Across
- 5. The integration of security practices into the software development lifecycle, aiming for 'security by design'.
- 6. The process of verifying the identity of a user, system, or application.
- 7. A network security system that filters incoming and outgoing network traffic.
- 9. The phase of incident response focused on analysis of the event and lessons learned for future improvement.
- 11. Unsolicited commercial email, a common nuisance and potential vector for attacks.
- 12. Adherence to established laws, regulations, and industry standards.
- 14. A type of malware that encrypts data and demands payment for its release.
- 17. The process of scrambling data to prevent unauthorized access.
- 19. A weakness or flaw in a system that can be exploited by an attacker.
Down
- 1. A type of malware that self-replicates and spreads to other computers by attaching to legitimate programs.
- 2. Software Development Life Cycle, where security should be integrated at every stage.
- 3. A security architecture where no user, device, or application is trusted by default.
- 4. A simulated cyberattack against a computer system to identify vulnerabilities.
- 8. The process of applying updates to software to fix bugs or security vulnerabilities.
- 10. Malicious software designed to disrupt or damage computer systems.
- 13. A type of social engineering attack often via email, aiming to trick users.
- 15. Requiring more than one method of verification for user access.
- 16. A sophisticated, prolonged cyberattack campaign often sponsored by nation-states.
- 18. A type of malware that provides hidden access and privileges on a system, often at the kernel level.