Glossary of Terms
What is 2FA?
Two-factor authentication requires a user to prove their identity two different ways before access to an account or computer system is allowed. For example, a password used in conjunction with a code sent to a user’s phone.
What is a 3rd Party App (aka Third Party App)?
An application developed by a business that is not the same manufacturer as the device the app is used on. For example, a music streaming service like Spotify, used on a mobile phone.
What are Access Keys?
Access keys are programmable ways to define or restrict access for users. An access key, generated by an API, can be defined by role or other parameters to ensure that the access allowed is situation-specific and legitimate.
What is an Account Takeover?
Account takeover is a type of cyberattack in which hackers overtake security provisions in place and assume control of an account. This is often the result of data breaches, when cybercriminals steal usernames, passwords, and other personally identifiable information (PII).
What is Active Directory?
A Microsoft application, Active Directory serves as a gatekeeper to ensure users are matched with the correct level of access permissions appropriate for their defined profiles.
What is an API (Application Programming Interface)?
Also known as Application Programming Interface, an API serves as a type of translator and facilitates the connection between different programs.
What is an Attack Surface?
The attack surface is the collective points of vulnerability between and across applications and network systems that put a system at risk of cyberattack.
What is Automated Remediation?
Automated remediation is automatic protective actions that are triggered by predefined alerts or scenarios to address cybersecurity concerns.
What is Automation or Automated Security?
Automated security are processes that rely on technology and artificial intelligence (AI), while minimizing human involvement, to implement security protocols, safeguard systems, and maintain network health.
What is a CASB?
Whether on-premises or in the cloud, a Cloud Access Security Broker (CASB) is a service that is nestled between cloud services users, providers, and devices. Its purpose is to enforce security measures based on a consolidated range of policies. Because of the sweeping nature of how it operates, a CASB cannot offer comprehensive cybersecurity measures for more complex third party applications that require fluency in how they’re configured and maintained.
What is the CCPA (California Consumer Privacy Act)?
Like the EU’s GDPR regulation, the California Consumer Privacy Act (CCPA) was developed to give consumers more control over how businesses use their personal data. Specifically, it establishes the rights for consumers to:
- Know about the personal information a business collects about them and how it is used and shared;
- Delete personal information collected from them (with some exceptions);
- Opt-out of the sale of their personal information; and
- Avoid discrimination for exercising their CCPA rights
What is Cloud Native?
A software development approach that is based entirely on cloud computing, cloud native development is typically adopted by businesses seeking to drive agility.
What is Configuration Drift?
Configuration drift is a security risk that can happen when software and application updates are rolled out without corresponding adjustments throughout the tech stack. It can also happen when changes are made to devices without consideration for follow-on impact within the IT system.
What is Configuration and Posture Management?
Configuration and posture management is the practice of assessing and testing the security of an organization’s software and application configurations in conjunction with the overall risk management of the IT infrastructure.
What is Cloud Security Posture Management (CPSM)?
Unlike SaaS Security Posture Management (SSPM), which centers around automating security for SaaS applications, CSPM focuses on securing the posture management of the assets and resources that comprise cloud infrastructure.
What is a Data Breach?
A data breach occurs when a cyber intruder penetrates the security system of an organization and is able to access sensitive information.
What is Data Loss Prevention?
Data Loss Prevention (DLP) is an approach that includes processes, policies, software, and other technologies to keep data safe from unauthorized access, destruction, or theft. It also applies to preventing employees from sharing sensitive content outside the corporate network.
What is DevOps?
DevOps is a philosophical approach that knits the development of software (Dev) with the deployment by IT operations (Ops). The purpose is to create rapid, agile workflows that shorten the development cycle while yielding high quality software.
What is DevSecOps?
Based on DevOps, DevSecOps is an approach that integrates security from the beginning of the development cycle, versus overlaying it after the fact.
What is FISMA?
The Federal Information Security Management Act (FISMA) is a U.S. federal law that was enacted in 2002 to hold federal agencies accountable for securing the information and information systems they are responsible for. Agency officials and officers are required to develop, document, and implement specific controls and conduct annual reviews of their security programs.
What is GDPR?
General Data Protection Regulation (GDPR) is a set of governing rules in Europe that is designed to give consumers control over their personal information. It prescribes specific guidance for how businesses can handle consumer data and includes hefty fines for organizations that don’t comply.
