Security Glossary
Common cybersecurity terms and acronyms explained
Zero Trust ZT
A security model based on the principle of "never trust, always verify." It requires strict identity verification for every person and device trying to access resources, regardless of whether they're inside or outside the network perimeter.
ArchitectureMulti-Factor Authentication MFA
A security mechanism that requires users to provide two or more verification factors to gain access to a resource. These factors typically include something you know (password), something you have (phone/token), and something you are (biometrics).
IdentitySecurity Information and Event Management SIEM
A solution that collects, analyzes, and correlates security data from across an organization's IT infrastructure to detect threats, ensure compliance, and manage security incidents.
OperationsEndpoint Detection and Response EDR
Security solutions that monitor endpoints (computers, phones, servers) for suspicious activities, providing visibility, threat detection, investigation, and response capabilities.
Endpoint SecurityExtended Detection and Response XDR
An evolution of EDR that integrates data from multiple security layers (endpoint, network, cloud, email) to provide a unified view of threats and enable coordinated response across the entire security stack.
OperationsIdentity and Access Management IAM
A framework of policies and technologies for ensuring that the right users have appropriate access to technology resources. It includes user provisioning, authentication, authorization, and identity governance.
IdentityPrivileged Access Management PAM
Security solutions that manage and monitor privileged accounts and access to critical systems. PAM helps organizations protect against threats that exploit privileged credentials.
IdentityCloud Security Posture Management CSPM
Tools that automate the identification and remediation of risks across cloud infrastructures, including IaaS, SaaS, and PaaS. CSPM helps ensure cloud environments comply with security best practices and regulatory requirements.
Cloud SecuritySecurity Orchestration, Automation, and Response SOAR
Platforms that combine incident response, orchestration, automation, and threat intelligence to help security teams respond to incidents more efficiently and consistently.
OperationsJust-In-Time Access JIT
A security practice where privileged access is granted only when needed and for the minimum time necessary. This reduces the attack surface by eliminating standing privileged accounts.
IdentitySecurity Operations Center SOC
A centralized unit that deals with security issues on an organizational and technical level. SOC teams monitor, detect, investigate, and respond to cyber threats around the clock.
OperationsAdvanced Persistent Threat APT
A sophisticated, sustained cyberattack in which an intruder establishes an undetected presence in a network to steal sensitive data over an extended period. APTs are typically nation-state or state-sponsored groups.
ThreatsCommon Vulnerabilities and Exposures CVE
A publicly disclosed cybersecurity vulnerability database. Each CVE has a unique identifier (CVE-YYYY-NNNNN) that security professionals use to reference specific vulnerabilities.
VulnerabilitiesIndicators of Compromise IOC
Pieces of forensic data that identify potentially malicious activity on a system or network. IOCs include IP addresses, file hashes, domain names, and behavioral patterns associated with threats.
Threat IntelligenceMean Time to Detect MTTD
A key performance metric measuring the average time it takes to discover a security incident or breach. Lower MTTD indicates more effective threat detection capabilities.
MetricsMean Time to Respond MTTR
A metric measuring the average time from detection of a security incident to its resolution. Reducing MTTR is critical for minimizing the impact of security breaches.
MetricsRole-Based Access Control RBAC
An access control method that assigns permissions to users based on their role within an organization. Users can only access the information and resources necessary for their job functions.
IdentitySingle Sign-On SSO
An authentication scheme that allows users to log in with a single ID to multiple related but independent software systems. SSO improves user experience while maintaining security.
IdentitySecure Access Service Edge SASE
A cloud architecture that combines network security functions (SWG, CASB, FWaaS, ZTNA) with WAN capabilities to support secure access needs of organizations with distributed users and resources.
ArchitectureCloud Access Security Broker CASB
Security solutions that sit between cloud service consumers and providers to enforce security policies, providing visibility, compliance, data security, and threat protection for cloud applications.
Cloud SecurityData Loss Prevention DLP
A set of tools and processes used to ensure sensitive data is not lost, misused, or accessed by unauthorized users. DLP solutions detect and prevent data breaches and exfiltration.
Data SecurityBusiness Email Compromise BEC
A type of phishing attack where criminals impersonate executives or trusted business partners to trick employees into transferring money or revealing sensitive information.
ThreatsInfrastructure as Code IaC
The practice of managing and provisioning computing infrastructure through machine-readable configuration files rather than manual processes. Enables version control, testing, and consistent deployments.
DevSecOpsContinuous Threat Exposure Management CTEM
A program that continuously and consistently evaluates an organization's attack surface to identify, prioritize, and address the most critical security gaps before attackers can exploit them.
Risk ManagementAttack Surface Management ASM
The continuous discovery, inventory, classification, and monitoring of an organization's IT infrastructure to identify all potential entry points that attackers could exploit.
