Cybersecurity Glossary

5abcdefghijklmnopqrstuvwxyz

5GWhat is 5G? 5G, which stands for the fifth generation, represents the latest leap forward in wireless communication technology. It is the successor to 4G, which was named “Long Term... More

Access ManagementWhat is Access Management? Typically delivered as part of an Identity and Access Management (IAM) solution, access management ensures that organizations allow users the necessary resources when needed, while restricting... More
AIWhat is AI? Artificial Intelligence (AI) refers to the simulation of human intelligence processes by computers in an aim to mimic or exceed human cognitive abilities across a range of domains.... More
APIWhat is an API? An Application Programming Interface (API), is a set of definitions and protocols for building and integrating application software. They allow disparate products or services to communicate with... More
Application SecurityWhat is Application Security? Application security refers to the solutions, procedures, and practices used to protect applications from threats, vulnerabilities, and attacks throughout their lifecycle. This covers both the software... More
ARP Poisoning What is ARP Poisoning? ARP (Address Resolution Protocol) Poisoning, also called ARP Spoofing, is a type of attack where a bad actor sends modified frames over a local network. This manipulates... More
AuthenticationWhat is Authentication? Authentication is the process by which the identity of a user or system is verified. It ensures that the entity attempting to access a resource is who... More
AuthorizationAuthorization in cybersecurity refers to the process of granting or denying access to resources based on an entity's identity and level of privileges. In essence, it determines what actions a... More
Automated Facial RecognitionWhat is Automated Facial Recognition? Automated Facial Recognition (AFR) is a technology that identifies or verifies a person's identity by capturing, analyzing, and comparing patterns based on the person's facial... More

Biometric AuthenticationWhat is Biometric Authentication? Biometric authentication is a method that measures a user's biological characteristics to verify their identity. It compares physical and behavioral traits against biometric data stored in a... More
Blockchain Technology What is Blockchain Technology? Blockchain technology is a decentralized digital ledger system that transparently, securely, and immutably records transactions across a network of computers. Blockchain gets its name from the... More
Business Email Compromise (BEC)What is Business Email Compromise (BEC)? Business Email Compromise (BEC) is a cyberattack where threat actors gain unauthorized access to a business email account, typically by employing social engineering or... More
Business LogicWhat is Business Logic?Business logic is the set of rules that governs how a user interface interacts with the data within its jurisdiction. It is the collection of “if, then”... More

CCPAWhat is CCPA? The California Consumer Privacy Act, Enacted on 28 June 2018 and effective as of 1 January 2020 (CCPA) is one of the most significant pieces of privacy... More
Chief Information Security Officer (CISO)What is a Chief Information Security Officer (CISO)?A Chief Information Security Officer (CISO) is a senior-level executive who develops and implements an organization's cybersecurity strategy and policies. The CISO's primary... More
CIAMWhat is CIAM? Customer Identity and Access Management (CIAM) is a subset of Identity and Access Management (IAM) that focuses on controlling end users’ access to an organization’s digital resources.... More
Cloud Access Security Broker (CASB)What is a Cloud Access Security Broker (CASB)? A Cloud Access Security Broker (CASB) is a security solution that acts as an intermediary between an organization's on-premises infrastructure and cloud... More
Cloud SecurityWhat is Cloud Security? Cloud security refers to the measures and strategies used to protect data, applications, and resources stored, accessed, and processed in cloud computing environments. It involves a... More
Cloud-Native Application Protection Platforms (CNAPPs)What Are CNAPPs?Cloud-native application protection platforms, or CNAPPs, are an integrated suite of security tools built to protect applications that run in cloud environments. These platforms offer end-to-end security by... More
Command InjectionWhat is Command Injection? Command injection is a type of cyberattack in which attackers execute arbitrary instructions on a web server’s underlying operating system (OS). These attacks arise from injection vulnerabilities,... More
CookieWhat is a Cookie? A "cookie" is a tiny piece of data sent from a website and stored on a computer by the web browser. Cookies are used to track... More
Credential TheftWhat is Credential Theft? Credential theft is a type of cyberattack in which attackers steal a victim's login details, such as usernames, passwords, or other forms of authentication. This stolen... More
Critical InfrastructureWhat is Critical Infrastructure? Critical infrastructure refers to the fundamental systems, assets, and facilities that are essential for the functioning of a society and its economy. These are the foundational... More
Cross-Site Scripting (XSS)What is Cross-Site Scripting? Cross-site scripting (XSS) is a vulnerability that enables threat actors to inject malicious scripts into web pages. These scripts can execute within the victim’s browser, which could... More
CryptographyWhat is Cryptography? Cryptography is the study of the methods of hiding information to protect it from unauthorized access. Cryptographic functions are a critical element of modern cybersecurity and are used... More
CyberattackWhat is a Cyberattack? A cyberattack is a deliberate and malicious attempt to exploit vulnerabilities in computer systems, networks, or software applications to cause damage, steal information, disrupt services, or... More
Cybersecurity FrameworkWhat is a Cybersecurity Framework? Cybersecurity frameworks are structured guidelines, best practices, and standards that organizations can use to manage and enhance their cybersecurity posture. These frameworks provide a systematic... More
Cybersecurity GroupsWhat Are Cybersecurity Groups? Cybersecurity groups encompass various organizations and collectives that safeguard digital environments from cyber threats. These entities vary from formal institutions, such as corporate security teams and... More

