> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/5.-assets-threats-and-vulnerabilities/module-3/glossary-terms-from-module-3.md).

# Glossary terms from module 3

**Hey friend!**\
Picture yourself as a secret agent in a giant videogame world called “Net-Land.” Each level has treasures (your data), sneaky ninjas trying to steal them (threat actors), and hidden traps (vulnerabilities) lurking around. Let’s break down these fancy terms into something fun and ADHD-friendly!

***

**Advanced Persistent Threat (APT)**\
Imagine a ninja who sets up camp inside your fortress and quietly watches every move you make for a long time. They sneak in, stay hidden, and don’t leave easily. That’s an APT—bad guys who’ve settled in for the long haul.

**Attack Surface**\
Think of your castle. Every door, window, tunnel, and crack is an attack surface. It’s all the places where sneaky foes might slip in.

**Attack Tree**\
Visualize a spooky family tree that shows all the ways bad guys could get into your castle and steal your treasure. Each branch represents a different “bad guy” route to your valuables.

**Attack Vector**\
This is like the secret path (maybe a hidden tunnel or a well-worn rope) that the bad guys choose to sneak into your castle. It’s how they travel to you!

**Bug Bounty**\
Ever hand out candy to kids who spot your missing car keys? A bug bounty is kinda like that: companies give rewards (money or swag) to friendly hackers who find and report security problems instead of using them for evil.

**Common Vulnerabilities and Exposures (CVE) List**\
Think of a giant online “Pokédex” of known weaknesses in software. Each weakness (like a software bug) gets listed with an ID so everyone can know it exists. CVE’s the big book of baddies.

**Common Vulnerability Scoring System (CVSS)**\
Imagine giving each monster in a game a difficulty score. CVSS gives each vulnerability a number to show how dangerous it is. The higher the score, the scarier the monster.

**CVE Numbering Authority (CNA)**\
CNAs are like official librarians for the CVE library. They hand out “book numbers” (CVE IDs) and make sure everything’s organized and accurate.

**Defense in Depth**\
This is like wearing multiple layers of armor. If one layer fails, the next might still protect you. Instead of just one shield, you have a shield, a sword, body armor, magic spells—the works!

**Exploit**\
An exploit is like a trick that turns a crack in the wall into a giant door. It’s how attackers actually take advantage of a vulnerability.

**Exposure**\
Exposure is a silly mistake—like leaving a ladder next to your castle wall—that can make it easier for bad guys to climb in. Not exactly a full-on hole, but definitely not good!

**Hacker**\
A hacker is anyone who figures out cool or sneaky ways into systems. Some hack for good (heroes who help fix problems), and some hack for bad (villains looking for treasure).

**MITRE**\
MITRE is like the wise village elder who collects all kinds of knowledge, shares it, and helps build better defenses. They run big research centers that help everyone learn how to protect their castles (systems).

**Security Hardening**\
Hardening is like making your castle walls thicker, adding more guards, and making sure your doors are locked tight. It’s all about toughening up your defenses.

**Threat Actor**\
A threat actor is just a fancy word for “the bad guy.” Any villain who wants to break into your fortress and grab your loot.

**Vulnerability**\
A vulnerability is a weakness—maybe a crack in the wall or a loose window latch. It doesn’t mean the bad guy’s inside yet, but it sure makes it easier if they try.

**Vulnerability Assessment**\
This is a “check-up” on your security. Imagine your security team acting like a doctor, examining your system for “broken bones” (holes in defenses) before the bad guys find them.

**Vulnerability Management**\
Think of it like “castle maintenance.” You find the cracks, fix them, check again, and keep repeating until your fortress is super secure.

**Vulnerability Scanner**\
This is like a robotic guard dog that sniffs around your castle, checking every nook and cranny against a known list of weaknesses. It barks when it finds something suspicious.

**Zero-Day**\
A zero-day is like a brand-new secret trick that nobody knew existed, not even your guards. The bad guys have it first, and you have zero days’ warning to fix it. Surprise!

***

**Summing it up:**

* Your **castle (system)** faces sneaky **ninjas (threat actors)**.
* They try different **paths (attack vectors)** and use hidden **weak spots (vulnerabilities)**.
* You strengthen your defenses (**security hardening**, **defense in depth**) and keep track of known and new tricks (**CVE list**, **zero-day**).
* Friendly scouts (**bug bounty** hunters) help you find issues.
* Tools like **vulnerability scanners** and **MITRE** help you stay safe and ready.

Now go forth and conquer the castle of cybersecurity knowledge!
