rev 061622
Vulnerability Management Vocabulary
It is important for you to become familiar with the terminology we are going to use during this course. Please refer
to and use the Vulnerability Management Vocabulary handout as a reference.
TERM DEFINITION
Access control Controls who has access to an endpoint, device, file share, network share or online
service as well as the information it stores.
Asset A physical or virtual device within an organization's systems and network infrastructure.
Authentication The process to verify that someone is who they claim to be when they try to access a
computing resource.
DMZ Segment of a network where servers accessed by less trusted users are isolated. The
name is derived from the term “demilitarized zone.”
Exploit A software tool designed to take advantage of a flaw in a computer system, typically for
malicious purposes such as installing malware.
Hacker Someone who uses a computer system to gain unauthorized access to another system
for data or who makes another system unavailable.
Intrusion detection A device or software application that monitors a network or systems for malicious
system (IDS) activity or policy violations.
Intrusion prevention Intrusion detection system that also blocks when policy violations have occurred.
system (IPS)
Malware Software intended to infiltrate and damage or disable computers. Shortened form of
“malicious software.”
Remediation The process by which organizations identify and resolve threats to their systems.
Risk The possibility that an event will occur and adversely affect the achievement of an
objective.
Risk assessment The process of identifying, analyzing and evaluating risk.
Security control Something that modifies or reduces one or more security risks.
Security information A solution that collects, analyzes, and correlates network, event and log data for the
and event detection of suspicious activity and compliance.
management (SIEM)
Threat Something that could cause harm to a system or organization.
Threat actor Any individual or group of individuals that attempts to or successfully conducts malicious
activities against enterprises, whether intentionally or unintentionally.
Two-factor A method of confirming identity utilizing something known (like a password) and
authentication something possessed or a part of the individual (like entering a code sent via SMS or a
thumbprint recognition).
Virus Malware that is loaded onto a computer and then runs without the user’s knowledge, or
without knowledge of its full effects.
Vulnerability A flaw or weakness that can be used to attack a system or organization.
COPYRIGHT 2022 TENABLE, INC. ALL RIGHTS RESERVED. TENABLE, TENABLE.IO, NESSUS, ALSID, INDEGY, LUMIN, ASSURE, AND LOG CORRELATION ENGINE ARE REGISTERED TRADEMARKS OF TENABLE, INC. OR ITS AFFILIATES.
TENABLE.SC, TENABLE.CS, TENABLE.OT, TENABLE.AD, EXPOSURE.AI, AND THE CYBER EXPOSURE COMPANY ARE TRADEMARKS OF TENABLE, INC. OR ITS AFFILIATES. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF
THEIR RESPECTIVE OWNERS.