Data BreachWhat is a Data Breach? A data breach is a security incident in which unauthorized individuals access sensitive, confidential, or protected information. These breaches can occur through various means, including cyberattacks,... More
Data Detection and Response (DDR)What is Data Detection and Response (DDR)? Data Detection and Response (DDR) is a cybersecurity solution that combines elements of various data security solutions, including insider risk management, Cloud Access... More
Data LakesWhat are Data Lakes? Data lakes are centralized repositories designed to store vast amounts of raw data in their native format, allowing organizations to manage, process, and analyze data in... More
Data Loss AwarenessWhat is Data Loss Awareness? Data loss awareness is the understanding and recognition of the potential risks and consequences associated with the loss of digital data. It involves being conscious... More
Data Loss Prevention (DLP)Data Loss Prevention (DLP) is a comprehensive approach and set of technologies designed to prevent the unauthorized disclosure or leakage of sensitive and confidential information from an organization. More
Data PrivacyData privacy is the process of safeguarding an individual’s personal information, ensuring it remains confidential, secure, and protected from unauthorized access or misuse. More
Data ProtectionWhat is Data Protection? Data protection refers to the practice of safeguarding sensitive information from unauthorized access, disclosure, alteration, or destruction. It involves implementing policies, procedures, and technologies to ensure... More
Data Security Platform (DSP)What is a Data Security Platform? The term data security platform (DSP) refers to a solution that combines the functions of an array of tools that have traditionally been sold... More
Data Security Posture Management (DSPM)What is Data Security Posture Management? Data Security Posture Management (DSPM) refers to the various policies, tools, and practices used to mitigate the security challenges associated with data. It represents... More
Denial-of-Service (DoS) AttackWhat is a DoS Attack? A Denial-of-Service (DoS) attack, is a malicious attempt to disrupt the normal functioning of a server, service, or network by overwhelming it with a flood... More
DevOpsWhat is DevOps?DevOps is a methodology that seeks to break down silos between development and operations teams to improve the speed and reliability of software delivery.DevOps is a methodology or... More
Digital Rights Management (DRM)What is Digital Rights Management (DRM)?Digital Rights Management (DRM) refers to a set of technologies and strategies designed to protect digital content from unauthorized access, distribution, or use. By applying... More
Digital TransformationWhat is Digital Transformation? Digital transformation refers to incorporating digital technology into all business areas to create new or modify existing business processes, culture, and customer experience to fundamentally transform... More
Distributed Denial of Service (DDoS) AttackWhat is Distributed Denial of Service (DDoS)? Distributed Denial of Service (DDoS) attacks happen when malicious actors attempt to disrupt the regular functioning of targeted servers, services, websites, or networks... More
DNSWhat is DNS? The Domain Name System (DNS) is a critical component of the internet, functioning like a phone book for the digital world. It translates user-friendly domain names, such... More
Double-ExtortionWhat Is Double-Extortion? Double-extortion, in terms of ransomware, is a strategy in which threat actors encrypt a victim’s data and simultaneously exfiltrate sensitive files, threatening to release them publicly if the... More
Dynamic Application Security Testing (DAST)What is DAST? Dynamic Application Security Testing (DAST) is the process of analyzing web applications through the front end to root out any vulnerabilities via simulated attacks. This approach scrutinizes... More

EncryptionWhat is Encryption? Encryption converts readable data (plaintext) into a scrambled and unreadable format (ciphertext) using an algorithm and a key. The primary purpose of encryption is to ensure the... More
Endpoint Detection and Response (EDR)What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity solution that proactively identifies and responds to threats to devices on a network, including desktop PCs, laptop PCs, mobile devices... More
ExfiltrationWhat is Exfiltration?Exfiltration is the unauthorized transfer of data from a computer or network by an attacker or other entity. In a cybercrime scenario, exfiltration is typically the final stage... More
Extended Detection and Response (XDR)What is Extended Detection and Response (XDR)? Extended detection and response (XDR) is a unified security platform that employs AI and automation to help entities detect, investigate, and respond to sophisticated... More
Extract, Load, Transform (ELT)What is Extract, Load, Transform? Extract, Load, Transform (ELT) is a modern data handling technique that emphasizes the efficient management of data from various sources. Unlike traditional methods that transform... More

