Cybersecurity English
Cybersecurity English Glossary
677 professional cybersecurity english terms with definitions, pronunciation and examples. Learn what each term means — free with Termify.
A
- API契约验证 是什么? The process of verifying that an API’s requests and responses strictly conform to the documented interface specification...
- API威胁防护 是什么? A set of security mechanisms designed to detect, block, and mitigate malicious activity targeting application programmin...
- API安全网关 是什么? A dedicated service or device that provides centralized security controls for APIs, including authentication, authorizat...
- API密钥轮换 是什么? The operational practice of periodically replacing and invalidating existing API keys to minimize the risk of key compro...
- API架构强制执行 是什么? The practice of validating incoming and outgoing API requests and responses against a defined schema to prevent structur...
- API滥用分析 是什么? The use of data analysis techniques to monitor, identify, and report on abnormal or malicious usage patterns within API ...
- API滥用监控 是什么? Continuous observation and analysis of API traffic to detect misuse patterns, abuse, or automated attacks, such as scrap...
- API版本过时 是什么? The process and risk associated with retiring or deprecating old API versions, often resulting in unsupported endpoints ...
- API端点发现 是什么? The process of identifying available API endpoints, often through automated tools or by analyzing documentation and appl...
- API网关强制执行 是什么? Operational policy and control enforcement at the API gateway layer, ensuring only validated and authorized API traffic ...
- API资源篡改 是什么? The unauthorized modification or manipulation of API resources, typically by altering request parameters or payloads to ...
- API速率限制 是什么? A security control mechanism that restricts the number of API requests from a user or client within a specified timefram...
- API速率限制 是什么? A control that limits the number of API requests a client or application can make within a specific time frame to preven...
- API配额强制 是什么? The process of applying limits to the number of API requests allowed for each user, application, or key, to prevent reso...
- API限流策略 是什么? A structured approach to limit the number of API requests made by a client or IP within a specified timeframe, preventin...
C
- CA证书 是什么? A digital certificate issued to a Certificate Authority, used to sign and validate other digital certificates within a P...
- CORS策略强制执行 是什么? The process of strictly applying Cross-Origin Resource Sharing (CORS) policies to control which origins can interact wit...
- CRL分发 是什么? The mechanism and locations for making Certificate Revocation Lists (CRLs) available to PKI participants to check the re...
D
H
- HMAC验证流程 是什么? A procedure using Hash-based Message Authentication Code (HMAC) to verify data integrity and authenticity during transmi...
- HSM硬件设备 是什么? A dedicated hardware device designed to securely generate, manage, and store cryptographic keys, and perform cryptograph...
- HTTP参数污染 是什么? A web security vulnerability where multiple HTTP parameters with the same name are sent in a single request, potentially...
J
- JWT受众限制 是什么? A security control ensuring a JWT token is only accepted by the intended recipients (audiences), preventing token reuse ...
- JWT撤销列表 是什么? A security control that maintains a list of invalidated JSON Web Tokens (JWTs), preventing previously issued tokens from...
- JWT签名验证 是什么? The process of validating the cryptographic signature of a JSON Web Token (JWT) to ensure its integrity and authenticity...
M
O
- OAuth令牌自省 是什么? A protocol mechanism defined in RFC 7662 that allows resource servers to query an authorization server about the status ...
- OAuth同意授权 是什么? Process by which a resource owner grants a client application delegated access to protected resources, based on explicit...
- OCSP装订 是什么? A TLS extension that allows servers to send a time-stamped OCSP response for their certificate during handshake, improvi...
P
不
- 不受信任接口区 是什么? A designated network segment where interfaces connect to untrusted networks or devices, typically requiring strict secur...
- 不安全反序列化 是什么? A vulnerability where untrusted or tampered data is deserialized without proper validation, potentially leading to remot...
- 不安全直接对象 是什么? A vulnerability where applications expose internal object references, such as file or database keys, directly to users w...
- 不当秘密存储 是什么? A vulnerability where sensitive secrets, such as API keys or passwords, are stored in insecure locations, such as plaint...
业
- 业务影响 是什么? The effect or consequence an incident, risk, or change has on an organization's operations, assets, individuals, or repu...
- 业务规则执行 是什么? Implementation and monitoring of business logic controls within applications to prevent unauthorized or unintended actio...
- 业务连续性 是什么? A holistic management process that identifies potential threats and ensures organizational resilience by planning for co...
- 业务逻辑滥用 是什么? The exploitation of legitimate business logic in applications to gain unauthorized advantages, often bypassing technical...
- 业务逻辑验证 是什么? The process of systematically verifying application workflows and rules to ensure that implemented business logic enforc...
临
- 临时实例控制 是什么? Security controls and automation for governing short-lived, temporary compute instances to prevent persistence, limit at...
- 临时密钥 是什么? A cryptographic key generated for temporary use in a single session or operation, after which it is discarded and not re...
- 临时端口随机化 是什么? A technique where ephemeral (temporary) TCP/UDP ports are assigned randomly to reduce the risk of port prediction attack...
主
- 主体密钥 是什么? The cryptographic public key associated with the subject of a digital certificate, used to verify signatures or encrypt ...
- 主机入侵防护 是什么? A security solution deployed on host systems to proactively detect, block, and log malicious activity, such as exploits ...
- 主机完整性监控 是什么? Continuous assessment of a host system’s files, processes, and configurations to detect unauthorized changes, tampering,...
- 主机防火墙策略 是什么? A defined set of rules and configurations that control inbound and outbound network traffic at the individual host or VM...
- 主机隔离 是什么? The process of removing a compromised or suspicious host from the network to prevent lateral movement and further compro...
- 主机隔离遏制 是什么? A network defense strategy to restrict or cut off network access for a compromised or suspicious host to prevent lateral...
- 主题名称 是什么? The distinguished name (DN) in a digital certificate that uniquely identifies the certificate holder or entity, as speci...
事
- 事件优先级排序 是什么? The classification and ranking of security incidents based on risk, severity, and potential business impact to determine...
- 事件关联 是什么? The process of analyzing and combining related security events from multiple sources to identify patterns indicative of ...
- 事件关闭 是什么? The formal completion and documentation of all response activities for a security incident, ensuring lessons learned and...
- 事件分析 是什么? The comprehensive examination and assessment of a security incident to determine its cause, scope, impact, and lessons l...
- 事件分类 是什么? Incident Categorization is the process of classifying security events or incidents based on type, severity, impact, and ...
- 事件分诊 是什么? The process of rapidly classifying, prioritizing, and assigning security events for investigation based on impact, sever...
- 事件升级 是什么? The formal process of transferring a detected security incident to higher-level personnel or specialized teams for furth...
- 事件响应 是什么? The structured approach to managing and addressing cybersecurity incidents, with processes for detection, containment, e...
- 事件响应 是什么? A coordinated approach to addressing and managing the aftermath of a security breach or cyberattack, with the aim of lim...
- 事件响应遏制 是什么? The process of isolating or restricting the impact of an active security incident to prevent further spread, as describe...
- 事件处置 是什么? A structured set of procedures used by security teams to address, manage, and resolve cybersecurity incidents, including...
- 事件处置 是什么? The comprehensive process of managing a cybersecurity incident from initial detection through analysis, containment, era...
- 事件复盘 是什么? A structured post-incident process for evaluating the effectiveness of detection, response, and recovery measures to ide...
- 事件工作流 是什么? A structured sequence of tasks and escalation steps followed during the lifecycle of a security incident, from detection...
- 事件应对准备 是什么? The proactive state of an organization’s people, processes, and technology to efficiently detect, respond to, and recove...
- 事件恢复 是什么? The coordinated set of actions taken to restore systems, operations, and services to normal functioning after a security...
- 事件报告 是什么? The formal process of documenting and communicating information about detected security incidents to relevant stakeholde...
- 事件报告 是什么? The formal process of documenting and communicating the details of a cybersecurity incident to relevant stakeholders, re...
- 事件报告 是什么? The formal communication process for notifying internal or external authorities about detected security incidents, as re...
- 事件时间线 是什么? A detailed chronological record of all events, actions, and system states related to a security incident, used for inves...
- 事件检测 是什么? The process of identifying potential or actual security incidents in an IT environment by monitoring logs, events, and n...
- 事件检测 是什么? The process of identifying and confirming security events indicating unauthorized activity or compromise of cryptographi...
