Glossary

Access keys are programmable ways to define or restrict access for users. An access key, generated by an API, can be defined by role or other parameters to ensure that the access allowed is situation-specific and legitimate.

Account takeover is a type of cyberattack in which hackers overtake security provisions in place and assume control of an account. This is often the result of data breaches, when cybercriminals steal usernames, passwords, and other personally identifiable information (PII).

A Microsoft application, Active Directory serves as a gatekeeper to ensure users are matched with the correct level of access permissions appropriate for their defined profiles.

The attack surface is the collective points of vulnerability between and across applications and network systems that put a system at risk of cyberattack.

An attack vector is a means for exploiting a computer system that places it, its network, and the sensitive information it contains at risk of a data breach.

Automated remediation is automatic protective actions that are triggered by predefined alerts or scenarios to address cybersecurity concerns.

Automated security are processes that rely on technology and artificial intelligence (AI), while minimizing human involvement, to implement security protocols, safeguard systems, and maintain network health.

A cloud access security broker (CASB) sits between cloud application providers and users, offering visibility and control over data, activities and security.

CASBs typically offer encryption, access control, threat protection, and monitoring, helping organizations enforce security policies and ensure compliance. This aids in protecting sensitive data as it moves between on-premises devices and multiple cloud environments.

Like the EU’s GDPR regulation, the California Consumer Privacy Act (CCPA) was developed to give consumers more control over how businesses use their personal data. Specifically, it establishes the rights for consumers to:

• Know about the personal information a business collects about them and how it is used and shared;
• Delete personal information collected from them (with some exceptions);
• Opt-out of the sale of their personal information; and
• Avoid discrimination for exercising their CCPA rights

A software development approach that is based entirely on cloud computing, cloud native development is typically adopted by businesses seeking to drive agility.

Unlike SaaS Security Posture Management (SSPM), which centers around automating security for SaaS applications, CSPM focuses on securing the posture management of the assets and resources that comprise cloud infrastructure.

Configuration and posture management is the practice of assessing and testing the security of an organization’s software and application configurations in conjunction with the overall risk management of the IT infrastructure.

Configuration drift is a security risk that can happen when software and application updates are rolled out without corresponding adjustments throughout the tech stack. It can also happen when changes are made to devices without consideration for follow-on impact within the IT system.

A configuration management database (CMDB) is a centrally located storage tool for information about dependencies between components of organizational IT infrastructure. These are referred to as configuration items (CIs) and include hardware, software, and individual network elements such as routers and machines.

A CMDB (configuration management database) provides a comprehensive view of these relationships and a single source of truth for managing and tracking changes, troubleshooting, and a deeper overall view into the organizational IT environment.

Continuous threat exposure management (CTEM) is a security management process that exposes an organization’s assets, systems, and networks to ongoing attack simulations to uncover security risks and identify vulnerabilities.

A data breach occurs when a cyber intruder penetrates the security system of an organization and is able to access sensitive information.

a subtype of data loss. Data leakage occurs when sensitive data is exposed to the public, typically due to errors in configuration. Negligence, malicious intent, and human error can all play a role in data leaking, but a close focus on secure configuration can help prevent it.

Data leakage is a subtype of data loss. Data leakage occurs when sensitive data is exposed to the public, typically due to errors in configuration. Negligence, malicious intent, and human error can all play a role in data leaking, but a close focus on secure configuration can help prevent it.

Data Loss Prevention (DLP) is an approach that includes processes, policies, software, and other technologies to keep data safe from unauthorized access, destruction, or theft. It also applies to preventing employees from sharing sensitive content outside the corporate network.

DevOps is a philosophical approach that knits the development of software (Dev) with the deployment by IT operations (Ops). The purpose is to create rapid, agile workflows that shorten the development cycle while yielding high quality software.

Based on DevOps, DevSecOps is an approach that integrates security from the beginning of the development cycle, versus overlaying it after the fact.

The Federal Information Security Management Act (FISMA) is a U.S. federal law that was enacted in 2002 to hold federal agencies accountable for securing the information and information systems they are responsible for. Agency officials and officers are required to develop, document, and implement specific controls and conduct annual reviews of their security programs.

General Data Protection Regulation (GDPR) is a set of governing rules in Europe that is designed to give consumers control over their personal information. It prescribes specific guidance for how businesses can handle consumer data and includes hefty fines for organizations that don’t comply. 

