Plain-English definitions of the terms that come up most often in CompTIA Security+ (SY0-701) study. Definitions are simplified for learning; the official objectives are authoritative.
| Term | Definition |
|---|---|
| CIA triad | Confidentiality, Integrity and Availability — the three core goals of security. |
| Non-repudiation | Assurance that someone cannot deny an action, usually via digital signatures. |
| AAA | Authentication (who you are), Authorization (what you can do), Accounting (what you did). |
| Zero trust | A model that never trusts by default and verifies every request, assuming breach. |
| Least privilege | Giving users and systems only the access they strictly need. |
| Defense in depth | Layering multiple controls so no single failure is catastrophic. |
| Symmetric encryption | Encryption using one shared key; fast and used for bulk data. |
| Asymmetric encryption | Encryption using a public/private key pair; used for key exchange and signatures. |
| Hashing | A one-way function producing a fixed-length value; used for integrity and password storage. |
| Salt | Random data added before hashing so identical inputs hash differently. |
| Digital signature | A hash encrypted with a private key, proving integrity and origin. |
| PKI | Public Key Infrastructure: certificates and authorities that bind identities to keys. |
| Certificate Authority (CA) | A trusted entity that issues and signs digital certificates. |
| MFA | Multi-Factor Authentication: proving identity with two or more different factors. |
| SSO | Single Sign-On: one authentication grants access to multiple systems. |
| SIEM | A system that collects and analyses security logs and alerts. |
| EDR | Endpoint Detection and Response: monitors endpoints for threats. |
| DLP | Data Loss Prevention: controls that stop sensitive data leaving the organisation. |
| IDS / IPS | Systems that detect (IDS) or detect and block (IPS) malicious traffic. |
| Phishing | A social-engineering attack using fake messages to steal data or credentials. |
| Ransomware | Malware that encrypts data and demands payment for its release. |
| On-path attack | Intercepting communication between two parties (formerly “man-in-the-middle”). |
| Vulnerability | A weakness that could be exploited by a threat. |
| Threat | A potential cause of an unwanted incident. |
| Risk | The likelihood and impact of a threat exploiting a vulnerability. |
| Hardening | Reducing a system’s attack surface by removing or securing unnecessary features. |
| Honeypot | A decoy system designed to attract and study attackers. |
| RTO / RPO | How quickly you must recover (RTO) and how much data loss is acceptable (RPO). |