Risk ManagementSoftware Bill of Materials SBOM
A formal, machine-readable inventory of software components and dependencies, including libraries, modules, and their versions. Critical for supply chain security and vulnerability management.
DevSecOpsZero Trust Network Access ZTNA
A security framework that provides secure remote access to applications and services based on defined access control policies. Unlike VPNs, ZTNA grants access only to specific applications rather than entire networks.
ArchitectureManaged Detection and Response MDR
A cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. MDR providers act as an extension of an organization's security team.
OperationsTactics, Techniques, and Procedures TTPs
The patterns of activities and methods associated with specific threat actors or groups. Understanding TTPs helps defenders anticipate and counter adversary behavior.
Threat IntelligenceMITRE ATT&CK
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Used as a foundation for threat models and defensive methodologies.
Threat IntelligenceLateral Movement
Techniques attackers use to progressively move through a network after gaining initial access, searching for sensitive data and high-value assets while avoiding detection.
ThreatsCredential Stuffing
An attack where stolen username/password pairs from data breaches are automatically tested against other websites, exploiting password reuse to gain unauthorized access.
ThreatsSupply Chain Attack
A cyberattack that targets less-secure elements in a supply chain to compromise a primary target. Attackers may inject malicious code into software updates or compromise third-party vendors.
ThreatsPrinciple of Least Privilege PoLP
A security concept requiring that users, programs, and processes be granted only the minimum access rights needed to perform their functions, reducing the attack surface.
IdentitySecurity Assertion Markup Language SAML
An open standard for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider for SSO implementations.
IdentityOAuth 2.0
An authorization framework that enables applications to obtain limited access to user accounts on third-party services without exposing credentials. Commonly used for delegated authorization.
IdentityContainer Security
The practice of protecting containerized applications and their infrastructure throughout the development lifecycle, including image scanning, runtime protection, and orchestration security.
Cloud SecurityKubernetes K8s
An open-source container orchestration platform that automates deployment, scaling, and management of containerized applications. Security includes RBAC, network policies, and secrets management.
Cloud SecurityShift Left Security
The practice of integrating security testing and practices earlier in the software development lifecycle, catching vulnerabilities during development rather than in production.
DevSecOpsStatic Application Security Testing SAST
Security testing that analyzes source code, bytecode, or binaries without executing the program. Identifies vulnerabilities like SQL injection, XSS, and buffer overflows during development.
DevSecOpsDynamic Application Security Testing DAST
Security testing that analyzes running applications by simulating attacks. Unlike SAST, DAST tests the application in its deployed state to find runtime vulnerabilities.
DevSecOpsPenetration Testing Pentest
A simulated cyberattack against a system to evaluate its security. Ethical hackers attempt to exploit vulnerabilities to identify weaknesses before malicious actors can.
OperationsRed Team / Blue Team
Security exercises where a Red Team simulates real-world attacks while a Blue Team defends. Purple Team exercises combine both for collaborative improvement of security posture.
OperationsPhishing
A social engineering attack using fraudulent communications (typically email) that appear to come from reputable sources to steal sensitive data or deploy malware.
ThreatsRansomware
Malware that encrypts victim's files or systems, demanding payment (usually cryptocurrency) for the decryption key. Modern variants also exfiltrate data for double extortion.
ThreatsCommon Vulnerability Scoring System CVSS
An open framework for communicating the severity of software vulnerabilities. Scores range from 0-10, with 9.0+ considered critical. Used to prioritize remediation efforts.
VulnerabilitiesThreat Modeling
A structured approach to identifying and prioritizing potential threats to a system. Common frameworks include STRIDE, PASTA, and attack trees to systematically analyze risks.
Risk ManagementDefense in Depth
A security strategy employing multiple layers of controls throughout an IT system. If one layer fails, others continue to provide protection, creating redundancy in security measures.
ArchitectureSecurity by Design
An approach where security is built into products and systems from the beginning rather than added as an afterthought. Includes secure defaults, fail-safe mechanisms, and minimal attack surface.
ArchitectureWeb Application Firewall WAF
A security solution that monitors, filters, and blocks HTTP traffic to and from web applications. Protects against attacks like SQL injection, XSS, and CSRF by inspecting application layer traffic.
Network SecurityIntrusion Detection System IDS
A system that monitors network traffic for suspicious activity and known threats, alerting administrators when potential intrusions are detected. Can be network-based (NIDS) or host-based (HIDS).
Network SecurityEncryption at Rest
The protection of data stored on disks, databases, or other storage media by encrypting it when not actively being used. Ensures data remains protected even if physical storage is compromised.
Data SecurityEncryption in Transit
The protection of data as it moves between systems or networks using protocols like TLS/SSL. Prevents eavesdropping and man-in-the-middle attacks during data transmission.
