Risk-Management
Attack Surface — The Total Exposure Points an Adversary Can Target
Attack Surface refers to the sum of all possible entry points where an unauthorized user can attempt to access or exploit a system. This SECMONS glossary entry explains digital, physical, and human attack surfaces, how exposure evolves over time, and how defenders reduce risk through systematic surface reduction.
CISA Known Exploited Vulnerabilities (KEV) — What It Means and Why It Changes Patch Priority
The CISA Known Exploited Vulnerabilities (KEV) Catalog lists CVEs that are confirmed to be actively exploited in the wild. This SECMONS glossary entry explains what KEV is, how vulnerabilities are added, how due dates work, and how defenders should operationalize KEV tracking in enterprise environments.
Risk vs Exposure — Understanding the Difference Between Vulnerability and Impact
Risk and Exposure are related but distinct concepts in cybersecurity. Exposure refers to the presence of a weakness or reachable asset, while risk reflects the likelihood and impact of exploitation. This SECMONS glossary entry explains how the distinction influences prioritization and security strategy.
Supply Chain Attack — Compromising Trusted Vendors to Reach Downstream Targets
A supply chain attack occurs when threat actors compromise a trusted vendor, software provider, or service to gain indirect access to downstream customers. This SECMONS glossary entry explains how supply chain attacks work, common techniques, and how defenders should reduce third-party risk.