The Gramm-Leach-Bliley Act (GLBA) is U.S. legislation enacted in 1999 that requires financial institutions to both disclose to consumers how their data is shared and to secure all sensitive information.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect patients and their data. While it was designed to prevent healthcare fraud and abuse, it also aimed to guarantee that health information remains secure and private.

A hybrid workforce includes employees that work remotely and in-office. The nature of this setup can expand an organization’s attack surface.

Identity and Access Management is a methodology that governs which individuals can access specific resources and data. IAM is integral to meeting compliance regulations and reducing risk across disparate systems.

Identity based microsegmentation is a practice in which workloads, devices, networks, or communication requests (versus workers) are assigned identity privileges to dictate what resources can be accessed. This approach is based on zero trust policy and can prevent lateral movement of cyber attackers in the network.

An identity provider is an entity that is relied upon for managing user identities and issuing credentials.

Intrusion detection is a practice that monitors inbound and outbound network traffic for suspicious activity and threats. Intrusion detection systems with sensors on the network are called NIDS (network intrusion detection systems), while intrusion detection systems that have sensors planted on devices are called HIDS (host intrusion detection systems). NIDS monitor and analyze in real-time, while HIDS look at historical data, typically on machines that aren’t expected to have changes.

Like an intrusion detection system, Intrusion Prevention is focused on preemptive activity. It scans for potential malicious activity or policy violations to ensure a strong line of defense.

ISO/IEC 27001 provides requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using these standards enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties. 

The IT stack is the sum of applications, software, and IT elements that comprise the IT system in a network.

The IT team is responsible for installing, implementing, and managing technology across the entire network system of an organization.

Identity Threat Detection and Response (ITDR) refers to a cybersecurity approach focused on identifying, detecting, and mitigating threats targeting identity and access management (IAM) systems. ITDR specifically aims to address the growing risks associated with compromised identities, which are often a critical attack vector in data breaches and other security incidents.

Live environments are in real-time use by active business users.

Malware is malicious software created by cybercriminals.

A misconfiguration occurs when software or systems have been set up incorrectly, perhaps with default settings that are not appropriate for the organization. This becomes especially important when connected through the cloud, making misconfigurations a common risk for cyberattack.

MFA is an approach to ensure appropriate access for individuals seeking data or use of applications, which requires at least two layers of proof of identity.

The National Institute of Standards and Technology is part of the U.S. Department of Commerce. NIST measurements support the smallest of technologies to the largest and most complex of human-made creations — from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.

Open Authorization (OAuth) is an open standard authorization protocol for access delegation. It’s a secure way for users to grant access to their personal information on a website with another website or application without sharing their password. For example, logging in to a website using your Google or Facebook account.

The Payment Card Industry and Data Security Standard (PCI-DSS) requires organizations that work with credit cards to implement security measures to protect cardholder data and prevent credit card fraud.

Pentesting is a method for testing the strength of a company’s security posture, which engages a team to launch cyberattacks on the network to test for vulnerabilities. Most security experts caution against over-reliance on pentests at the expense of ongoing security measures because it simply provides a snapshot of security posture at a single point in time.

Personally Identifiable Information is any information that is associated with a person’s identity and which can be used to profile an individual. Examples include name, address, email address, cell phone number, and other sensitive details. This type of data is sought after by cyber attackers in data breaches for the purpose of stealing identities and/or selling the information on the dark web.

Phishing is an approach to stealing identities or sensitive information based on social engineering. Cybercriminals will pose as friends, family members, or businesses in an attempt to capture personal or account information for fraudulent activity.

A posture assessment provides a holistic view of an organization’s security readiness, based on the sum of cataloged vulnerabilities, security technologies and processes in place, and the overall ability to detect and respond to threats or attacks.

Privileged access is an IT term that refers to an elevated level of access to accounts, data, or applications beyond what standard users can access.

Role-Based Access Control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC helps ensure that employees access only the information they need to do their jobs and prevents them from accessing information that isn’t relevant to their role. Roles could include “end user,” “administrator,” “executive,” and more.

SaaS is the acronym for Software as a Service, a usage model where software is hosted in the cloud by a third party and accessed on demand, via subscription.

