Glossary

AI Alignment

A field of study focused on ensuring artificial intelligence systems behave in accordance with human values and intentions, preventing unintended consequences or harmful outcomes.

AI Model Red Teaming

A structured testing process to identify flaws & vulnerabilities in AI systems, typically performed in a controlled environment by dedicated teams using adversarial methods.

API-Based Email Security

A security solution that integrates directly with email programs through their APIs to protect against threats, rather than deploying inline with email servers.

Access Control

A security mechanism that manages who or what can view, access, or use resources in a computing environment. It involves authentication and authorization processes to ensure only authorized users can access specific resources.

Access Control List (ACL)

A set of rules used for filtering network traffic and controlling access to system objects such as directories or files. ACLs determine which users or system processes are given access to objects & what operations are allowed.

Active Directory

A directory service designed by Microsoft for Windows Server environments that manages and organizes network resources, including users, computers, and other devices in a network hierarchy.

Adequate Level of Protection:

A standard defined by GDPR that specifies the required level of data protection for cross-border data transfers to third countries or international organizations.

Adversary-in-the-Middle Attack

A sophisticated cyber attack where malicious actors position themselves between two communicating parties to intercept, manipulate, or redirect traffic passing between them.

Alert Fatigue

A condition that occurs when individuals receive so many alerts or alarms that they become desensitized and stop responding appropriately to them.

Anonymization

The process of irreversibly altering classified data to protect the privacy of data subjects by removing or encrypting personally identifiable information.

Appropriate Safeguards

Legally enforceable mechanisms that ensure adequate protection of personal data during transfers, particularly under data protection regulations.

Artificial Intelligence

A technical and scientific field focused on creating engineered systems that generate outputs such as content, forecasts, recommendations, or decisions based on human-defined objectives.

Attack Surface

The total sum of all possible entry points and vulnerabilities that an attacker could potentially exploit to breach a system, network, or application.

Attack Vector

A path, method, or means by which cybercriminals can penetrate a target system, including tools, actions, and vulnerabilities that can be exploited.

Audit Trail

A sequential, step-by-step record that provides documented evidence of transactions and activities, allowing them to be traced back to their source.

Auditing

The systematic examination and verification of financial statements, records, and related operations to determine their accuracy, adequacy, and compliance with established principles.

Authentication

A security process that verifies the identity of a user, system, or entity attempting to access a resource or service.

Authorization

The function of determining access rights & privileges for resources, determining what actions authenticated users can perform within a system.

Backdoor Attack

A cyber attack where hackers gain unauthorized access to systems, networks, or applications by exploiting vulnerabilities or hidden entry points.

Brazil General Data Protection Law

Brazil's comprehensive data protection legislation (LGPD) that regulates the collection, processing, and storage of personal data, similar to the EU's GDPR.

Bring Your Own Device (BYOD)

A policy that permits employees to use their personal devices for work purposes while maintaining security standards and protecting company data.

Brute Force Attack

A cyber attack method that attempts to gain unauthorized access by methodically trying all possible mixtures of passwords or encryption keys.

Business Email Compromise (BEC)

A sophisticated email scam targeting businesses, where attackers impersonate executives or trusted partners to conduct unauthorized fund transfers.

CASB DLP

A combination of Cloud Access Security Broker and Data Loss Prevention capabilities that protect sensitive data across cloud services & applications.

CASB Pricing

The cost structure for Cloud Access Security Broker services, typically based on factors like number of users, cloud applications protected, and features included.

CASB Providers

Companies that offer Cloud Access Security Broker solutions to help organizations secure their cloud services and applications.

CASB Service

A comprehensive cloud security service that provides visibility, compliance, data security, & threat protection for cloud-based resources.

CASB Tool

Software solutions that implement Cloud Access Security Broker functionality to protect cloud applications and data.

CASB Vendor

Companies that develop and sell Cloud Access Security Broker solutions to organizations.

CASB for Office 365

A specialized Cloud Access Security Broker solution designed to secure Microsoft Office 365 applications and data.

CCPA Compliance

The state of meeting all requirements & obligations under the California Consumer Privacy Act.

CEO Fraud

A kind of Business Email Compromise where attackers impersonate company executives to deceive employees into transferring funds or sharing sensitive information.

California Consumer Privacy Act (CCPA)

A state law that enhances privacy rights & consumer protection for California residents, regulating how businesses collect and handle personal information.