What is the GLBA (Gramm-Leach-Bliley Act)?
The Gramm-Leach-Bliley Act (GLBA) is U.S. legislation enacted in 1999 that requires financial institutions to both disclose to consumers how their data is shared and to secure all sensitive information.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect patients and their data. While it was designed to prevent healthcare fraud and abuse, it also aimed to guarantee that health information remains secure and private.
What is a Hybrid Workforce?
A hybrid workforce includes employees that work remotely and in-office. The nature of this setup can expand an organization’s attack surface.
What is Identity and Access Management (IAM)?
Identity and Access Management is a methodology that governs which individuals can access specific resources and data. IAM is integral to meeting compliance regulations and reducing risk across disparate systems.
What is Identity Based Microsegmentation?
Identity based microsegmentation is a practice in which workloads, devices, networks, or communication requests (versus workers) are assigned identity privileges to dictate what resources can be accessed. This approach is based on zero trust policy and can prevent lateral movement of cyber attackers in the network.
What is an Identity Provider (IdP)?
An identity provider is an entity that is relied upon for managing user identities and issuing credentials.
What is Intrusion Detection?
Intrusion detection is a practice that monitors inbound and outbound network traffic for suspicious activity and threats. Intrusion detection systems with sensors on the network are called NIDS (network intrusion detection systems), while intrusion detection systems that have sensors planted on devices are called HIDS (host intrusion detection systems). NIDS monitor and analyze in real-time, while HIDS look at historical data, typically on machines that aren’t expected to have changes.
What is Intrusion Prevention?
Like an intrusion detection system, Intrusion Prevention is focused on preemptive activity. It scans for potential malicious activity or policy violations to ensure a strong line of defense.
What is ISO 27001?
ISO/IEC 27001 provides requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using these standards enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.
What is the IT Stack?
The IT stack is the sum of applications, software, and IT elements that comprise the IT system in a network.
What is an IT Team?
The IT team is responsible for installing, implementing, and managing technology across the entire network system of an organization.
What are live environments?
Live environments are in real-time use by active business users.
What is Malware?
Malware is malicious software created by cybercriminals.
What is a Misconfiguration?
A misconfiguration occurs when software or systems have been set up incorrectly, perhaps with default settings that are not appropriate for the organization. This becomes especially important when connected through the cloud, making misconfigurations a common risk for cyberattack.
What is Multi-Factor Authentication (MFA)?
MFA is an approach to ensure appropriate access for individuals seeking data or use of applications, which requires at least two layers of proof of identity.
What is NIST?
The National Institute of Standards and Technology is part of the U.S. Department of Commerce. NIST measurements support the smallest of technologies to the largest and most complex of human-made creations — from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.
What is OAuth?
Open Authorization (OAuth) is an open standard authorization protocol for access delegation. It’s a secure way for users to grant access to their personal information on a website with another website or application without sharing their password. For example, logging in to a website using your Google or Facebook account.
What is PCI-DSS?
The Payment Card Industry and Data Security Standard (PCI-DSS) requires organizations that work with credit cards to implement security measures to protect cardholder data and prevent credit card fraud.
What is a Pentest (aka Penetration Test)?
Pentesting is a method for testing the strength of a company’s security posture, which engages a team to launch cyberattacks on the network to test for vulnerabilities. Most security experts caution against over-reliance on pentests at the expense of ongoing security measures because it simply provides a snapshot of security posture at a single point in time.
What is Personally Identifiable Information (PII)?
Personally Identifiable Information is any information that is associated with a person’s identity and which can be used to profile an individual. Examples include name, address, email address, cell phone number, and other sensitive details. This type of data is sought after by cyber attackers in data breaches for the purpose of stealing identities and/or selling the information on the dark web.
What is Phishing?
Phishing is an approach to stealing identities or sensitive information based on social engineering. Cybercriminals will pose as friends, family members, or businesses in an attempt to capture personal or account information for fraudulent activity.
What is a Posture Assessment?
A posture assessment provides a holistic view of an organization’s security readiness, based on the sum of cataloged vulnerabilities, security technologies and processes in place, and the overall ability to detect and respond to threats or attacks.
