Cybersecurity English
Cybersecurity English Glossary
677 professional cybersecurity english terms with definitions, pronunciation and examples. Learn what each term means — free with Termify.
A
- APIエンドポイントの発見とは? The process of identifying available API endpoints, often through automated tools or by analyzing documentation and appl...
- APIキーのローテーションとは? The operational practice of periodically replacing and invalidating existing API keys to minimize the risk of key compro...
- APIクォータ強制とは? The process of applying limits to the number of API requests allowed for each user, application, or key, to prevent reso...
- APIゲートウェイ強制実施とは? Operational policy and control enforcement at the API gateway layer, ensuring only validated and authorized API traffic ...
- APIスキーマ強制適用とは? The practice of validating incoming and outgoing API requests and responses against a defined schema to prevent structur...
- APIスロットリング戦略とは? A structured approach to limit the number of API requests made by a client or IP within a specified timeframe, preventin...
- APIセキュリティゲートウェイとは? A dedicated service or device that provides centralized security controls for APIs, including authentication, authorizat...
- APIバージョンの陳腐化とは? The process and risk associated with retiring or deprecating old API versions, often resulting in unsupported endpoints ...
- APIリソース改ざんとは? The unauthorized modification or manipulation of API resources, typically by altering request parameters or payloads to ...
- APIレート制限とは? A security control mechanism that restricts the number of API requests from a user or client within a specified timefram...
- APIレート制限とは? A control that limits the number of API requests a client or application can make within a specific time frame to preven...
- API契約検証とは? The process of verifying that an API’s requests and responses strictly conform to the documented interface specification...
- API悪用アナリティクスとは? The use of data analysis techniques to monitor, identify, and report on abnormal or malicious usage patterns within API ...
- API悪用モニタリングとは? Continuous observation and analysis of API traffic to detect misuse patterns, abuse, or automated attacks, such as scrap...
- API脅威保護とは? A set of security mechanisms designed to detect, block, and mitigate malicious activity targeting application programmin...
C
- CA証明書とは? A digital certificate issued to a Certificate Authority, used to sign and validate other digital certificates within a P...
- CORSポリシー強制適用とは? The process of strictly applying Cross-Origin Resource Sharing (CORS) policies to control which origins can interact wit...
- CRL配布とは? The mechanism and locations for making Certificate Revocation Lists (CRLs) available to PKI participants to check the re...
D
H
- HMAC検証プロセスとは? A procedure using Hash-based Message Authentication Code (HMAC) to verify data integrity and authenticity during transmi...
- HSMアプライアンスとは? A dedicated hardware device designed to securely generate, manage, and store cryptographic keys, and perform cryptograph...
- HTTPパラメータ汚染とは? A web security vulnerability where multiple HTTP parameters with the same name are sent in a single request, potentially...
J
- JWTオーディエンス制限とは? A security control ensuring a JWT token is only accepted by the intended recipients (audiences), preventing token reuse ...
- JWT失効リストとは? A security control that maintains a list of invalidated JSON Web Tokens (JWTs), preventing previously issued tokens from...
- JWT署名検証とは? The process of validating the cryptographic signature of a JSON Web Token (JWT) to ensure its integrity and authenticity...
M
O
- OAuthトークン検査とは? A protocol mechanism defined in RFC 7662 that allows resource servers to query an authorization server about the status ...
- OAuth同意委任とは? Process by which a resource owner grants a client application delegated access to protected resources, based on explicit...
- OCSPステープリングとは? A TLS extension that allows servers to send a time-stamped OCSP response for their certificate during handshake, improvi...
P
ア
- アイデンティティフェデレーションプロトコルとは? A standardized mechanism allowing multiple organizations or domains to securely share and validate user identities using...
- アイデンティティ認識プロキシとは? A security proxy that enforces access controls and authentication based on user or device identity before allowing acces...
- アウトバウンドトラフィックフィルタリングとは? The process of monitoring and controlling outgoing network traffic to block unauthorized, malicious, or policy-violating...
- アカウンタビリティ・フレームワークとは? A structured set of responsibilities, roles, and processes that ensure individuals and teams are answerable for security...
- アカウント乗っ取り防御とは? Security measures designed to detect and prevent unauthorized access to user accounts, including the use of MFA, behavio...
- アクセスベクトルフィルタリングとは? A network defense technique that restricts or monitors traffic based on access vectors such as protocol, port, and direc...
- アクセス再認証とは? A formal process to periodically review and validate user access rights to systems and data to ensure only authorized pe...
- アクセス制御の不備とは? A critical security flaw where access restrictions are incorrectly implemented, enabling users to perform actions or acc...
- アクセス制御リストとは? A table or data structure used to specify permissions attached to system objects, defining which users or processes are ...
- アクセス認証とは? A formal, periodic review process in which managers or data owners attest that users have the appropriate levels of acce...
- アセットディスカバリー自動化とは? The automated identification and inventory of all devices, cloud resources, software, and services within an organizatio...
- アダプティブパケットシェーピングとは? A dynamic network management technique that adjusts packet flows based on real-time bandwidth, latency, or application p...
- アダプティブレスポンスオーケストレーションとは? The automated coordination and execution of security responses that dynamically adjust based on incident severity and co...
- アテステーションサービス統合とは? The process of connecting systems to trusted attestation services that validate the integrity and security posture of cl...
- アドバーサリシミュレーションとは? Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, t...
- アドバーサリーエミュレーションとは? The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection...
- アプリケーションコンテナセキュリティとは? Practices and controls for securing containerized applications and environments, including image scanning, runtime prote...
- アプリケーションホワイトリストポリシーとは? A security control that restricts the execution of software to only pre-approved applications, preventing unauthorized o...
- アプリケーション層DDoSとは? A type of distributed denial-of-service attack that targets the application layer (OSI Layer 7) with malicious HTTP or A...
- アラートエスカレーションとは? The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the curren...
- アラートエンリッチメントとは? The process of adding contextual information to security alerts, such as asset details, user context, or threat intellig...
- アラートトリアージとは? The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and...
- アラートドキュメント化とは? The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outc...
- アラートライフサイクルとは? The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalat...
- アラート優先順位付けとは? The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable e...
- アラート抑制とは? The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus ...
- アラート検証とは? The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with ad...
- アラート疲労とは? Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitiv...
- アラート相関とは? Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to i...
- アラート調査とは? The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response acti...
- アラート調査とは? The structured process of examining the source, context, and impact of a security alert to determine its validity, root ...
イ
- イベントトリアージとは? The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, sever...
- イベント相関分析とは? The process of analyzing and combining related security events from multiple sources to identify patterns indicative of ...
- インシデントエスカレーションとは? The formal process of transferring a detected security incident to higher-level personnel or specialized teams for furth...
- インシデントコミュニケーションとは? The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams...
- インシデントタイムラインとは? A detailed chronological record of all events, actions, and system states related to a security incident, used for inves...
- インシデントドキュメントとは? The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cyberse...
- インシデントハンドリングとは? A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including...
- インシデントレスポンスとは? A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of lim...
- インシデントレビューとは? A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to ide...
- インシデントワークフローとは? A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection...
- インシデント優先順位付けとは? The classification and ranking of security incidents based on risk, severity, and potential business impact to determine...
- インシデント分析とは? The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons l...
- インシデント分類とは? Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and ...
- インシデント報告とは? The formal process of documenting and communicating information about detected security incidents to relevant stakeholde...
- インシデント報告とは? The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, re...
- インシデント報告とは? The formal communication process for notifying internal or external authorities about detected security incidents, as re...
- インシデント対応とは? The structured approach to managing and addressing cybersecurity incidents, with processes for detection, containment, e...
- インシデント対応とは? The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, era...
- インシデント対応封じ込めとは? The process of isolating or restricting the impact of an active security incident to prevent further spread, as describe...
- インシデント対応準備とは? The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recove...
- インシデント封じ込めとは? The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement,...
- インシデント復旧とは? The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security...
- インシデント検知とは? The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and n...
- インシデント検知とは? The process of identifying and confirming security events indicating unauthorized activity or compromise of cryptographi...
- インシデント管理とは? A structured process for identifying, assessing, responding to, and recovering from security incidents to minimize impac...
- インシデント管理とは? A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security inc...
- インシデント終了とは? The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and...
- インシデント緩和とは? Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradi...
- インシデント記録とは? The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate ...
- インシデント調査とは? A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a s...
- インシデント追跡とは? The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure ac...
- インシデント通知とは? The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incide...
