P

Package Manager: A tool that helps users install, manage, and remove packages or applications

Package: A piece of software that can be combined with other packages to form an application

packaged with Python.

Packet Capture (P-Cap): A file containing data packets intercepted from an interface

Packet Sniffing: The practice of capturing and inspecting data packets across a network

Packet: A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.

Parameter (Python): An object that is included in a function definition for use in that

Parrot: An open-source distribution that is commonly used for security

Parsing: The process of converting data into a more readable format

Passive Packet Sniffing: A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

Password Attack: An attempt to access password-secured devices, systems,

Password Cracking: Password cracking is the process of attempting to guess passwords, given the password file information.

Password Sniffing: Passive wiretapping, usually on a local area network, to gain knowledge of passwords.

Patch Update: A software and operating system update that addresses security vulnerabilities within a program or product

Patch: A patch is a small update released by a software manufacturer to fix bugs in existing programs.

Patching:  Patching is the process of updating software to a different version.

Payload: Payload is the actual application data a packet contains.

Payment Card Industry Data Security Standards (PCI DSS): Any cardholder data

Penetration Test (Pen Test): Penetration testing is used to test the external perimeter security of a network or facility. A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes.

Penetration: Gaining unauthorized logical access to sensitive data by circumventing a system’s protections.

PEP 8 Style Guide: A resource that provides stylistic guidelines for programmers

Peripheral Devices: Hardware components that are attached and controlled by the computer system

Permissions: The type of access granted for a file or directory

Personal Identifiable Information (PII): The information that permits the identity of an individual to be directly or indirectly inferred.

Phishing Kit: A collection of software tools needed to launch a phishing campaign

Phishing: The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the website look like they are part of a bank the user is doing business with.

Physical Attack: A security incident that affects not only digital but also physical

Physical Social Engineering: An attack in which a threat actor impersonates an

Ping of Death: A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB

Plaintext: Ordinary readable text before being encrypted into ciphertext or after being decrypted.

Playbook: A manual that provides details about any operational action

Policy: A set of rules that reduce risk and protect information

Port Filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication.

Port Scan: A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.

Port: A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number. A software-based location that organizes the sending and receiving of data between devices on a network.

Post-incident Activity: The process of reviewing an incident to identify areas for

Potentially Unwanted Application (PUA): A type of unwanted software that is

Prepare: The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Prepared Statement: A coding technique that executes SQL statements before

Primary key: A column where every row has a unique entry

Principle of Least Privilege: Access and authorization to information only last long enough to complete a task or function.

Privacy Protection: The act of safeguarding personal information from unauthorized

Privacy: The assurance that the confidentiality of, and access to, certain information about an entity is protected.

Private Data: Information that should be kept from the public

Procedures: Step-by-step instructions to perform a specific security task

Process of Attack Simulation and Threat Analysis (PASTA): A popular threat

Programming: A process that can be used to create a specific set of instructions for a

Project (OWASP): A non-profit organization focused on improving software security

Proprietary Information: Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.

Protect: A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Protected Health Information (PHI): Information that relates to the past, present, or

Protecting and Preserving Evidence: The process of properly working with fragile

Protocol Stacks (OSI):  A set of network protocol layers that work together.

Protocol: A formal specification for communicating; an IP address is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.

Proxy Server: A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.

Public Data: Data that is already accessible to the public and poses a minimal risk to

Public Key Encryption: The popular synonym for “asymmetric cryptography”.

Public Key Infrastructure (PKI): A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.

Public Key: The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public-Key Forward Secrecy (PFS): For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.

Python Standard Library: An extensive collection of Python code that often comes