What is Privileged Access?
Privileged access is an IT term that refers to an elevated level of access to accounts, data, or applications beyond what standard users can access.
What is RBAC?
Role-Based Access Control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC helps ensure that employees access only the information they need to do their jobs and prevents them from accessing information that isn’t relevant to their role. Roles could include “end user,” “administrator,” “executive,” and more.
What is SaaS?
SaaS is the acronym for Software as a Service, a usage model where software is hosted in the cloud by a third party and accessed on demand, via subscription.
What is SaaS Security Management (SSM)?
SaaS security management is a methodology that accounts for the dynamic nature of SaaS environments and provides security solutions that pick up where traditional security technologies leave off.
What is SaaS Security Posture Management (SSPM)?
SSPM is a suite of solutions that helps discover, protect, and monitor third party SaaS applications and platforms to prevent security concerns, like misconfigurations.
What is a Sandbox?
A sandbox is an isolated area of the network that is set up as a test environment and designed to mirror the end user network environment. It is used to test code or inspect potential threats.
What is the Sarbanes Oxley Act (SOX)?
Instituted in 2002, SOX is a U.S. regulation designed to protect investors from accounting fraud by requiring specific practices in financial reporting and record keeping.
What is SecOps?
SacOps is a collaborative approach that joins Security and IT to eliminate silos and fortify cross-functional workflows for more secure platforms and computing environments.
What is Security Posture?
Security posture is the state of how secure or vulnerable an organization is, based on security solutions in play, processes in place, and awareness of existing risks and vulnerabilities.
What is the Security Team?
The Security Team is the group within an organization responsible for testing and maintaining the security of the company’s network infrastructure and building or sourcing solutions. It is responsible for setting policy, as well as investigating suspicious cyber activities. Because there is a lot of ground to cover with limited resources, security teams often rely on automated solutions in SaaS environments.
What is Sensitive Data?
Sensitive data is classified or confidential information, including PII, that must be protected to prevent harm to companies or individuals. With the rise in data breaches over the past decade, government regulations have been put in place to hold companies accountable for safeguarding sensitive data.
What is Shadow IT?
Shadow IT refers to software, applications, devices, and other technologies that are used or deployed without the knowledge or authorization of the IT team.
What is the Shared Responsibility Model?
The Shared Responsibility Model is a practice championed by government and industry that calls for the responsibility of cloud security to be shared by cloud providers, product vendors, and customers, based on the security measures that fall under their control. With SaaS, the application provider assumes responsibility for the physical infrastructure, network, OS, and application, while the customer is responsible for data and identity management.
What is SSL/TLS?
These are acronyms for the terms Secure Socket Layer and Transport Layer Security, which are encryption protocols designed to ensure secure communications across the internet. TLS runs in the application layer and replaced SSL in 1999. It was created for privacy and data integrity between computer applications that communicate with one another.
What is SSO?
SSO is an acronym for Single Sign-On, which is a method that allows users to log in to multiple applications and services with a single authentication.
What is Threat Detection?
Threat detection is the ability to identify and analyze malicious activity on the network to prevent a cyberattack from gaining entry and inflicting harm. Accuracy is critical in threat detection, to prevent “alert fatigue” resulting from false positives.
What is Threat Intelligence?
Threat intelligence is data that helps security professionals understand emerging and existing threats, how they behave, and best practices to keep cyber risk in check. It is a pooling of evidence-based knowledge captured via tools, analysis, and observation.
What is Unauthorized Control?
Unauthorized control is a situation where a cybercriminal has breached a system and has been able to take control.
What is User Entity and Behavior Analytics (UEBA)?
User Entity and Behavior Analytics is a cybersecurity method that flags anomalous user activities based on profiles of their typical habits and behaviors.
What is Workload Protection?
Workload protection is the process of deploying policies and security measures to safeguard applications, resources, virtual machines, and the like as they communicate within the cloud. Workload protection is an integral part of posture management.
What is a Zero Day?
A “zero day” is an exploit by cyber attackers that takes advantage of a vulnerability that is unknown to the software provider, or through a known vulnerability that does not yet have a patch.
What is Zero Trust?
Zero trust is a security policy that assumes any and every device or user could be malicious and requires proper authentication before allowing access to data or services.