An attack vector is a means for exploiting a computer system that places it, its network, and the sensitive information it contains at risk of a data breach. A SaaS attack targets software-as-a-service (SaaS) applications or services provided over the internet. Unlike traditional software installed on individual devices or local servers, SaaS applications are hosted on cloud servers and accessed through web browsers. This centralized nature introduces distinct security challenges and vulnerabilities.

SaaS platforms and providers must each adhere to standards relevant to their business and industry, such as data protection laws, industry regulations, security guidelines, and contractual agreements to achieve Software as a Service (SaaS) compliance. For example, this includes protecting user data, maintaining customer privacy, and following any requirements that set industry norms. SaaS compliance is crucial for building customer trust, avoiding liability, and ensuring service integrity.

SaaS identity management allows security teams to control access to SaaS applications. These tools and processes are critical to maintaining compliance, efficiency, and security for digital operations.

Strong SaaS identity management enables authorized employees to access only the resources they need at critical times for valid, job-related reasons—and limits access there. The goal is to reduce unmanaged and insecure access to sensitive data.

SaaS security management is a methodology that accounts for the dynamic nature of SaaS environments and provides security solutions that pick up where traditional security technologies leave off.

SSPM is a suite of solutions that helps discover, protect, and monitor third party SaaS applications and platforms to prevent security concerns, like misconfigurations.

A sandbox is an isolated area of the network that is set up as a test environment and designed to mirror the end user network environment. It is used to test code or inspect potential threats.

Instituted in 2002, SOX is a U.S. regulation designed to protect investors from accounting fraud by requiring specific practices in financial reporting and record keeping.

SecOps is a collaborative approach that joins Security and IT to eliminate silos and fortify cross-functional workflows for more secure platforms and computing environments.

Security posture is the state of how secure or vulnerable an organization is, based on security solutions in play, processes in place, and awareness of existing risks and vulnerabilities.

The Security Team is the group within an organization responsible for testing and maintaining the security of the company’s network infrastructure and building or sourcing solutions. It is responsible for setting policy, as well as investigating suspicious cyber activities. Because there is a lot of ground to cover with limited resources, security teams often rely on automated solutions in SaaS environments.

Sensitive data is classified or confidential information, including PII, that must be protected to prevent harm to companies or individuals. With the rise in data breaches over the past decade, government regulations have been put in place to hold companies accountable for safeguarding sensitive data. 

Shadow IT refers to software, applications, devices, and other technologies that are used or deployed without the knowledge or authorization of the IT team.

The Shared Responsibility Model is a practice championed by government and industry that calls for the responsibility of cloud security to be shared by cloud providers, product vendors, and customers, based on the security measures that fall under their control. With SaaS, the application provider assumes responsibility for the physical infrastructure, network, OS, and application, while the customer is responsible for data and identity management.

These are acronyms for the terms Secure Socket Layer and Transport Layer Security, which are encryption protocols designed to ensure secure communications across the internet. TLS runs in the application layer and replaced SSL in 1999. It was created for privacy and data integrity between computer applications that communicate with one another. 

SSO is an acronym for Single Sign-On, which is a method that allows users to log in to multiple applications and services with a single authentication.

An application developed by a business that is not the same manufacturer as the device the app is used on. For example, a music streaming service like Spotify, used on a mobile phone.

Threat detection is the ability to identify and analyze malicious activity on the network to prevent a cyberattack from gaining entry and inflicting harm. Accuracy is critical in threat detection, to prevent “alert fatigue” resulting from false positives.

Threat intelligence is data that helps security professionals understand emerging and existing threats, how they behave, and best practices to keep cyber risk in check. It is a pooling of evidence-based knowledge captured via tools, analysis, and observation.

Two-factor authentication requires a user to prove their identity two different ways before access to an account or computer system is allowed. For example, a password used in conjunction with a code sent to a user’s phone.

Unauthorized control is a situation where a cybercriminal has breached a system and has been able to take control.

User Entity and Behavior Analytics is a cybersecurity method that flags anomalous user activities based on profiles of their typical habits and behaviors.

Workload protection is the process of deploying policies and security measures to safeguard applications, resources, virtual machines, and the like as they communicate within the cloud. Workload protection is an integral part of posture management.

A “zero day” is an exploit by cyber attackers that takes advantage of a vulnerability that is unknown to the software provider, or through a known vulnerability that does not yet have a patch.

Zero trust is a security policy that assumes any and every device or user could be malicious and requires proper authentication before allowing access to data or services.