Logo
Logo

glossary

Expand your Cybersecurity knowledge with this glossary

link

A

Access Control

Access control implements a security framework that restricts access to resources (systems, files, n...

link

Active Data Collection

Active data collection involves the transparent and informed acquisition of user data through explic...

link

Adequate Level Of Protection

Under the GDPR, 'Adequate Level of Protection' refers to a rigorous standard for data protection uph...

link

Anomaly

An anomaly signifies a deviation from expected patterns of user behavior or system activity. Leverag...

link

Anonymization

Data anonymization transforms personally identifiable information (PII) into a state where it no lon...

link

Anonymous Data

Anonymous data inherently lacks any connection to identifiable individuals. This means it cannot be ...

link

Appropriate Safeguards

Within the GDPR framework, 'Appropriate Safeguards' represent the implementation of its core data pr...

link

APT

APT (Advanced Persistent Threat) denotes a security breach wherein an attacker infiltrates a system,...

link

Attack Path

An attack path refers to the sequence of steps that an adversary follows or could potentially follow...

link

Attack Surface

The attack surface refers to the collection of potential entry points and vulnerabilities within a s...

link

Audit Trail

An audit trail serves as a chronological record of activities, typically documented in files, logs, ...

link

Auditing

Auditing is the systematic process of examining, evaluating, and analyzing an organization's assets,...

link

Authentication

In the digital world, authentication acts as a gatekeeper, verifying a user's claimed identity befor...

link

Authorization

Authorization refers to the security mechanism responsible for determining and enforcing the actions...

link

Automated Processing

Automated processing streamlines data handling by employing technology to execute tasks without manu...

link

B

Behaviour Monitoring

Behavior monitoring entails the systematic recording of events and activities within a system and am...

link

Blackhat

A black hat hacker is an individual who engages in unauthorized activities with the intent to exploi...

link

Block Cipher

A block cipher is a symmetric encryption algorithm that operates by dividing data into fixed-length ...

link

Brazil General Data Protection Law

Enacted in 2018, the LGPD is a comprehensive legal framework governing personal data usage and proce...

link

Brute Force Attack

A brute force attack is a method used by hackers to gain unauthorized access to a system, network, o...

link

C

CASB

Operating as a security checkpoint for cloud applications, CASBs monitor and control employee access...

link

CCPA

The CCPA is a landfont state law regulating consumer privacy in California. It applies to businesse...

link

CDO

Within an organization, the CDO serves as the executive champion for data governance and strategy. T...

link

Certification

In the world of security and compliance, a certification acts as an official recognition by a truste...

link

CISO

As the guardian of an organization's digital domain, the CISO spearheads cybersecurity strategy and ...

link

Cloud Native Database

Cloud native databases are database services hosted and delivered by cloud service providers (CSPs) ...

link

CMMC

The CMMC establishes a standardized framework for assessing cybersecurity maturity in organizations ...

link

Confidentiality

Confidentiality is a cornerstone of information security, guaranteeing that sensitive data is only a...

link

Consent

In the context of data privacy, consent empowers individuals to make informed choices about the coll...

link

CPO

In today's data-driven world, the CPO champions an organization's privacy governance and compliance ...

link

Cross-Border Data Transfer

Cross-border data transfers refer to the movement of personal data across international borders, oft...

link

CSP

Operating across various service models (IaaS, PaaS, SaaS), CSPs deliver on-demand access to computi...

link

CUI

CUI falls into a distinct category within the U.S. government's information classification system. W...

link

CVE

An online repository managed by the MITRE organization, serving as a comprehensive database of known...

link

Cyberattack

A cyberattack refers to any endeavor to breach the security defenses of a digital environment. Such ...

link

Cybersecurity

Encompassing a vast array of practices and technologies, cybersecurity aims to protect information a...

link

D

Data Breach

A data breach refers to a security incident where sensitive, protected, or confidential data is comp...

link

Data Breach Notification

Following a data breach where unauthorized access or exposure of sensitive data occurs, organization...

