Strac's glossary

As a healthcare provider, insurer, or professional handling patient data, you know the stakes are high. With over 130 million patient records breached in 2023, the need to protect personal health (PHI) data has never been more urgent. Strac's HIPAA-compliant DLP solution guarantees patient data remains protected, avoiding costly violations and penalties, allowing you to focus on delivering quality care with peace of mind.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

AI Alignment

A field of study focused on ensuring artificial intelligence systems behave in accordance with human values and intentions, preventing unintended consequences or harmful outcomes.

This is some text inside of a div block.

AI Model Red Teaming

A structured testing process to identify flaws & vulnerabilities in AI systems, typically performed in a controlled environment by dedicated teams using adversarial methods.

This is some text inside of a div block.

API-Based Email Security

A security solution that integrates directly with email programs through their APIs to protect against threats, rather than deploying inline with email servers.

This is some text inside of a div block.

Access Control

A security mechanism that manages who or what can view, access, or use resources in a computing environment. It involves authentication and authorization processes to ensure only authorized users can access specific resources.

This is some text inside of a div block.

Access Control List (ACL)

A set of rules used for filtering network traffic and controlling access to system objects such as directories or files. ACLs determine which users or system processes are given access to objects & what operations are allowed.

This is some text inside of a div block.

Active Directory

A directory service designed by Microsoft for Windows Server environments that manages and organizes network resources, including users, computers, and other devices in a network hierarchy.

This is some text inside of a div block.

Adequate Level of Protection:

A standard defined by GDPR that specifies the required level of data protection for cross-border data transfers to third countries or international organizations.

This is some text inside of a div block.

Adversary-in-the-Middle Attack

A sophisticated cyber attack where malicious actors position themselves between two communicating parties to intercept, manipulate, or redirect traffic passing between them.

This is some text inside of a div block.

Alert Fatigue

A condition that occurs when individuals receive so many alerts or alarms that they become desensitized and stop responding appropriately to them.

This is some text inside of a div block.

Anonymization

The process of irreversibly altering classified data to protect the privacy of data subjects by removing or encrypting personally identifiable information.

This is some text inside of a div block.

Appropriate Safeguards

Legally enforceable mechanisms that ensure adequate protection of personal data during transfers, particularly under data protection regulations.

This is some text inside of a div block.

Artificial Intelligence

A technical and scientific field focused on creating engineered systems that generate outputs such as content, forecasts, recommendations, or decisions based on human-defined objectives.

This is some text inside of a div block.

Attack Surface

The total sum of all possible entry points and vulnerabilities that an attacker could potentially exploit to breach a system, network, or application.

This is some text inside of a div block.

Attack Vector

A path, method, or means by which cybercriminals can penetrate a target system, including tools, actions, and vulnerabilities that can be exploited.

A
This is some text inside of a div block.

Audit Trail

A sequential, step-by-step record that provides documented evidence of transactions and activities, allowing them to be traced back to their source.

A
This is some text inside of a div block.

Auditing

The systematic examination and verification of financial statements, records, and related operations to determine their accuracy, adequacy, and compliance with established principles.

A
This is some text inside of a div block.

Authentication

A security process that verifies the identity of a user, system, or entity attempting to access a resource or service.

A
This is some text inside of a div block.

Authorization

The function of determining access rights & privileges for resources, determining what actions authenticated users can perform within a system.

A
This is some text inside of a div block.

Backdoor Attack

A cyber attack where hackers gain unauthorized access to systems, networks, or applications by exploiting vulnerabilities or hidden entry points.

This is some text inside of a div block.

Brazil General Data Protection Law

Brazil's comprehensive data protection legislation (LGPD) that regulates the collection, processing, and storage of personal data, similar to the EU's GDPR.

This is some text inside of a div block.

Bring Your Own Device (BYOD)

A policy that permits employees to use their personal devices for work purposes while maintaining security standards and protecting company data.

This is some text inside of a div block.

Brute Force Attack

A cyber attack method that attempts to gain unauthorized access by methodically trying all possible mixtures of passwords or encryption keys.

B
This is some text inside of a div block.

Business Email Compromise (BEC)

A sophisticated email scam targeting businesses, where attackers impersonate executives or trusted partners to conduct unauthorized fund transfers.

B
This is some text inside of a div block.

CASB DLP

A combination of Cloud Access Security Broker and Data Loss Prevention capabilities that protect sensitive data across cloud services & applications.

This is some text inside of a div block.

CASB Pricing

The cost structure for Cloud Access Security Broker services, typically based on factors like number of users, cloud applications protected, and features included.

This is some text inside of a div block.

CASB Providers

Companies that offer Cloud Access Security Broker solutions to help organizations secure their cloud services and applications.

This is some text inside of a div block.

CASB Service

A comprehensive cloud security service that provides visibility, compliance, data security, & threat protection for cloud-based resources.

This is some text inside of a div block.

