Adaptive Authentication is a method for selecting the right authentication factors depending on a user's risk profile and tendencies - it adapts the authentication type to each situation.
AI is technology that appears to emulate human behavior in that it can continually learn and draw its own conclusions (even based on novel or abstract concepts), engage in natural dialog with people, and / or replace people in the execution of more complex (non-routine) tasks.
An ASV is an organization deploying security services and tools (sometimes called an ASV scan solution) to conduct external vulnerability scanning services to validate adherence with the external scanning requirements of PCI DSS Requirement 11.2.2.
A growing list of records, called blocks, linked using cryptography. It is a decentralized, distributed and public digital ledger that is used to record transactions across many computers in a way that the record can’t be altered retroactively without additionally changing all successive blocks and the consent of the network.
Browser isolation removes the browsing process from the end user's desktop and moves it to a dedicated browser server (or cloud-based browser service) to confine related security threats.
A brute force attack is a trial and error method for attempting to crack a password, username or data encryption key. The term comes from the fact that the approach relies on intensive effort (“brute force”) rather than employing more sophisticated techniques.
The California Consumer Privacy Act (CCPA) is a law aimed at enhancing online privacy and consumer protection for California residents. Signed into law in 2018, CCPA is effective as of January 1, 2020. The CCPA seeks to assure Californians the right to know what personally identifiable information (PII) is being collected, to know whether the data is sold or disclosed and to whom, to control/prevent sale or disclosure of the PII and to request deletion of PII by a business.
CIS is a non-profit organization that develops Configuration Policy Benchmarks that allow businesses to improve security and compliance programs and postures.
CIA is an acronym for confidentiality, integrity and availability. Confidentiality assures information is accessible only by authorized parties; integrity makes sure information is reliable; and availability ensures data is readily accessible to the organization as it works to address its business requirements.
The Chief Information Security Officer (CISO) is a senior executive responsible for an organization’s information and data security. In this evolving role CISOs develop and run enterprise-wide processes aimed at reducing IT and business risk as well as assuring regulatory compliance. The position has historically been tasked with a predominately technical mission, but recently more sophisticated companies have begun relying on the CISO for strategic insights about how to best enable digital transformation initiates.
Cloud Security Posture Management (CSPM) concentrates on security assessment and compliance monitoring for workloads in public cloud environments. It can be used to provide a unified view across disparate cloud environments.
Cloud-Delivered Security is security technologies designed to protect critical infrastructure, applications, and data delivered as-a-service from the cloud as opposed to being installed and maintained on-prem.
CoBiT is an IT management framework first developed in 1996 published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA) to help businesses develop, organize and implement strategies around information management and governance.
A container is a software unit that packages code so applications can run quickly across multiple environments. Containerization allows applications to be developed once and easily deployed across virtually any environment regardless of operating system, virtual machine or bare metal, on-prem data centers or public cloud.
COPPA requires that the operators of websites or online services directed to children under a certain age must provide notice on the site and obtain verifiable parental consent before collecting data.
COSO is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.
Cryptomining is a system by which "miners" contribute computer processing power and get paid in cryptocurrency to validate blockchain transactions. In its malicious form, Cryptojacking is where hackers take control of a victim's computing resources to secretly mine cryptocurrency for their own benefit.
CTI is based on a collection of intelligence using Open Source Intelligence (OSINT), Social Media Intelligence (SCOMINT), Human Intelligence (HUMINT), technical intelligence or intelligence from the deep and dark web.
CVE is a program launched by MITRE, a nonprofit that operates federal government-sponsored research and development centers, to identify and catalog vulnerabilities in software or firmware into a free “dictionary” for organizations to use as a resource to improve their security.
Cybersecurity Ratings describe the strength of an organization's cybersecurity posture based on a calculated rating and/or score.
DAG is a data security technology that allows enterprises to gain visibility to sensitive unstructured data that exists across the organization, and enforce policies to control access to that data.
The Dark Web is the part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain somewhat more anonymous.
A data breach occurs when sensitive, protected, private or confidential information is stolen, copied, viewed or conveyed to an unauthorized/untrusted party or environment. Motivations for such attacks vary and include financial gain (personal or organizational), socio-political goals (hacktivism) and state-sponsored espionage.
Data Forensics – also known as Forensic Data Analysis (FDA) – refers to the study of digital data and the investigation of cybercrime. FDA may focus on mobile devices, computers, servers and other storage devices, and it typically involves the tracking and analysis of data passing through a network.
A Data lakes are centralized repositories for storing large amounts of raw data, including system data and data for reporting and advanced analytics. They may contain structured, semi-structured and unstructured data as well as images, audio and video.