FIDOWhat is FIDO? Fast Identity Online (FIDO) is an all-encompassing term typically used to refer to the FIDO Alliance or FIDO authentication standards. The FIDO Alliance is a non-profit organization that... More
FormjackingWhat is Formjacking?Formjacking is a cyberattack where malicious actors inject harmful JavaScript code into online forms on legitimate websites to steal sensitive user information. Once stolen, the data, which includes... More
Full Disk EncryptionFull Disk Encryption (FDE), also known as disk encryption, is a security technology that obscures every bit of data on a storage device, such as a hard drive, solid-state drive... More

GDPRWhat is GDPR? The General Data Protection Regulation (GDPR) is widely regarded as the world's strictest security and privacy law, promulgated by the European Union (EU) to regulate any organization... More
Generative AIWhat is Generative AI Generative AI is a subset of artificial intelligence that focuses on creating new content. Unlike traditional AI, which typically analyzes or classifies existing data, generative AI... More

HIPAAWhat is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) is a comprehensive piece of legislation enacted by the United States Congress in 1996.It serves as a vital safeguard... More

IAMWhat is IAM? Identity and Access Management (IAM) is a framework of business processes, policies, and technologies to manage electronic or digital identities. IAM frameworks allow Information Technology (IT) managers to... More
Identity Governance and Administration (IGA)What is Identity Governance and Administration (IGA)?Identity Governance and Administration (IGA) is a framework that combines policies, processes, and technologies in order to manage and control digital identities and their... More
Identity TheftWhat is Identity Theft? Identity theft is a type of fraud in which an individual's personal and sensitive information is stolen and used by someone else without the former's permission... More
Insider ThreatWhat is an Insider Threat? An insider threat is a security risk that involves someone within the targeted organization. They can include, but are not limited to current and former... More
Intellectual Property (IP)Intellectual Property (IP) refers to creations of the mind, such as inventions, literary and artistic works, designs, symbols, names, and images used in commerce. More
Intellectual Property TheftWhat is Intellectual Property Theft? Intellectual Property Theft, or IP Theft, is the unlawful seizure of any intangible asset that possesses value to a company, person, or entity. This can... More
Interactive Application Security Testing (IAST)What is Interactive Application Security Testing (IAST)? IAST combines elements of both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) by analyzing applications while they are running.... More
IoTWhat is the IoT? IoT, or Internet of Things, refers to the network of interconnected devices embedded with sensors, software, and other technologies, enabling them to collect and exchange data... More

Machine LearningWhat is Machine Learning? Machine learning is a subset of Artificial Intelligence (AI) that involves the development of algorithms and models that enable computers to make predictions or decisions based... More
MalwareWhat is Malware? Malware, a portmanteau of "malicious software," constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user's... More
Man-in-the-MiddleWhat is a Man-in-the-Middle Attack? A Man-in-the-Middle (MitM) cyberattack is a threat where an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly... More
MFAWhat is Multi-Factor Authentication? Multi-Factor Authentication (MFA) is a robust security method that enhances digital identity verification by requiring users to provide multiple authentication mechanisms before gaining access to a... More

Natural Language ProcessingWhat is Natural Language Processing (NLP)? Natural Language Processing (NLP) is a field that bridges computational linguistics and artificial intelligence (AI), focusing on the interaction between human language and computers.... More

OAuth 2.0What is OAuth 2.0? OAuth 2.0, or Open Authorization 2.0, is the industry standard protocol that enables users to share selected resources with third parties without giving them their credentials. OAuth...
Online Fraud Prevention (OFP)What is Online Fraud Prevention (OFP)?Online fraud prevention (OFP) is a set of best practices designed to keep users safe when using the Internet. It entails a list of “dos”... More
Open Web Application Security Project (OWASP)What is the Open Web Application Security Project? Cybersecurity is a major topic to tackle, and many organizations have been established over the years to ensure the security of various... More
Original Equipment Manufacturer (OEM) An Original Equipment Manufacturer (OEM) is a company that produces components, products, or systems used as parts in another company’s final product. In many industries, particularly technology and electronics, OEMs... More

PCI DSSPCI DSS stands for Payment Card Industry Data Security Standard. It is a set of security best practices developed to ensure the secure handling of credit and payment card data. More
Penetration TestWhat is a Penetration Test? A penetration test, also called a pen test, is a simulated cyberattack on a computer system, network, or application. The test is conducted by security... More
Personally Identifiable Information (PII)What is Personally Identifiable Information (PII)? Personally Identifiable Information (PII) is data that can be used to distinguish an individual’s identity. These can include identifiers that pinpoint the person exactly,... More
PhishingWhat is Phishing? Phishing is a type of cyberattack in which attackers send fraudulent communications, or direct people to counterfeit websites in order to trick those individuals into revealing sensitive... More
Phishing-Resistant MFAWhat is phishing-resistant MFA? Phishing-resistant Multi-Factor Authentication (MFA) is an authentication method that prevents malicious activity typically brought about through phishing scams. It doesn't use shared codes or secrets at... More
Protected Health Information (PHI)What is PHI?Protected Health Information (PHI) is any identifying material that relates to an individual’s past, present or future health. This can include medical history, diagnoses, lab results, medication lists,... More