- インジケータ融合センターとは? A centralized facility or platform that aggregates, correlates, and analyzes cybersecurity indicators (such as IOCs) fro...
- インスタンスメタデータシールドとは? A security control that prevents unauthorized access to the metadata service of virtual machine or container instances, ...
- インターネットエクスチェンジセキュリティとは? The collective security controls, policies, and operational measures implemented at an Internet Exchange Point (IXP) to ...
- インターフェースレベルガードとは? A security control that enforces policy, filtering, or access restrictions at a specific network interface, segmenting a...
- インパクト分析とは? The process of identifying and evaluating the potential consequences and business impacts of threats, incidents, or poli...
- インパクト分析とは? A structured assessment of the potential consequences or business disruption resulting from the exploitation of vulnerab...
- インフラストラクチャ権限管理とは? A process and toolset for discovering, controlling, and auditing permissions and access rights across cloud and hybrid i...
- インライン脅威検出とは? Real-time inspection of network traffic by security appliances placed directly in the data path to identify and block th...
- イーストウェストモニタリングとは? Continuous inspection and analysis of lateral (intra-network) data flows within an organization's internal environment t...
エ
- エクスプロイトアーカイブとは? A centralized and curated repository of documented exploits relevant to cryptographic or PKI environments, used for thre...
- エクスプロイトリサーチとは? The investigative process of analyzing, discovering, and documenting methods by which vulnerabilities in PKI or cryptogr...
- エクスプロイトリストとは? An authoritative and frequently updated catalog of all known exploits that could target cryptographic or PKI assets, inc...
- エクスプロイト・ウィンドウとは? The period between public disclosure of a cryptographic or PKI vulnerability and the application of effective remediatio...
- エクスプロイト・シミュレーションとは? A controlled emulation of exploit attempts against cryptographic or PKI vulnerabilities to assess system resilience and ...
- エクスプロイト曝露とは? The state in which PKI or cryptographic systems are vulnerable to a known exploit, due to unpatched or misconfigured com...
- エクスプロイト検出とは? The process of identifying and alerting on attempted or successful exploitation of vulnerabilities in cryptographic, PKI...
- エクスプロイト検証とは? The process of confirming, through controlled testing, that a discovered vulnerability in a cryptographic or PKI system ...
- エクスプロイト緩和とは? Technical and procedural controls implemented to reduce or eliminate the risk of exploitation of vulnerabilities in cryp...
- エクスプロイト評価とは? The evaluation of identified vulnerabilities in cryptographic or PKI assets to determine the likelihood and potential im...
- エクスプロイト試行とは? An unauthorized action or sequence initiated by a threat actor to actively test or leverage a cryptographic or PKI vulne...
- エクスプロイト連鎖とは? The sequential use of multiple exploits to bypass security mechanisms and gain unauthorized access to cryptographic or P...
- エクスプロイト防止とは? A set of technical and procedural controls to proactively prevent exploitation of vulnerabilities in cryptographic and P...
- エクスポージャ・ウィンドウとは? The time period during which cryptographic or PKI assets remain susceptible to exploitation due to the existence of unpa...
- エクスポージャ分析とは? Systematic evaluation of cryptographic or PKI assets and their attack surface to determine points of exposure to vulnera...
- エフェメラルインスタンス制御とは? Security controls and automation for governing short-lived, temporary compute instances to prevent persistence, limit at...
- エフェメラルキーとは? A cryptographic key generated for temporary use in a single session or operation, after which it is discarded and not re...
- エフェメラルポートランダマイゼーションとは? A technique where ephemeral (temporary) TCP/UDP ports are assigned randomly to reduce the risk of port prediction attack...
- エンドポイントタンパープロテクションとは? A security feature that prevents unauthorized users or malware from disabling, modifying, or bypassing endpoint security...
- エンドポイントヘルス認証とは? A process by which the health state of an endpoint device is cryptographically measured and validated before it is allow...
- エンドポイントポリシーの強制とは? The application of security controls to endpoints (e.g., laptops, mobiles) to ensure compliance with organizational secu...
- エンドポイント・フォレンジック収集とは? The process of acquiring and preserving digital evidence from cloud or on-premises endpoints in a manner consistent with...
- エンドポイント検出と応答とは? A cybersecurity solution that monitors, detects, and responds to threats on endpoint devices in real time, integrating t...
- エンドポイント脅威インテリジェンスとは? The real-time collection and analysis of threat indicators and adversary tactics from endpoint devices to enhance detect...
- エンドポイント隔離ポリシーとは? A defined set of rules for isolating endpoints that exhibit suspicious or non-compliant behavior to prevent them from ac...
- エンドポイント隔離ポリシーとは? A formalized set of procedures and controls for isolating endpoints exhibiting signs of compromise or non-compliance fro...
- エージェントレス脆弱性スキャンとは? A vulnerability assessment performed without installing agents on target systems, using network, API, or credentialed sc...
オ
- オンラインステータスとは? In cryptography/PKI, refers to the real-time validity of a digital certificate or credential as determined by protocols ...
- オンラインレスポンダとは? A network service that provides real-time certificate status information, typically using the Online Certificate Status ...
- オープンリダイレクト緩和とは? Security controls that detect and prevent web applications from redirecting users to untrusted external URLs, reducing t...
ガ
キ
- キーのチェックサムとは? A value derived from a cryptographic key using a checksum or hash algorithm, used to verify the integrity or correctness...
- キーのバックアップとは? The secure process of creating a protected copy of a cryptographic key, enabling recovery if the original is lost or dam...
- キーのローテーションとは? The scheduled process of replacing cryptographic keys with new keys to limit the period a compromised key can be misused...
- キーの有効期間とは? The maximum period that a cryptographic key is allowed to be active and used for cryptographic operations before mandato...
- キーインポートとは? The process of securely bringing a cryptographic key into a software or hardware cryptographic module, typically in comp...
- キーコンテナとは? A logical or physical storage area used to hold cryptographic keys, often protected by access controls and used in softw...
- キーラッピングとは? The process of encrypting one cryptographic key with another key to securely transport or store keys, typically used for...
- キーリカバリとは? A controlled process for restoring lost or inaccessible cryptographic keys, typically from a secure backup or escrow, fo...
- キー使用法とは? A certificate extension that defines the allowed cryptographic operations for the associated key, such as digital signat...
- キー管理サービスとは? A centralized service or system that creates, stores, rotates, and manages cryptographic keys used for securing data at ...
ク
- クライアントサイド強制とは? Reliance on client-side logic to enforce security controls, which can be bypassed or manipulated, undermining the intend...
- クライアント証明書検証とは? A process that verifies the authenticity and trustworthiness of client certificates during mutual TLS connections, enabl...
- クラウドアクセスブローカーとは? A security policy enforcement point between cloud service users and providers that ensures enterprise security requireme...
- クラウドアクセス監査とは? Systematic logging and analysis of access events in cloud environments to ensure compliance, detect anomalies, and suppo...
- クラウドアクティビティログとは? The process of capturing, storing, and analyzing logs of user actions, system events, and resource access within cloud e...
- クラウドアクティビティ相関分析とは? The process of linking and analyzing disparate cloud events, logs, and telemetry to detect patterns indicative of threat...
- クラウドインシデント対応とは? A structured approach to managing and mitigating security incidents in cloud environments, including preparation, detect...
- クラウドストレージ暗号化とは? The use of cryptographic techniques to protect data stored in cloud environments, ensuring confidentiality and integrity...
- クラウドセキュリティ態勢とは? The overall security status and configuration of cloud services, assets, and workloads in accordance with organizational...
- クラウドトラフィックミラーリングとは? A cloud-native capability that duplicates network traffic to analysis tools for monitoring, threat detection, and compli...
- クラウドネイティブSIEMとは? A Security Information and Event Management platform built specifically for cloud architectures, offering elastic scalab...
- クラウドネットワークセグメンテーションとは? The practice of dividing cloud-based network environments into distinct, isolated segments to enforce security boundarie...
- クラウドネットワークセグメンテーションとは? The process of dividing a cloud network into isolated segments or zones to control traffic flow and limit lateral moveme...
- クラウドプロバイダーIAMとは? Identity and access management systems and controls provided by cloud service vendors, enabling secure authentication, a...
- クラウドリソースタグ付けとは? The process of assigning metadata labels to cloud resources to facilitate access management, cost allocation, compliance...
- クラウド暗号化ゲートウェイとは? A security appliance or service that encrypts sensitive data before it is transferred to cloud services, ensuring confid...
