Whaling is a type of phishing attack that specifically targets high-profile individuals or senior executives within an organization. It often involves various methods, such as emails, phone calls, and even in-person social engineering, to deceive victims and gain sensitive information or access.

Defense-in-Depth is a security strategy that employs multiple layers of security controls and measures to protect against various security threats. This approach includes not only malware detection but also patch management, firewalls, intrusion detection systems, and more, creating a robust security posture.

GDPR (General Data Protection Regulation) requires organizations to implement "Data Protection by Design and by Default." This means that data protection must be an integral part of product and process development, ensuring data security from the start rather than added as an afterthought.

The principle of "Least Privilege" is a security concept that restricts individual users' access rights to the minimum levels necessary to accomplish their tasks. It ensures that no single person has excessive access, reducing the risk of unauthorized actions or potential damage.

BYOD stands for "Bring Your Own Device." This policy allows employees to use their personal devices (such as smartphones, tablets, or laptops) for official work purposes. It can enhance flexibility and productivity but also poses security challenges that need to be addressed.

Mitigating code injection attacks involves not executing untrusted code. Untrusted code can contain malicious commands that may lead to security vulnerabilities.

The primary purpose of disk encryption is to protect data from unauthorized access. When data on a disk is encrypted, it is converted into a form that can only be read with the correct decryption key or password, making it inaccessible to unauthorized users. This helps safeguard sensitive information even if the physical disk is lost or stolen.

Authentication is the process of verifying the identity of parties in a communication. In SSL/TLS, it ensures that the client and server are who they claim to be, typically using digital certificates.

The Subject's Name in a digital certificate is what proves the identity of the certificate's subject. It typically contains information about the entity or individual the certificate is issued to, such as their name and organization.

An Access Control List (ACL) is a set of rules used in a firewall to control traffic by allowing or blocking based on defined criteria.