Cybersecurity Glossary
Essential cybersecurity terms and definitions to help you understand the industry terminology
A
Attack Surface
The total sum of vulnerabilities that can be exploited to carry out a security attack, including physical and digital points where an unauthorized user can attempt to enter or extract data from an environment.
B
Breach
An incident where data, computer systems, or networks are accessed or affected without authorization. Common types include data breaches involving PII or PHI.
C
CMMC (Cybersecurity Maturity Model Certification)
A unified security standard and certification process developed by the U.S. Department of Defense (DoD) for defense contractors to verify implementation of cybersecurity requirements.
D
DDoS (Distributed Denial of Service)
A malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target with a flood of internet traffic from multiple sources.
E
Endpoint Protection
Security approach that focuses on protecting end-user devices like desktops, laptops, and mobile devices from malicious activities and cyberattacks.
F
Firewall
A network security device or software that monitors and filters incoming and outgoing network traffic based on predefined security rules.
G
GDPR (General Data Protection Regulation)
A European Union regulation that standardizes data protection laws across the EU and addresses the transfer of personal data outside the EU and EEA areas.
H
HIPAA (Health Insurance Portability and Accountability Act)
U.S. legislation that provides data privacy and security provisions for safeguarding medical information and other personal health information.
I
IDS/IPS (Intrusion Detection/Prevention System)
Security technologies that examine network traffic flows to detect and prevent vulnerability exploits. IDS passively monitors, while IPS actively blocks threats.
M
MFA (Multi-Factor Authentication)
An authentication method requiring users to provide two or more verification factors to gain access to a resource, typically something you know (password), something you have (security token), and something you are (biometric).
N
NIST (National Institute of Standards and Technology)
A U.S. federal agency that develops technology, metrics, and standards, including the NIST Cybersecurity Framework widely used for security program management.
P
PHI (Protected Health Information)
Any information about health status, provision of healthcare, or payment for healthcare that can be linked to an individual and is protected under HIPAA regulations.
R
Ransomware
A type of malicious software designed to block access to a computer system or data until a sum of money (ransom) is paid, typically by encrypting data and demanding payment for the decryption key.
S
SASE (Secure Access Service Edge)
A cloud architecture model that combines network security functions with WAN capabilities to support the dynamic secure access needs of organizations.
SOC (Security Operations Center)
A centralized function staffed by security analysts who identify, analyze, respond to, report on, and prevent cybersecurity incidents.
SOC 2 (Service Organization Control 2)
An auditing procedure that ensures service providers securely manage customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.
X
XDR (Extended Detection and Response)
A security approach that automatically collects and correlates data across multiple security layers – email, endpoint, server, cloud workload, and network – providing holistic protection and improved threat detection and response.
Z
ZTNA (Zero Trust Network Access)
A security model that requires strict identity verification for every person and device trying to access resources on a network, regardless of whether they are inside or outside the network perimeter.
Ready to Secure Your Business?
Get started with a comprehensive security assessment and discover how we can protect your organization.