link

Data Broker

The GDPR defines a data broker as any entity involved in collecting and selling individuals' persona...

link

Data Catalog

A data catalog acts as a comprehensive inventory of an organization's data assets, utilizing metadat...

link

Data Categorization

Data categorization involves organizing data into groups based on shared characteristics. This enabl...

link

Data Centric Security

Data centric security focuses on protecting the data itself rather than the systems or networks surr...

link

Data Class

Data class allows programmatic identification of various data types within a storage system, typical...

link

Data Classification

Data classification categorizes data based on relevant characteristics, simplifying retrieval, sorti...

link

Data Controller

In the context of GDPR, the data controller determines the 'how' and 'why' of data processing, setti...

link

Data Detection and Response (DDR)

DDR acts as a critical line of defense, enabling real-time detection and remediation of data securit...

link

Data Flow

The designated path information travels from its origin (source) to its final destination, traversin...

link

Data Flow Diagram

A visual representation depicting the movement of information within a process or system. It capture...

link

Data Inventory

An authoritative record identifying and mapping the location and sharing practices of personal data ...

link

Data Leak Prevention (DLP)

DLP serves as a security filter, specifically designed to prevent the unauthorized sharing or transf...

link

Data Localization

The requirement that data be physically stored within the same geographical region (country or group...

link

Data Loss

The unintentional or malicious disappearance of data (deletion, corruption, theft). Robust backup st...

link

Data Loss Prevention (DLP)

DLP serves as a security filter, specifically designed to prevent the unauthorized sharing or transf...

link

Data Minimization

The principle emphasizing collecting and retaining only the essential personal data required for spe...

link

Data Owner

Data ownership assigns clear responsibility for a dataset's classification, security, usage, and qua...

link

Data Processing

Any action performed on personal data, encompassing tasks like collection, storage, analysis, and di...

link

Data Processor

An organization entrusted with handling personal data on behalf of a Data Controller (collection, st...

link

Data Protection

Data protection encompasses a legal framework of laws and regulations designed to safeguard individu...

link

Data Protection Authority (DPA)

Within the European Union, DPAs function as independent public authorities, tasked with overseeing a...

link

Data Protection Impact Assessment

Mandated by GDPR Article 35, a DPIA requires businesses to proactively assess the risk and potential...

link

Data Protection Officer (DPO)

The DPO plays a vital role within organizations processing personal data, acting as an internal advi...

link

Data Protection Principle

The core principles established by GDPR (Article 5) for data protection, emphasizing lawfulness, fai...

link

Data Redaction

Redaction protects sensitive information by obscuring it in physical or electronic documents. Common...

link

Data Residency

The physical location where data is stored, often dictated by privacy regulations or internal compli...

link

Data Retention

Organizations should adhere to a 'retention as long as necessary' principle. Holding onto data longe...

link

Data Security Posture Management (DSPM)

DSPM emerges as a cutting-edge technology recognized by Gartner to address the challenge of data spr...

link

Data Sprawl

The rapid and uncontrolled growth of data within an organization, presenting challenges in data mana...

link

Data Steward

Data stewards act as internal champions for specific data types, ensuring quality, clarity, and resp...

link

Data Store

A centralized repository for managing and distributing large datasets within an enterprise. It provi...

link

Data Subject

The individual whose personal data is being collected, processed, or stored. They have specific righ...

link

Data Theft

The unauthorized and unlawful acquisition of sensitive information through various methods (hacking,...

link

Data Warehouse

Data warehouses act as centralized hubs designed for powerful analytics. They consolidate informatio...

link

DDOS Attack

A distributed denial-of-service (DDoS) attack is a malicious assault aimed at disrupting the normal ...

link

Defense Industrial Base

The DIB encompasses companies crucial to the U.S. military's operations, providing research, product...

link

Digital Rights Management (DRM)

DRM encompasses a set of access control technologies designed to safeguard confidential information,...

link

E

Electronic Lab Notebooks (ELN)

