Concept List

Cybersecurity: Foundations, Practice, and Professional Responsibility — a list of 320 foundational concepts for the learning graph. Each concept is a learnable entity (not a question), in Title Case, and 32 characters or less.

1. Cybersecurity
2. Information Security
3. Confidentiality
4. Integrity
5. Availability
6. CIA Triad
7. Authentication
8. Authorization
9. Accounting
10. Non-Repudiation
11. AAA Framework
12. Adversarial Thinking
13. Systems Thinking
14. Threat Modeling
15. STRIDE
16. PASTA
17. Attack Trees
18. Risk
19. Likelihood
20. Impact
21. Risk Assessment
22. Defense in Depth
23. Least Privilege
24. Separation of Duties
25. Fail Secure Default
26. Complete Mediation
27. Open Design Principle
28. Economy of Mechanism
29. Psychological Acceptability
30. Security Economics
31. Threat
32. Vulnerability
33. Exploit
34. Threat Actor
35. Attack Surface
36. Blast Radius
37. Trust Boundary
38. Asset
39. Security Requirement
40. CVE
41. CVSS
42. TTP
43. Indicator of Compromise
44. Indicator of Attack
45. Zero Day
46. Kill Chain
47. Cyber Kill Chain
48. Diamond Model
49. Security Control
50. Preventive Control
51. Detective Control
52. Corrective Control
53. Compensating Control
54. Administrative Control
55. Technical Control
56. Physical Control
57. Cryptography
58. Plaintext
59. Ciphertext
60. Encryption
61. Decryption
62. Cryptographic Key
63. Symmetric Cryptography
64. Block Cipher
65. Stream Cipher
66. AES
67. DES
68. 3DES
69. Block Cipher Modes
70. ECB Mode
71. CBC Mode
72. CTR Mode
73. GCM Mode
74. Initialization Vector
75. Padding Scheme
76. Asymmetric Cryptography
77. Public Key
78. Private Key
79. RSA
80. Elliptic Curve Cryptography
81. Diffie-Hellman
82. Key Exchange
83. Hash Function
84. SHA-2
85. SHA-3
86. MD5
87. Collision Resistance
88. Preimage Resistance
89. Message Authentication Code
90. HMAC
91. Digital Signature
92. Certificate Authority
93. PKI
94. X.509 Certificate
95. Certificate Chain
96. Certificate Revocation
97. OCSP
98. Key Management
99. Key Rotation
100. Key Derivation Function
101. Password Hashing
102. Bcrypt
103. Argon2
104. Salting
105. TLS
106. TLS Handshake
107. HTTPS
108. Perfect Forward Secrecy
109. Data at Rest
110. Data in Transit
111. Data in Use
112. Database Encryption
113. Data Loss Prevention
114. Homomorphic Encryption
115. Secure Computation
116. Differential Privacy
117. Zero-Knowledge Proof
118. Secure SDLC
119. Secure Design
120. Secure Coding
121. OWASP Top Ten
122. CWE Top 25
123. Buffer Overflow
124. Stack Overflow
125. Heap Overflow
126. Integer Overflow
127. Format String Bug
128. Injection Attack
129. SQL Injection
130. Command Injection
131. Cross-Site Scripting
132. Stored XSS
133. Reflected XSS
134. DOM-Based XSS
135. CSRF
136. SSRF
137. Insecure Deserialization
138. Race Condition
139. TOCTOU
140. Broken Access Control
141. Broken Authentication
142. Security Misconfiguration
143. Sensitive Data Exposure
144. Input Validation
145. Output Encoding
146. Parameterized Query
147. Static Analysis
148. Dynamic Analysis
149. Fuzzing
150. Software Composition Analysis
151. Dependency Scanning
152. Software Supply Chain
153. SBOM
154. Code Signing
155. Secure Code Review
156. Hardware Security
157. Trusted Platform Module
158. Hardware Security Module
159. Secure Enclave
160. Trusted Execution Env
161. Firmware Security
162. Secure Boot
163. Measured Boot
164. UEFI Security
165. Side-Channel Attack
166. Timing Attack
167. Power Analysis Attack
168. Cache Side-Channel
169. Rowhammer
170. Hardware Supply Chain
171. Embedded Security
172. IoT Security
173. Device Attestation
174. Hardware Root of Trust
175. Network Security
176. OSI Model
177. TCP/IP Model
178. TCP
179. UDP
180. IP Protocol
181. ICMP
182. ARP Spoofing
183. DHCP Snooping
184. Man-in-the-Middle
185. Packet Sniffing
186. Firewall
187. Stateful Firewall
188. Next-Gen Firewall
189. Web Application Firewall
190. Intrusion Detection
191. Intrusion Prevention
192. Signature-Based Detection
193. Anomaly-Based Detection