CASB Tool

Software solutions that implement Cloud Access Security Broker functionality to protect cloud applications and data.

This is some text inside of a div block.

CASB Vendor

Companies that develop and sell Cloud Access Security Broker solutions to organizations.

C
This is some text inside of a div block.

CASB for Office 365

A specialized Cloud Access Security Broker solution designed to secure Microsoft Office 365 applications and data.

This is some text inside of a div block.

CCPA Compliance

The state of meeting all requirements & obligations under the California Consumer Privacy Act.

This is some text inside of a div block.

CEO Fraud

A kind of Business Email Compromise where attackers impersonate company executives to deceive employees into transferring funds or sharing sensitive information.

This is some text inside of a div block.

California Consumer Privacy Act (CCPA)

A state law that enhances privacy rights & consumer protection for California residents, regulating how businesses collect and handle personal information.

This is some text inside of a div block.

California Privacy Rights Act (CPRA)

An extension of CCPA that strengthens consumer privacy protections and creates a dedicated privacy protection agency in California.

This is some text inside of a div block.

ChatGPT

An AI language model created by OpenAI that can engage in conversational interactions and generate human-like text responses.

This is some text inside of a div block.

ChatGPT Security

The measures and considerations related to securing ChatGPT implementations and protecting against potential misuse or security risks.

This is some text inside of a div block.

Chief Information Security Officer (CISO)

An executive responsible for developing & implementing an organization's information security program and strategy.

This is some text inside of a div block.

Clickjacking

A malicious technique where attackers overlay transparent elements over legitimate websites to trick users into clicking on hidden elements.

This is some text inside of a div block.

Cloud Access Security Broker (CASB)

A security policy enforcement point placed between cloud service consumers & providers to enforce security policies and monitor cloud service usage.

This is some text inside of a div block.

Cloud App Security

A set of policies, technologies, and controls deployed to protect cloud applications and their associated data from cyber threats.

This is some text inside of a div block.

Cloud Compliance

Adherence to regulatory requirements and industry standards for data protection, privacy, and security in cloud computing environments.

This is some text inside of a div block.

Cloud Data Loss Prevention

Technologies and processes designed to detect and prevent unauthorized transmission or leakage of sensitive data in cloud environments.

This is some text inside of a div block.

Cloud Data Protection

A comprehensive set of tools, policies, and procedures designed to secure & protect data stored in cloud environments from unauthorized access, breaches, and loss.

This is some text inside of a div block.

Cloud Detection and Response (CDR)

A security solution that monitors cloud environments for threats and suspicious activities, providing automated response capabilities to security incidents.

This is some text inside of a div block.

Cloud Security Posture Management

A solution that continuously monitors cloud infrastructure to identify and remediate security risks, compliance issues, and misconfigurations.

This is some text inside of a div block.

Compromised Account

An user account that has been accessed or controlled by an unauthorized party, often through stolen credentials or security breaches. Data Access Governance (DAG): A framework that manages how users access data across an organization, ensuring appropriate permissions and compliance with security policies.

This is some text inside of a div block.

DLP Policy

Rules and configurations that define how Data Loss Prevention solutions identify and protect sensitive information.

This is some text inside of a div block.

Dart Digital Marketing Copy

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

This is some text inside of a div block.

Data Breach Notification

A legal requirement to inform affected individuals and relevant authorities when a security breach compromises personal or sensitive data.

This is some text inside of a div block.

Data Detection and Response (DDR)

A security approach that focuses on identifying & responding to threats targeting sensitive data across an organization's environment.

This is some text inside of a div block.

Data Discovery

The process of locating and identifying various types of data within an organization's systems and networks.

This is some text inside of a div block.

Data Governance

A system of decision rights & accountabilities that ensure proper management of data assets throughout the enterprise.

This is some text inside of a div block.

Data Labelling

The process of adding metadata tags to data assets to indicate their sensitivity level, classification, or other relevant attributes.

This is some text inside of a div block.

Data Leakage

The forbidden transfer of data from within an organization to an exterior destination or recipient.

This is some text inside of a div block.

Data Localization

Requirements or practices that mandate the storage & processing of data within specific geographic boundaries.

This is some text inside of a div block.

Data Loss

The unintended deletion, corruption, or unavailability of data, whether through human error, system failure, or malicious activity.

This is some text inside of a div block.

Data Loss Prevention

A set of tools & processes that assure sensitive data is not lost, misused, or accessed by unauthorized users.

This is some text inside of a div block.

Data Loss Prevention (DLP) for LLMs

Specialized security controls designed to prevent data leaks when using Large Language Models in organizations.

This is some text inside of a div block.

Data Loss Prevention for Email

Security solutions specifically designed to prevent data leaks through email communications and attachments.

This is some text inside of a div block.

Data Loss Prevention for Google

DLP solutions integrated with Google Workspace to protect sensitive data in Google's cloud applications.

This is some text inside of a div block.

Data Loss Prevention for Office 365

Security features that protect sensitive information within Microsoft's Office 365 ecosystem.

