulnerabilities to assess system resilience and ...
- ¿Qué es Soberanía de los datos? The concept that digital data is subject to the laws and governance structures within the nation where it is collected o...
- ¿Qué es Sobre digital? A mechanism in cryptography where a message is encrypted with a symmetric key and the symmetric key is then encrypted wi...
- ¿Qué es Solicitud de token? A formal operation in which a client requests an authentication or authorization token from an identity provider or secu...
- ¿Qué es Suite de cifrado? A named set of cryptographic algorithms used to negotiate security settings in network protocols like TLS, including key...
- ¿Qué es Suma de verificación de clave? A value derived from a cryptographic key using a checksum or hash algorithm, used to verify the integrity or correctness...
- ¿Qué es Superficie de ataque? The sum of all points in a cryptographic or PKI environment where an unauthorized user could attempt to enter data, extr...
- ¿Qué es Supervisión Continua? Ongoing real-time observation and analysis of security controls and risks to ensure timely detection of threats and comp...
- ¿Qué es Supervisión Continua de Cumplimiento? The ongoing process of automatically assessing systems, configurations, and user activities to ensure adherence to regul...
- ¿Qué es Supervisión de seguridad? The ongoing supervision and review of security policies, controls, and processes to ensure effective risk management and...
- ¿Qué es Supervisión del cumplimiento? Ongoing supervision and review of an organization's compliance with laws, regulations, policies, and contractual obligat...
- ¿Qué es Supresión de Alertas? The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus ...
T
- ¿Qué es Tap de tejido de visibilidad? A hardware or virtual device that creates a copy of network traffic for out-of-band monitoring, analytics, and security ...
- ¿Qué es Telemetría de seguridad? Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as l...
- ¿Qué es Ticket de sesión? A data structure issued by a server to a client in TLS to enable stateless session resumption by encapsulating keying ma...
- ¿Qué es Titular de los Datos? An individual whose personal data is collected, held or processed by a data controller or processor as defined by privac...
- ¿Qué es Token de hardware? A physical device, such as a USB or smart card, used to store cryptographic keys and perform authentication or signing o...
- ¿Qué es Tolerancia al Riesgo? The amount and type of risk an organization is willing to accept in pursuit of its objectives, as defined in risk manage...
- ¿Qué es Transporte Estricto MTA? An email security policy (MTA-STS) that enforces strict encrypted transport (typically via TLS) between Mail Transfer Ag...
- ¿Qué es Triaje de Alertas? The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and...
- ¿Qué es Triaje de Eventos? The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, sever...
- ¿Qué es Tránsito Segmentado de Microservicios? A network architecture approach in which communications between microservices are isolated into distinct, secured segmen...
- ¿Qué es Túnel dividido VPN? A VPN configuration that allows some traffic to be routed through the secure VPN tunnel while other traffic accesses the...
- ¿Qué es Túnel privado virtual? A secure, encrypted connection established over a public or untrusted network, forming a logical link that protects data...
V
- ¿Qué es Validación de Alertas? The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with ad...
- ¿Qué es Validación de cadena? The process of verifying each certificate in a chain from the end entity up to the root CA, ensuring all links are trust...
- ¿Qué es Validación de cadena DNSSEC? The process of verifying each link in the DNSSEC signature chain from root to record to ensure domain name authenticity ...
- ¿Qué es Validación de certificado de cliente? A process that verifies the authenticity and trustworthiness of client certificates during mutual TLS connections, enabl...
- ¿Qué es Validación de contrato de API? The process of verifying that an API’s requests and responses strictly conform to the documented interface specification...
- ¿Qué es Validación de cumplimiento? The formal process of testing and confirming that systems, processes, and controls meet regulatory, contractual, and pol...
- ¿Qué es Validación de cumplimiento? The systematic confirmation that cryptographic, PKI, and supporting systems conform to relevant standards, policies, and...