- 事件沟通 是什么? The timely and coordinated exchange of information about an incident’s status, impact, and response among internal teams...
- 事件管理 是什么? A structured process for identifying, assessing, responding to, and recovering from security incidents to minimize impac...
- 事件管理 是什么? A coordinated set of processes and tools for identifying, assessing, responding to, tracking, and resolving security inc...
- 事件缓解 是什么? Targeted actions taken to reduce the immediate and long-term impact of a security incident, including containment, eradi...
- 事件记录 是什么? The detailed and systematic recording of all relevant information, actions, decisions, and evidence related to a cyberse...
- 事件记录 是什么? The systematic recording of incident details, timelines, actions taken, and outcomes to ensure transparency, facilitate ...
- 事件调查 是什么? A systematic process of collecting, analyzing, and documenting evidence to determine the cause, impact, and scope of a s...
- 事件跟踪 是什么? The systematic process of recording, updating, and monitoring security incidents throughout their lifecycle to ensure ac...
- 事件通报 是什么? The act of formally informing stakeholders, management, or regulatory bodies about a detected or ongoing security incide...
- 事件遏制 是什么? The actions taken to limit the impact of a security incident by isolating affected systems, preventing lateral movement,...
云
- 云事件响应 是什么? A structured approach to managing and mitigating security incidents in cloud environments, including preparation, detect...
- 云加密网关 是什么? A security appliance or service that encrypts sensitive data before it is transferred to cloud services, ensuring confid...
- 云原生SIEM 是什么? A Security Information and Event Management platform built specifically for cloud architectures, offering elastic scalab...
- 云威胁情报 是什么? The process of gathering, analyzing, and operationalizing information about cloud-specific threats, adversary tactics, a...
- 云存储加密 是什么? The use of cryptographic techniques to protect data stored in cloud environments, ensuring confidentiality and integrity...
- 云安全态势 是什么? The overall security status and configuration of cloud services, assets, and workloads in accordance with organizational...
- 云服务提供商身份和访问管理 是什么? Identity and access management systems and controls provided by cloud service vendors, enabling secure authentication, a...
- 云活动关联分析 是什么? The process of linking and analyzing disparate cloud events, logs, and telemetry to detect patterns indicative of threat...
- 云活动日志记录 是什么? The process of capturing, storing, and analyzing logs of user actions, system events, and resource access within cloud e...
- 云流量镜像 是什么? A cloud-native capability that duplicates network traffic to analysis tools for monitoring, threat detection, and compli...
- 云网络分段 是什么? The practice of dividing cloud-based network environments into distinct, isolated segments to enforce security boundarie...
- 云网络分段 是什么? The process of dividing a cloud network into isolated segments or zones to control traffic flow and limit lateral moveme...
- 云访问代理 是什么? A security policy enforcement point between cloud service users and providers that ensures enterprise security requireme...
- 云访问审计 是什么? Systematic logging and analysis of access events in cloud environments to ensure compliance, detect anomalies, and suppo...
- 云证书固定 是什么? A security technique that restricts applications or devices to accept only specific trusted certificates or public keys ...
- 云资源标记 是什么? The process of assigning metadata labels to cloud resources to facilitate access management, cost allocation, compliance...
令
- 令牌化服务 是什么? A security process or managed solution that replaces sensitive data elements with non-sensitive equivalents (tokens), of...
- 令牌泄露防护 是什么? Measures and controls implemented to prevent authentication or authorization tokens from being inadvertently exposed, in...
- 令牌绑定 是什么? A security mechanism where cryptographic tokens are cryptographically bound to a TLS connection, ensuring that tokens ca...
- 令牌绑定强制 是什么? A security control requiring the cryptographic binding of authentication tokens to specific TLS sessions or client devic...
- 令牌范围强制 是什么? The process of restricting token privileges to the minimum necessary set of actions or resources, ensuring that access t...
- 令牌请求 是什么? A formal operation in which a client requests an authentication or authorization token from an identity provider or secu...
- 令牌过期验证 是什么? The process of checking the expiration date and time of authentication or authorization tokens to ensure that expired to...
- 令牌重放防护 是什么? Security controls and techniques that ensure tokens, such as authentication or session tokens, cannot be reused by attac...
会
- 会话令牌绑定 是什么? A security mechanism that cryptographically ties a session token to a specific user device or connection context, preven...
- 会话劫持防御 是什么? Countermeasures and controls implemented to detect, prevent, and respond to session hijacking attacks, such as session f...
- 会话密钥 是什么? A temporary symmetric key used for a single communication session, providing confidentiality and integrity for exchanged...
- 会话恢复 是什么? A TLS or secure channel mechanism that enables clients and servers to reuse a previously negotiated session state for fa...
- 会话票据 是什么? A data structure issued by a server to a client in TLS to enable stateless session resumption by encapsulating keying ma...
- 会话超时强制 是什么? Policy and technical controls to ensure user sessions automatically expire after a defined period of inactivity, minimiz...
- 会话重放防护 是什么? Controls and mechanisms designed to prevent attackers from capturing and reusing legitimate session tokens or data packe...
信
- 信任存储 是什么? A repository of trusted root and intermediate certificates used by applications and systems to verify the authenticity o...
- 信任框架 是什么? A formal structure of policies, roles, rules, and standards that define how trust is established, maintained, and evalua...
- 信任锚 是什么? A trusted entity (typically a root certificate authority) whose public key is used as the ultimate basis for validating ...
修
- 修复报告 是什么? A formal document detailing the corrective actions taken to address identified cryptographic or PKI vulnerabilities, inc...
- 修复措施 是什么? Steps taken to eliminate the cause of a detected security incident, restore affected systems, and strengthen defenses to...
- 修复计划 是什么? A documented set of actions, responsibilities, and timelines designed to resolve identified cryptographic or PKI vulnera...
- 修复跟踪 是什么? The process of monitoring and documenting the status and effectiveness of actions taken to correct identified vulnerabil...
- 修复验证 是什么? The process of confirming that actions taken to correct cryptographic or PKI vulnerabilities are effective and that affe...
凭
- 凭据测试 是什么? The process of validating the strength, configuration, and authenticity of credentials used within cryptographic or PKI ...
- 凭据访问监控 是什么? The process of continuously tracking, analyzing, and alerting on access to credentials (passwords, tokens, secrets) in o...
- 凭证填充检测 是什么? The identification and mitigation of automated attacks in which attackers use lists of compromised credentials to gain u...
- 凭证填充防御 是什么? Measures and technologies to detect, block, and mitigate automated login attempts using stolen or reused username-passwo...
- 凭证泄露 是什么? The unauthorized disclosure or leak of authentication credentials or cryptographic secrets (such as private keys or cert...
- 凭证管理政策 是什么? A formal set of rules and procedures for creating, storing, rotating, and revoking authentication credentials to ensure ...
分
- 分层防御策略 是什么? An approach that uses multiple, overlapping security controls at different layers (network, application, endpoint) to pr...
- 分布式诱捕网 是什么? A security architecture that uses distributed decoys, honeypots, and lures throughout the network or cloud to detect, de...
- 分段策略执行 是什么? The application and monitoring of access control policies that govern traffic between network segments to minimize unaut...
- 分组加密 是什么? A symmetric key encryption algorithm that encrypts data in fixed-size blocks, such as AES and 3DES.
利
- 利用尝试 是什么? An unauthorized action or sequence initiated by a threat actor to actively test or leverage a cryptographic or PKI vulne...
- 利用检测 是什么? The process of identifying and alerting on attempted or successful exploitation of vulnerabilities in cryptographic, PKI...
- 利用清单 是什么? An authoritative and frequently updated catalog of all known exploits that could target cryptographic or PKI assets, inc...
- 利用窗口期 是什么? The period between public disclosure of a cryptographic or PKI vulnerability and the application of effective remediatio...
- 利用评估 是什么? The evaluation of identified vulnerabilities in cryptographic or PKI assets to determine the likelihood and potential im...
- 利用链 是什么? The sequential use of multiple exploits to bypass security mechanisms and gain unauthorized access to cryptographic or P...
- 利用验证 是什么? The process of confirming, through controlled testing, that a discovered vulnerability in a cryptographic or PKI system ...
前
功
加
- 加密合规 是什么? Adherence to laws, regulations, and standards that govern cryptographic practices, algorithm usage, and key management, ...
