Glossary

The phrase “unknown unknowns” was popularized by former United States Secretary of Defense Donald Rumsfeld, and has its origins in psychological research. In the world of cybersecurity, “unknown unknowns” are the risks that the security team doesn’t know about and that they know how to discover or anticipate. Unknown unknowns are typically the most dangerous to an organization because security and IT teams have no awareness that these assets or resources even exist, let alone details about them. Because IT and security teams are unaware of these assets or resources, it is impossible to secure them.