📖 Cybersecurity Glossary

Two-Factor Authentication

Authentication requiring two verification factors — typically something you know (password) and something you have (phone/token).

Attribute-Based Access Control

Access control model that evaluates attributes (user, resource, environment) to make authorization decisions.

Access Control List

List of permissions attached to an object, specifying which users or system processes are granted access.

Advanced Encryption Standard

Symmetric block cipher (128/192/256-bit keys) used worldwide for encrypting sensitive data at rest and in transit.

Artificial Intelligence

Technology enabling machines to simulate human intelligence — increasingly used in both cyber defense and attacks.

Advanced Persistent Threat

Sophisticated, long-term cyberattack where an intruder gains access and remains undetected for an extended period.

Attack Surface Management

Continuous discovery and monitoring of all internet-facing assets for vulnerabilities and exposures.

Applicant Tracking System

Software that manages recruiting and hiring processes, often scanning resumes for keywords.

Antivirus

Software that detects, prevents, and removes malware including viruses, worms, trojans, and ransomware.

Breach and Attack Simulation

Automated tools that continuously test security controls by simulating real-world attack techniques.

Business Continuity Plan

Documented procedures to maintain essential business functions during and after a disaster.

Business Email Compromise

Social engineering attack where attackers impersonate executives or vendors via email to trick employees into transferring funds or data.

Border Gateway Protocol

The routing protocol that makes the internet work — exchanges routing information between autonomous systems. BGP hijacking can redirect traffic through attacker-controlled networks.

Bring Your Own Device

Policy allowing employees to use personal devices for work. Requires MDM, containerization, and security policies to protect corporate data on unmanaged devices.

Cloud Access Security Broker

Security policy enforcement point between cloud service consumers and providers.

California Consumer Privacy Act

State-level privacy regulation giving California residents control over their personal data.

Confidentiality, Integrity, Availability

The three core pillars of information security that guide security program design.

Cyber Incident Response Team

Specialized team responsible for investigating and responding to cybersecurity incidents.

Center for Internet Security

Nonprofit organization providing best-practice security benchmarks and controls.

Cloud Infrastructure Entitlement Management

Manages and monitors cloud identities and their permissions — detects over-provisioned access, enforces least privilege, and reduces identity-based attack surface across multi-cloud environments.

Cloud-Native Application Protection Platform

Unified security platform combining CSPM, CWPP, CIEM, and IaC scanning for cloud-native apps.

Control Objectives for Information Technologies

IT governance framework by ISACA for aligning IT with business goals and managing risk.

CrewAI Multi-Agent Framework

Python framework for orchestrating role-based multi-agent AI systems — each agent has a role, goal, and backstory. Used for building collaborative AI teams that delegate tasks autonomously.

Cross-Site Request Forgery

Attack that tricks a user's browser into making unwanted requests to a site where they are authenticated.

Cloud Security Posture Management

Continuous monitoring of cloud configurations for compliance violations and misconfigurations.

Common Vulnerability Scoring System

Industry-standard severity scoring system (0-10) for specific vulnerabilities, maintained by FIRST.org.

Common Vulnerabilities and Exposures

Unique identifier for a specific discovered vulnerability in a specific product. Maintained by MITRE/NVD.

Common Weakness Enumeration

Catalog of software/hardware weakness types maintained by MITRE. Used to classify bug categories.

Cloud Workload Protection Platform

Runtime protection for VMs, containers, and serverless workloads including vulnerability scanning.

Common Weakness Scoring System

Risk scoring system (0-100) for CWE weakness types, maintained by MITRE.

Dynamic Application Security Testing

Testing running applications for vulnerabilities by sending malicious inputs and observing responses.

Distributed Denial of Service

Attack that overwhelms a target with traffic from multiple sources to make it unavailable.

Development, Security, Operations

Practice of integrating security throughout the entire software development lifecycle.

Data Loss Prevention

Tools and processes that prevent sensitive data from leaving the organization unauthorized.

DomainKeys Identified Mail

Email authentication method using cryptographic signatures to verify email integrity and sender domain authenticity. Works with SPF and DMARC for email security.

Domain-based Message Authentication, Reporting & Conformance

Email authentication protocol that builds on SPF and DKIM to prevent email spoofing.

Dynamic Multipoint VPN

Cisco technology that enables scalable hub-and-spoke and spoke-to-spoke VPN tunnels dynamically — eliminates the need for static point-to-point tunnels.