QishingWhat is Qishing?Qishing, also known as quishing, is a form of phishing that uses QR (Quick Response) codes to deceive the victim. Rather than launching a phishing attack with a... More
Quantum ComputingWhat is Quantum Computing? Quantum computing is a cutting-edge field that leverages the principles of modern physics to perform operations significantly faster than classical computers. Classical computers, including the laptops,... More

RansomwareWhat is Ransomware? Ransomware is a type of cyberattack in which the attacker infects a computer with malicious software that encrypts the victim's data. The computer usually becomes locked, presenting... More
Ransomware as a Service (RaaS)What is Ransomware as a Service (RaaS)?Ransomware as a Service (RaaS) is an illegal business model in which ransomware authors lease their malicious tools to affiliates in exchange for a... More
Regulatory ComplianceWhat is Regulatory Compliance? Regulatory compliance refers to the act of adhering to the laws, directives, and requirements set forth by governmental bodies and industry authorities that pertain to a... More
Runtime Application Self-Protection (RASP)What is Runtime Application Self-Protection (RASP)? RASP addresses threats within applications at the code level. This technology is embedded within the application itself and provides real-time protection against threats as... More

Secure File Transfer (SFT)What is Secure File Transfer (SFT)? Secure File Transfer (SFT) refers to the process of transmitting digital files between two or more parties in a manner that guarantees the confidentiality,... More
Secure Sockets Layer (SSL)What is Secure Sockets Layer (SSL)? Secure sockets layer is a digital security technology that establishes an encrypted link between a web server and a browser. This link ensures that... More
Security StrategyWhat is a Security Strategy? A security strategy is a comprehensive plan that outlines how an organization will protect its digital and physical assets from threats and vulnerabilities. It encompasses... More
Skimming DevicesWhat are Skimming Devices? Skimming devices are illicit tools used to capture data from magnetic stripe cards, allowing criminals to clone or misuse card information for fraudulent purposes. Understanding skimming... More
Social EngineeringWhat is Social Engineering? Social engineering is a manipulative tactic cybercriminals use to deceive individuals into divulging confidential information or performing actions that compromise security. Unlike technical attacks, which exploit... More
SpoofingWhat is Spoofing? Spoofing is an attack method whereby bad actors masquerade as someone or something else to win a victim’s trust. Their motivation is to gain access to systems,... More
SQL and NoSQLWhat are SQL and NoSQL? When selecting a modern database, one of the most important decisions is whether to use a Structured Query Language (SQL) or Not Only Structured Query Language... More
Static Application Security Testing (SAST)What is Static Application Security Testing (SAST)? A type of application testing that analyzes the source code of an application for vulnerabilities without executing the program. SAST tools scan code... More

Threat IntelligenceWhat is Threat Intelligence?Also known as cyber threat intelligence or simply threat intel, threat intelligence is the body of evidence-based knowledge that can be used to inform organizations of threat... More
TokenizationWhat is Tokenization? Tokenization is a data security technique that replaces sensitive information with non-sensitive substitutes, known as tokens. These tokens are useless to cybercriminals as they do not hold... More
Transport Layer Security (TLS)What is Transport Layer Security (TLS)? Transport Layer Security (TLS) is a commonly used cryptographic protocol for secure data transmission across networks. Whether a user is logging into a website,... More

Undetected Privilege EscalationWhat is Undetected Privilege Escalation? Undetected privilege escalation occurs when an attacker infiltrates a network without being noticed and elevates their access rights to inflict damage on more highly guarded systems... More
User and Entity Behavior Analytics (UEBA)What is UEBA? User and Entity Behavior Analytics (UEBA) is a cybersecurity approach that focuses on monitoring and analyzing human, application, and device-generated network activities to detect anomalies and potential... More

Vendor-NeutralWhat is Vendor-Neutral? Vendor-neutral is a cybersecurity solution, service, specification, or strategy not controlled by, biased towards, or tied to any specific vendor. The term encapsulates all concepts that work... More
Vulnerability ManagementWhat is Vulnerability Management? Vulnerability management refers to identifying, assessing, prioritizing, mitigating, and monitoring security vulnerabilities in computer systems, software, networks, and applications. Vulnerability management aims to proactively identify and... More

Zero TrustWhat is Zero Trust? Security measures and tools have historically been focused on fortifying defenses in an effort to keep outsiders from gaining access to an organization’s network, but this... More