Security, in
plain language.

Malware that encrypts a victim's files or systems and demands payment for the decryption key. Modern strains also steal data first and threaten to leak it (double extortion).

Fraudulent messages that impersonate a trusted source to trick people into revealing credentials, clicking malicious links, or transferring money.

A targeted scam where attackers impersonate an executive or vendor over email to redirect a wire transfer or payment to an account they control.

Any software written to harm, exploit, or gain unauthorized access to a system — including viruses, worms, trojans, spyware, and ransomware.

A vulnerability unknown to the vendor and unpatched at the time it is exploited — defenders have "zero days" to fix it before attacks begin.

A well-resourced attacker (often nation-state) that gains long-term, stealthy access to a network to spy or steal data over months or years.

A Distributed Denial-of-Service attack floods a server or network with traffic from many sources to knock it offline and disrupt service.

An attack that inserts malicious database commands through an app's input fields to read, modify, or destroy data it shouldn't be able to access.

A web flaw that lets an attacker run malicious scripts in another user's browser, often to steal sessions or credentials.

Manipulating people rather than technology — through pretexting, urgency, or trust — to get them to break security procedures.

Compromising a trusted vendor, library, or update mechanism to reach the vendor's customers downstream — one breach, many victims.

How attackers spread from an initial foothold to other systems inside a network, hunting for higher-value targets and credentials.

Gaining higher access rights than originally granted — for example, turning a normal user account into an administrator.

Systematically trying many passwords or keys until the right one is found. Strong passwords and rate limiting make it impractical.

An attacker secretly intercepts and possibly alters communication between two parties who believe they're talking directly.

Security Information and Event Management — a system that collects and correlates logs from across an environment to detect and investigate threats.

A Security Operations Center — the team and tooling that monitor, detect, and respond to security events, often 24/7.

Security Orchestration, Automation and Response — tooling that automates repetitive response steps with playbooks to speed up containment.

Endpoint (or Extended) Detection and Response — tools that continuously monitor endpoints and beyond to detect, investigate, and contain threats.

Managed Detection and Response — an outsourced service that provides 24/7 monitoring, threat hunting, and response, like Kaimz's core offering.

Proactively searching for hidden attackers and indicators of compromise that automated tools may have missed, rather than waiting for alerts.

The structured process of detecting, containing, eradicating, and recovering from a security incident — then learning from it.

Authorized, simulated attacks against your own systems to find and fix weaknesses before real adversaries exploit them.

The red team plays the attacker to test defenses; the blue team defends and responds. Together they sharpen real-world readiness.

A weakness in software, configuration, or process that an attacker can exploit to compromise a system.

Common Vulnerabilities and Exposures — a public, uniquely numbered catalog entry for a specific known security flaw (e.g. CVE-2024-3400).

The Common Vulnerability Scoring System rates a vulnerability's severity from 0 to 10, helping teams prioritize what to patch first.

A globally used knowledge base of real-world attacker tactics and techniques, used to map detections and measure coverage.

A vendor-neutral, shareable format for writing detection logic against log data — the "YARA for logs."

The disciplined process of testing and deploying software updates to close known vulnerabilities before they are exploited.

A security model that trusts nothing by default — every user, device, and request must be verified, regardless of network location.

Multi-Factor Authentication requires two or more proofs of identity (something you know, have, or are) — dramatically reducing account takeover.

Scrambling data with a mathematical key so only authorized parties can read it — protecting information at rest and in transit.

Time-based One-Time Password — the rotating 6-digit codes from authenticator apps, used as a strong second factor for login.

Public Key Infrastructure — the system of keys and digital certificates that underpins trusted identity and encrypted communication.

A one-way function that turns data into a fixed-length fingerprint. Used to store passwords safely and verify file integrity.

The protocols that encrypt data between browsers and servers — the padlock and "https" you see in your address bar.

Identity and Access Management — the policies and tools that control who can access what, and under which conditions.

The principle of granting users and systems only the minimum access they need — limiting the damage if an account is compromised.

Cloud Security Posture Management — continuously scanning cloud environments for misconfigurations and compliance drift.

The total set of points where an attacker could try to enter or extract data — the more exposed services, the larger it is.

A barrier that filters network traffic against a set of rules, allowing legitimate connections and blocking unauthorized ones.

A Web Application Firewall inspects HTTP traffic to block web attacks like SQL injection and XSS before they reach the app.

A Virtual Private Network creates an encrypted tunnel over the internet, protecting traffic and masking its origin.

Any device that connects to a network — laptop, server, phone, or IoT device — and a common entry point for attacks.

An audit framework that verifies a service provider securely manages customer data across security, availability, and confidentiality.

A US law setting standards for protecting sensitive patient health information — critical for healthcare and their vendors.

The Payment Card Industry Data Security Standard — mandatory controls for any organization that stores or processes card data.

An international standard for building and certifying an Information Security Management System (ISMS).

Canada's federal private-sector privacy law governing how organizations collect, use, and disclose personal information.

Ontario's health-information privacy law, setting rules for how health data custodians handle personal health information.