Demilitarized Zone

Network segment that sits between the internal network and the internet, hosting public-facing services while isolating the internal network.

Domain Name System

System that translates domain names to IP addresses. Often targeted for DNS hijacking and tunneling.

Denial of Service

Attack that floods a system with traffic or requests to exhaust resources and make it unavailable to legitimate users.

DevOps Research and Assessment

Framework measuring software delivery performance through 4 key metrics: Deployment Frequency, Lead Time for Changes, Change Failure Rate, and Mean Time to Recovery. Elite performers deploy on-demand with <1hr lead time. Tracked by IDPs to measure platform impact.

Datagram Transport Layer Security

TLS equivalent for UDP-based communication — provides encryption, authentication, and integrity for datagram protocols. Used in VPNs (AnyConnect), WebRTC, and IoT.

Disaster Recovery Plan

Documented plan for recovering IT systems and data after a disaster or major outage.

Exact Data Match

DLP technique that detects sensitive data by matching exact values (SSNs, account numbers) from a data source — more accurate than regex patterns with fewer false positives.

Endpoint Detection and Response

Continuous monitoring and response to advanced threats on endpoints using behavioral analysis.

Endpoint Protection Platform

Integrated security solution combining antivirus, anti-malware, firewall, and device control on endpoints. Foundation layer before EDR/XDR capabilities.

Exploit Prediction Scoring System

Probabilistic model predicting the likelihood a vulnerability will be exploited in the wild within 30 days.

File Integrity Monitoring

Detecting unauthorized changes to critical system files, configurations, and content.

Fast Identity Online

Authentication standard enabling passwordless login using biometrics or security keys.

General Data Protection Regulation

EU regulation on data protection and privacy, with strict requirements for handling personal data.

Governance, Risk, and Compliance

Integrated approach to managing governance, enterprise risk, and regulatory compliance.

Generic Routing Encapsulation

Tunneling protocol that encapsulates packets inside IP packets — used to create point-to-point tunnels between networks. Often combined with IPSec for encryption.

Graph Neural Network

Deep learning architecture that operates on graph-structured data — used in cybersecurity for malware detection, network intrusion analysis, threat actor attribution, and fraud detection by modeling relationships between entities.

Health Insurance Portability and Accountability Act

US regulation for protecting sensitive patient health information from being disclosed without consent.

Host-based Intrusion Detection System

Monitors a single host for suspicious activity, unauthorized changes, and policy violations.

Host-based Intrusion Prevention System

Monitors system calls, file modifications, and registry changes on individual hosts to detect and block exploitation attempts in real-time.

Human-in-the-Loop

Security control requiring human approval before AI agents execute high-risk actions — prevents autonomous systems from making destructive decisions without oversight.

Hardware Security Module

Physical device that safeguards and manages digital keys for encryption and decryption.

Infrastructure as Code

Managing infrastructure through machine-readable definition files rather than manual processes.

Identity and Access Management

Framework of policies and technologies for managing digital identities and controlling resource access.

Interactive Application Security Testing

Combines SAST and DAST by analyzing code from within a running application for real-time results.

Internet Content Adaptation Protocol

Protocol for offloading HTTP content to external servers for processing — used by proxies and web gateways for antivirus scanning, DLP, and content filtering.

Identity Management

Systems and processes for managing the lifecycle of digital identities — creation, modification, deactivation, and deletion of user accounts across enterprise systems.

Internal Developer Platform

Self-service layer built by platform engineering teams that abstracts infrastructure complexity — developers provision, deploy, and manage services through golden paths and software catalogs without DevOps tickets. Tools: Backstage, Port.io, Cortex, Humanitec.

Intrusion Detection System

System that monitors network traffic for suspicious activity and issues alerts.

Identity Governance and Administration

Processes for managing digital identity lifecycle including provisioning, access reviews, and SoD.

Indicator of Compromise

Forensic evidence such as IP addresses, file hashes, or domains that indicate a potential security breach.

Internet of Things

Network of interconnected devices (sensors, cameras, smart devices) that collect and exchange data — expanding the attack surface.

Internet Protocol Security

Suite of protocols for securing IP communications by authenticating and encrypting each packet. Operates in Transport Mode (payload only) or Tunnel Mode (entire packet). Core of site-to-site VPNs.

Intrusion Prevention System

Network security tool that monitors traffic and takes action to block detected threats.

International Organization for Standardization

Global body that publishes security standards including ISO 27001 (ISMS), ISO 42001 (AI), and ISO 22301 (BCM).