This is some text inside of a div block.

Data Masking

A technique that replaces sensitive data with realistic but inauthentic substitute values while maintaining data integrity.

This is some text inside of a div block.

Data Minimization

The practice of limiting data collection and processing to only what is directly relevant and necessary for a specified purpose.

This is some text inside of a div block.

Data Mining

The procedure of discovering patterns, correlations, & insights from big datasets using statistical methods & machine learning.

This is some text inside of a div block.

Data Poisoning

A type of attack where malicious data is introduced into a machine learning training dataset to compromise the model's performance.

This is some text inside of a div block.

Data Privacy

The element of information technology that deals with an organization's ability to protect personal data from unauthorized access.

This is some text inside of a div block.

Data Privacy Compliance

Adherence to laws and regulations governing the collection, processing, & protection of personal data.

This is some text inside of a div block.

Data Processing

Any operation performed on data, including collection, recording, adaptation, organization, structuring, storage or alteration.

This is some text inside of a div block.

Data Processor

An entity that handles personal data on behalf of a data controller according to their guidelines.

This is some text inside of a div block.

Data Protection

The process of protecting important information from corruption, compromise, or loss.

This is some text inside of a div block.

Data Protection Authority (DPA)

An independent public authority liable for monitoring the application of data protection laws.

This is some text inside of a div block.

Data Protection Impact Assessment

A process to help organizations identify and minimize data protection risks in their operations.

This is some text inside of a div block.

Data Protection Principle

Fundamental guidelines that outline how personal data should be collected, processed, and maintained.

This is some text inside of a div block.

Data Provenance and Lineage

The documentation of where data comes from, where it moves over time, and what happens to it.

This is some text inside of a div block.

Data Reconciliation

The process of comparing data sets to ensure accuracy and consistency across different systems.

This is some text inside of a div block.

Data Residency

The physical or a geographic location where an organization's data is stored & processed.

This is some text inside of a div block.

Data Retention Policy

Guidelines that specify how long different types of data should be kept and when they should be deleted.

This is some text inside of a div block.

Data Risk Assessment

A systematic process for identifying, analyzing, and evaluating risks associated with data handling.

This is some text inside of a div block.

Data Security

Protective measures applied to prevent unauthorized access to databases, websites, and computers.

This is some text inside of a div block.

Data Security Platform

An integrated solution that provides comprehensive protection for an organization's data assets.

This is some text inside of a div block.

Data Security Posture Management (DSPM)

A framework for continuously monitoring and improving an organization's data security status.

This is some text inside of a div block.

Data Sprawl

The uncontrolled spread of data across multiple locations, devices, and cloud services.

This is some text inside of a div block.

Data Store

A repository for persistently storing & managing collections of data which includes databases, data lakes, and file systems.

This is some text inside of a div block.

Data Subject

An individual whose personal data is being collected, held, or processed.

This is some text inside of a div block.

Data Theft

The unauthorized copying, transfer, or retrieval of sensitive data by malicious actors.

This is some text inside of a div block.

Defense in Depth

A cybersecurity strategy that employs numerous layers of security controls to protect data.

This is some text inside of a div block.

Dev Digital Marketing Copy 2

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

This is some text inside of a div block.

Development Digital Marketing Copy 3

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

This is some text inside of a div block.

Digital Forensics

The process of collecting, preserving, and analyzing digital evidence for investigative purposes.

This is some text inside of a div block.

Digital Marketing

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

This is some text inside of a div block.

Distributed Denial of Service (DDOS)

Distributed Denial of Service - a cyber strike that floods systems with traffic to make them unavailable to legitimate users.

This is some text inside of a div block.

EU-US Privacy Shield

A framework for regulating transatlantic exchanges of personal data for commercial purposes.

This is some text inside of a div block.

Email Authentication

Security protocols that verify the legitimacy of email senders and prevent email spoofing.

This is some text inside of a div block.

Email Encryption

The process of encoding email messages to protect their content from unauthorized access.

This is some text inside of a div block.

Email Filtering

The automated processing of emails to remove spam and malicious content before delivery.

This is some text inside of a div block.

Email Impersonation Attacks

Cyber attacks where criminals pose as trusted senders to deceive recipients.

This is some text inside of a div block.

Email Protection

Security measures designed to defend against email-based threats and protect sensitive information.

This is some text inside of a div block.

Email Security

Comprehensive measures to protect email systems from unauthorized access, loss, or compromise.

This is some text inside of a div block.

Email Spoofing

The generation of email messages with a fake sender address to deceive recipients.

This is some text inside of a div block.

Encrypted Data

Information that has been transformed into a scrambled format that can only be read with the right decryption key.

This is some text inside of a div block.

Data Security Glossary

Learn all the security and compliance terms you need to secure your customer data

Strac Logomark in the Center surrounded by Company Logos

Data Discovery, DSPM, DLP, AI-SPM Glossary