What is 'intrusion detection' and how does it work?

Monitoring systems and network traffic for signs of unauthorized access or attacks — flagging suspicious patterns for human review or automatic response A system that automatically arrests hackers by contacting law enforcement Software that prevents any unauthorized programs from running on a computer A physical sensor that detects when someone enters a server room

What is 'penetration testing' (pen testing)?

Authorized security testing where ethical hackers attempt to breach a system using the same techniques as real attackers — to find and fix vulnerabilities before criminals do A government program that tests whether companies are complying with security regulations Software that automatically patches security vulnerabilities when they're found Testing a pen drive's ability to resist malware before using it

What is 'network segmentation'?

Dividing a network into separate zones so that a breach in one segment doesn't automatically give access to everything — limiting the 'blast radius' of an attack Splitting internet bandwidth between departments so no one uses too much Installing firewalls at every individual workstation on a network Using different ISPs for different parts of a company to prevent single points of failure

What is the 'principle of least privilege'?

Users, programs, and systems should only have the minimum access permissions they need to do their job — no more New employees should have fewer privileges until they earn trust over time Only administrators should have internet access to reduce attack surface Systems should only store the minimum amount of user data required by law

What is a 'honeypot' in cybersecurity?

A decoy system designed to attract and trap attackers — it looks like a real target but is monitored, allowing defenders to study attacker techniques and detect intrusions A reward system that pays employees who report security vulnerabilities Sweetening deal offered to hackers to get them to stop attacking in exchange for immunity A secure vault for storing encryption keys and digital certificates

What does 'patching' mean in cybersecurity and why is it important?

Installing software updates that fix known security vulnerabilities — critical because attackers actively exploit unpatched systems, often within hours of a patch being released Adding new security features to software to prevent future attack types Reviewing security policies after an attack to identify what went wrong Repairing damaged files after a malware infection

What is 'endpoint security'?

Securing individual devices (computers, phones, tablets) that connect to a network — including antivirus, device encryption, remote wipe, and monitoring software Protecting only the servers at the edges of a network from external attacks Securing the physical endpoints (ports, cables) of a network infrastructure A security policy that governs what employees can do at the end of their shifts

What is 'two-factor authentication bypass via SIM swapping'?

An attack where criminals convince your phone carrier to transfer your number to their SIM card — then they receive your SMS 2FA codes and can access your accounts An attack that physically swaps SIM cards between phones to steal identity Malware that intercepts SMS messages before they reach your phone A technique to bypass 2FA by making authentication codes expire instantly

What is 'incident response'?

A structured plan for detecting, containing, investigating, and recovering from a security breach — including communication protocols, evidence preservation, and prevention of future incidents Software that automatically responds to attacks by blocking the attacker's IP address The process of reporting a cyberattack to law enforcement An emergency shutdown procedure that isolates infected computers from the internet

What is 'security awareness training'?

Educating employees and users to recognize and respond to security threats — particularly phishing, social engineering, and safe digital habits Training security analysts to use advanced hacking tools for testing Teaching programmers how to write secure code and avoid common vulnerabilities Awareness campaigns that warn the public about current cyberattack trends