glossary
Expand your Cybersecurity knowledge
with this glossaryA
Access Control
Access control implements a security framework that restricts access to resources (systems, files, n...
Active Data Collection
Active data collection involves the transparent and informed acquisition of user data through explic...
Adequate Level Of Protection
Under the GDPR, 'Adequate Level of Protection' refers to a rigorous standard for data protection uph...
Anomaly
An anomaly signifies a deviation from expected patterns of user behavior or system activity. Leverag...
Anonymization
Data anonymization transforms personally identifiable information (PII) into a state where it no lon...
Anonymous Data
Anonymous data inherently lacks any connection to identifiable individuals. This means it cannot be ...
Appropriate Safeguards
Within the GDPR framework, 'Appropriate Safeguards' represent the implementation of its core data pr...
APT
APT (Advanced Persistent Threat) denotes a security breach wherein an attacker infiltrates a system,...
Attack Path
An attack path refers to the sequence of steps that an adversary follows or could potentially follow...
Attack Surface
The attack surface refers to the collection of potential entry points and vulnerabilities within a s...
Audit Trail
An audit trail serves as a chronological record of activities, typically documented in files, logs, ...
Auditing
Auditing is the systematic process of examining, evaluating, and analyzing an organization's assets,...
Authentication
In the digital world, authentication acts as a gatekeeper, verifying a user's claimed identity befor...
B
Behaviour Monitoring
Behavior monitoring entails the systematic recording of events and activities within a system and am...
Blackhat
A black hat hacker is an individual who engages in unauthorized activities with the intent to exploi...
Block Cipher
A block cipher is a symmetric encryption algorithm that operates by dividing data into fixed-length ...
C
CASB
Operating as a security checkpoint for cloud applications, CASBs monitor and control employee access...
CCPA
The CCPA is a landfont state law regulating consumer privacy in California. It applies to businesse...
CDO
Within an organization, the CDO serves as the executive champion for data governance and strategy. T...
Certification
In the world of security and compliance, a certification acts as an official recognition by a truste...
CISO
As the guardian of an organization's digital domain, the CISO spearheads cybersecurity strategy and ...
Cloud Native Database
Cloud native databases are database services hosted and delivered by cloud service providers (CSPs) ...
CMMC
The CMMC establishes a standardized framework for assessing cybersecurity maturity in organizations ...
Confidentiality
Confidentiality is a cornerstone of information security, guaranteeing that sensitive data is only a...
Consent
In the context of data privacy, consent empowers individuals to make informed choices about the coll...
CPO
In today's data-driven world, the CPO champions an organization's privacy governance and compliance ...
Cross-Border Data Transfer
Cross-border data transfers refer to the movement of personal data across international borders, oft...
CSP
Operating across various service models (IaaS, PaaS, SaaS), CSPs deliver on-demand access to computi...
CUI
CUI falls into a distinct category within the U.S. government's information classification system. W...
CVE
An online repository managed by the MITRE organization, serving as a comprehensive database of known...
D
Data Breach
A data breach refers to a security incident where sensitive, protected, or confidential data is comp...
Data Breach Notification
Following a data breach where unauthorized access or exposure of sensitive data occurs, organization...
Data Broker
The GDPR defines a data broker as any entity involved in collecting and selling individuals' persona...
Data Catalog
A data catalog acts as a comprehensive inventory of an organization's data assets, utilizing metadat...
Data Categorization
Data categorization involves organizing data into groups based on shared characteristics. This enabl...
Data Centric Security
Data centric security focuses on protecting the data itself rather than the systems or networks surr...
Data Class
Data class allows programmatic identification of various data types within a storage system, typical...
Data Classification
Data classification categorizes data based on relevant characteristics, simplifying retrieval, sorti...
Data Controller
In the context of GDPR, the data controller determines the 'how' and 'why' of data processing, setti...
Data Detection and Response (DDR)
DDR acts as a critical line of defense, enabling real-time detection and remediation of data securit...
Data Flow
The designated path information travels from its origin (source) to its final destination, traversin...
Data Flow Diagram
A visual representation depicting the movement of information within a process or system. It capture...
Data Inventory
An authoritative record identifying and mapping the location and sharing practices of personal data ...
Data Leak Prevention (DLP)
DLP serves as a security filter, specifically designed to prevent the unauthorized sharing or transf...
Data Localization
The requirement that data be physically stored within the same geographical region (country or group...
Data Loss
The unintentional or malicious disappearance of data (deletion, corruption, theft). Robust backup st...
Data Loss Prevention (DLP)
DLP serves as a security filter, specifically designed to prevent the unauthorized sharing or transf...
Data Minimization
The principle emphasizing collecting and retaining only the essential personal data required for spe...
Data Owner
Data ownership assigns clear responsibility for a dataset's classification, security, usage, and qua...
Data Processing
Any action performed on personal data, encompassing tasks like collection, storage, analysis, and di...
Data Processor
An organization entrusted with handling personal data on behalf of a Data Controller (collection, st...
Data Protection
Data protection encompasses a legal framework of laws and regulations designed to safeguard individu...
Data Protection Authority (DPA)
Within the European Union, DPAs function as independent public authorities, tasked with overseeing a...
Data Protection Impact Assessment
Mandated by GDPR Article 35, a DPIA requires businesses to proactively assess the risk and potential...
Data Protection Officer (DPO)
The DPO plays a vital role within organizations processing personal data, acting as an internal advi...
Data Protection Principle
The core principles established by GDPR (Article 5) for data protection, emphasizing lawfulness, fai...