- 加密处理器 是什么? A hardware device or chip specifically designed to perform cryptographic operations such as encryption, decryption, sign...
- 加密流量检查 是什么? A process that enables the examination of encrypted network traffic to detect threats, enforce policies, and prevent dat...
动
- 动态代码插装 是什么? The process of inserting monitoring hooks or logic into running code to analyze application behavior, detect anomalies, ...
- 动态端口敲门 是什么? A security technique requiring a dynamic, pre-defined sequence of connection attempts to specific ports before granting ...
- 动态风险评分 是什么? A continuous process that calculates the real-time security risk posed by users, devices, or applications based on behav...
双
取
可
- 可信平台 是什么? A computing environment equipped with hardware and software components (e.g., TPM, secure boot) designed to ensure integ...
- 可信平台模块 是什么? A hardware security chip designed to securely store cryptographic keys, certificates, and perform integrity checks to en...
- 可视化结构TAP 是什么? A hardware or virtual device that creates a copy of network traffic for out-of-band monitoring, analytics, and security ...
合
- 合规仪表板 是什么? A real-time visualization tool that aggregates and displays the status of cryptography and PKI controls, risks, incident...
- 合规审计 是什么? A systematic, independent review to determine whether activities and related results comply with planned arrangements, p...
- 合规性遵从 是什么? Adherence to laws, regulations, and standards applicable to the organization's operations and information security pract...
- 合规性验证 是什么? The systematic confirmation that cryptographic, PKI, and supporting systems conform to relevant standards, policies, and...
- 合规扫描 是什么? An automated scan of cryptographic or PKI systems to verify conformity with regulatory and industry requirements.
- 合规报告 是什么? The process of preparing and delivering evidence-based reports to demonstrate adherence to regulatory, legal, and contra...
- 合规控制 是什么? A specific policy, process, or technical measure implemented to ensure an organization meets applicable legal, regulator...
- 合规框架 是什么? An integrated system of standards, guidelines, and procedures designed to help an organization meet all relevant legal, ...
- 合规监督 是什么? Ongoing supervision and review of an organization's compliance with laws, regulations, policies, and contractual obligat...
- 合规管理 是什么? The coordinated set of processes and controls designed to ensure adherence to legal, regulatory, and internal policy req...
- 合规验证 是什么? The formal process of testing and confirming that systems, processes, and controls meet regulatory, contractual, and pol...
吊
告
- 告警优先级排序 是什么? The process of ranking and categorizing security alerts based on risk, relevance, and organizational impact, to enable e...
- 告警关联 是什么? Alert Correlation is the process of analyzing and linking related security alerts from different sources or systems to i...
- 告警疲劳 是什么? Alert Fatigue is a condition in which security analysts become desensitized or overwhelmed due to excessive or repetitiv...
响
- 响应准备 是什么? The state of preparedness of personnel, processes, and technology to quickly and effectively respond to cybersecurity in...
- 响应协调 是什么? The structured management and collaboration among teams and stakeholders to ensure efficient containment, eradication, a...
- 响应协调 是什么? Response Coordination is the organized management of communication, task allocation, and resource deployment among stake...
- 响应流程 是什么? A formalized, step-by-step sequence of procedures and roles that guide the incident response process from detection thro...
- 响应计划 是什么? A documented strategy outlining procedures, roles, responsibilities, and communications for responding to cybersecurity ...
在
- 在线响应器 是什么? A network service that provides real-time certificate status information, typically using the Online Certificate Status ...
- 在线威胁检测 是什么? Real-time inspection of network traffic by security appliances placed directly in the data path to identify and block th...
- 在线状态 是什么? In cryptography/PKI, refers to the real-time validity of a digital certificate or credential as determined by protocols ...
基
- 基于策略的修复 是什么? Automated or manual corrective actions triggered by predefined policies to mitigate detected security incidents or confi...
- 基于角色的分段 是什么? A network security practice dividing network resources or data access based on user or device roles, enforcing least pri...
- 基础设施权限管理 是什么? A process and toolset for discovering, controlling, and auditing permissions and access rights across cloud and hybrid i...
- 基线评估 是什么? A comprehensive evaluation of the security posture of PKI and cryptographic systems against established industry baselin...
妥
威
- 威胁关联分析 是什么? The analytical process of aggregating and comparing multiple data points from diverse sources to identify relationships ...
- 威胁分析 是什么? Threat Analysis is the systematic evaluation of potential and actual cyber threats by assessing threat actor capabilitie...
- 威胁建模 是什么? A structured methodology to identify, analyze, and address potential threats and vulnerabilities in information systems ...
- 威胁建模 是什么? A structured process for identifying, prioritizing, and evaluating potential threats and vulnerabilities to an organizat...
- 威胁建模 是什么? A structured process to identify, categorize, and prioritize potential threats to cryptographic systems or PKI deploymen...
- 威胁引擎 是什么? An automated software module that aggregates, analyzes, and correlates threat intelligence related to cryptographic or P...
- 威胁归因 是什么? Threat Attribution is the analytical process of linking a detected cyber threat, campaign, or incident to a specific act...
- 威胁形势 是什么? The evolving set of potential threats, adversary capabilities, and attack vectors relevant to cryptographic and PKI ecos...
- 威胁情报 是什么? Evidence-based knowledge about existing and emerging threats, derived from analysis of indicators, adversary behavior, a...
- 威胁情报 是什么? Curated, actionable knowledge regarding cryptographic or PKI-related threats, including adversary tactics, relevant indi...
- 威胁情报枢纽分析 是什么? The analytic process of using one indicator (such as an IP, domain, or hash) as a starting point to discover related thr...
- 威胁暴露 是什么? The degree to which a PKI or cryptographic system is vulnerable or visible to potential threat actors, based on controls...
- 威胁模拟 是什么? The practice of emulating real-world attacks on cryptographic or PKI infrastructure to test defenses, validate response ...
- 威胁狩猎 是什么? A proactive and iterative search through networks, endpoints, and datasets to detect and isolate advanced threats that e...
- 威胁狩猎手册 是什么? A documented, repeatable procedure outlining hypothesis-driven threat hunting steps, data sources, detection logic, and ...
- 威胁目录 是什么? A structured and curated inventory of recognized PKI or cryptographic threats, attack vectors, and related mitigation st...
- 威胁行为者 是什么? An individual, group, or entity with the intent, capability, and opportunity to exploit vulnerabilities in cryptographic...
- 威胁评估 是什么? A structured process for identifying, evaluating, and prioritizing potential threats to an organization's assets, operat...
- 威胁评估 是什么? A structured process for identifying, analyzing, and prioritizing potential threats to an organization's assets, operati...
- 威胁通报 是什么? Official communication to stakeholders regarding the discovery or presence of a specific cyber threat, often required by...
安
- 安全事件日志 是什么? The systematic recording of security-related activities, alerts, and incidents within systems or networks to support det...
- 安全分析 是什么? Security Analytics refers to the use of advanced data analysis techniques, including machine learning and statistical mo...
- 安全分类 是什么? The categorization of data or assets based on sensitivity, value, and required level of protection, typically in alignme...
- 安全分组转发 是什么? The practice of transmitting data packets across networks in a manner that maintains confidentiality, integrity, and aut...
- 安全剧本 是什么? A documented set of repeatable incident response procedures and decision trees tailored to specific threat scenarios or ...
- 安全启动验证 是什么? A cryptographic process that ensures only trusted, signed firmware and software are loaded during system startup, preven...
- 安全命令通道 是什么? An encrypted, authenticated communication pathway used for transmitting privileged commands or control signals, as descr...
- 安全响应 是什么? Coordinated activities by security personnel to mitigate, contain, and resolve identified threats or incidents in accord...
- 安全培训 是什么? Instructional activities designed to equip personnel with the knowledge and skills to recognize, prevent, and respond to...
- 安全基线 是什么? A documented set of minimum security controls or configurations established as a standard for systems, services, or proc...
- 安全基线 是什么? A set of minimum security controls and configurations established for cryptographic or PKI systems to ensure compliance ...
- 安全头强制 是什么? The application of mandatory HTTP response headers (such as CSP, HSTS, X-Frame-Options) to protect web applications from...
- 安全审计 是什么? A formal, systematic review of an organization’s information systems, controls, and procedures to verify their effective...