California Privacy Rights Act (CPRA)

An extension of CCPA that strengthens consumer privacy protections and creates a dedicated privacy protection agency in California.

ChatGPT

An AI language model created by OpenAI that can engage in conversational interactions and generate human-like text responses.

ChatGPT Security

The measures and considerations related to securing ChatGPT implementations and protecting against potential misuse or security risks.

Chief Information Security Officer (CISO)

An executive responsible for developing & implementing an organization's information security program and strategy.

Clickjacking

A malicious technique where attackers overlay transparent elements over legitimate websites to trick users into clicking on hidden elements.

Cloud Access Security Broker (CASB)

A security policy enforcement point placed between cloud service consumers & providers to enforce security policies and monitor cloud service usage.

Cloud App Security

A set of policies, technologies, and controls deployed to protect cloud applications and their associated data from cyber threats.

Cloud Compliance

Adherence to regulatory requirements and industry standards for data protection, privacy, and security in cloud computing environments.

Cloud Data Loss Prevention

Technologies and processes designed to detect and prevent unauthorized transmission or leakage of sensitive data in cloud environments.

Cloud Data Protection

A comprehensive set of tools, policies, and procedures designed to secure & protect data stored in cloud environments from unauthorized access, breaches, and loss.

Cloud Detection and Response (CDR)

A security solution that monitors cloud environments for threats and suspicious activities, providing automated response capabilities to security incidents.

Cloud Security Posture Management

A solution that continuously monitors cloud infrastructure to identify and remediate security risks, compliance issues, and misconfigurations.

Compromised Account

An user account that has been accessed or controlled by an unauthorized party, often through stolen credentials or security breaches. Data Access Governance (DAG): A framework that manages how users access data across an organization, ensuring appropriate permissions and compliance with security policies.

DLP Policy

Rules and configurations that define how Data Loss Prevention solutions identify and protect sensitive information.

Dart Digital Marketing Copy

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Data Breach Notification

A legal requirement to inform affected individuals and relevant authorities when a security breach compromises personal or sensitive data.

Data Detection and Response (DDR)

A security approach that focuses on identifying & responding to threats targeting sensitive data across an organization's environment.

Data Discovery

The process of locating and identifying various types of data within an organization's systems and networks.

Data Governance

A system of decision rights & accountabilities that ensure proper management of data assets throughout the enterprise.

Data Labelling

The process of adding metadata tags to data assets to indicate their sensitivity level, classification, or other relevant attributes.

Data Leakage

The forbidden transfer of data from within an organization to an exterior destination or recipient.

Data Localization

Requirements or practices that mandate the storage & processing of data within specific geographic boundaries.

Data Loss

The unintended deletion, corruption, or unavailability of data, whether through human error, system failure, or malicious activity.

Data Loss Prevention

A set of tools & processes that assure sensitive data is not lost, misused, or accessed by unauthorized users.

Data Loss Prevention (DLP) for LLMs

Specialized security controls designed to prevent data leaks when using Large Language Models in organizations.

Data Loss Prevention for Email

Security solutions specifically designed to prevent data leaks through email communications and attachments.

Data Loss Prevention for Google

DLP solutions integrated with Google Workspace to protect sensitive data in Google's cloud applications.

Data Loss Prevention for Office 365

Security features that protect sensitive information within Microsoft's Office 365 ecosystem.

Data Masking

A technique that replaces sensitive data with realistic but inauthentic substitute values while maintaining data integrity.

Data Minimization

The practice of limiting data collection and processing to only what is directly relevant and necessary for a specified purpose.

Data Mining

The procedure of discovering patterns, correlations, & insights from big datasets using statistical methods & machine learning.

Data Poisoning

A type of attack where malicious data is introduced into a machine learning training dataset to compromise the model's performance.

Data Privacy

The element of information technology that deals with an organization's ability to protect personal data from unauthorized access.

Data Privacy Compliance

Adherence to laws and regulations governing the collection, processing, & protection of personal data.

Data Processing

Any operation performed on data, including collection, recording, adaptation, organization, structuring, storage or alteration.

Data Processor

An entity that handles personal data on behalf of a data controller according to their guidelines.

Data Protection

The process of protecting important information from corruption, compromise, or loss.

Data Protection Authority (DPA)

An independent public authority liable for monitoring the application of data protection laws.