194. Network Segmentation
195. VLAN
196. DMZ
197. VPN
198. IPsec
199. WireGuard
200. Wireless Security
201. WPA3
202. 802.1X
203. Rogue Access Point
204. DNS Security
205. DNSSEC
206. DNS Tunneling
207. BGP Security
208. RPKI
209. DDoS Attack
210. Volumetric Attack
211. Application-Layer DDoS
212. DDoS Mitigation
213. Zero Trust Architecture
214. Micro-Segmentation
215. SSH
216. Port Scanning
217. Network Access Control
218. Proxy Server
219. Reverse Proxy
220. Packet Capture
221. NetFlow Analysis
222. Operating System Security
223. Kernel Security
224. Process Isolation
225. Memory Protection
226. ASLR
227. Stack Canary
228. DEP
229. Access Control
230. DAC
231. MAC
232. RBAC
233. ABAC
234. File Permissions
235. SELinux
236. AppArmor
237. Virtualization Security
238. Hypervisor Security
239. Container Security
240. Docker Security
241. Kubernetes Security
242. Cloud Security
243. Shared Responsibility Model
244. IaaS Security
245. PaaS Security
246. SaaS Security
247. Cloud IAM
248. Security Monitoring
249. Log Management
250. SIEM
251. SOAR
252. Security Operations Center
253. EDR
254. XDR
255. Antivirus
256. Host-Based IDS
257. Patch Management
258. Configuration Management
259. System Hardening
260. Baseline Configuration
261. CIS Benchmarks
262. Audit Logging
263. Identity Management
264. Access Management
265. IAM System
266. Single Sign-On
267. Federated Identity
268. Password Authentication
269. Password Policy
270. Multi-Factor Authentication
271. Biometric Authentication
272. FIDO2
273. Passkey
274. OAuth 2.0
275. OIDC
276. SAML
277. Social Engineering
278. Phishing
279. Spear Phishing
280. Pretexting
281. Baiting
282. Usable Security
283. Security Awareness Training
284. Insider Threat
285. Privilege Creep
286. Just-in-Time Access
287. Privacy Engineering
288. Privacy by Design
289. Data Minimization
290. User Behavior Analytics
291. Governance Risk Compliance
292. Security Policy
293. Acceptable Use Policy
294. Security Standard
295. Security Procedure
296. NIST CSF
297. ISO 27001
298. SOC 2
299. PCI-DSS
300. HIPAA Compliance
301. Security Program Mgmt
302. CISO Role
303. Business Continuity
304. Disaster Recovery
305. Business Impact Analysis
306. RTO
307. RPO
308. Vendor Risk Management
309. Third-Party Risk
310. Supply Chain Risk
311. Security Metrics
312. Risk Register
313. Risk Mitigation
314. Risk Transfer
315. Risk Acceptance
316. Risk Avoidance
317. Security Audit
318. Cyber Law
319. CFAA
320. ECPA
321. GDPR
322. CCPA
323. HIPAA Law
324. GLBA
325. FERPA
326. NIS2 Directive
327. Cybercrime
328. Digital Forensics
329. Chain of Custody
330. Forensic Imaging
331. Memory Forensics
332. Mobile Forensics
333. Network Forensics
334. Cyber Ethics
335. Responsible Disclosure
336. ACM Code of Ethics
337. Cyber Policy
338. Critical Infrastructure
339. ICS Security
340. SCADA Security
341. Data Breach Notification
342. Penetration Testing
343. Red Team
344. Blue Team
345. Purple Team
346. MITRE ATT&CK
347. Threat Intelligence
348. OSINT
349. Threat Hunting
350. Vulnerability Management
351. Vulnerability Scanning
352. Incident Response
353. PICERL Lifecycle
354. Incident Preparation
355. Incident Identification
356. Incident Containment
357. Incident Eradication
358. Incident Recovery
359. Lessons Learned
360. Malware Analysis
361. Privilege Escalation
362. Lateral Movement
363. Command and Control
364. Data Exfiltration
365. Persistence Mechanism
366. Bug Bounty Program
367. Capture the Flag
368. Incident Response Plan
369. Runbook
370. Tabletop Exercise
371. Detection Engineering
372. AI Security
373. Adversarial ML
374. Model Theft
375. Prompt Injection
376. Data Poisoning
377. Model Evasion
378. Quantum Threat
379. Post-Quantum Cryptography
380. Lattice-Based Crypto
381. Confidential Computing
382. Operational Technology
383. OT Security
384. Smart Grid Security
385. Blockchain Security
386. Capstone Secure System
387. Capstone Security Program
388. Capstone Applied Research
389. Technical Communication
390. Team Collaboration