Common cybersecurity terminology

常見的網路安全術語

As you’ve learned, cybersecurity (also known as security) is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation. In this reading, you’ll be introduced to some key terms used in the cybersecurity profession. Then, you’ll be provided with a resource that’s useful for staying informed about changes to cybersecurity terminology.
據您瞭解，網路安全（也稱為安全性）是透過保護網路，裝置，人員和資料免受未經授權的訪問或刑事開發的保護，確保保密，完整性和資訊的習慣。在此閱讀中，您將介紹網路安全行業中使用的一些關鍵術語。然後，您將獲得一種資源，可用於瞭解網路安全術語的更改。

Key cybersecurity terms and concepts

關鍵的網路安全術語和概念

There are many terms and concepts that are important for security professionals to know. Being familiar with them can help you better identify the threats that can harm organizations and people alike. A security analyst or cybersecurity analyst focuses on monitoring networks for breaches. They also help develop strategies to secure an organization and research information technology (IT) security trends to remain alert and informed about potential threats. Additionally, an analyst works to prevent incidents. In order for analysts to effectively do these types of tasks, they need to develop knowledge of the following key concepts. 
對於安全專業人員而言，有很多術語和概念很重要。熟悉它們可以幫助您更好地確定可能損害組織和人民的威脅。安全分析師或網路安全分析師專注於監視違規的網路。它們還有助於製定確保組織和研究資訊科技（IT）安全趨勢的策略，以保持警惕並瞭解潛在威脅。此外，分析師致力於預防事件。為了使分析師有效執行這些型別的任務，他們需要發展以下關鍵概念的知識。

Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
合規是遵守內部標準和外部法規的過程，使組織能夠避免罰款和安全違反。

Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.
安全框架是用於構建計劃的準則，以幫助減輕風險和對資料和隱私的威脅。

Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
安全控制是旨在降低特定安全風險的保障措施。它們與安全框架一起使用以建立強大的安全姿勢。

Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.
安全姿勢是組織管理關鍵資產和資料辯護並對變化做出反應的能力。強大的安全姿勢會導致組織的風險降低。

A threat actor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.
威脅行為者或惡意攻擊者是出現安全風險的任何人或團體。這種風險可能與計算機，應用程式，網路和資料有關。

An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental. For example, an employee who accidentally clicks on a malicious email link would be considered an accidental threat. Other times, the internal threat actor intentionally engages in risky activities, such as unauthorized data access.
內部威脅可以是構成安全風險的現任或前僱員，外部供應商或值得信賴的合作夥伴。有時，內部威脅是偶然的。例如，不小心點選惡意電子郵件連結的員工將被視為偶然的威脅。其他時候，內部威脅行為者_有意_從事風險活動，例如未經授權的資料訪問。

Network security is the practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.
網路安全是使組織的網路基礎架構免受未經授權訪問的安全性。這包括儲存在組織網路中的資料，服務，系統和裝置。

Cloud security is the process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.
雲安全是確保正確配置雲中的資產或正確設定的過程，並且對這些資產的訪問僅限於授權使用者。雲是由伺服器或計算機集合組成的網路，該網路將資源和資料儲存在可透過Internet訪問的偏遠物理位置中。雲安全性是一個日益增長的網路安全子場，特別關注云中資料，應用程式和基礎架構的保護。

Programming is a process that can be used to create a specific set of instructions for a computer to execute tasks. These tasks can include:
程式設計是一個過程，可用於為計算機執行任務建立特定的指令集。這些任務可以包括：

• Automation of repetitive tasks (e.g., searching a list of malicious domains)
  重複任務的自動化（例如，搜尋惡意域列表）

• Reviewing web traffic   檢視網路流量

• Alerting suspicious activity
  提醒可疑活動

Key takeaways  關鍵要點

Understanding key technical terms and concepts used in the security field will help prepare you for your role as a security analyst. Knowing these terms can help you identify common threats, risks, and vulnerabilities. To explore a variety of cybersecurity terms, visit the National Institute of Standards and Technology glossary. Or use your browser to search for high-quality, reliable cybersecurity glossaries from research institutes or governmental authorities. Glossaries are available in multiple languages.
瞭解安全領域中使用的關鍵技術術語和概念將有助於您為擔任安全分析師的角色做好準備。瞭解這些術語可以幫助您確定常見的威脅，風險和脆弱性。要探索各種網路安全術語，請訪問美國國家標準與技術研究所詞彙表。或使用瀏覽器搜尋研究機構或政府當局的高質量，可靠的網路安全詞彙表。詞彙表有多種語言。