ELNs are the digital counterparts of paper lab notebooks, allowing researchers in fields like pharma...

link

Encrypted Data

Encryption transforms readable data (plaintext) into a coded form (ciphertext) accessible only to au...

link

Encryption Key

An encryption key is a confidential numerical value employed by a symmetric encryption algorithm to ...

link

EU-US Privacy Shield

Established in 2016 as a successor to the Safe Harbor Agreement, this arrangement permitted American...

link

European Data Protection Board

The EDPB, comprised of EU member states' data protection authorities and the European Data Protectio...

link

European Data Protection Supervisor

An independent authority dedicated to ensuring compliance with GDPR privacy rules by European organi...

link

Exact Matching

In queries, algorithms, or searches, an exact match signifies a 100% concordance between the search ...

link

Exfiltration

Exfiltration describes the unauthorized transfer of data from a computer or network, potentially con...

link

F

False Positive

A false positive occurs when an alert system erroneously identifies a non-existent vulnerability or ...

link

File Clustering (Unsupervised Learning)

This unsupervised learning technique groups files based on similarities, aiming for files within a g...

link

FINRA

FINRA serves as a self-regulatory organization protecting investors in the U.S. securities fontets.

link

Firewall

A firewall is a security measure, which can be implemented as either a hardware or software solution...

link

Fuzzy Matching

Unlike exact matching, this method scores data matches from 0 to 100 based on the degree of similari...

link

G

GDPR

The General Data Protection Regulation, implemented in 2018, is an EU law requiring companies to pro...

link

Ghost Data

Defined as backups or snapshots of data stores even after the original data is deleted, ghost data i...

link

GLBA

Also known as the Gramm-Leach-Bliley Act, this law mandates financial institutions to secure and pro...

link

Health Breach Notification Rule

This rule by the Federal Trade Commission requires vendors and service providers of personal health ...

link

HIPAA

Signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) governs the...

link

HITECH

The Health Information Technology for Economic and Clinical Health Act, enacted in 2009, builds upon...

link

Honeypot

A honeypot is a deceptive mechanism designed to lure and divert attackers away from genuine producti...

link

H

Health Breach Notification Rule

This rule by the Federal Trade Commission requires vendors and service providers of personal health ...

link

HIPAA

Signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) governs the...

link

HITECH

The Health Information Technology for Economic and Clinical Health Act, enacted in 2009, builds upon...

link

Honeypot

A honeypot is a deceptive mechanism designed to lure and divert attackers away from genuine producti...

link

I

IAM

Identity and Access Management (IAM) encompasses a framework comprising policies, processes, and tec...

link

IDS

An Intrusion Detection System (IDS) is a security tool designed to identify the presence of intruder...

link

Information Security Policy

A comprehensive framework outlining directives, rules, regulations, and best practices for managing ...

link

Insider Threat

Individuals with authorized access to organizational networks or resources who potentially exploit v...

link

Integrity

The assurance that information remains unaltered, accurate, and complete. GDPR mandates data control...

link

IRM

A subset of Digital Rights Management, IRM utilizes encryption and permission management to protect ...

link

ISO 27001

This international standard, first published in 2005 and revised in 2013, outlines best practices fo...

link

L

Least Privilege

A security principle granting users only the minimum access permissions necessary to fulfill their j...

link

Legal Basis For Processing

As per GDPR, data controllers must demonstrate a lawful justification for processing personal data. ...

link

LLM

Large Language Models (LLMs) represent a forefront advancement in Natural Language Processing (NLP),...

link

M

Malconfiguration

A deliberate alteration of system configurations by malicious actors, often aiming to establish pers...

link

Malware

An umbrella term encompassing various types of malicious software designed to infiltrate and harm co...

link

Managed Database

A database where storage, data, and computing services are outsourced to a third-party provider, rel...

link

Masked Data

Sensitive information replaced with lookalike arbitrary data, rendering it useless for malicious act...

link

Metadata

Data describing other data. In database contexts, it encompasses information about the data store it...