Information Technology

The use of computers, networks, and systems to store, process, and manage data and information.

Interactive Voice Response

Automated telephony system that interacts with callers using voice and keypad input. An example of Level 1 (Reactive) AI agents — follows pre-programmed rules and responds to direct inputs.

Just-In-Time (Access)

Security model that provides temporary, time-limited privileged access only when needed.

JFrog Platform (Artifactory + Xray)

Universal artifact management (Artifactory) and binary-level SCA/vulnerability scanning (Xray). Supports Docker, Maven, npm, PyPI, Helm, and 30+ package types. Integrates into IDP golden paths as the artifact store and security gate — blocks vulnerable packages before they reach production.

JSON Web Key Set

JSON data structure representing a set of public keys used to verify JWT signatures. Hosted at a well-known endpoint — critical for OAuth2/OIDC token validation.

JSON Web Token

Compact, URL-safe token format for securely transmitting information between parties as a JSON object.

Known Exploited Vulnerabilities

CISA-maintained catalog of vulnerabilities that are actively exploited in the wild.

Key Management Service

Cloud service for creating and managing cryptographic keys used to encrypt data.

Layer 2 Tunneling Protocol

VPN tunneling protocol that operates at Layer 2 — typically paired with IPSec for encryption (L2TP/IPSec). Less performant than IKEv2 but widely supported.

LangGraph Stateful Agent Framework

LangChain framework for building stateful, multi-agent AI workflows using directed graphs — supports cycles, persistence, and human-in-the-loop. Ideal for complex conditional agent logic.

Lightweight Directory Access Protocol

Protocol for accessing and maintaining distributed directory information services.

Large Language Model

AI model trained on vast text data capable of generating and understanding human language.

Low-Rank Adaptation

Parameter-efficient fine-tuning technique that freezes the base LLM and adds small trainable matrices (adapters) to specific layers — trains only 0.1-1% of parameters while achieving near full fine-tuning accuracy.

Mobile Device Management

Enterprise solution for managing and securing mobile devices — enforce security policies, remote wipe, app management, and compliance checking for BYOD and corporate devices.

Managed Detection and Response

Outsourced security service providing 24/7 threat monitoring, detection, and response.

Multi-Factor Authentication

Authentication method requiring two or more verification factors (knowledge, possession, inherence).

Adversarial Tactics, Techniques & Common Knowledge

Knowledge base of adversary tactics and techniques used for threat modeling and security assessments.

Man in the Middle

Attack where an adversary secretly intercepts and potentially alters communication between two parties.

Machine Learning

Subset of AI where systems learn from data to improve performance — used in anomaly detection, threat hunting, and UEBA.

Multiprotocol Label Switching

High-performance routing technique that directs data using short labels instead of long network addresses. Used in enterprise WANs — being replaced by SD-WAN in many deployments.

Managed Security Service Provider

Third-party company that provides outsourced monitoring and management of security devices and systems.

Mutual Transport Layer Security

Two-way TLS authentication where both client and server verify each other's certificates — essential for zero trust, microservices communication, and API security.

Mean Time Between Failures

Average time between system failures — a reliability metric used in availability planning and SLA management.

Mean Time to Acknowledge

Average time taken for a security team to acknowledge an alert or incident after it is generated.

Mean Time to Contain

Average time taken to contain a security incident after detection, limiting its spread and impact.

Mean Time to Detect

Average time taken to detect a security incident or threat from the moment it occurs.

Mean Time to Respond / Remediate

Average time taken to respond to or remediate a security incident or vulnerability.

Network Access Control List

Optional layer of security that acts as a firewall for controlling traffic in and out of subnets.

Next-Generation Firewall

Advanced firewall beyond traditional packet filtering — includes deep packet inspection (DPI), application awareness, IPS, TLS decryption, and threat intelligence integration. Leaders: Palo Alto, Fortinet, Check Point.

Non-Human Identity

Digital identities for machines, services, API keys, service accounts, and AI agents — as opposed to human user identities. NHIs now outnumber human identities 45:1 in enterprises and are a top identity attack vector.

Network Detection and Response

Analyzes network traffic in real-time to detect and respond to threats and anomalous activity.

Non-Human Traffic

Automated bot traffic on networks and websites — includes scrapers, crawlers, and malicious bots that can skew data or attack systems.

Network Intrusion Detection System

Monitors network traffic for suspicious patterns using signature-based and anomaly-based detection.