- 安全审计 是什么? A formal, systematic review and verification of cryptographic and PKI processes, controls, and compliance with standards...
- 安全容器网络 是什么? The practice of applying security controls, segmentation, and encrypted communication to the networking layer between co...
- 安全态势 是什么? The overall status of an organization’s cybersecurity policies, controls, capabilities, and readiness to detect, prevent...
- 安全意识培训 是什么? Education provided to personnel to raise awareness about security risks, threats, and safe practices, often as part of c...
- 安全断言标记 是什么? An XML-based framework (SAML) for exchanging authentication and authorization data between security domains, commonly us...
- 安全测试 是什么? The process of evaluating cryptographic, PKI, and supporting systems for compliance with security requirements, through ...
- 安全电子邮件网关 是什么? A dedicated security appliance or cloud service that monitors, filters, and blocks malicious email content (spam, phishi...
- 安全监控 是什么? Continuous observation, collection, and analysis of security events and data across information systems to detect threat...
- 安全监督 是什么? The ongoing supervision and review of security policies, controls, and processes to ensure effective risk management and...
- 安全章程 是什么? A formal document that defines the scope, authority, and responsibilities of the security function within an organizatio...
- 安全策略 是什么? A high-level plan that defines how an organization will protect its information assets, meet regulatory obligations, and...
- 安全策略违规 是什么? Any action or event that contravenes an established information security policy or standard, triggering investigation or...
- 安全编排 是什么? The automated coordination and integration of security tools, processes, and workflows to accelerate response and improv...
- 安全编排自动化 是什么? The integration and automation of security processes, tools, and workflows to accelerate detection, investigation, and r...
- 安全缺口 是什么? A missing or insufficient security control in cryptographic or PKI systems that exposes assets to risk, noncompliance, o...
- 安全自动化 是什么? Security Automation is the application of technology to perform repetitive or time-sensitive security operations tasks—s...
- 安全覆盖网络 是什么? A logically separated, secured network built on top of an existing network to provide enhanced security controls and iso...
- 安全警报 是什么? Automated or manual notification process by which a security system or analyst informs relevant personnel of detected su...
- 安全评估 是什么? A systematic evaluation of the security posture of systems, networks, and processes to identify vulnerabilities, threats...
- 安全边界网关 是什么? A security-hardened network device or configuration that manages and filters traffic entering or leaving the network per...
- 安全运营 是什么? All coordinated activities performed in a Security Operations Center (SOC) to monitor, detect, investigate, and respond ...
- 安全通知 是什么? The formal process of communicating significant security events or incident statuses to designated stakeholders or regul...
- 安全通道 是什么? A communication path protected by cryptographic means, ensuring confidentiality, integrity, and authentication of data i...
- 安全遥测 是什么? Security Telemetry refers to the automated collection, transmission, and aggregation of security-relevant data—such as l...
- 安全配置基线 是什么? A documented set of secure settings and parameters for systems or applications, serving as a reference point for complia...
- 安全配置错误 是什么? A common vulnerability where systems, servers, or applications are deployed with insecure default settings, incomplete c...
- 安全配置错误 是什么? A failure to implement correct or secure settings in cryptographic, PKI, or network assets, resulting in exposure to exp...
审
- 审计委员会 是什么? A formally established group within an organization tasked with oversight of financial reporting, internal controls, ris...
- 审计日志 是什么? The systematic recording of events and user actions in information systems to enable traceability, accountability, and f...
- 审计日志记录 是什么? The process of recording security-related events, operations, or accesses within a cryptographic or PKI environment to p...
- 审计跟踪 是什么? A chronological record of system activities and user actions, providing documented evidence to support accountability, t...
- 审计跟踪不足 是什么? A deficiency in logging or tracking system activities that undermines the ability to reconstruct security events, invest...
客
- 客户操作系统隔离 是什么? The practice of isolating virtual machines (guests) from each other and from the host system to prevent unauthorized acc...
- 客户端强制 是什么? Reliance on client-side logic to enforce security controls, which can be bypassed or manipulated, undermining the intend...
- 客户端证书验证 是什么? A process that verifies the authenticity and trustworthiness of client certificates during mutual TLS connections, enabl...
容
- 容器运行时隔离 是什么? A set of controls and configurations that ensure each running container is logically and physically separated from other...
- 容器逃逸防护 是什么? Security controls and mechanisms implemented to prevent processes within a container from breaching isolation boundaries...
- 容器镜像扫描 是什么? The process of automatically analyzing container images for vulnerabilities, malware, and policy violations before deplo...
密
- 密文重放保护 是什么? A security mechanism that detects and blocks the reuse of captured ciphertext to prevent replay attacks in encrypted com...
- 密码分析攻击 是什么? A method of attacking cryptographic systems by analyzing the algorithms and ciphertexts to extract secret keys or plaint...
- 密码反馈 是什么? A block cipher mode of operation (CFB) that turns a block cipher into a self-synchronizing stream cipher, providing conf...
- 密码套件 是什么? A named set of cryptographic algorithms used to negotiate security settings in network protocols like TLS, including key...
- 密码模块验证 是什么? The formal process of testing and certifying that a cryptographic module meets defined security standards such as FIPS 1...
- 密钥包裹 是什么? The process of encrypting one cryptographic key with another key to securely transport or store keys, typically used for...
- 密钥协商 是什么? A cryptographic protocol that enables two or more parties to establish a shared secret key over an insecure channel, com...
- 密钥备份 是什么? The secure process of creating a protected copy of a cryptographic key, enabling recovery if the original is lost or dam...
- 密钥容器 是什么? A logical or physical storage area used to hold cryptographic keys, often protected by access controls and used in softw...
- 密钥对 是什么? A set of two mathematically linked cryptographic keys, typically consisting of a public key for encryption/verification ...
- 密钥导入 是什么? The process of securely bringing a cryptographic key into a software or hardware cryptographic module, typically in comp...
- 密钥恢复 是什么? A controlled process for restoring lost or inaccessible cryptographic keys, typically from a secure backup or escrow, fo...
- 密钥托管 是什么? A key management process in which cryptographic keys are held in escrow by a trusted third party, enabling recovery unde...
- 密钥提取 是什么? The process of obtaining a cryptographic key from a hardware or software source, typically for backup, migration, or for...
- 密钥校验和 是什么? A value derived from a cryptographic key using a checksum or hash algorithm, used to verify the integrity or correctness...
- 密钥派生 是什么? A cryptographic process for generating one or more secret keys from a shared secret or password using a deterministic fu...
- 密钥生命周期 是什么? The maximum period that a cryptographic key is allowed to be active and used for cryptographic operations before mandato...
- 密钥用途 是什么? A certificate extension that defines the allowed cryptographic operations for the associated key, such as digital signat...
- 密钥确认 是什么? A cryptographic process where parties confirm to each other that they possess the same secret key, usually as a final st...
- 密钥管理 是什么? The set of processes and mechanisms for generating, distributing, storing, using, rotating, archiving, and destroying cr...
- 密钥管理 是什么? The set of processes and mechanisms used for the secure generation, distribution, storage, rotation, and destruction of ...
- 密钥管理服务 是什么? A centralized service or system that creates, stores, rotates, and manages cryptographic keys used for securing data at ...
- 密钥轮换 是什么? The scheduled process of replacing cryptographic keys with new keys to limit the period a compromised key can be misused...
- 密钥轮换 是什么? The scheduled or event-driven replacement of cryptographic keys in a system to reduce exposure from key compromise and e...
对
- 对手仿真 是什么? Adversary Simulation is a controlled security exercise that emulates realistic cyber attacks by mimicking the tactics, t...
- 对手模拟 是什么? The simulation of real-world attacker behaviors and techniques in a controlled environment to test and improve detection...
- 对称密钥 是什么? A cryptographic key used in symmetric encryption where the same key is used for both encryption and decryption operation...
- 对象级别漏洞 是什么? A critical API vulnerability where improper access controls allow attackers to manipulate or access objects belonging to...
工
应
- 应用容器安全 是什么? Practices and controls for securing containerized applications and environments, including image scanning, runtime prote...
- 应用层DDoS 是什么? A type of distributed denial-of-service attack that targets the application layer (OSI Layer 7) with malicious HTTP or A...
- 应用白名单策略 是什么? A security control that restricts the execution of software to only pre-approved applications, preventing unauthorized o...