link

MFA

An authentication process requiring more than one form of verification, like username/password with ...

link

Misconfiguration

Improper settings on an account, often unintentional, that could create security vulnerabilities. Wh...

link

Misplaced Data

Occurs when data is stored in an unauthorized location, exposing it to potential leaks, breaches, an...

link

Negligence

Negligence in Data Security/Privacy is Failure to fulfill the legal obligation to protect personal i...

link

N

NIST

The National Institute of Standards and Technology (NIST) is a U.S. government agency that sets meas...

link

Notice At Collection

CCPA Section 1798.100 Requires businesses to clearly inform consumers at the point of data collectio...

link

NPI

Nonpublic personal information (NPI) refers to confidential data about individuals not publicly avai...

link

NYDFS Cybersecurity Regulation

Established by the New York Department of Financial Services (NYDFS), this regulation mandates finan...

link

O

Obfuscated Data

Sensitive information masked with lookalike data, rendering it unusable for malicious actors. This i...

link

Opt In

An active action taken by an individual to consent to sharing their information with third parties, ...

link

Opt Out

An individual's choice to stop receiving information or sharing data with an organization, either ex...

link

OWASP

The Open Web Application Security Project (OWASP) is a prominent online community dedicated to enhan...

link

P

Passive Data Collection

This approach automatically gathers information, with or without the user's awareness. Examples incl...

link

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) defines security protocols for credit car...

link

Pen Testing

Penetration testing, often referred to as pen testing or ethical hacking, is a sophisticated method ...

link

PHI

Protected health information (PHI) is a specific category of sensitive data linked to an individual'...

link

PII

PII encompasses any data that can directly or indirectly identify an individual. This includes seemi...

link

Policy Management

Policy management is indeed the process of developing, communicating, and maintaining policies and p...

link

Purpose Limitation (CCPA)

As mandated by CCPA Section 1798.100, businesses must restrict personal information (PI) usage to th...

link

Pseudonymization

Data pseudonymization acts as a crucial shield for sensitive information, replacing identifiable ele...

link

R

Ransomware

This type of malware encrypts files on a device, rendering them inaccessible. The attacker offers a ...

link

Right Of Access

Individuals possess the right to request and receive their personal data from businesses or organiza...

link

Right To Be Forgotten

Similar to the right to deletion, this grants individuals the right to request the erasure of their ...

link

Right To Be Informed (GDPR)

As stipulated by GDPR Article 13, businesses must inform data subjects at the time of collection abo...

link

Right To Correct

Individuals have the right to request corrections or amendments to inaccurate personal information h...

link

Right To Deletion

This grants individuals the right to request and obtain the deletion of their personal data from bus...

link

Risk Assessment (Cyber Security)

A systematic process identifying and analyzing vulnerabilities and potential threats within an organ...

link

S

Security Operations Center (SOC)

A Security Operations Center (SOC) is a centralized unit within an organization responsible for moni...

link

Sensitive Data

Information protected due to legal, ethical, privacy, financial, or other concerns. Examples include...

link

Sensitive Data Discovery And Classification

A process identifying and categorizing sensitive information within an organization's digital assets...

link

Sensitive Information

Data requiring safeguards to prevent unauthorized access, protecting individuals or organizations. A...

link

Sensitive Personally Identifiable Information

Sensitive Personally Identifiable Information (PII) includes any data that can be used to identify a...

link

T

Tokenized Data

A security technique that replaces sensitive data with a non-sensitive 'token.' This token acts as a...

link

U

Unstructured Data

Unlike structured data with a defined format, unstructured data lacks a predetermined organization o...

link

Unmanaged Data Stores

Unlike cloud-based services with managed options, unmanaged data stores require complete support fro...

link

V

Vulnerability

A vulnerability is a weakness in an internal control, system security procedure, information system,...

link

W

Whaling

Whaling, a targeted phishing attack, specifically hooks high-value individuals or key decision-maker...

link

Z

Zero Trust

Zero Trust is a security model based on the principle of maintaining strict access controls and not ...

link