Glossary
Our glossary is designed to help you navigate the language of technology and cybersecurity with ease. Whether you’re a business leader, IT professional, or simply curious, these definitions provide clear explanations of key terms, concepts, and acronyms you’re likely to encounter.
2FA/MFA
2 Factor Authentication / Multi-factor Authentication
AICPA
Association of International Certified Professional Accountants
AI
Artificial Intelligence
API
Application Programming Interface
AP
Access Point (wireless)
APT
Advanced Persistent Threat
BC
Business Continuity
Blockchain
A system in which a record of transactions, especially those made in a cryptocurrency, is maintained across computers that are linked in a peer-to-peer network.
BYOD
Bring Your Own Device
Cache
Refers to: 1) a region of computer memory where frequently accessed data can be stored for rapid access; or 2) a optional file on your hard drive where such data also can be stored.
CBT
Computer Based Training
Cloud Computing
The practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.
Cookie
A small piece of information you may be asked to accept when connecting to certain servers via a web browser. It is used throughout your session as a means of identifying you. A cookie is specific to, and sent only to the server that generated it.
Cybersecurity Assessment
Systematic review of cybersecurity controls and vulnerabilities to determine health of cybersecurity program
Cybersecurity Insurance
Insurance purchased to provide compensation from lost time and revenue from a cybersecurity incident
DLP
Digital Loss Prevention
DNS
Domain Name Server
Domain
A human-readable address for a website
DR
Disaster Recovery
EDR
Endpoint Detection & Response – a cybersecurity solution that continuously monitors and collects data from endpoints (like laptops and servers) to detect, investigate, contain, and remediate cyber threats such as ransomware and advanced malware
Encryption
The manipulation of data to prevent accurate interpretation by all but those for whom the data is intended
Endpoint
Typically the end user workstation
Exfil
Exfiltration
Firewall
A method of preventing unauthorized access to or from a particular network; firewalls can be implemented in both hardware and software, or both
FTP
File Transfer Protocol
Gateway
A hardware or software component that connects two different networks or systems, allowing them to communicate even if they use different protocols or have different implementations
GUI
Graphical User Interface
Hacking
The unauthorized access to or control of a computer system, network, or device
Hashing
A process that converts input data of any size into a fixed-size string of characters, called a hash value or fingerprint, using a mathematical hash function
IP Address
A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network
IoT
Internet of Things
Linux
An open-source operating system that runs on a number of hardware platforms including PCs and Macintoshes. Linux is freely available over the Internet
MDM
Mobile Device Management
MDR
Managed Detection and Response
MSP
Managed Service Provider or Managed Service Plan
MSSP
Managed Security Service Provider
NIST
National Institute of Standards and Technology
NOC
Network Operations Center
OCR
Optical Character Recognition
OS
Operating System
Patch
A piece of software code designed to update, fix, or improve existing software, an operating system, or data by addressing bugs, vulnerabilities, and other issues
Penetration (Pen) Testing
A simulated cyberattack that identifies vulnerabilities in a system, network, or application by mimicking real-world attackers’ tools and techniques
Phishing
A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person
Ransomware
A type of malicious software designed to block access to a computer system until a sum of money is paid
Registry
A crucial, hierarchical database within the Microsoft Windows operating system that stores all configuration settings for the operating system, hardware, and installed applications
Risk Assessment
A risk assessment identifies, evaluates, and prioritizes potential threats to an organization’s information systems.
Router
A networking device that connects multiple networks, such as your home network to the internet, and directs data packets to their intended destinations
RPO
Recovery Point Objective – defines the maximum amount of data an organization can afford to lose, measured in time, following a disruption or disaster
RTO
Recovery Time Objective – the maximum acceptable duration a system, network, or application can be unavailable after a failure or disaster, with the goal of resuming operations within this timeframe
SIEM
Security Information and Event Management
Server
A powerful computer on a network that provides services, resources, and data to other computers, known as clients, which request them
Smishing
The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers
SOC
Security Operations Center
Spam
Irrelevant or inappropriate messages sent on the internet to a large number of recipients
Spear Phishing
The fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information
TCP/IP
Transfer Connect Protocol / Internet Protocol
Threat Hunting
A proactive cybersecurity practice where specialized analysts and tools search networks and systems for ongoing, undetected cyber threats that have bypassed traditional security defenses
UNIX
UNiplexed Information Computing System – a family of multitasking, multi-user operating systems that originated at AT&T Bell Labs in the late 1960s
Update
A piece of software code designed to update, fix, or improve existing software, an operating system, or data by addressing bugs, vulnerabilities, and other issues
User
A user is any individual who interacts with a computer system or network.
VDI
Virtual Desktop Infrastructure
Virtualization
Technology that creates software-based, or “virtual,” versions of physical IT resources like servers, storage, networks, and operating systems, allowing multiple virtual machines to run on a single physical machine
Vishing
The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers
VM
Virtual Machine
VPN
Virtual Private Network
WAN
Wide Area Network
XDR
eXtended Detection & Response – a unified cybersecurity platform that collects and analyzes security data from multiple security layers—like endpoints, networks, cloud, and email—to provide comprehensive, automated threat detection, investigation, and response
Zero Day
A cybersecurity flaw or vulnerability that is unknown to the software vendor or developers, meaning there is no patch or fix available for it
Zero Trust
A security framework and mindset that operates on the principle of “never trust, always verify”