异
- 异常处理 是什么? The systematic process of identifying, logging, resolving, and reporting deviations from expected information security o...
- 异常检测 是什么? Anomaly Detection is the process of identifying unusual patterns, events, or activities in datasets, logs, or network tr...
- 异常流量分析 是什么? The identification and categorization of network traffic patterns that deviate from established baselines to detect pote...
影
- 影响分析 是什么? The process of identifying and evaluating the potential consequences and business impacts of threats, incidents, or poli...
- 影响分析 是什么? A structured assessment of the potential consequences or business disruption resulting from the exploitation of vulnerab...
- 影响评估 是什么? A systematic analysis of the consequences that an identified risk or incident could have on business operations, assets,...
- 影子 IT 发现 是什么? The process of identifying unauthorized or unmanaged IT systems, applications, or services within an organization, typic...
微
- 微分段策略 是什么? A granular security approach that divides networks into isolated segments at the workload or application level, enforcin...
- 微分段策略 是什么? A set of rules that define fine-grained network zones and enforce isolation between workloads to limit lateral movement.
- 微服务分段传输 是什么? A network architecture approach in which communications between microservices are isolated into distinct, secured segmen...
- 微服务安全网格 是什么? A distributed security framework that provides consistent identity, policy enforcement, and encrypted communication acro...
恶
- 恶意流量阻断 是什么? Automated or manual actions taken to identify and prevent the flow of network traffic identified as malicious, including...
- 恶意脚本阻止 是什么? The detection and prevention of unauthorized, harmful scripts (such as JavaScript, PowerShell, or macros) from executing...
- 恶意软件分析 是什么? The process of examining malicious software to understand its behavior, intent, origin, and potential impact on affected...
- 恶意软件遏制 是什么? Malware Containment is the set of actions and controls enacted to isolate and prevent the spread of malicious software w...
托
扫
- 扫描引擎 是什么? A dedicated software module or appliance that performs automated vulnerability, compliance, or configuration scans on cr...
- 扫描结果 是什么? The output or findings generated by automated or manual scans of PKI or cryptographic systems for vulnerabilities, compl...
- 扫描覆盖率 是什么? The extent to which cryptographic systems, PKI components, and related assets are included in vulnerability or configura...
- 扫描频率 是什么? The rate at which cryptographic assets or PKI-enabled systems are scanned or assessed for vulnerabilities, exposures, or...
持
- 持续合规监控 是什么? The ongoing process of automatically assessing systems, configurations, and user activities to ensure adherence to regul...
- 持续威胁缓解 是什么? A set of proactive and reactive controls aimed at detecting, containing, and eradicating advanced persistent threats (AP...
- 持续监控 是什么? Ongoing real-time observation and analysis of security controls and risks to ensure timely detection of threats and comp...
指
控
- 控制审查 是什么? An assessment of security controls to determine their effectiveness, adequacy, and proper implementation within the orga...
- 控制成熟度 是什么? A measure of how well an internal control is designed, implemented, and operating as intended to mitigate risk and meet ...
- 控制映射 是什么? The process of linking controls to regulatory, policy, or framework requirements to demonstrate compliance and facilitat...
- 控制映射 是什么? The process of aligning cryptographic or PKI controls with regulatory frameworks, standards, or organizational requireme...
- 控制框架 是什么? A structured set of governance, risk, and compliance (GRC) policies, processes, and controls aligned to industry standar...
- 控制流程 是什么? A series of coordinated actions and procedures implemented to manage and mitigate risk by enforcing policies and securit...
- 控制目标 是什么? A specific statement of the desired result or purpose that a control is intended to achieve, forming the basis for asses...
- 控制缺陷 是什么? A weakness in the design or operation of a control that prevents it from effectively mitigating risk or achieving compli...
- 控制自评 是什么? Short for 'Control Self-Assessment'—an internal process where departments evaluate the design and effectiveness of their...
- 控制薄弱点 是什么? A flaw, gap, or insufficient strength in technical or procedural controls that may allow threats to compromise cryptogra...
- 控制评估 是什么? A formal evaluation of the design and effectiveness of security controls to determine whether they are operating as inte...
- 控制评估 是什么? A systematic assessment of technical and procedural security controls in cryptographic and PKI environments to determine...
攻
- 攻击场景 是什么? A detailed narrative describing a potential attack vector or sequence of actions that a threat actor may use to exploit ...
- 攻击枚举 是什么? The process of systematically identifying and cataloging all possible attack vectors and threat actors relevant to a cry...
- 攻击模拟 是什么? A controlled emulation of cyberattacks against systems, networks, or people to assess security posture, validate defense...
- 攻击模拟 是什么? The process of emulating real-world cyberattacks against cryptographic infrastructure or PKI environments to evaluate de...
- 攻击清单 是什么? A comprehensive, regularly updated list or database of all known attack techniques, tools, or vectors relevant to crypto...
- 攻击路径 是什么? A sequence or route by which a threat actor progresses through vulnerabilities, misconfigurations, or controls in crypto...
- 攻击路径建模 是什么? The systematic mapping and simulation of possible routes an adversary might take to compromise assets, used to assess ri...
- 攻击途径 是什么? A specific method or pathway by which a threat actor attempts to exploit vulnerabilities in cryptographic or PKI infrast...
- 攻击重放 是什么? The process of re-enacting a recorded or theoretical attack vector against PKI or cryptographic systems to test detectio...
- 攻击重放 是什么? A controlled reproduction of a previously observed or simulated attack scenario targeting cryptographic or PKI assets, u...
- 攻击链 是什么? A sequence of steps or techniques used by threat actors to exploit cryptographic or PKI weaknesses, progressing from ini...
- 攻击面 是什么? The sum of all points in a cryptographic or PKI environment where an unauthorized user could attempt to enter data, extr...
政
- 政策审查 是什么? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- 政策审查 是什么? A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance wi...
- 政策执行 是什么? The process of ensuring that policies, standards, and procedures are implemented and followed within the organization, w...
- 政策文件 是什么? The comprehensive collection and maintenance of all written policies, procedures, and standards governing security, risk...
- 政策框架 是什么? A structured set of overarching policies, standards, and guidelines that governs how information security, compliance, a...
- 政策违规 是什么? An act or omission that breaches or contradicts an established organizational policy, potentially leading to disciplinar...
- 政策遵循 是什么? The degree to which organizational personnel follow established internal policies, procedures, and standards.
敏
- 敏感功能暴露 是什么? A flaw where critical application functions, such as admin features or payment operations, are accessible to unauthorize...
- 敏感数据暴露 是什么? A risk where confidential or regulated data is unintentionally disclosed through insecure APIs, weak encryption, or impr...
- 敏感日志控制 是什么? Procedures and mechanisms to ensure that confidential or regulated information is never written to logs, reducing the ri...
数
- 数字信封 是什么? A mechanism in cryptography where a message is encrypted with a symmetric key and the symmetric key is then encrypted wi...
- 数字取证 是什么? The discipline of identifying, preserving, analyzing, and documenting digital evidence from electronic devices to suppor...
- 数据丢失 是什么? The unintended or unauthorized destruction, corruption, or loss of data, potentially resulting in business disruption or...
- 数据主体 是什么? An individual whose personal data is collected, held or processed by a data controller or processor as defined by privac...
- 数据主权 是什么? The concept that digital data is subject to the laws and governance structures within the nation where it is collected o...
- 数据保留 是什么? The set of policies and procedures governing how long organizational data must be kept, archived, or deleted in complian...
- 数据分类 是什么? The process of categorizing data based on its sensitivity, value, and the impact to the organization if disclosed, alter...
- 数据分类 是什么? The systematic process of categorizing information based on sensitivity, criticality, and regulatory requirements to det...
- 数据包捕获分析 是什么? The process of collecting and analyzing network packet data to detect threats, troubleshoot issues, and validate securit...
- 数据包时间戳 是什么? The process of attaching accurate time information to network packets for logging, monitoring, forensic analysis, and la...
- 数据处理 是什么? The processes and procedures for collecting, processing, storing, transmitting, and disposing of data in a secure and co...
- 数据平面隔离 是什么? The separation of the data forwarding path from management and control planes within network infrastructure to improve s...
- 数据所有权 是什么? The formal assignment of authority and accountability for data assets to specific individuals or roles within an organiz...
- 数据映射 是什么? The structured process of identifying, documenting, and connecting the flow of data elements across systems, application...