- ¿Qué es Validación de dirección de origen? The process of verifying that the source IP address of a packet is legitimate and not spoofed, typically enforced at net...
- ¿Qué es Validación de expiración de token? The process of checking the expiration date and time of authentication or authorization tokens to ensure that expired to...
- ¿Qué es Validación de exploit? The process of confirming, through controlled testing, that a discovered vulnerability in a cryptographic or PKI system ...
- ¿Qué es Validación de la integridad de rutas? A set of mechanisms that verify the authenticity and correctness of network routing information to prevent route hijacki...
- ¿Qué es Validación de lógica de negocio? The process of systematically verifying application workflows and rules to ensure that implemented business logic enforc...
- ¿Qué es Validación de módulo criptográfico? The formal process of testing and certifying that a cryptographic module meets defined security standards such as FIPS 1...
- ¿Qué es Validación de nonce de repetición? A security mechanism that ensures a unique nonce value is included and validated in each request or transaction, protect...
- ¿Qué es Validación de parches? The process of confirming through controlled testing that a security patch applied to cryptographic modules or PKI compo...
- ¿Qué es Valor de salt? A random value added to data, typically passwords, before hashing to ensure that identical inputs produce different hash...
- ¿Qué es Valor nonce? A randomly or pseudo-randomly generated number used only once in a cryptographic communication to prevent replay attacks...
- ¿Qué es Vector de ataque? A specific method or pathway by which a threat actor attempts to exploit vulnerabilities in cryptographic or PKI infrast...
- ¿Qué es Ventana de explotación? The period between public disclosure of a cryptographic or PKI vulnerability and the application of effective remediatio...
- ¿Qué es Ventana de exposición? The time period during which cryptographic or PKI assets remain susceptible to exploitation due to the existence of unpa...
- ¿Qué es Verificación de arranque seguro? A cryptographic process that ensures only trusted, signed firmware and software are loaded during system startup, preven...
- ¿Qué es Verificación de Entropía Insuficiente? Failure to verify that cryptographic functions use sources of randomness with adequate entropy, increasing the risk of p...
- ¿Qué es Verificación de firma JWT? The process of validating the cryptographic signature of a JSON Web Token (JWT) to ensure its integrity and authenticity...
- ¿Qué es Verificación de parches? The process of confirming that applied patches to cryptographic, PKI, or related systems have been correctly installed, ...
- ¿Qué es Verificación de remediación? The process of confirming that actions taken to correct cryptographic or PKI vulnerabilities are effective and that affe...
- ¿Qué es Vida útil de la clave? The maximum period that a cryptographic key is allowed to be active and used for cryptographic operations before mandato...
- ¿Qué es Vinculación de token? A security mechanism where cryptographic tokens are cryptographically bound to a TLS connection, ensuring that tokens ca...
- ¿Qué es Vinculación de token de sesión? A security mechanism that cryptographically ties a session token to a specific user device or connection context, preven...
- ¿Qué es Violación de la Política de Seguridad? Any action or event that contravenes an established information security policy or standard, triggering investigation or...
- ¿Qué es Violación de Política? An act or omission that breaches or contradicts an established organizational policy, potentially leading to disciplinar...
- ¿Qué es Vulnerabilidad de activos? A weakness in a cryptographic, PKI, or related system asset that could be exploited by a threat actor to compromise conf...
- ¿Qué es Vía de ataque? A sequence or route by which a threat actor progresses through vulnerabilities, misconfigurations, or controls in crypto...
Z
- ¿Qué es Zero-Day? A vulnerability in PKI or cryptographic systems that is unknown to the vendor and for which no official patch or mitigat...
- ¿Qué es Zona de interfaz no confiable? A designated network segment where interfaces connect to untrusted networks or devices, typically requiring strict secur...
Learn All Cybersecurity English Terms Free
Master every term with native pronunciation, IPA transcriptions and career quizzes. 100% free, forever.
Download Free for iOS