- クラウド脅威インテリジェンスとは? The process of gathering, analyzing, and operationalizing information about cloud-specific threats, adversary tactics, a...
- クラウド証明書ピニングとは? A security technique that restricts applications or devices to accept only specific trusted certificates or public keys ...
- クレデンシャルスタッフィング検知とは? The identification and mitigation of automated attacks in which attackers use lists of compromised credentials to gain u...
- クレデンシャルスタッフィング防御とは? Measures and technologies to detect, block, and mitigate automated login attempts using stolen or reused username-passwo...
- クロステナントアクセスとは? The mechanism by which users, services, or applications are granted permission to access resources across different isol...
- クロステナント分離とは? Security controls that strictly separate data, processes, and resources among different tenants in multi-tenant cloud or...
ケ
コ
- コマンドコントロールチャネルとは? A communications channel used by attackers or malware to issue instructions to compromised hosts, or by defenders for au...
- コンテインメント戦略とは? A set of planned actions and measures taken to limit the spread and impact of a cybersecurity incident, preventing furth...
- コンテナイメージスキャンニングとは? The process of automatically analyzing container images for vulnerabilities, malware, and policy violations before deplo...
- コンテナエスケープ防止とは? Security controls and mechanisms implemented to prevent processes within a container from breaching isolation boundaries...
- コンテナランタイム分離とは? A set of controls and configurations that ensure each running container is logically and physically separated from other...
- コントロールの弱点とは? A flaw, gap, or insufficient strength in technical or procedural controls that may allow threats to compromise cryptogra...
- コントロールの欠陥とは? A weakness in the design or operation of a control that prevents it from effectively mitigating risk or achieving compli...
- コントロールマッピングとは? The process of linking controls to regulatory, policy, or framework requirements to demonstrate compliance and facilitat...
- コントロールマッピングとは? The process of aligning cryptographic or PKI controls with regulatory frameworks, standards, or organizational requireme...
- コントロールレビューとは? An assessment of security controls to determine their effectiveness, adequacy, and proper implementation within the orga...
- コントロール成熟度とは? A measure of how well an internal control is designed, implemented, and operating as intended to mitigate risk and meet ...
- コントロール自己評価とは? Short for 'Control Self-Assessment'—an internal process where departments evaluate the design and effectiveness of their...
- コントロール評価とは? A formal evaluation of the design and effectiveness of security controls to determine whether they are operating as inte...
- コントロール評価とは? A systematic assessment of technical and procedural security controls in cryptographic and PKI environments to determine...
- コンプライアンススキャンとは? An automated scan of cryptographic or PKI systems to verify conformity with regulatory and industry requirements.
- コンプライアンスダッシュボードとは? A real-time visualization tool that aggregates and displays the status of cryptography and PKI controls, risks, incident...
- コンプライアンスフレームワークとは? An integrated system of standards, guidelines, and procedures designed to help an organization meet all relevant legal, ...
- コンプライアンス報告とは? The process of preparing and delivering evidence-based reports to demonstrate adherence to regulatory, legal, and contra...
- コンプライアンス検証とは? The formal process of testing and confirming that systems, processes, and controls meet regulatory, contractual, and pol...
- コンプライアンス検証とは? The systematic confirmation that cryptographic, PKI, and supporting systems conform to relevant standards, policies, and...
- コンプライアンス監査とは? A systematic, independent review to determine whether activities and related results comply with planned arrangements, p...
- コンプライアンス監督とは? Ongoing supervision and review of an organization's compliance with laws, regulations, policies, and contractual obligat...
- コンプライアンス管理とは? The coordinated set of processes and controls designed to ensure adherence to legal, regulatory, and internal policy req...
- コンプライアンス管理とは? A specific policy, process, or technical measure implemented to ensure an organization meets applicable legal, regulator...
- コード依存性分析とは? The process of examining software dependencies for known vulnerabilities, outdated components, or license compliance iss...
サ
- サイバー欺瞞作戦とは? Deliberate use of decoys, traps, and misinformation within an organization's environment to detect, divert, and analyze ...
- サブCAとは? A Certificate Authority (CA) that is certified and authorized by a root or higher-level CA to issue digital certificates...
- サブジェクト名とは? The distinguished name (DN) in a digital certificate that uniquely identifies the certificate holder or entity, as speci...
- サブジェクト鍵とは? The cryptographic public key associated with the subject of a digital certificate, used to verify signatures or encrypt ...
- サードパーティリスクとは? The exposure to potential harm or loss resulting from external vendors, suppliers, contractors, or service providers who...
- サードパーティ信頼境界とは? A defined security demarcation between an organization’s internal systems and those of third-party entities, used to enf...
- サーバーレスセキュリティポリシーとは? A set of security controls and guidelines specifically designed to protect serverless computing architectures by restric...
- サーバーレスファンクションラッピングとは? The security practice of encapsulating serverless functions within wrappers or middleware to enforce policy, perform inp...
- サービスメッシュセキュリティとは? A set of controls, policies, and tools for ensuring secure communication, authentication, and authorization between micr...
- サービスメッシュ暗号化とは? End-to-end encryption of communications between services within a service mesh architecture, typically using mutual TLS ...
シ
ス
- スキャンエンジンとは? A dedicated software module or appliance that performs automated vulnerability, compliance, or configuration scans on cr...
- スキャン対象範囲とは? The extent to which cryptographic systems, PKI components, and related assets are included in vulnerability or configura...
- スキャン結果とは? The output or findings generated by automated or manual scans of PKI or cryptographic systems for vulnerabilities, compl...
- スキャン頻度とは? The rate at which cryptographic assets or PKI-enabled systems are scanned or assessed for vulnerabilities, exposures, or...
- ストレージアクセス制御とは? Policies and mechanisms that restrict and monitor access to data storage systems, ensuring only authorized users or appl...
セ
- セキュアオーバーレイネットワークとは? A logically separated, secured network built on top of an existing network to provide enhanced security controls and iso...
- セキュアコマンドチャネルとは? An encrypted, authenticated communication pathway used for transmitting privileged commands or control signals, as descr...
- セキュアコンテナネットワーキングとは? The practice of applying security controls, segmentation, and encrypted communication to the networking layer between co...
- セキュアチャネルとは? A communication path protected by cryptographic means, ensuring confidentiality, integrity, and authentication of data i...
- セキュアパケット転送とは? The practice of transmitting data packets across networks in a manner that maintains confidentiality, integrity, and aut...
- セキュアブート検証とは? A cryptographic process that ensures only trusted, signed firmware and software are loaded during system startup, preven...
- セキュアボーダーゲートウェイとは? A security-hardened network device or configuration that manages and filters traffic entering or leaving the network per...
- セキュアメールゲートウェイとは? A dedicated security appliance or cloud service that monitors, filters, and blocks malicious email content (spam, phishi...
- セキュア構成ベースラインとは? A documented set of secure settings and parameters for systems or applications, serving as a reference point for complia...
- セキュリティの誤設定とは? A failure to implement correct or secure settings in cryptographic, PKI, or network assets, resulting in exposure to exp...
- セキュリティアサーションマークアップとは? An XML-based framework (SAML) for exchanging authentication and authorization data between security domains, commonly us...
- セキュリティアラートとは? Automated or manual notification process by which a security system or analyst informs relevant personnel of detected su...
- セキュリティイベント記録とは? The systematic recording of security-related activities, alerts, and incidents within systems or networks to support det...
- セキュリティオペレーションとは? All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond ...
- セキュリティオーケストレーションとは? The automated coordination and integration of security tools, processes, and workflows to accelerate response and improv...
- セキュリティオーケストレーション自動化とは? The integration and automation of security processes, tools, and workflows to accelerate detection, investigation, and r...
- セキュリティギャップとは? A missing or insufficient security control in cryptographic or PKI systems that exposes assets to risk, noncompliance, o...
- セキュリティテストとは? The process of evaluating cryptographic, PKI, and supporting systems for compliance with security requirements, through ...
- セキュリティテレメトリーとは? Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as l...
- セキュリティヘッダーの強制とは? The application of mandatory HTTP response headers (such as CSP, HSTS, X-Frame-Options) to protect web applications from...
- セキュリティベースラインとは? A documented set of minimum security controls or configurations established as a standard for systems, services, or proc...
- セキュリティベースラインとは? A set of minimum security controls and configurations established for cryptographic or PKI systems to ensure compliance ...