- 数据最小化 是什么? The principle and practice of limiting personal or sensitive data collection, processing, and retention to only what is ...
- 数据渗漏警报 是什么? The real-time detection and notification of unauthorized attempts to transfer sensitive or regulated data out of protect...
- 数据管理 是什么? The assignment of responsibility for the management, oversight, and protection of data assets to designated individuals ...
- 数据篡改检测 是什么? Mechanisms and monitoring used to detect unauthorized or malicious modification of data in storage, transit, or processi...
- 数据防泄漏 是什么? A suite of technologies and policies designed to detect, monitor, and prevent the unauthorized transmission or disclosur...
- 数据驻留控制 是什么? Policies and technical mechanisms that ensure organizational data is stored, processed, and managed in specific legal or...
无
- 无代理漏洞扫描 是什么? A vulnerability assessment performed without installing agents on target systems, using network, API, or credentialed sc...
- 无服务器函数封装 是什么? The security practice of encapsulating serverless functions within wrappers or middleware to enforce policy, perform inp...
- 无服务器安全策略 是什么? A set of security controls and guidelines specifically designed to protect serverless computing architectures by restric...
日
- 日志保留 是什么? The process and policy of securely retaining security event and audit logs for a defined period to ensure availability f...
- 日志分析 是什么? The process of examining and interpreting system, application, and security logs to detect, investigate, and respond to ...
- 日志聚合 是什么? Log Aggregation is the process of collecting and centralizing logs from diverse systems, applications, and devices into ...
暴
- 暴露分析 是什么? Systematic evaluation of cryptographic or PKI assets and their attack surface to determine points of exposure to vulnera...
- 暴露度量 是什么? A quantitative value representing the degree of risk, visibility, or attack surface present in PKI or cryptographic asse...
- 暴露窗口期 是什么? The time period during which cryptographic or PKI assets remain susceptible to exploitation due to the existence of unpa...
服
机
权
- 权限提升 是什么? An attack or exploit in which a user or application gains higher access rights or privileges than intended by system pol...
- 权限提升 是什么? The process by which a threat actor gains unauthorized elevated access rights within cryptographic or PKI systems.
- 权限提升警报 是什么? The process of generating real-time alerts whenever a user or process attempts to gain higher-level access than authoriz...
根
- 根存储区 是什么? A trusted repository of root CA certificates used by operating systems and applications to validate the trustworthiness ...
- 根本原因 是什么? The fundamental underlying reason or origin of a security incident, breach, or operational failure, identified through s...
- 根证书 是什么? A self-signed digital certificate that identifies a trusted Certificate Authority (CA) at the apex of a certification ch...
- 根证书颁发机构 是什么? The top-level Certificate Authority (CA) in a PKI hierarchy whose root certificate is self-signed and serves as the ulti...
案
检
- 检测工程 是什么? The discipline of designing, implementing, and tuning security monitoring rules, analytics, and automation to identify t...
- 检测绕过规避 是什么? Techniques used by threat actors to evade or bypass security detection mechanisms such as IDS, IPS, or endpoint protecti...
- 检测能力 是什么? Detection Capability is the measure of an organization's ability to identify and recognize cyber threats, malicious acti...
横
治
法
- 法律保全 是什么? A directive to preserve all forms of relevant information when litigation or investigation is reasonably anticipated.
- 法律合规 是什么? The state of adhering to all applicable laws, regulations, and legal obligations relevant to an organization's business ...
- 法规对齐 是什么? The degree to which organizational controls, processes, and policies conform to laws, regulations, and relevant industry...
流
- 流程映射 是什么? A systematic technique for visually documenting and analyzing business or IT processes, their sequence, stakeholders, in...
- 流程映射 是什么? A structured method of visually documenting and analyzing processes, including their steps, controls, and responsible pa...
- 流量分类引擎 是什么? A system or module that automatically identifies, categorizes, and labels network traffic based on protocols, applicatio...
- 流量采集传感器 是什么? A network device or software agent that passively gathers, aggregates, and forwards network flow records (such as NetFlo...
测
浏
混
漏
- 漏洞优先级排序 是什么? The process of ranking discovered cryptographic and PKI vulnerabilities according to risk, exploitability, business impa...
- 漏洞利用暴露 是什么? The state in which PKI or cryptographic systems are vulnerable to a known exploit, due to unpatched or misconfigured com...
- 漏洞利用档案 是什么? A centralized and curated repository of documented exploits relevant to cryptographic or PKI environments, used for thre...
- 漏洞利用模拟 是什么? A controlled emulation of exploit attempts against cryptographic or PKI vulnerabilities to assess system resilience and ...
- 漏洞利用研究 是什么? The investigative process of analyzing, discovering, and documenting methods by which vulnerabilities in PKI or cryptogr...
- 漏洞利用缓解 是什么? Technical and procedural controls implemented to reduce or eliminate the risk of exploitation of vulnerabilities in cryp...
- 漏洞利用预防 是什么? A set of technical and procedural controls to proactively prevent exploitation of vulnerabilities in cryptographic and P...
- 漏洞情境 是什么? The operational, environmental, and architectural conditions under which a cryptographic or PKI vulnerability may be pre...
- 漏洞披露 是什么? The process by which security vulnerabilities are reported to the relevant organization, vendor, or public, typically fo...
- 漏洞数据库 是什么? A centralized, authoritative repository cataloging known cryptographic and PKI-related vulnerabilities, including CVEs, ...
- 漏洞评估 是什么? A systematic process for identifying, classifying, and evaluating vulnerabilities in information systems, cryptographic ...
特
- 特权API限制 是什么? Controls that limit access to sensitive API endpoints or functions to only those users or services with explicit privile...
- 特权会话录制 是什么? The logging and monitoring of all actions performed during privileged sessions, such as administrative or root access, t...
- 特权会话隔离 是什么? The separation and monitoring of administrative sessions from standard user sessions to prevent misuse of privileged acc...
- 特权身份管理 是什么? A security discipline and toolset focused on discovering, controlling, and monitoring accounts with elevated access righ...
用
- 用户冒充控制 是什么? Mechanisms and safeguards that prevent or detect unauthorized use of a legitimate user's identity within a system or app...
- 用户行为分析 是什么? Advanced analytics that monitor and analyze user activity patterns to detect insider threats, compromised accounts, and ...
- 用户配置 是什么? The process of creating, managing, and assigning user accounts and privileges within an organization's IT systems in acc...
监
- 监控计划 是什么? A documented approach outlining processes, tools, and responsibilities for continuously observing and assessing security...
- 监督委员会 是什么? A governing committee or group responsible for strategic direction, oversight, and monitoring of the organization’s risk...
- 监管审查 是什么? A systematic evaluation of processes, policies, and controls to ensure alignment with applicable regulatory requirements...
- 监管差距 是什么? Any deficiency or mismatch between current organizational controls, policies, or processes and those required by relevan...
- 监管风险 是什么? The potential for losses or legal penalties resulting from non-compliance with laws, regulations, or mandatory standards...
硬
第
策
- 策略例外 是什么? A formally approved, documented deviation from an established security policy, typically granted on a temporary basis wi...
- 策略决策点 是什么? A logical component in access control architectures (e.g., ABAC, RBAC) that evaluates access requests against policy rul...
- 策略映射 是什么? The process in PKI where certificate policies from one CA are mapped to equivalent policies in another, allowing interop...
- 策略机构 是什么? An entity within a PKI or trust framework responsible for defining, governing, and maintaining security and operational ...
签
- 签名填充 是什么? A method of formatting a message or hash before digital signature creation, used to prevent certain attacks and ensure c...
- 签名断言 是什么? A digital statement or claim, such as an authentication response or attribute, that is cryptographically signed to ensur...
- 签名方案 是什么? A cryptographic algorithm for creating and verifying digital signatures, specifying mathematical processes and key struc...
- 签名策略 是什么? A set of technical and procedural requirements governing the creation, validation, and management of digital signatures ...
- 签名算法 是什么? A cryptographic algorithm used to generate and verify digital signatures, ensuring data authenticity and integrity, such...
终
- 终端健康认证 是什么? A process by which the health state of an endpoint device is cryptographically measured and validated before it is allow...
- 终端取证采集 是什么? The process of acquiring and preserving digital evidence from cloud or on-premises endpoints in a manner consistent with...
