Vulnerability Management Vocabulary 

It is important for you to become familiar with the terminology we are going to use during this course. 
Please refer to and use the Vulnerability Management Vocabulary handout as a reference. 

Access control  Controls who has access to an endpoint, device, file share, network share or online 
service as well as the information it stores. 

Asset  A physical or virtual device within an organization's systems and network 

infrastructure. 

Authentication  The process to verify that someone is who they claim to be when they try to access 
a computing resource.  

DMZ  Segment of a network where servers accessed by less trusted users are isolated. 
The name is derived from the term “demilitarized zone.”  

Exploit  A software tool designed to take advantage of a flaw in a computer system, 

typically for malicious purposes such as installing malware. 

Hacker  Someone who uses a computer system to gain unauthorized access to another 
system for data or who makes another system unavailable. 

Intrusion detection  A device or software application that monitors a network or systems for malicious 
system (IDS)  activity or policy violations. 

Intrusion prevention  Intrusion detection system that also blocks when policy violations have occurred. 
system (IPS) 

Malware   Software intended to infiltrate and damage or disable computers. Shortened form 
of “malicious software.”  

Remediation  The process by which organizations identify and resolve threats to their systems. 

Risk  The possibility that an event will occur and adversely affect the achievement of an 
objective.  

Risk assessment   The process of identifying, analyzing and evaluating risk. 

Security control  Something that modifies or reduces one or more security risks. 

Security information  A solution that collects, analyzes, and correlates network, event and log data for 
and event  the detection of suspicious activity and compliance. 
management (SIEM) 

Threat  Something that could cause harm to a system or organization. 

Threat actor  Any individual or group of individuals that attempts to or successfully conducts 
malicious activities against enterprises, whether intentionally or unintentionally.  

Two-factor  A method of confirming identity utilizing something known (like a password) and 
authentication  something possessed or a part of the individual (like entering a code sent via SMS 
  or a thumbprint recognition).  

Virus   Malware that is loaded onto a computer and then runs without the user’s 
knowledge, or without knowledge of its full effects. 

Vulnerability  A flaw or weakness that can be used to attack a system or organization.  

 

COPYRIGHT  2020  TENABLE,  INC.  ALL  RIGHTS  RESERVED.  TENABLE,  TENABLE.IO,  TENABLE  NETWORK  SECURITY, NESSUS, SECURITYCENTER, SECURITYCENTER CONTINUOUS VIEW AND LOG CORRELATION ENGINE ARE REGISTERED 
TRADEMARKS  OF  TENABLE,  INC.  TENABLE.SC,  TENABLE.OT,  LUMIN,  INDEGY,  ASSURE,  AND  THE  CYBER  EXPOSURE  COMPANY  ARE  TRADEMARKS OF TENABLE, INC. ALL OTHER PRODUCTS OR SERVICES ARE TRADEMARKS OF THEIR 
RESPECTIVE OWNERS.