Data SecurityIncident Response IR
The organized approach to addressing and managing the aftermath of a security breach or cyberattack. Includes preparation, detection, containment, eradication, recovery, and lessons learned.
OperationsBusiness Continuity Planning BCP
The process of creating systems and procedures to ensure critical business functions can continue during and after a disaster. Includes disaster recovery (DR) for IT systems.
Risk ManagementRecovery Point Objective RPO
The maximum acceptable amount of data loss measured in time. An RPO of 1 hour means systems must be able to recover all data up to 1 hour before a disaster.
Risk ManagementRecovery Time Objective RTO
The maximum acceptable time to restore systems after a disaster. An RTO of 4 hours means systems must be operational within 4 hours of an incident.
Risk ManagementPrompt Injection Trending
An attack against AI/LLM systems where malicious instructions are embedded in user input to manipulate the model's behavior, bypass safety controls, or extract sensitive information from the system prompt or training data.
AI SecurityLLM Security
The practice of securing Large Language Model deployments, including protecting against prompt injection, data poisoning, model theft, and ensuring safe outputs. Key concerns include hallucination risks, data leakage, and supply chain attacks on model weights.
AI SecurityAI Red Teaming
The practice of adversarially testing AI systems to discover vulnerabilities, biases, and failure modes before deployment. Includes testing for jailbreaks, harmful outputs, and misuse scenarios that traditional security testing may miss.
AI SecurityDeepfakes
AI-generated synthetic media (video, audio, images) that convincingly depicts people saying or doing things they never did. Used in social engineering, fraud, and disinformation campaigns. Detection requires specialized AI forensics tools.
AI SecurityPasskeys WebAuthn/FIDO2
A passwordless authentication standard using public-key cryptography. Credentials are stored securely on devices (phone, laptop, security key) and never transmitted to servers, eliminating phishing and credential theft risks.
IdentityCloud Infrastructure Entitlement Management CIEM
Security solutions that manage identities and access entitlements in cloud environments. CIEM helps organizations discover, monitor, and remediate excessive permissions that create security risks across multi-cloud deployments.
Cloud SecuritySecrets Management
The practice of securely storing, distributing, and rotating sensitive credentials like API keys, passwords, certificates, and tokens. Tools like HashiCorp Vault and AWS Secrets Manager prevent secrets from being hardcoded or exposed.
DevSecOpsPolicy as Code PaC
The practice of defining and managing security and compliance policies in code, enabling version control, automated testing, and consistent enforcement. Tools like Open Policy Agent (OPA) and Sentinel enable declarative policy definitions.
DevSecOpseBPF Security
Using extended Berkeley Packet Filter (eBPF) technology for security observability and enforcement at the Linux kernel level. Enables deep visibility into system calls, network traffic, and runtime behavior without modifying application code.
Cloud SecurityService Mesh
A dedicated infrastructure layer for managing service-to-service communication in microservices architectures. Provides mTLS encryption, traffic management, and observability. Popular implementations include Istio, Linkerd, and Consul Connect.
ArchitectureFirewall as a Service FWaaS
A cloud-delivered firewall service that provides next-generation firewall capabilities including intrusion prevention, URL filtering, and advanced threat protection without on-premises hardware. A core component of SASE architectures.
Network SecurityFuzzing
An automated software testing technique that discovers vulnerabilities by feeding invalid, unexpected, or random data as inputs to a program. Helps identify memory leaks, crashes, and security flaws that traditional testing might miss.
DevSecOpsGenerative AI Security GenAI Security
The practice of securing generative AI systems and protecting against AI-enabled threats. Includes defending against prompt injection, data poisoning, model theft, and managing risks from shadow AI adoption across organizations.
AI SecurityGovernance, Risk, and Compliance GRC
An integrated approach to organizational governance, enterprise risk management, and regulatory compliance. GRC platforms help align IT activities with business goals while managing risk and meeting compliance requirements.
Risk ManagementHoneypot
A decoy system or resource designed to attract and detect attackers. Honeypots appear to contain valuable data or services but are isolated and monitored to study attack techniques without risking real assets. Honeytokens are the data equivalent.
Threat IntelligenceHardware Security Module HSM
A dedicated physical device that safeguards and manages cryptographic keys and provides secure cryptographic processing. HSMs provide tamper-resistant protection for sensitive operations like code signing, PKI, and payment processing.
Data SecurityHarvest Now, Decrypt Later HNDL Trending
A threat where adversaries collect encrypted data today with plans to decrypt it once quantum computers become powerful enough to break current encryption. Drives urgency for post-quantum cryptography adoption, especially for data with long-term sensitivity.
ThreatsNetwork Detection and Response NDR
Security solutions that use machine learning and behavioral analytics to detect threats in network traffic. NDR monitors east-west traffic, identifies lateral movement, and provides visibility into encrypted communications without requiring agents.