- 终端威胁情报 是什么? The real-time collection and analysis of threat indicators and adversary tactics from endpoint devices to enhance detect...
- 终端策略执行 是什么? The application of security controls to endpoints (e.g., laptops, mobiles) to ensure compliance with organizational secu...
- 终端防篡改保护 是什么? A security feature that prevents unauthorized users or malware from disabling, modifying, or bypassing endpoint security...
- 终端隔离策略 是什么? A defined set of rules for isolating endpoints that exhibit suspicious or non-compliant behavior to prevent them from ac...
- 终端隔离策略 是什么? A formalized set of procedures and controls for isolating endpoints exhibiting signs of compromise or non-compliance fro...
缓
- 缓存控制不当 是什么? Failure to configure cache settings securely, leading to the unintended storage or exposure of sensitive data in shared ...
- 缓解控制 是什么? A technical or procedural safeguard implemented to reduce the likelihood or impact of cryptographic or PKI-related risks...
- 缓解策略 是什么? A structured approach involving technical, administrative, or procedural controls to reduce the likelihood or impact of ...
- 缓解计划 是什么? A documented strategy detailing specific actions and controls to reduce the likelihood or impact of identified risks.
- 缓解证据 是什么? Documented proof that specific technical or administrative actions have effectively addressed and reduced the risk of cr...
网
- 网络分段 是什么? The practice of dividing a computer network into subnetworks, each being a network segment, to improve security, perform...
- 网络威胁狩猎 是什么? The proactive process of searching for hidden threats or adversaries within network traffic using behavioral analytics, ...
- 网络枚举 是什么? The systematic identification and cataloging of networked assets, hosts, and services, including cryptographic and PKI i...
- 网络欺骗行动 是什么? Deliberate use of decoys, traps, and misinformation within an organization's environment to detect, divert, and analyze ...
- 网络流量分析 是什么? The process of collecting, monitoring, and analyzing metadata about network traffic flows to detect anomalies and threat...
- 网络结构加密 是什么? Encryption mechanisms applied to the entire data path within a network fabric, ensuring confidentiality and integrity of...
- 网络行为异常 是什么? An observed deviation from established patterns of normal network activity that may indicate the presence of malicious a...
- 网络访问强制 是什么? The application of technical controls to regulate and restrict user, device, or service access to network resources, enf...
- 网络遥测聚合 是什么? The collection, normalization, and consolidation of network telemetry data (such as flow records, logs, or metrics) from...
联
自
- 自动化威胁指标共享 是什么? The automatic exchange of cyber threat indicators between organizations and trusted partners using standardized formats ...
- 自动化威胁狩猎 是什么? The continuous, proactive, and algorithm-driven search for threats and anomalies in an environment, using automated tool...
- 自动化威胁缓解 是什么? The use of automated controls, tools, and workflows to detect, respond to, and neutralize cyber threats in real time, mi...
- 自动密钥轮换 是什么? A security control that automatically replaces cryptographic keys at predefined intervals to minimize the risk of key co...
- 自动补丁管理 是什么? A systematic approach that uses software tools to automatically identify, acquire, test, and deploy security patches acr...
- 自签名证书 是什么? A digital certificate that is signed by the same entity whose identity it certifies, rather than by a trusted Certificat...
- 自适应分组整形 是什么? A dynamic network management technique that adjusts packet flows based on real-time bandwidth, latency, or application p...
- 自适应响应编排 是什么? The automated coordination and execution of security responses that dynamically adjust based on incident severity and co...
- 自适应访问控制 是什么? A dynamic security mechanism that adjusts access decisions in real-time based on user behavior, device health, risk cont...
虚
- 虚拟专用云 是什么? A logically isolated section of a public cloud where organizations can launch resources in a virtual network that they d...
- 虚拟专用通道 是什么? A secure, encrypted connection established over a public or untrusted network, forming a logical link that protects data...
- 虚拟机监控器逃逸缓解 是什么? A set of security controls and techniques that prevent or detect attempts by virtual machines to break out of hypervisor...
- 虚拟桌面安全 是什么? Practices, controls, and technologies used to secure virtual desktop infrastructure (VDI) and virtual desktops in cloud ...
- 虚拟网络分段 是什么? The division of a physical network into multiple logical networks using virtualization techniques to isolate traffic and...
- 虚拟补丁部署 是什么? The process of applying security controls, such as firewall rules or IPS signatures, to mitigate vulnerabilities without...
补
- 补丁例外 是什么? A formally documented decision to temporarily or permanently not apply a specific patch to a PKI or cryptographic system...
- 补丁回滚 是什么? The process of reverting cryptographic or PKI system components to a previous version when a deployed patch introduces i...
- 补丁状态 是什么? The documented and regularly updated record of the deployment, verification, and compliance of cryptographic or PKI-rela...
- 补丁管理 是什么? A formal process for the identification, acquisition, testing, and deployment of patches to correct vulnerabilities in c...
- 补丁部署 是什么? The distribution and installation of security updates to cryptographic or PKI-related systems to remediate vulnerabiliti...
- 补丁验证 是什么? The process of confirming through controlled testing that a security patch applied to cryptographic modules or PKI compo...
- 补丁验证 是什么? The process of confirming that applied patches to cryptographic, PKI, or related systems have been correctly installed, ...
- 补救截止日期 是什么? The maximum time allowed to fully address a vulnerability or nonconformity in PKI or cryptographic environments, as defi...
- 补救措施 是什么? A specific corrective step taken to address a vulnerability, nonconformity, or security finding in cryptographic or PKI ...
- 补救流程 是什么? Remediation Workflow is a structured, documented process for addressing and resolving identified security issues or inci...
- 补救流程 是什么? A formalized sequence of steps for resolving cryptographic or PKI vulnerabilities, including assignment, tracking, verif...
- 补救计划 是什么? A formal strategy that outlines actions, responsibilities, and timelines to correct identified security or compliance de...
- 补救计划 是什么? A documented set of actions designed to eliminate the root cause and effects of a security incident, restore affected sy...
- 补救证据 是什么? Documented proof that a PKI or cryptographic vulnerability or deficiency has been addressed and corrective actions were ...
- 补救跟踪 是什么? The ongoing process of monitoring and managing corrective actions taken to resolve identified security or compliance iss...
警
- 警报丰富 是什么? The process of adding contextual information to security alerts, such as asset details, user context, or threat intellig...
- 警报分流 是什么? The systematic process of evaluating, prioritizing, and categorizing security alerts based on severity, credibility, and...
- 警报升级 是什么? The process of forwarding a security alert to higher-level analysts or decision makers when the event exceeds the curren...
- 警报抑制 是什么? The intentional filtering or silencing of specific security alerts to reduce noise from false positives and allow focus ...
- 警报文档 是什么? The detailed recording of all relevant information about a security alert, including source, analysis, actions, and outc...
- 警报生命周期 是什么? The sequence of phases that a security alert undergoes, from initial detection and triage through investigation, escalat...
- 警报调查 是什么? The process of analyzing and validating security alerts to determine their legitimacy, scope, and required response acti...
- 警报调查 是什么? The structured process of examining the source, context, and impact of a security alert to determine its validity, root ...
- 警报验证 是什么? The process of verifying whether a security alert is genuine, actionable, and relevant, typically by correlating with ad...
认
- 认证中继攻击 是什么? A cyberattack in which authentication credentials are intercepted and forwarded (relayed) to impersonate a legitimate us...
- 认证服务集成 是什么? The process of connecting systems to trusted attestation services that validate the integrity and security posture of cl...
- 认证流程失效 是什么? A security flaw in authentication workflows allowing users to bypass, disrupt, or abuse login and identity verification ...
设
- 设备信任评分 是什么? A security metric that evaluates the trustworthiness of a device based on hardware, software, configuration, compliance ...
- 设备姿态评估 是什么? The evaluation of a device's security state, such as patch levels, configurations, and presence of security controls, be...
- 设备注册管理 是什么? The process of registering and configuring devices to ensure compliance with security policies before granting access to...
- 设备证书 是什么? A digital certificate issued to a device (such as a server, router, or IoT component) to authenticate its identity withi...
- 设备证书管理 是什么? The process of issuing, deploying, renewing, and revoking digital certificates used to authenticate and secure devices w...
访
- 访问向量过滤 是什么? A network defense technique that restricts or monitors traffic based on access vectors such as protocol, port, and direc...