- セキュリティポリシー違反とは? Any action or event that contravenes an established information security policy or standard, triggering investigation or...
- セキュリティ・プレイブックとは? A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or ...
- セキュリティ分析とは? Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical mo...
- セキュリティ区分とは? The categorization of data or assets based on sensitivity, value, and required level of protection, typically in alignme...
- セキュリティ対応とは? Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accord...
- セキュリティ意識向上研修とは? Education provided to personnel to raise awareness about security risks, threats, and safe practices, often as part of c...
- セキュリティ態勢とは? The overall status of an organization’s cybersecurity policies, controls, capabilities, and readiness to detect, prevent...
- セキュリティ憲章とは? A formal document that defines the scope, authority, and responsibilities of the security function within an organizatio...
- セキュリティ戦略とは? A high-level plan that defines how an organization will protect its information assets, meet regulatory obligations, and...
- セキュリティ監査とは? A formal, systematic review of an organization’s information systems, controls, and procedures to verify their effective...
- セキュリティ監査とは? A formal, systematic review and verification of cryptographic and PKI processes, controls, and compliance with standards...
- セキュリティ監督とは? The ongoing supervision and review of security policies, controls, and processes to ensure effective risk management and...
- セキュリティ監視とは? Continuous observation, collection, and analysis of security events and data across information systems to detect threat...
- セキュリティ研修とは? Instructional activities designed to equip personnel with the knowledge and skills to recognize, prevent, and respond to...
- セキュリティ自動化とは? Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—s...
- セキュリティ設定ミスとは? A common vulnerability where systems, servers, or applications are deployed with insecure default settings, incomplete c...
- セキュリティ評価とは? A systematic evaluation of the security posture of systems, networks, and processes to identify vulnerabilities, threats...
- セキュリティ通知とは? The formal process of communicating significant security events or incident statuses to designated stakeholders or regul...
- セグメンテーションポリシー施行とは? The application and monitoring of access control policies that govern traffic between network segments to minimize unaut...
- セッションタイムアウト強制とは? Policy and technical controls to ensure user sessions automatically expire after a defined period of inactivity, minimiz...
- セッションチケットとは? A data structure issued by a server to a client in TLS to enable stateless session resumption by encapsulating keying ma...
- セッショントークンバインディングとは? A security mechanism that cryptographically ties a session token to a specific user device or connection context, preven...
- セッションハイジャック防御とは? Countermeasures and controls implemented to detect, prevent, and respond to session hijacking attacks, such as session f...
- セッションリプレイ防御とは? Controls and mechanisms designed to prevent attackers from capturing and reusing legitimate session tokens or data packe...
- セッション再開とは? A TLS or secure channel mechanism that enables clients and servers to reuse a previously negotiated session state for fa...
- セッション鍵とは? A temporary symmetric key used for a single communication session, providing confidentiality and integrity for exchanged...
ゼ
- ゼロデイとは? A vulnerability in PKI or cryptographic systems that is unknown to the vendor and for which no official patch or mitigat...
- ゼロトラストアーキテクチャとは? A security model based on the principle that no user, device, or network component should be trusted by default. Enforce...
- ゼロトラストアーキテクチャとは? A security model centered on the assumption that no user or device, inside or outside the network perimeter, is trusted ...
- ゼロトラストアーキテクチャとは? A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verificati...
ソ
- ソフトウェア定義ペリメーターとは? A cybersecurity framework that dynamically creates one-to-one network connections between users and resources using iden...
- ソルト値とは? A random value added to data, typically passwords, before hashing to ensure that identical inputs produce different hash...
- ソースアドレス検証とは? The process of verifying that the source IP address of a packet is legitimate and not spoofed, typically enforced at net...
ダ
チ
- チェーンアンカリングとは? The process of ensuring that a certificate chain terminates at a trusted root certificate authority (trust anchor), as r...
- チェーンバリデーションとは? The process of verifying each certificate in a chain from the end entity up to the root CA, ensuring all links are trust...
- チェーン構築とは? The process of assembling a complete, ordered set of certificates from an end-entity certificate up to a trusted root, v...
テ
- テストカバレッジとは? The extent to which cryptographic or PKI system components, use cases, and controls are validated by automated or manual...
- テスト自動化とは? The application of automated tools and scripts to perform repeatable, consistent validation of cryptographic functions, ...
- テーブルトップ演習とは? A discussion-based incident response simulation where team members review and role-play their actions and decisions for ...
デ
- デジタル・フォレンジクスとは? The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to suppor...
- デジタル封筒とは? A mechanism in cryptography where a message is encrypted with a symmetric key and the symmetric key is then encrypted wi...
- デセプションハニーネット展開とは? The setup of a network of decoy systems and services designed to lure, detect, and analyze attacker behavior.
- デバイストラストスコアリングとは? A security metric that evaluates the trustworthiness of a device based on hardware, software, configuration, compliance ...
- デバイスポスチャ評価とは? The evaluation of a device's security state, such as patch levels, configurations, and presence of security controls, be...
- デバイス登録管理とは? The process of registering and configuring devices to ensure compliance with security policies before granting access to...
- デバイス証明書とは? A digital certificate issued to a device (such as a server, router, or IoT component) to authenticate its identity withi...
- デバイス証明書管理とは? The process of issuing, deploying, renewing, and revoking digital certificates used to authenticate and secure devices w...
- データオーナーシップとは? The formal assignment of authority and accountability for data assets to specific individuals or roles within an organiz...
- データプレーン分離とは? The separation of the data forwarding path from management and control planes within network infrastructure to improve s...
- データマッピングとは? The structured process of identifying, documenting, and connecting the flow of data elements across systems, application...
- データレジデンシーコントロールとは? Policies and technical mechanisms that ensure organizational data is stored, processed, and managed in specific legal or...
- データ主体とは? An individual whose personal data is collected, held or processed by a data controller or processor as defined by privac...
- データ主権とは? The concept that digital data is subject to the laws and governance structures within the nation where it is collected o...
- データ保持とは? The set of policies and procedures governing how long organizational data must be kept, archived, or deleted in complian...
- データ分類とは? The process of categorizing data based on its sensitivity, value, and the impact to the organization if disclosed, alter...
- データ分類とは? The systematic process of categorizing information based on sensitivity, criticality, and regulatory requirements to det...
- データ取扱いとは? The processes and procedures for collecting, processing, storing, transmitting, and disposing of data in a secure and co...
- データ損失とは? The unintended or unauthorized destruction, corruption, or loss of data, potentially resulting in business disruption or...
- データ損失防止とは? A suite of technologies and policies designed to detect, monitor, and prevent the unauthorized transmission or disclosur...
- データ改ざん検知とは? Mechanisms and monitoring used to detect unauthorized or malicious modification of data in storage, transit, or processi...
- データ最小化とは? The principle and practice of limiting personal or sensitive data collection, processing, and retention to only what is ...
- データ流出アラートとは? The real-time detection and notification of unauthorized attempts to transfer sensitive or regulated data out of protect...
- データ管理責任とは? The assignment of responsibility for the management, oversight, and protection of data assets to designated individuals ...
ト
- トラステッドプラットフォームとは? A computing environment equipped with hardware and software components (e.g., TPM, secure boot) designed to ensure integ...
- トラステッドプラットフォームモジュールとは? A hardware security chip designed to securely store cryptographic keys, certificates, and perform integrity checks to en...
- トラストアンカーとは? A trusted entity (typically a root certificate authority) whose public key is used as the ultimate basis for validating ...
- トラストストアとは? A repository of trusted root and intermediate certificates used by applications and systems to verify the authenticity o...
- トラストフレームワークとは? A formal structure of policies, roles, rules, and standards that define how trust is established, maintained, and evalua...
- トラフィック分類エンジンとは? A system or module that automatically identifies, categorizes, and labels network traffic based on protocols, applicatio...
- トランスポートレイヤーセキュリティとは? A cryptographic protocol designed to provide secure communication over a computer network, protecting data in transit vi...
- トークナイゼーションサービスとは? A security process or managed solution that replaces sensitive data elements with non-sensitive equivalents (tokens), of...
- トークンスコープ強制とは? The process of restricting token privileges to the minimum necessary set of actions or resources, ensuring that access t...
- トークンバインディングとは? A security mechanism where cryptographic tokens are cryptographically bound to a TLS connection, ensuring that tokens ca...
- トークンバインディング強制とは? A security control requiring the cryptographic binding of authentication tokens to specific TLS sessions or client devic...