OperationsNon-Human Identity NHI Trending
Digital identities for applications, services, AI agents, and devices that execute machine-to-machine operations. NHIs include API keys, service accounts, tokens, and certificates. Now outnumbering human identities 100:1, they represent 80% of identity-related breaches.
IdentityNIST Cybersecurity Framework NIST CSF
A voluntary framework developed by NIST providing standards, guidelines, and best practices for managing cybersecurity risk. Organized around six functions: Govern, Identify, Protect, Detect, Respond, and Recover (CSF 2.0).
Risk ManagementQuishing Trending
QR code phishing attacks that trick users into scanning malicious QR codes leading to credential theft or malware. Bypasses traditional email security because QR codes appear as harmless images. Nearly 90% target login credentials.
ThreatsPost-Quantum Cryptography PQC Trending
Cryptographic algorithms designed to resist attacks from quantum computers. NIST finalized standards in 2024 including ML-KEM (key exchange) and ML-DSA (digital signatures). Organizations must transition by 2035 to protect against quantum threats.
Data SecurityUser and Entity Behavior Analytics UEBA
Security solutions that use machine learning to establish behavioral baselines for users and entities, detecting anomalies that may indicate insider threats, compromised accounts, or data exfiltration that rule-based systems would miss.
OperationsVishing
Voice phishing attacks using phone calls or voice messages to manipulate victims into revealing sensitive information. AI-generated deepfake audio now enables convincing impersonation of executives and trusted contacts.
ThreatsVulnerability Management
The continuous process of identifying, evaluating, prioritizing, and remediating security vulnerabilities in systems and software. Modern approaches use risk-based prioritization considering exploitability, asset criticality, and threat intelligence.
OperationsXSS Cross-Site Scripting
A web application vulnerability where attackers inject malicious scripts into content viewed by other users. Types include Stored XSS (persistent), Reflected XSS (non-persistent), and DOM-based XSS. Prevented through input validation and output encoding.
VulnerabilitiesYARA Rules
A pattern-matching tool used to identify and classify malware based on textual or binary patterns. Security researchers create YARA rules to detect malware families, threat actor tools, and indicators of compromise across files and memory.
Threat IntelligenceIdentity Threat Detection and Response ITDR Trending
A security framework focused on detecting and responding to identity-based attacks in real-time. ITDR monitors authentication patterns, detects credential abuse and privilege escalation, complementing EDR's endpoint focus with identity-layer protection.
IdentityCloud-Native Application Protection Platform CNAPP Trending
A unified security platform combining CSPM, CWPP, CIEM, and container security capabilities. CNAPPs protect cloud-native applications from development through runtime, providing single-pane visibility across multi-cloud environments. Gartner predicts 60% enterprise adoption by 2025.
Cloud SecurityShadow AI Trending
The unauthorized use of AI tools by employees without IT or security oversight. Creates data leakage risks when sensitive information is pasted into public AI services. 77% of employees paste data into GenAI prompts, mostly from unmanaged accounts.
AI SecurityAgentic AI Security Trending
Security practices for autonomous AI agents that can browse the web, execute code, and interact with systems with minimal human oversight. Requires identity governance for AI agents, protecting against prompt injection hijacking, and managing over-privileged tool access.
AI SecurityRansomware-as-a-Service RaaS Trending
A criminal business model where ransomware developers sell or lease their malware to affiliates who conduct attacks and share profits. Lowers barriers to entry for cybercriminals and has driven the 46% increase in ransomware attacks on critical infrastructure in 2025.
ThreatsSecurity Service Edge SSE
The security components of SASE without the networking (SD-WAN). SSE combines ZTNA, CASB, SWG, and FWaaS to secure access to web, cloud services, and private applications. Ideal for organizations that want SASE security without changing their WAN.
ArchitectureAPI Security
Practices and technologies for protecting application programming interfaces from attacks. Includes authentication, rate limiting, input validation, and monitoring. Critical as APIs become primary attack vectors, with API attacks increasing 400% in recent years.
DevSecOpsConfidential Computing
Hardware-based technology that protects data during processing by performing computations in a hardware-based trusted execution environment (TEE). Protects data-in-use, completing the encryption trilogy alongside data-at-rest and data-in-transit.
Data SecurityBreach and Attack Simulation BAS
Automated tools that continuously test security controls by simulating real-world attack techniques. Unlike periodic pentests, BAS provides ongoing validation that defenses work against current TTPs mapped to frameworks like MITRE ATT&CK.
OperationsDigital Operational Resilience Act DORA
An EU regulation (effective January 2025) requiring financial entities to ensure they can withstand, respond to, and recover from ICT-related disruptions. Mandates ICT risk management, incident reporting, resilience testing, and third-party risk oversight.
Risk Management