Essential cybersecurity terms and definitions to help you understand the industry terminology
The total sum of vulnerabilities that can be exploited to carry out a security attack, including physical and digital points where an unauthorized user can attempt to enter or extract data from an environment.
An incident where data, computer systems, or networks are accessed or affected without authorization. Common types include data breaches involving PII or PHI.
A unified security standard and certification process developed by the U.S. Department of Defense (DoD) for defense contractors to verify implementation of cybersecurity requirements.
A malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target with a flood of internet traffic from multiple sources.
Security approach that focuses on protecting end-user devices like desktops, laptops, and mobile devices from malicious activities and cyberattacks.
A network security device or software that monitors and filters incoming and outgoing network traffic based on predefined security rules.
A European Union regulation that standardizes data protection laws across the EU and addresses the transfer of personal data outside the EU and EEA areas.
U.S. legislation that provides data privacy and security provisions for safeguarding medical information and other personal health information.
Security technologies that examine network traffic flows to detect and prevent vulnerability exploits. IDS passively monitors, while IPS actively blocks threats.
An authentication method requiring users to provide two or more verification factors to gain access to a resource, typically something you know (password), something you have (security token), and something you are (biometric).
A U.S. federal agency that develops technology, metrics, and standards, including the NIST Cybersecurity Framework widely used for security program management.
Any information about health status, provision of healthcare, or payment for healthcare that can be linked to an individual and is protected under HIPAA regulations.
A type of malicious software designed to block access to a computer system or data until a sum of money (ransom) is paid, typically by encrypting data and demanding payment for the decryption key.
A cloud architecture model that combines network security functions with WAN capabilities to support the dynamic secure access needs of organizations.
A centralized function staffed by security analysts who identify, analyze, respond to, report on, and prevent cybersecurity incidents.
An auditing procedure that ensures service providers securely manage customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.
A security approach that automatically collects and correlates data across multiple security layers – email, endpoint, server, cloud workload, and network – providing holistic protection and improved threat detection and response.
A security model that requires strict identity verification for every person and device trying to access resources on a network, regardless of whether they are inside or outside the network perimeter.
Get started with a comprehensive security assessment and discover how we can protect your organization.