- トークンリクエストとは? A formal operation in which a client requests an authentication or authorization token from an identity provider or secu...
- トークンリプレイ防止とは? Security controls and techniques that ensure tokens, such as authentication or session tokens, cannot be reused by attac...
- トークン有効期限検証とは? The process of checking the expiration date and time of authentication or authorization tokens to ensure that expired to...
- トークン漏洩防止とは? Measures and controls implemented to prevent authentication or authorization tokens from being inadvertently exposed, in...
ネ
- ネットワークアクセス強制とは? The application of technical controls to regulate and restrict user, device, or service access to network resources, enf...
- ネットワークセグメンテーションとは? The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, perform...
- ネットワークテレメトリアグリゲーションとは? The collection, normalization, and consolidation of network telemetry data (such as flow records, logs, or metrics) from...
- ネットワークファブリック暗号化とは? Encryption mechanisms applied to the entire data path within a network fabric, ensuring confidentiality and integrity of...
- ネットワークフロー分析とは? The process of collecting, monitoring, and analyzing metadata about network traffic flows to detect anomalies and threat...
- ネットワーク列挙とは? The systematic identification and cataloging of networked assets, hosts, and services, including cryptographic and PKI i...
- ネットワーク挙動異常とは? An observed deviation from established patterns of normal network activity that may indicate the presence of malicious a...
- ネットワーク脅威ハンティングとは? The proactive process of searching for hidden threats or adversaries within network traffic using behavioral analytics, ...
ノ
ハ
- ハイパーバイザーエスケープ緩和策とは? A set of security controls and techniques that prevent or detect attempts by virtual machines to break out of hypervisor...
- ハイブリッドクラウドフェデレーションとは? The operational model enabling secure interoperability and resource management across multiple private and public cloud ...
- ハイブリッド暗号化とは? A cryptographic approach that combines asymmetric and symmetric encryption to leverage the advantages of both for secure...
- ハッシュ衝突とは? An event where two different inputs produce the same output hash value from a cryptographic hash function, undermining d...
- ハニーポットサービスゲートウェイとは? A dedicated network gateway or proxy that directs traffic to and from honeypot resources, isolating deceptive assets fro...
- ハードウェアトークンとは? A physical device, such as a USB or smart card, used to store cryptographic keys and perform authentication or signing o...
- ハードウェアルートオブトラストとは? A cryptographic foundation embedded in hardware (e.g., TPM, HSM, or secure enclave) that provides immutable security anc...
バ
パ
- パケットキャプチャ分析とは? The process of collecting and analyzing network packet data to detect threats, troubleshoot issues, and validate securit...
- パケットタイムスタンピングとは? The process of attaching accurate time information to network packets for logging, monitoring, forensic analysis, and la...
- パッチロールバックとは? The process of reverting cryptographic or PKI system components to a previous version when a deployed patch introduces i...
- パッチ例外とは? A formally documented decision to temporarily or permanently not apply a specific patch to a PKI or cryptographic system...
- パッチ検証とは? The process of confirming through controlled testing that a security patch applied to cryptographic modules or PKI compo...
- パッチ検証とは? The process of confirming that applied patches to cryptographic, PKI, or related systems have been correctly installed, ...
- パッチ状況とは? The documented and regularly updated record of the deployment, verification, and compliance of cryptographic or PKI-rela...
- パッチ管理とは? A formal process for the identification, acquisition, testing, and deployment of patches to correct vulnerabilities in c...
- パッチ配布とは? The distribution and installation of security updates to cryptographic or PKI-related systems to remediate vulnerabiliti...
- パラメータ改ざん攻撃とは? An attack technique where an adversary manipulates input parameters in client requests to alter application behavior, by...
ビ
- ビジネスルールの施行とは? Implementation and monitoring of business logic controls within applications to prevent unauthorized or unintended actio...
- ビジネスロジックの悪用とは? The exploitation of legitimate business logic in applications to gain unauthorized advantages, often bypassing technical...
- ビジネスロジック検証とは? The process of systematically verifying application workflows and rules to ensure that implemented business logic enforc...
- ビジビリティファブリックタップとは? A hardware or virtual device that creates a copy of network traffic for out-of-band monitoring, analytics, and security ...
フ
- フィッシング対応とは? Coordinated actions taken to detect, contain, and mitigate phishing attacks, including user notification, credential res...
- フェデレーテッドIDマッピングとは? A process that links a user’s identity and credentials across multiple trusted identity providers, enabling Single Sign-...
- フェデレーテッドアイデンティティマッピングとは? A process that links user identities from external or partner identity providers to local systems, enabling single sign-...
- フォレンジック分析とは? The scientific examination and investigation of digital devices, logs, or data to identify, collect, preserve, and analy...
- フォレンジック分析とは? The application of specialized techniques to collect, preserve, and analyze digital evidence from information systems fo...
- フォワードシークレシーフレームワークとは? A cryptographic protocol property ensuring that compromise of long-term keys does not compromise past session keys, as r...
- フローコレクターセンサーとは? A network device or software agent that passively gathers, aggregates, and forwards network flow records (such as NetFlo...
ブ
- ブラウザーアイソレーションサービスとは? A security mechanism that isolates end-users’ web browsing activity from the endpoint or corporate network by running br...
- ブラウザー分離サービスとは? A security control that runs browser sessions in isolated, remote containers or sandboxes to protect endpoints from web-...
- ブラスト半径の削減とは? Limiting the potential impact of a security breach by isolating assets and implementing controls that constrain the effe...
- ブロック暗号とは? A symmetric key encryption algorithm that encrypts data in fixed-size blocks, such as AES and 3DES.
プ
- プライバシー影響とは? The effect of a process, project, or system on the privacy of individuals, often measured and documented through a forma...
- プライバシー通知とは? A formal document that informs individuals about how their personal data is collected, used, stored, and protected by th...
- プリフライトリクエスト処理とは? The process of managing HTTP preflight requests (OPTIONS method) sent by browsers to check CORS permissions before the a...
- プレイブック自動化とは? The automated execution of predefined incident response actions and workflows using orchestration tools, reducing manual...
- プロセスインジェクションとは? A technique used by attackers or legitimate tools to inject code into the address space of another process, enabling cod...
- プロセスマッピングとは? A systematic technique for visually documenting and analyzing business or IT processes, their sequence, stakeholders, in...
- プロセスマッピングとは? A structured method of visually documenting and analyzing processes, including their steps, controls, and responsible pa...
ベ
ペ
ホ
- ホストインテグリティモニタリングとは? Continuous assessment of a host system’s files, processes, and configurations to detect unauthorized changes, tampering,...
- ホストファイアウォールポリシーとは? A defined set of rules and configurations that control inbound and outbound network traffic at the individual host or VM...
- ホスト侵入防止とは? A security solution deployed on host systems to proactively detect, block, and log malicious activity, such as exploits ...
- ホスト隔離とは? The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compro...
- ホスト隔離による封じ込めとは? A network defense strategy to restrict or cut off network access for a compromised or suspicious host to prevent lateral...
ポ
- ポリシーフレームワークとは? A structured set of overarching policies, standards, and guidelines that governs how information security, compliance, a...
- ポリシーベース修復とは? Automated or manual corrective actions triggered by predefined policies to mitigate detected security incidents or confi...
- ポリシーマッピングとは? The process in PKI where certificate policies from one CA are mapped to equivalent policies in another, allowing interop...
- ポリシーレビューとは? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- ポリシーレビューとは? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- ポリシー例外とは? A formally approved, documented deviation from an established security policy, typically granted on a temporary basis wi...
- ポリシー文書化とは? The comprehensive collection and maintenance of all written policies, procedures, and standards governing security, risk...
- ポリシー施行とは? The process of ensuring that policies, standards, and procedures are implemented and followed within the organization, w...
- ポリシー機関とは? An entity within a PKI or trust framework responsible for defining, governing, and maintaining security and operational ...
- ポリシー決定ポイントとは? A logical component in access control architectures (e.g., ABAC, RBAC) that evaluates access requests against policy rul...
- ポリシー違反とは? An act or omission that breaches or contradicts an established organizational policy, potentially leading to disciplinar...
- ポリシー遵守とは? The degree to which organizational personnel follow established internal policies, procedures, and standards.
マ
- マイクロサービスセキュリティメッシュとは? A distributed security framework that provides consistent identity, policy enforcement, and encrypted communication acro...
- マイクロサービス分割転送とは? A network architecture approach in which communications between microservices are isolated into distinct, secured segmen...