Data Protection Impact Assessment

A process to help organizations identify and minimize data protection risks in their operations.

Data Protection Principle

Fundamental guidelines that outline how personal data should be collected, processed, and maintained.

Data Provenance and Lineage

The documentation of where data comes from, where it moves over time, and what happens to it.

Data Reconciliation

The process of comparing data sets to ensure accuracy and consistency across different systems.

Data Residency

The physical or a geographic location where an organization's data is stored & processed.

Data Retention Policy

Guidelines that specify how long different types of data should be kept and when they should be deleted.

Data Risk Assessment

A systematic process for identifying, analyzing, and evaluating risks associated with data handling.

Data Security

Protective measures applied to prevent unauthorized access to databases, websites, and computers.

Data Security Platform

An integrated solution that provides comprehensive protection for an organization's data assets.

Data Security Posture Management (DSPM)

A framework for continuously monitoring and improving an organization's data security status.

Data Sprawl

The uncontrolled spread of data across multiple locations, devices, and cloud services.

Data Store

A repository for persistently storing & managing collections of data which includes databases, data lakes, and file systems.

Data Subject

An individual whose personal data is being collected, held, or processed.

Data Theft

The unauthorized copying, transfer, or retrieval of sensitive data by malicious actors.

Defense in Depth

A cybersecurity strategy that employs numerous layers of security controls to protect data.

Dev Digital Marketing Copy 2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Development Digital Marketing Copy 3

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Digital Forensics

The process of collecting, preserving, and analyzing digital evidence for investigative purposes.

Digital Marketing

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Distributed Denial of Service (DDOS)

Distributed Denial of Service - a cyber strike that floods systems with traffic to make them unavailable to legitimate users.

EU-US Privacy Shield

A framework for regulating transatlantic exchanges of personal data for commercial purposes.

Email Authentication

Security protocols that verify the legitimacy of email senders and prevent email spoofing.

Email Encryption

The process of encoding email messages to protect their content from unauthorized access.

Email Filtering

The automated processing of emails to remove spam and malicious content before delivery.

Email Impersonation Attacks

Cyber attacks where criminals pose as trusted senders to deceive recipients.

Email Protection

Security measures designed to defend against email-based threats and protect sensitive information.

Email Security

Comprehensive measures to protect email systems from unauthorized access, loss, or compromise.

Email Spoofing

The generation of email messages with a fake sender address to deceive recipients.

Encrypted Data

Information that has been transformed into a scrambled format that can only be read with the right decryption key.

Strac's glossary

AI Alignment

AI Model Red Teaming

API-Based Email Security

Access Control

Access Control List (ACL)

Active Directory

Adequate Level of Protection:

Adversary-in-the-Middle Attack

Alert Fatigue

Anonymization

Appropriate Safeguards

Artificial Intelligence

Attack Surface

Attack Vector

Audit Trail

Auditing

Authentication

Authorization

Backdoor Attack

Brazil General Data Protection Law

Bring Your Own Device (BYOD)

Brute Force Attack

Business Email Compromise (BEC)

CASB DLP

CASB Pricing

CASB Providers

CASB Service

CASB Tool

CASB Vendor

CASB for Office 365

CCPA Compliance

CEO Fraud

California Consumer Privacy Act (CCPA)

California Privacy Rights Act (CPRA)

ChatGPT

ChatGPT Security

Chief Information Security Officer (CISO)

Clickjacking

Cloud Access Security Broker (CASB)

Cloud App Security

Cloud Compliance

Cloud Data Loss Prevention

Cloud Data Protection

Cloud Detection and Response (CDR)

Cloud Security Posture Management

Compromised Account

DLP Policy

Dart Digital Marketing Copy

Data Breach Notification

Data Detection and Response (DDR)

Data Discovery

Data Governance

Data Labelling

Data Leakage

Data Localization

Data Loss

Data Loss Prevention

Data Loss Prevention (DLP) for LLMs

Data Loss Prevention for Email

Data Loss Prevention for Google

Data Loss Prevention for Office 365

Data Masking

Data Minimization

Data Mining

Data Poisoning

Data Privacy

Data Privacy Compliance

Data Processing

Data Processor

Data Protection

Data Protection Authority (DPA)

Data Protection Impact Assessment

Data Protection Principle

Data Provenance and Lineage

Data Reconciliation

Data Residency

Data Retention Policy

Data Risk Assessment

Data Security