DDI solutions (DNS, DHCP and IP address management) provide organizations with tools to efficiently manage IP address management (IPAM), as well as DNS and DHCP services management across the network. Many enterprises still manage IPAM manually, a process that’s time-consuming, error-prone and difficult to update.
DevSecOps has emerged as an enterprise application development best practice that embraces the inherent agility benefits of DevOps, but recognizes that the security organization needs to be integrated as an early participant in the DevOps process.
DLP is a technology and business process designed to detect and prevent violations to corporate policies regarding the use, storage, and transmission of sensitive data.
Edge computing is an open IT architecture model which distributes computation and data storage toward the “edge” of the network. Data is processed by the device itself or by a local computer or server, rather than being transmitted to a centralized data-processing warehouse. Since the edge is where data is generated, the practice improves network response and saves bandwidth.
Encryption is a method in which plaintext or other data is converted from readable form to an encoded version that can only be decrypted with a decryption key.
Endpoint security applies threat prevention, detection and response capabilities to the multitude of devices that interact with corporate networks. Endpoints can include computers, tablets, mobile devices, point-of-sale (POS) systems, and IoT devices.
In 2012, FEDRamp began providing guidance to government and corporate organizations offering a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Firewalls are network security devices or systems that monitor and regulate network traffic (incoming and outgoing) based on defined security rules.
FISMA provides a framework to ensure comprehensive measures are taken to secure federal information and assets.
FWaaS is an emerging method to deliver select firewall functionality as a cloud service as opposed to the more traditional hardware-based firewall platforms.
GDPR sets strict rules regarding the collection and processing for Personally Identifiable Information for citizens of the EU.
GBLA, more commonly known for its authors (Gramm-Leach-Bliley Act) includes provisions to protect consumers’ personal financial information held by financial institutions.
A hacker is someone who uses technical expertise to solve computing challenges. The term may refer to any skilled programmer – including “ethical hackers” – but in common contemporary usage it typically signifies a cyber criminal.
Hardware authentication is an approach to user authentication that relies on a dedicated physical device (such as a token) held by an authorized user, in addition to a basic password, to grant access to computer resources.
HITRUST is a United States non-profit that has established a Common Security Framework (CSF) (in collaboration with healthcare, technology and information security leaders) that can be used by any organization that creates, accesses, stores or exchanges sensitive and/or regulated data.
Honeypots are computers or computer systems that mimic potential cyberattack targets for the purpose of detecting intrusions and building threat intelligence by analyzing the tactics, techniques and procedures of the malicious actors.
IAM is the processes, technology, and people used to create, manage, authenticate, control, and remove the permissions a user (internal, external, and customer) has to corporate technology resources.
Cybersecurity incident management is the real-time process of identifying, managing, monitoring and analyzing computer and network security threats or incidents (which may include anything from attempted intrusions to successful compromises/data breaches) and responding appropriately.
IRM is an approach to risk management that integrates risk activities from across an organization to enable better and more sustainable strategic decision making.
The key difference between IDS and IPS lies in “detection” vs. “prevention.” Intrusion Detection Systems (IDS) monitor and scrutinize network traffic for known cyberattack signatures. Intrusion Prevention Systems (IPS), which reside between the internal network and external networks (like the Internet), reject incoming traffic when it indicates a recognized security threat profile.
IoT represents a rapidly growing class of non-traditional computing devices that are connected to the internet to drive some sort of intelligent operation.
ISO 27000 is an internationally-recognized standard of good practice for information security, ISO/IEC 27001 specifies an Information Security Management System (ISMS) a suite of activities concerning the management of information risks into an overarching management framework through which the organization identifies, analyzes and addresses its information risks.
Key risk indicator metrics articulate an organization’s level of risk and allow security and business leaders to track how the risk profile is evolving. For instance, cybersecurity operations can use metrics that analyze the threats and vulnerabilities reported by various tools.
Lateral Movement describes a common cyberattack technique where intruders, having gained initial access to a network, move through the system “sideways” (or “east-west”), looking to escalate their privileges to access high-value targets.
Malware (short for “malicious software”) describes any software developed for the purpose of infiltrating, damaging, disabling or seizing control of computers, computer systems, mobile devices and networks.
MDR is an outsourced service that leverages external experts to make the security benefits of tools such as EDR and proactive threat hunting accessible to customers of all maturity levels.
Medjacking – or medical device hijacking – refers to the hacking a critical medical device. Many devices currently in use – anything that’s linked to a wireless network – is potentially susceptible, and the hundreds of at-risk technologies include MRI systems and implantables like pacemakers and insulin pumps.