- マイクロセグメンテーション ポリシーとは? A set of rules that define fine-grained network zones and enforce isolation between workloads to limit lateral movement.
- マイクロセグメンテーションポリシーとは? A granular security approach that divides networks into isolated segments at the workload or application level, enforcin...
- マシンアイデンティティライフサイクルとは? The complete set of processes for creating, managing, renewing, and retiring machine identities (e.g., certificates, key...
- マスアサインメント脆弱性の悪用とは? A vulnerability where an attacker assigns values to object properties that should not be directly set by the user, often...
- マネジメントレビューとは? A formal evaluation conducted by senior management to assess the adequacy and effectiveness of security, compliance, and...
- マネージドセキュリティプロバイダーとは? An external organization that delivers outsourced security monitoring, management, and incident response services for cl...
- マネージドディテクション&レスポンスとは? A managed security service that provides continuous threat monitoring, detection, investigation, and active response to ...
- マルウェア封じ込めとは? Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software w...
- マルウェア解析とは? The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected...
ユ
- ユーザーなりすまし制御とは? Mechanisms and safeguards that prevent or detect unauthorized use of a legitimate user's identity within a system or app...
- ユーザープロビジョニングとは? The process of creating, managing, and assigning user accounts and privileges within an organization's IT systems in acc...
- ユーザー行動分析とは? Advanced analytics that monitor and analyze user activity patterns to detect insider threats, compromised accounts, and ...
ラ
- ラテラルパス検出とは? The process of identifying unauthorized lateral movement within a network, typically by monitoring for abnormal access o...
- ラテラルムーブメント防止とは? Techniques and controls designed to detect and stop an adversary’s efforts to move laterally within a network after init...
- ランタイム挙動分析とは? Continuous monitoring and assessment of applications’ or systems’ activities during execution to detect anomalies or thr...
- ランダムオラクルとは? A theoretical black box model that responds to every unique query with a truly random response, used as an idealized com...
リ
- リスクの優先順位付けとは? The process of ranking identified risks based on their likelihood, potential impact, and organizational risk appetite to...
- リスクスコアリングとは? The process of quantifying and prioritizing risks by assigning numerical or qualitative values based on likelihood, impa...
- リスクスコアリングとは? The quantitative or qualitative assignment of a value to a risk, based on the likelihood and impact of vulnerabilities w...
- リスクダッシュボードとは? A real-time interface that aggregates, visualizes, and monitors PKI or cryptographic risks, vulnerabilities, and remedia...
- リスクマトリクスとは? A graphical tool that maps risk likelihood and impact to prioritize mitigation and support risk management decisions.
- リスク低減とは? The application of technical, administrative, or physical controls in cryptographic and PKI environments to lower the li...
- リスク優先順位付けとは? The structured process of ranking risks to cryptographic and PKI systems based on likelihood, impact, and exposure, to g...
- リスク分析とは? The systematic process of identifying, evaluating, and prioritizing risks to organizational assets, considering likeliho...
- リスク受容とは? A formal decision to acknowledge and accept the consequences of a specific risk, typically documented and approved by au...
- リスク受容とは? The formal decision to tolerate a known risk in cryptographic or PKI systems, typically documented through risk manageme...
- リスク報告とは? The process of collecting, analyzing, and communicating information about risk exposures, controls, and mitigation activ...
- リスク所有権とは? The assignment of accountability and authority for managing identified risks to a specific individual or organizational ...
- リスク指標とは? A measurable signal or metric used to identify, quantify, or monitor risks affecting cryptographic or PKI assets, suppor...
- リスク登録簿とは? A central repository listing identified organizational risks, their likelihood, impact, mitigation actions, and responsi...
- リスク許容度とは? The level and type of risk an organization is willing to accept in pursuit of its objectives, as formally defined by sen...
- リスク許容度とは? The amount and type of risk an organization is willing to accept in pursuit of its objectives, as defined in risk manage...
- リスク評価とは? The process of assessing the potential impact and likelihood of identified risks to determine their significance and gui...
- リスク通知とは? A formal alert generated to inform stakeholders of emerging or realized PKI or cryptographic risks, often automated with...
- リソースIDマッピングとは? The process of associating digital resources (such as VMs, APIs, or storage objects) with unique, verifiable identities ...
- リソース共有ポリシーとは? A set of security rules and access controls governing how digital resources such as data, storage, and APIs are shared a...
- リソース誤設定アラートとは? Automated notification generated when a cloud resource, such as storage or compute, is configured in a way that exposes ...
- リプレイナンス検証とは? A security mechanism that ensures a unique nonce value is included and validated in each request or transaction, protect...
- リプレイ攻撃検出とは? A security mechanism to identify and block attempts where valid data transmissions are maliciously repeated or delayed, ...
- リプレイ攻撃緩和とは? Security controls implemented to detect and prevent replay attacks, where previously valid data transmissions are malici...
- リモートアクセスゲートウェイとは? A secured network device or service that brokers and controls remote user access to internal organizational resources, e...
- リモートアテステーションプロトコルとは? A cryptographic protocol that enables a verifier to remotely validate the integrity and trustworthiness of a device or s...
- リモートブラウザーアイソレーションとは? A security technique in which a user’s web browsing session is executed on a remote server, isolating all web content fr...
- リーガルホールドとは? A directive to preserve all forms of relevant information when litigation or investigation is reasonably anticipated.
ル
- ルーティングIPsec導入とは? An implementation of IPsec that leverages routing protocols to establish secure tunnels between network endpoints, suppo...
- ルートストアとは? A trusted repository of root CA certificates used by operating systems and applications to validate the trustworthiness ...
- ルート整合性検証とは? A set of mechanisms that verify the authenticity and correctness of network routing information to prevent route hijacki...
- ルート証明書とは? A self-signed digital certificate that identifies a trusted Certificate Authority (CA) at the apex of a certification ch...
- ルート認証局とは? The top-level Certificate Authority (CA) in a PKI hierarchy whose root certificate is self-signed and serves as the ulti...
レ
- レジリエンス計画とは? The strategic process of designing and implementing measures to ensure an organization can adapt, recover, and continue ...
- レジリエントDNSアーキテクチャとは? A DNS infrastructure designed for high availability, redundancy, and resistance to attacks or failures, ensuring continu...
- レスポンスワークフローとは? A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection thro...
- レート制限バイパスとは? A technique or vulnerability where attackers evade rate limiting controls to send more requests than intended, potential...
ロ
- ログ保持とは? The process and policy of securely retaining security event and audit logs for a defined period to ensure availability f...
- ログ分析とは? The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to ...
- ログ集約とは? Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into ...
- ロールベースのセグメンテーションとは? A network security practice dividing network resources or data access based on user or device roles, enforcing least pri...
- ロール管理とは? The process of defining, assigning, and controlling user roles and associated privileges within systems to enforce least...
ワ
不
- 不十分なエントロピーチェックとは? Failure to verify that cryptographic functions use sources of randomness with adequate entropy, increasing the risk of p...
- 不正なダイレクトオブジェクトとは? A vulnerability where applications expose internal object references, such as file or database keys, directly to users w...
- 不適切なエラー処理とは? Failure to securely process or sanitize application errors, leading to information disclosure or security bypass opportu...
- 不適切なキャッシュ制御とは? Failure to configure cache settings securely, leading to the unintended storage or exposure of sensitive data in shared ...
- 不適切なシークレット保存とは? A vulnerability where sensitive secrets, such as API keys or passwords, are stored in insecure locations, such as plaint...
- 不適切なリソース共有とは? A security risk where system resources are shared without proper isolation or access controls, leading to unintended dat...
- 不適切なレート制限とは? A security weakness where APIs or web services do not sufficiently restrict the frequency or volume of requests, allowin...
- 不適切なログアウトメカニズムとは? A logout process that fails to fully invalidate all session tokens and authentication artifacts, allowing potential sess...
- 不適切な資産インベントリとは? A failure to maintain a complete, accurate, and up-to-date list of all hardware, software, and cloud assets, leading to ...
事
- 事前共有鍵とは? A symmetric key distributed to and shared by parties before communication begins, commonly used in VPNs, Wi-Fi WPA2-PSK,...
- 事業影響とは? The effect or consequence an incident, risk, or change has on an organization's operations, assets, individuals, or repu...
- 事業継続性とは? A holistic management process that identifies potential threats and ensures organizational resilience by planning for co...