National Institute of Standards and Technology

US federal agency that develops cybersecurity frameworks, guidelines, and standards.

Network Operations Center

Centralized team that monitors and manages network health, uptime, and performance 24/7.

National Vulnerability Database

NIST-maintained repository that enriches CVEs with CVSS scores, CWE mapping, and affected product data (CPE).

Open Authorization

Authorization framework that enables third-party applications to obtain limited access to user accounts.

Optical Character Recognition

Technology that extracts text from images, scanned documents, and PDFs. Used in DLP for detecting sensitive data in image-based files and in document analysis AI agents.

OpenID Connect

Identity layer on top of OAuth 2.0 for verifying user identity and obtaining basic profile information.

Open Policy Agent

General-purpose policy engine for unified policy enforcement across the cloud-native stack.

Operational Technology

Hardware and software that monitors and controls physical processes in industrial environments (SCADA, ICS, PLCs).

Open Web Application Security Project

Nonprofit foundation producing tools, documentation, and standards for application security.

Privileged Access Management

Securing, controlling, and monitoring privileged accounts and access to critical systems.

Payment Card Industry Data Security Standard

Security standard for organizations handling credit card data to prevent fraud and breaches.

Parameter-Efficient Fine-Tuning

Family of techniques (LoRA, QLoRA, prefix tuning, prompt tuning) for adapting LLMs to specific tasks without updating all model parameters — drastically reduces compute cost and prevents catastrophic forgetting.

Personally Identifiable Information

Any data that could identify a specific individual, such as SSN, email, or biometric data.

Public Key Infrastructure

Framework for managing digital certificates and public-key encryption to enable secure communication.

Potentially Unwanted Program

Software that may be installed without clear user consent — includes adware, toolbars, and bundled software that can pose security risks.

Quantum Computing

Next-generation computing using quantum bits — poses a future threat to current encryption algorithms (RSA, ECC) and drives post-quantum cryptography research.

Quantized Low-Rank Adaptation

Extension of LoRA that adds 4-bit quantization — enables fine-tuning large LLMs (65B+ parameters) on a single GPU by reducing memory requirements while maintaining quality.

Ransomware as a Service

Cybercrime business model where ransomware operators lease their malware to affiliates.

Retrieval-Augmented Generation

AI architecture that enhances LLM responses by retrieving relevant data from external knowledge bases.

Remote Administration Tool

Software that allows remote control of a computer — legitimate for IT support but often used maliciously as a backdoor.

Role-Based Access Control

Access control model that assigns permissions based on organizational roles rather than individual users.

Recovery Point Objective

Maximum acceptable amount of data loss measured in time — how far back you can restore.

Robotic Process Automation

Software technology that automates repetitive, rule-based business tasks. An example of Level 5 (Autonomous) AI agents — executes decisions independently with minimal human oversight.

Ransomware Readiness Program

Organizational preparedness framework for ransomware attacks — includes backup validation, incident response playbooks, communication plans, and recovery procedures.

Recovery Time Objective

Maximum acceptable downtime — how quickly systems must be restored after a disaster.

Security Assertion Markup Language

XML-based standard for exchanging authentication and authorization data between identity providers and SPs.

Secure Access Service Edge

Cloud-delivered architecture combining SD-WAN with security functions (SWG, CASB, ZTNA, FWaaS) into a single service. Gartner-coined term — leaders: Zscaler, Palo Alto Prisma, Netskope.

Static Application Security Testing

Analyzing source code for vulnerabilities without executing the program. Shift-left security.

Software Bill of Materials

Inventory of all components in software — critical for identifying affected systems when new CVEs drop.

Software Composition Analysis

Identifying open-source components and their known vulnerabilities in a codebase.

Sender Policy Framework

Email authentication protocol that specifies authorized mail servers for a domain via DNS TXT records. Prevents email spoofing when combined with DKIM and DMARC.

System for Cross-domain Identity Management

Standard for automating user provisioning and deprovisioning across multiple systems.

Service Control Policy

AWS Organizations policy that sets permission guardrails across all accounts in an organization.

Software-Defined Wide Area Network

Virtualized WAN architecture that uses software to manage connectivity and traffic — replaces traditional MPLS with centralized control, multi-path routing, and application-aware policies.

Software Development Lifecycle

Process for planning, creating, testing, and deploying software systems.

Security Information and Event Management

Platform that aggregates and analyzes security log data from across the enterprise for threat detection.

Supply-chain Levels for Software Artifacts

Framework for ensuring the integrity of software artifacts throughout the supply chain.