MITRE’s National Cybersecurity Federally Funded Research and Development Centers (FFRDC’s) Adversarial Tactic, Techniques, and Common Knowledge (ATT&CK) repository of collected cybersecurity data.
Machine Learning is considered to be a subset of artificial intelligence (AI), and is currently the most common application of AI.
NAC is a security technology that provides visibility and control of devices accessing a corporate network.
Network security comprises the technologies, policies and practices dedicated to monitoring, preventing and responding to illegal, malicious and unauthorized attempts to penetrate and compromise computer networks.
NIST CSF is a non-regulatory agency and a physical sciences laboratory of the United States Department of Commerce. The organization states its mission is "To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
The NYDFS Cybersecurity Regulation (23 NYCRR 500) comprises a new set of New York Department of Financial Services rules imposing strict digital security requirements on financial institutions, such as banks, mortgage companies and insurance firms. Additionally, NYCRR applies to unregulated third parties working with regulated companies. Under NYCRR affected organizations must implement a detailed cybersecurity plan, articulate wide-ranging policies and establish/operate a cybersecurity incident reporting system.
OT represents systems that are used to monitor and manage the manufacturing equipment or industrial process assets of an organization.
PAM polices privileged accounts (how administrators login to critical IT resources they must manage). Since access rights associated with admin privileges are high level, they are often the target of cyber attacks and must be uniquely secured.
The patch management process keeps computer systems and applications up to date by routinely obtaining, testing, and deploying appropriate code changes (patches) to address vulnerabilities. A good patch management process also coordinates workflow between IT and Security teams and tracks deployment status.
PCI compliance, usually refers to the PCI Data Security Standard (DSS) which is an information security standard for organizations that handle branded credit cards from the major card companies.
Penetration Testing, sometimes called ethical hacking or shortened to pen test, is an authorized attack performed to evaluate a system or application in order to find exploitable vulnerabilities so they can be proactively remediated.
PII represents information about a person that can identify them such as date of birth, social security number, credit card numbers and street address.
QSA is a PCI Security Standards Council designation applied to individuals who meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company approved PCI security and auditing firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
The ROC form must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit.
Security Assertion Markup Language is an open-standard that makes possible the exchange of authentication and authorization data between parties (such as between service and identity providers).
SD-WAN has found application within enterprises that have a significant branch office footprint to simplify the deployment and management of network services across its many locations.
SASE (pronounced sassy) is a new term coined by Gartner to describe the convergence of the WAN edge and network security.
This is a method of integrating and streamlining workflows across disparate tools to improve both security analyst efficiency and threat detection and response.
Serverless is an emerging cloud computing paradigm in which the provider runs the server and manages allocation of machine resources.
SOAR is a term developed by Gartner to describe technology platforms that aggregate security intelligence and context from disparate systems, and apply machine intelligence to streamline (or even completely automate) the incident detection and response process.
A SOC is a formalized function in a company that is staffed with domain experts (either in-house or outsourced) and focuses on preventing, detecting, analyzing, and responding to cybersecurity incidents.
Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 requires establishment and adherence to policies and procedures surrounding the security, availability, processing, integrity and confidentiality of customer data. More specifically, SOC 2 ensures that cybersecurity measures reflect up-to-date cloud requirements.
Within the cybersecurity context, social engineering describes an attempt to manipulate people into divulging confidential information or performing actions inimical to the interests of them or their organizations.
A Software Defined Perimeter is a scalable, cloud-native security framework designed to narrowly segment access to networks and systems by establishing one-to-one connections between users and required resources. SDPs are built on user identities, not IP addresses, and employ Zero Trust principles to limit network access and reduce the attack surface.
SOX is a federal law that established sweeping auditing and financial regulations for public companies.
Secure Sockets Layer (SSL), the most widely used cryptography protocol in Internet history, was designed to provide communications security over a computer network.
SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services, it enables secure, seamless and automated financial communication between users.
TPRM is the process of analyzing and controlling risks presented to an organization, its data, operations and finances by parties OTHER than the organization itself.
These are systems that apply advanced analytics including machine learning to establish a baseline for the behavior of various users and/or entities (in this case, technology elements such as servers, applications, network traffic, databases, etc.) interacting with a corporate network.
Watering hole attacks happen when an attacker targets a specific group of users by infecting websites they frequent with malware.
XSS is a computer security vulnerability normally found in web applications that allows attackers to inject client-side scripts into benign and trusted websites.
Zero Trust is an information security model based on the principle of maintaining strict access controls by not trusting anyone or any action by default, even those already inside the network perimeter. Each transaction is evaluated for need and risk.