仮
- 仮想デスクトップのセキュリティとは? Practices, controls, and technologies used to secure virtual desktop infrastructure (VDI) and virtual desktops in cloud ...
- 仮想ネットワークセグメンテーションとは? The division of a physical network into multiple logical networks using virtualization techniques to isolate traffic and...
- 仮想プライベートクラウドとは? A logically isolated section of a public cloud where organizations can launch resources in a virtual network that they d...
例
侵
壊
- 壊れたオブジェクトレベルとは? A critical API vulnerability where improper access controls allow attackers to manipulate or access objects belonging to...
- 壊れた暗号化ストレージとは? A vulnerability where sensitive data is improperly encrypted, decrypted, or stored using weak cryptographic algorithms, ...
- 壊れた関数レベルとは? An API vulnerability where improper function-level authorization allows attackers to access or execute functions beyond ...
多
失
対
- 対応準備性とは? The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity in...
- 対応計画とは? A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity ...
- 対応調整とは? The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, a...
- 対応調整とは? Response Coordination is the organized management of communication, task allocation, and resource deployment among stake...
悪
攻
- 攻撃の列挙とは? The process of systematically identifying and cataloging all possible attack vectors and threat actors relevant to a cry...
- 攻撃インベントリとは? A comprehensive, regularly updated list or database of all known attack techniques, tools, or vectors relevant to crypto...
- 攻撃シナリオとは? A detailed narrative describing a potential attack vector or sequence of actions that a threat actor may use to exploit ...
- 攻撃シミュレーションとは? A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defense...
- 攻撃シミュレーションとは? The process of emulating real-world cyberattacks against cryptographic infrastructure or PKI environments to evaluate de...
- 攻撃チェーンとは? A sequence of steps or techniques used by threat actors to exploit cryptographic or PKI weaknesses, progressing from ini...
- 攻撃パスモデリングとは? The systematic mapping and simulation of possible routes an adversary might take to compromise assets, used to assess ri...
- 攻撃ベクトルとは? A specific method or pathway by which a threat actor attempts to exploit vulnerabilities in cryptographic or PKI infrast...
- 攻撃リプレイとは? The process of re-enacting a recorded or theoretical attack vector against PKI or cryptographic systems to test detectio...
- 攻撃リプレイとは? A controlled reproduction of a previously observed or simulated attack scenario targeting cryptographic or PKI assets, u...
- 攻撃対象領域とは? The sum of all points in a cryptographic or PKI environment where an unauthorized user could attempt to enter data, extr...
- 攻撃経路とは? A sequence or route by which a threat actor progresses through vulnerabilities, misconfigurations, or controls in crypto...
是
- 是正ワークフローとは? Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or inci...
- 是正ワークフローとは? A formalized sequence of steps for resolving cryptographic or PKI vulnerabilities, including assignment, tracking, verif...
- 是正報告書とは? A formal document detailing the corrective actions taken to address identified cryptographic or PKI vulnerabilities, inc...
- 是正措置とは? Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to...
- 是正措置とは? A specific corrective step taken to address a vulnerability, nonconformity, or security finding in cryptographic or PKI ...
- 是正措置の追跡とは? The ongoing process of monitoring and managing corrective actions taken to resolve identified security or compliance iss...
- 是正期限とは? The maximum time allowed to fully address a vulnerability or nonconformity in PKI or cryptographic environments, as defi...
- 是正確認とは? The process of confirming that actions taken to correct cryptographic or PKI vulnerabilities are effective and that affe...
- 是正計画とは? A formal strategy that outlines actions, responsibilities, and timelines to correct identified security or compliance de...
- 是正計画とは? A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected sy...
- 是正計画とは? A documented set of actions, responsibilities, and timelines designed to resolve identified cryptographic or PKI vulnera...
- 是正証拠とは? Documented proof that a PKI or cryptographic vulnerability or deficiency has been addressed and corrective actions were ...
- 是正追跡とは? The process of monitoring and documenting the status and effectiveness of actions taken to correct identified vulnerabil...
暗
- 暗号コンプライアンスとは? Adherence to laws, regulations, and standards that govern cryptographic practices, algorithm usage, and key management, ...
- 暗号スイートとは? A named set of cryptographic algorithms used to negotiate security settings in network protocols like TLS, including key...
- 暗号フィードバックとは? A block cipher mode of operation (CFB) that turns a block cipher into a self-synchronizing stream cipher, providing conf...
- 暗号プロセッサとは? A hardware device or chip specifically designed to perform cryptographic operations such as encryption, decryption, sign...
- 暗号モジュール検証とは? The formal process of testing and certifying that a cryptographic module meets defined security standards such as FIPS 1...
- 暗号化トラフィック検査とは? A process that enables the examination of encrypted network traffic to detect threats, enforce policies, and prevent dat...
- 暗号文リプレイ保護とは? A security mechanism that detects and blocks the reuse of captured ciphertext to prevent replay attacks in encrypted com...
- 暗号解析攻撃とは? A method of attacking cryptographic systems by analyzing the algorithms and ciphertexts to extract secret keys or plaint...
検
- 検出エンジニアリングとは? The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify t...
- 検疫VLAN割り当てとは? The process of isolating endpoints identified as compromised or non-compliant by assigning them to a dedicated VLAN with...
- 検知バイパス回避とは? Techniques used by threat actors to evade or bypass security detection mechanisms such as IDS, IPS, or endpoint protecti...
- 検知能力とは? Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious acti...
- 検証機関とは? A trusted service or entity that provides real-time or historical status information about digital certificates, typical...
権
- 権限昇格とは? An attack or exploit in which a user or application gains higher access rights or privileges than intended by system pol...
- 権限昇格とは? The process by which a threat actor gains unauthorized elevated access rights within cryptographic or PKI systems.
- 権限昇格アラートとは? The process of generating real-time alerts whenever a user or process attempts to gain higher-level access than authoriz...
機
- 機密データの漏洩とは? A risk where confidential or regulated data is unintentionally disclosed through insecure APIs, weak encryption, or impr...
- 機密ログ制御とは? Procedures and mechanisms to ensure that confidential or regulated information is never written to logs, reducing the ri...
- 機密機能の露出とは? A flaw where critical application functions, such as admin features or payment operations, are accessible to unauthorize...
- 機能レベル認可とは? A control mechanism that verifies a user’s or system’s permission for each specific API endpoint or business function be...
特
- 特権API制限とは? Controls that limit access to sensitive API endpoints or functions to only those users or services with explicit privile...
- 特権ID管理とは? A security discipline and toolset focused on discovering, controlling, and monitoring accounts with elevated access righ...
- 特権セッション分離とは? The separation and monitoring of administrative sessions from standard user sessions to prevent misuse of privileged acc...
- 特権セッション記録とは? The logging and monitoring of all actions performed during privileged sessions, such as administrative or root access, t...
異
発
- 発行ポリシーとは? A formal document or set of rules that defines the procedures and requirements for issuing digital certificates within a...
- 発行者識別子とは? A unique value or distinguished name that identifies the Certificate Authority (CA) or entity that issues a digital cert...
- 発行者鍵とは? The private key held by a Certificate Authority (CA) or issuer used to sign digital certificates and assert trust in a P...
監
- 監査ログとは? The systematic recording of events and user actions in information systems to enable traceability, accountability, and f...
- 監査ログ記録とは? The process of recording security-related events, operations, or accesses within a cryptographic or PKI environment to p...
- 監査委員会とは? A formally established group within an organization tasked with oversight of financial reporting, internal controls, ris...
- 監査証跡とは? A chronological record of system activities and user actions, providing documented evidence to support accountability, t...
- 監査証跡の不十分さとは? A deficiency in logging or tracking system activities that undermines the ability to reconstruct security events, invest...
- 監督委員会とは? A governing committee or group responsible for strategic direction, oversight, and monitoring of the organization’s risk...
- 監視計画とは? A documented approach outlining processes, tools, and responsibilities for continuously observing and assessing security...
相
統
継
緩
- 緩和コントロールとは? A technical or procedural safeguard implemented to reduce the likelihood or impact of cryptographic or PKI-related risks...
- 緩和戦略とは? A structured approach involving technical, administrative, or procedural controls to reduce the likelihood or impact of ...
- 緩和計画とは? A documented strategy detailing specific actions and controls to reduce the likelihood or impact of identified risks.
- 緩和証拠とは? Documented proof that specific technical or administrative actions have effectively addressed and reduced the risk of cr...