Security Orchestration, Automation & Response

Platform that automates security operations through playbooks, reducing response time.

Security Operations Center

Centralized team that monitors, detects, analyzes, and responds to security incidents 24/7.

Service Organization Control 2

Audit framework for evaluating service providers' controls for security, availability, and privacy.

Segregation of Duties

Principle that no single individual should control all aspects of a critical transaction.

Sarbanes-Oxley Act

US federal law requiring financial reporting transparency and internal control audits.

Secure Production Identity Framework for Everyone

Standard for establishing trust between workloads in dynamic, heterogeneous environments.

Structured Query Language Injection

Injection attack that inserts malicious SQL code into application queries to access or manipulate database data.

Security Service Edge

Cloud-delivered security stack — the security half of SASE without SD-WAN. Includes SWG, CASB, ZTNA, and DLP. Key for securing remote users accessing cloud apps.

Service Set Identifier

The name of a wireless network — attackers can create rogue SSIDs (evil twin attacks) to intercept traffic.

Secure Sockets Layer

Predecessor to TLS — cryptographic protocol for encrypting data in transit. Now deprecated in favor of TLS.

Single Sign-On

Authentication scheme allowing users to log in once and access multiple systems without re-authenticating.

SaaS Security Posture Management

Monitors and remediates misconfigurations in SaaS applications (M365, Salesforce, Slack) — enforces security policies across SaaS sprawl.

Secure Web Gateway

Inspects and filters web traffic to enforce acceptable use policies, block malware downloads, and provide SSL inspection. Key component of SASE architecture alongside CASB and ZTNA.

Threat Intelligence

Evidence-based knowledge about existing or emerging threats, used to inform security decisions and prioritize defenses.

Traffic Light Protocol

Standard for labeling sensitivity of shared threat intelligence (White, Green, Amber, Red).

Transport Layer Security

Cryptographic protocol providing end-to-end encryption for data in transit over networks.

Time-based One-Time Password

Algorithm that generates temporary passcodes based on a shared secret and current time.

Tactics, Techniques & Procedures

The behavior patterns and methods used by threat actors, as categorized by MITRE ATT&CK.

User Datagram Protocol

Connectionless transport protocol — fast, no handshake, no guaranteed delivery. Used for DNS, VoIP, video streaming, and gaming. DTLS adds security for UDP traffic.

User and Entity Behavior Analytics

Analyzes user and device behavior patterns to detect insider threats and compromised accounts.

Unified Threat Management

All-in-one security appliance combining firewall, IDS/IPS, antivirus, content filtering, VPN, and anti-spam in a single device. Suited for SMBs — enterprises prefer NGFW + best-of-breed.

Virtual Local Area Network

Logical network segmentation at Layer 2 — isolates broadcast domains without physical separation. Critical for microsegmentation and reducing lateral movement in network security.

Virtual Private Cloud

Logically isolated section of a cloud provider's network where you can launch resources securely.

Vulnerabilities Per Device

Metric tracking the average number of vulnerabilities per device — used to measure security posture and remediation progress.

Virtual Private Network

Encrypted tunnel between a device and a network, providing secure remote access.

Web Application Firewall

Layer 7 firewall that filters HTTP/HTTPS traffic to protect web applications from attacks.

Explainable Artificial Intelligence

Set of techniques that make AI model decisions interpretable and transparent — critical for regulated industries (healthcare, finance) where AI decisions must be auditable and justifiable.

Extended Detection and Response

Unified security platform that collects and correlates data across endpoints, networks, and cloud.

Cross-Site Scripting

Injection attack where malicious scripts are injected into trusted websites to execute in users' browsers.

YAML Ain't Markup Language

Human-readable data serialization format widely used in DevSecOps for configuration files (Kubernetes, Ansible, CI/CD pipelines).

Yet Another Recursive Acronym

Pattern-matching tool used by malware researchers and SOC analysts to identify and classify malware samples based on rules.

Zscaler Private Access

Zscaler's ZTNA solution — provides zero trust access to private applications without exposing the network. Connects users to apps, not the network.

Zero Trust Architecture

Security model based on "never trust, always verify" — no implicit trust for any user or device.

Zero Trust Edge

Gartner concept converging networking and security at the edge — combines ZTNA, SD-WAN, SWG, and CASB into cloud-delivered edge services. Aligns with SASE architecture.

Zero Trust Network Access

Replaces traditional VPN with identity-aware, application-level access based on continuous verification.