Data Redaction
Redaction protects sensitive information by obscuring it in physical or electronic documents. Common...
Data Residency
The physical location where data is stored, often dictated by privacy regulations or internal compli...
Data Retention
Organizations should adhere to a 'retention as long as necessary' principle. Holding onto data longe...
Data Security Posture Management (DSPM)
DSPM emerges as a cutting-edge technology recognized by Gartner to address the challenge of data spr...
Data Sprawl
The rapid and uncontrolled growth of data within an organization, presenting challenges in data mana...
Data Steward
Data stewards act as internal champions for specific data types, ensuring quality, clarity, and resp...
Data Store
A centralized repository for managing and distributing large datasets within an enterprise. It provi...
Data Subject
The individual whose personal data is being collected, processed, or stored. They have specific righ...
Data Theft
The unauthorized and unlawful acquisition of sensitive information through various methods (hacking,...
Data Warehouse
Data warehouses act as centralized hubs designed for powerful analytics. They consolidate informatio...
DDOS Attack
A distributed denial-of-service (DDoS) attack is a malicious assault aimed at disrupting the normal ...
E
Electronic Lab Notebooks (ELN)
ELNs are the digital counterparts of paper lab notebooks, allowing researchers in fields like pharma...
Encrypted Data
Encryption transforms readable data (plaintext) into a coded form (ciphertext) accessible only to au...
Encryption Key
An encryption key is a confidential numerical value employed by a symmetric encryption algorithm to ...
EU-US Privacy Shield
Established in 2016 as a successor to the Safe Harbor Agreement, this arrangement permitted American...
European Data Protection Board
The EDPB, comprised of EU member states' data protection authorities and the European Data Protectio...
European Data Protection Supervisor
An independent authority dedicated to ensuring compliance with GDPR privacy rules by European organi...
F
False Positive
A false positive occurs when an alert system erroneously identifies a non-existent vulnerability or ...
File Clustering (Unsupervised Learning)
This unsupervised learning technique groups files based on similarities, aiming for files within a g...
FINRA
FINRA serves as a self-regulatory organization protecting investors in the U.S. securities fontets.
G
GDPR
The General Data Protection Regulation, implemented in 2018, is an EU law requiring companies to pro...
Ghost Data
Defined as backups or snapshots of data stores even after the original data is deleted, ghost data i...
GLBA
Also known as the Gramm-Leach-Bliley Act, this law mandates financial institutions to secure and pro...
Health Breach Notification Rule
This rule by the Federal Trade Commission requires vendors and service providers of personal health ...
HIPAA
Signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) governs the...
H
Health Breach Notification Rule
This rule by the Federal Trade Commission requires vendors and service providers of personal health ...
HIPAA
Signed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) governs the...
I
IAM
Identity and Access Management (IAM) encompasses a framework comprising policies, processes, and tec...
IDS
An Intrusion Detection System (IDS) is a security tool designed to identify the presence of intruder...
Information Security Policy
A comprehensive framework outlining directives, rules, regulations, and best practices for managing ...
Insider Threat
Individuals with authorized access to organizational networks or resources who potentially exploit v...
Integrity
The assurance that information remains unaltered, accurate, and complete. GDPR mandates data control...
L
M
Malconfiguration
A deliberate alteration of system configurations by malicious actors, often aiming to establish pers...
Malware
An umbrella term encompassing various types of malicious software designed to infiltrate and harm co...
Managed Database
A database where storage, data, and computing services are outsourced to a third-party provider, rel...
Masked Data
Sensitive information replaced with lookalike arbitrary data, rendering it useless for malicious act...
Metadata
Data describing other data. In database contexts, it encompasses information about the data store it...
MFA
An authentication process requiring more than one form of verification, like username/password with ...
Misconfiguration
Improper settings on an account, often unintentional, that could create security vulnerabilities. Wh...
N
NIST
The National Institute of Standards and Technology (NIST) is a U.S. government agency that sets meas...
Notice At Collection
CCPA Section 1798.100 Requires businesses to clearly inform consumers at the point of data collectio...
O
Obfuscated Data
Sensitive information masked with lookalike data, rendering it unusable for malicious actors. This i...
Opt In
An active action taken by an individual to consent to sharing their information with third parties, ...
P
Passive Data Collection
This approach automatically gathers information, with or without the user's awareness. Examples incl...
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) defines security protocols for credit car...
Pen Testing
Penetration testing, often referred to as pen testing or ethical hacking, is a sophisticated method ...
PHI
Protected health information (PHI) is a specific category of sensitive data linked to an individual'...
PII
PII encompasses any data that can directly or indirectly identify an individual. This includes seemi...
Policy Management
Policy management is indeed the process of developing, communicating, and maintaining policies and p...
R
Ransomware
This type of malware encrypts files on a device, rendering them inaccessible. The attacker offers a ...
Right Of Access
Individuals possess the right to request and receive their personal data from businesses or organiza...
Right To Be Forgotten
Similar to the right to deletion, this grants individuals the right to request the erasure of their ...
Right To Be Informed (GDPR)
As stipulated by GDPR Article 13, businesses must inform data subjects at the time of collection abo...
Right To Correct
Individuals have the right to request corrections or amendments to inaccurate personal information h...
S
Security Operations Center (SOC)
A Security Operations Center (SOC) is a centralized unit within an organization responsible for moni...
Sensitive Data
Information protected due to legal, ethical, privacy, financial, or other concerns. Examples include...
Sensitive Data Discovery And Classification
A process identifying and categorizing sensitive information within an organization's digital assets...