署
- 署名アルゴリズムとは? A cryptographic algorithm used to generate and verify digital signatures, ensuring data authenticity and integrity, such...
- 署名スキームとは? A cryptographic algorithm for creating and verifying digital signatures, specifying mathematical processes and key struc...
- 署名パディングとは? A method of formatting a message or hash before digital signature creation, used to prevent certain attacks and ensure c...
- 署名ポリシーとは? A set of technical and procedural requirements governing the creation, validation, and management of digital signatures ...
- 署名付きアサーションとは? A digital statement or claim, such as an authentication response or attribute, that is cryptographically signed to ensur...
脅
- 脅威の属性付けとは? Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific act...
- 脅威の状況とは? The evolving set of potential threats, adversary capabilities, and attack vectors relevant to cryptographic and PKI ecos...
- 脅威への曝露とは? The degree to which a PKI or cryptographic system is vulnerable or visible to potential threat actors, based on controls...
- 脅威アクターとは? An individual, group, or entity with the intent, capability, and opportunity to exploit vulnerabilities in cryptographic...
- 脅威インテリジェンスとは? Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, a...
- 脅威インテリジェンスとは? Curated, actionable knowledge regarding cryptographic or PKI-related threats, including adversary tactics, relevant indi...
- 脅威インテリジェンスピボットとは? The analytic process of using one indicator (such as an IP, domain, or hash) as a starting point to discover related thr...
- 脅威エンジンとは? An automated software module that aggregates, analyzes, and correlates threat intelligence related to cryptographic or P...
- 脅威カタログとは? A structured and curated inventory of recognized PKI or cryptographic threats, attack vectors, and related mitigation st...
- 脅威シミュレーションとは? The practice of emulating real-world attacks on cryptographic or PKI infrastructure to test defenses, validate response ...
- 脅威ハンティングとは? A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that e...
- 脅威ハントプレイブックとは? A documented, repeatable procedure outlining hypothesis-driven threat hunting steps, data sources, detection logic, and ...
- 脅威モデリングとは? A structured methodology to identify, analyze, and address potential threats and vulnerabilities in information systems ...
- 脅威モデリングとは? A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organizat...
- 脅威モデリングとは? A structured process to identify, categorize, and prioritize potential threats to cryptographic systems or PKI deploymen...
- 脅威分析とは? Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilitie...
- 脅威相関分析とは? The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships ...
- 脅威評価とは? A structured process for identifying, evaluating, and prioritizing potential threats to an organization's assets, operat...
- 脅威評価とは? A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operati...
- 脅威通知とは? Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by...
脆
- 脆弱性の優先順位付けとは? The process of ranking discovered cryptographic and PKI vulnerabilities according to risk, exploitability, business impa...
- 脆弱性コンテキストとは? The operational, environmental, and architectural conditions under which a cryptographic or PKI vulnerability may be pre...
- 脆弱性データベースとは? A centralized, authoritative repository cataloging known cryptographic and PKI-related vulnerabilities, including CVEs, ...
- 脆弱性評価とは? A systematic process for identifying, classifying, and evaluating vulnerabilities in information systems, cryptographic ...
- 脆弱性開示とは? The process by which security vulnerabilities are reported to the relevant organization, vendor, or public, typically fo...
自
- 自動インジケーター共有とは? The automatic exchange of cyber threat indicators between organizations and trusted partners using standardized formats ...
- 自動キー ローテーションとは? A security control that automatically replaces cryptographic keys at predefined intervals to minimize the risk of key co...
- 自動パッチ管理とは? A systematic approach that uses software tools to automatically identify, acquire, test, and deploy security patches acr...
- 自動化脅威ハンティングとは? The continuous, proactive, and algorithm-driven search for threats and anomalies in an environment, using automated tool...
- 自動化脅威緩和とは? The use of automated controls, tools, and workflows to detect, respond to, and neutralize cyber threats in real time, mi...
- 自己署名証明書とは? A digital certificate that is signed by the same entity whose identity it certifies, rather than by a trusted Certificat...
規
- 規制ギャップとは? Any deficiency or mismatch between current organizational controls, policies, or processes and those required by relevan...
- 規制リスクとは? The potential for losses or legal penalties resulting from non-compliance with laws, regulations, or mandatory standards...
- 規制審査とは? A systematic evaluation of processes, policies, and controls to ensure alignment with applicable regulatory requirements...
- 規制整合とは? The degree to which organizational controls, processes, and policies conform to laws, regulations, and relevant industry...
- 規制遵守とは? Adherence to laws, regulations, and standards applicable to the organization's operations and information security pract...
証
- 証拠保全とは? The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for i...
- 証拠保全の連鎖とは? A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integri...
- 証拠収集とは? The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, fol...
- 証明書チェーンとは? An ordered sequence of certificates, from an end-entity certificate up to the root authority, each certifying the next i...
- 証明書テンプレートとは? A predefined configuration for certificate attributes and extensions, used by CAs to automate and standardize certificat...
- 証明書パスとは? An ordered sequence of certificates from the end-entity certificate to a trusted root certificate, used to establish tru...
- 証明書ピニングとは? A security technique that restricts which certificates are considered valid for a particular service or domain, by stori...
- 証明書ポリシーとは? A set of rules and practices that indicates the applicability of a certificate to a particular community or class of app...
- 証明書ロールオーバーとは? The managed transition from an expiring or old certificate to a new certificate in a way that minimizes service interrup...
- 証明書更新とは? The process of issuing a new certificate for an entity before the expiration of the current certificate, maintaining con...
認
- 認可スキーマの破損とは? A security flaw where access control logic is incomplete or inconsistent, enabling unauthorized users to gain access to ...
- 認証フローの不備とは? A security flaw in authentication workflows allowing users to bypass, disrupt, or abuse login and identity verification ...
- 認証リレー攻撃とは? A cyberattack in which authentication credentials are intercepted and forwarded (relayed) to impersonate a legitimate us...
- 認証情報アクセス監視とは? The process of continuously tracking, analyzing, and alerting on access to credentials (passwords, tokens, secrets) in o...
- 認証情報テストとは? The process of validating the strength, configuration, and authenticity of credentials used within cryptographic or PKI ...
- 認証情報漏洩とは? The unauthorized disclosure or leak of authentication credentials or cryptographic secrets (such as private keys or cert...
- 認証情報管理ポリシーとは? A formal set of rules and procedures for creating, storing, rotating, and revoking authentication credentials to ensure ...
資
- 資産の脆弱性とは? A weakness in a cryptographic, PKI, or related system asset that could be exploited by a threat actor to compromise conf...
- 資産インベントリとは? A comprehensive list of all information assets within an organization, including hardware, software, data, and supportin...
- 資産インベントリとは? A comprehensive, up-to-date record of all hardware, software, certificates, cryptographic modules, and other PKI-relevan...
- 資産インベントリ発見とは? The process of systematically identifying, cataloging, and updating all IT and OT assets within an organization's enviro...
- 資産分類とは? The process of categorizing cryptographic, PKI, and related assets based on sensitivity, criticality, and regulatory req...
- 資産分類とは? The process of classifying PKI and cryptographic assets based on value, criticality, sensitivity, and role within the or...
- 資産発見とは? The process of identifying and cataloging all PKI, cryptographic, or supporting assets within an organizational environm...
過
鍵
- 鍵のローテーションとは? The scheduled or event-driven replacement of cryptographic keys in a system to reduce exposure from key compromise and e...
- 鍵の抽出とは? The process of obtaining a cryptographic key from a hardware or software source, typically for backup, migration, or for...
- 鍵エスクローとは? A key management process in which cryptographic keys are held in escrow by a trusted third party, enabling recovery unde...
- 鍵ペアとは? A set of two mathematically linked cryptographic keys, typically consisting of a public key for encryption/verification ...
- 鍵合意とは? A cryptographic protocol that enables two or more parties to establish a shared secret key over an insecure channel, com...
- 鍵導出とは? A cryptographic process for generating one or more secret keys from a shared secret or password using a deterministic fu...
- 鍵確認とは? A cryptographic process where parties confirm to each other that they possess the same secret key, usually as a final st...
- 鍵管理とは? The set of processes and mechanisms for generating, distributing, storing, using, rotating, archiving, and destroying cr...
- 鍵管理とは? The set of processes and mechanisms used for the secure generation, distribution, storage, rotation, and destruction of ...
Learn All Cybersecurity English Terms Free
Master every term with native pronunciation, IPA transcriptions and career quizzes. 100% free, forever.
Download Free for iOS