- 访问控制列表 是什么? A table or data structure used to specify permissions attached to system objects, defining which users or processes are ...
- 访问控制失效 是什么? A critical security flaw where access restrictions are incorrectly implemented, enabling users to perform actions or acc...
- 访问认证 是什么? A formal, periodic review process in which managers or data owners attest that users have the appropriate levels of acce...
- 访问重新认证 是什么? A formal process to periodically review and validate user access rights to systems and data to ensure only authorized pe...
证
- 证书切换 是什么? The managed transition from an expiring or old certificate to a new certificate in a way that minimizes service interrup...
- 证书固定 是什么? A security technique that restricts which certificates are considered valid for a particular service or domain, by stori...
- 证书模板 是什么? A predefined configuration for certificate attributes and extensions, used by CAs to automate and standardize certificat...
- 证书策略 是什么? A set of rules and practices that indicates the applicability of a certificate to a particular community or class of app...
- 证书续期 是什么? The process of issuing a new certificate for an entity before the expiration of the current certificate, maintaining con...
- 证书路径 是什么? An ordered sequence of certificates from the end-entity certificate to a trusted root certificate, used to establish tru...
- 证书链 是什么? An ordered sequence of certificates, from an end-entity certificate up to the root authority, each certifying the next i...
- 证据保全 是什么? The controlled process of securing, documenting, and protecting digital or physical evidence to maintain integrity for i...
- 证据保全链 是什么? A formal process documenting the chronological handling, transfer, and control of digital evidence, ensuring its integri...
- 证据收集 是什么? The systematic process of gathering digital artifacts, logs, devices, or other data relevant to a security incident, fol...
资
- 资产分类 是什么? The process of categorizing cryptographic, PKI, and related assets based on sensitivity, criticality, and regulatory req...
- 资产分类 是什么? The process of classifying PKI and cryptographic assets based on value, criticality, sensitivity, and role within the or...
- 资产发现 是什么? The process of identifying and cataloging all PKI, cryptographic, or supporting assets within an organizational environm...
- 资产发现自动化 是什么? The automated identification and inventory of all devices, cloud resources, software, and services within an organizatio...
- 资产清单 是什么? A comprehensive list of all information assets within an organization, including hardware, software, data, and supportin...
- 资产清单 是什么? A comprehensive, up-to-date record of all hardware, software, certificates, cryptographic modules, and other PKI-relevan...
- 资产清单不当 是什么? A failure to maintain a complete, accurate, and up-to-date list of all hardware, software, and cloud assets, leading to ...
- 资产清单发现 是什么? The process of systematically identifying, cataloging, and updating all IT and OT assets within an organization's enviro...
- 资产漏洞 是什么? A weakness in a cryptographic, PKI, or related system asset that could be exploited by a threat actor to compromise conf...
- 资源不当共享 是什么? A security risk where system resources are shared without proper isolation or access controls, leading to unintended dat...
- 资源共享策略 是什么? A set of security rules and access controls governing how digital resources such as data, storage, and APIs are shared a...
- 资源身份映射 是什么? The process of associating digital resources (such as VMs, APIs, or storage objects) with unique, verifiable identities ...
- 资源配置错误警报 是什么? Automated notification generated when a cloud resource, such as storage or compute, is configured in a way that exposes ...
跨
路
身
过
远
- 远程浏览器隔离 是什么? A security technique in which a user’s web browsing session is executed on a remote server, isolating all web content fr...
- 远程认证协议 是什么? A cryptographic protocol that enables a verifier to remotely validate the integrity and trustworthiness of a device or s...
- 远程访问网关 是什么? A secured network device or service that brokers and controls remote user access to internal organizational resources, e...
重
- 重放攻击检测 是什么? A security mechanism to identify and block attempts where valid data transmissions are maliciously repeated or delayed, ...
- 重放攻击缓解 是什么? Security controls implemented to detect and prevent replay attacks, where previously valid data transmissions are malici...
- 重放随机数验证 是什么? A security mechanism that ensures a unique nonce value is included and validated in each request or transaction, protect...
链
- 链构建 是什么? The process of assembling a complete, ordered set of certificates from an end-entity certificate up to a trusted root, v...
- 链锚定 是什么? The process of ensuring that a certificate chain terminates at a trusted root certificate authority (trust anchor), as r...
- 链验证 是什么? The process of verifying each certificate in a chain from the end entity up to the root CA, ensuring all links are trust...
随
- 随机数值 是什么? A randomly or pseudo-randomly generated number used only once in a cryptographic communication to prevent replay attacks...
- 随机数生成 是什么? The process of generating a unique, unpredictable, and usually random number (nonce) used once per cryptographic protoco...
- 随机预言机 是什么? A theoretical black box model that responds to every unique query with a truly random response, used as an idealized com...
隐
- 隐私声明 是什么? A formal document that informs individuals about how their personal data is collected, used, stored, and protected by th...
- 隐私影响 是什么? The effect of a process, project, or system on the privacy of individuals, often measured and documented through a forma...
- 隐蔽通道检测 是什么? The identification and monitoring of unauthorized communication channels that exploit legitimate network protocols or re...
零
- 零信任架构 是什么? A security model based on the principle that no user, device, or network component should be trusted by default. Enforce...
- 零信任架构 是什么? A security model centered on the assumption that no user or device, inside or outside the network perimeter, is trusted ...
- 零信任架构 是什么? A security model that assumes no implicit trust is granted to systems or users inside or outside the network; verificati...
- 零日漏洞 是什么? A vulnerability in PKI or cryptographic systems that is unknown to the vendor and for which no official patch or mitigat...
静
颁
- 颁发策略 是什么? A formal document or set of rules that defines the procedures and requirements for issuing digital certificates within a...
- 颁发者密钥 是什么? The private key held by a Certificate Authority (CA) or issuer used to sign digital certificates and assert trust in a P...
- 颁发者标识符 是什么? A unique value or distinguished name that identifies the Certificate Authority (CA) or entity that issues a digital cert...
预
风
- 风险仪表板 是什么? A real-time interface that aggregates, visualizes, and monitors PKI or cryptographic risks, vulnerabilities, and remedia...
- 风险优先级排序 是什么? The process of ranking identified risks based on their likelihood, potential impact, and organizational risk appetite to...
- 风险优先级排序 是什么? The structured process of ranking risks to cryptographic and PKI systems based on likelihood, impact, and exposure, to g...
- 风险偏好 是什么? The level and type of risk an organization is willing to accept in pursuit of its objectives, as formally defined by sen...
- 风险分析 是什么? The systematic process of identifying, evaluating, and prioritizing risks to organizational assets, considering likeliho...
- 风险容忍度 是什么? The amount and type of risk an organization is willing to accept in pursuit of its objectives, as defined in risk manage...
- 风险归属 是什么? The assignment of accountability and authority for managing identified risks to a specific individual or organizational ...
- 风险报告 是什么? The process of collecting, analyzing, and communicating information about risk exposures, controls, and mitigation activ...
- 风险指标 是什么? A measurable signal or metric used to identify, quantify, or monitor risks affecting cryptographic or PKI assets, suppor...
- 风险接受 是什么? A formal decision to acknowledge and accept the consequences of a specific risk, typically documented and approved by au...
- 风险接受 是什么? The formal decision to tolerate a known risk in cryptographic or PKI systems, typically documented through risk manageme...
- 风险登记册 是什么? A central repository listing identified organizational risks, their likelihood, impact, mitigation actions, and responsi...
- 风险矩阵 是什么? A graphical tool that maps risk likelihood and impact to prioritize mitigation and support risk management decisions.
- 风险评估 是什么? The process of assessing the potential impact and likelihood of identified risks to determine their significance and gui...
- 风险评分 是什么? The process of quantifying and prioritizing risks by assigning numerical or qualitative values based on likelihood, impa...
- 风险评分 是什么? The quantitative or qualitative assignment of a value to a risk, based on the likelihood and impact of vulnerabilities w...
- 风险通知 是什么? A formal alert generated to inform stakeholders of emerging or realized PKI or cryptographic risks, often automated with...
- 风险降低 是什么? The application of technical, administrative, or physical controls in cryptographic and PKI environments to lower the li...
Learn All Cybersecurity English Terms Free
Master every term with native pronunciation, IPA transcriptions and career quizzes. 100% free, forever.
Download Free for iOS