Encryption

The process of converting information into a code to stop unauthorized access.

End User Monitoring

The tracking and analysis of user interactions with applications and systems.

Endpoint Data Loss Prevention

DLP solutions that protect data on end-user devices like laptops and mobile devices.

Endpoint Detection and Response (EDR)

Security technology that monitors and responds to suspicious activities on endpoint devices.

Endpoint Security

Protection of network endpoints against cybersecurity threats.

Enterprise Security

Comprehensive protection of an organization's network, data, and assets from security threats.

European Data Protection Board

An independent European body that maintains consistent application of data protection rules.

European Data Protection Supervisor

An independent supervisory authority responsible for monitoring EU institutions' processing of personal data.

Exact Data Match Classification

A DLP technique that identifies sensitive data by matching it exactly against known values.

Exfiltration

The unauthorized transmission of data from a computer or network to an external location.

False Positive

An incorrect identification of a threat or violation when none actually exists.

Fine Tuning

The process of adjusting AI models to boost their performance for specific tasks or domains.

GDPR

The General Data Protection Regulation - EU's comprehensive data protection and privacy regulation.

Generative AI

AI systems capable of creating new content, including text, images, code, or other data types.

Google Bard Security

Security measures and considerations specific to Google's Bard AI language model.

HIPAA

Health Insurance Portability & Accountability Act - U.S. legislation that protects medical information privacy.

HIPAA Compliance

Meeting the requirements set forth by HIPAA for protecting healthcare information.

HITECH

Health Information Technology for Economic & Clinical Health Act - legislation that strengthens HIPAA enforcement.

Hallucination, Inconsistency, and Bias

Common issues in AI systems where they generate false information, show inconsistent behavior, or display unfair prejudices.

Homomorphic Encryption

A form of encryption allowing computations on encrypted data without decrypting it.

Human Firewall

The human element of cybersecurity where employees act as a defense against security threats.

IT Compliance

Adherence to requirements set by laws, regulations, and industry standards for IT systems.

Identity Threat Detection & Response (ITDR)

Security solutions focused on detecting and responding to identity-based threats.

Identity and Access Management (IAM)

Framework of policies and technologies managing digital identities and access rights.

Information Security Policy

Documented guidelines for protecting an organization's information assets.

Insider Threat

Security risks posed by individuals with legitimate access to an organization's systems.

Keyloggers

Malicious software that records keystrokes to capture sensitive information.

Large Language Models (LLMs)

Advanced AI models trained on broad amounts of text data to understand & generate human like language.

Least Privilege

Security principle of giving users only the minimum access rights needed for their work.

MITRE ATT&CK Framework

A globally-accessible knowledge base of adversary tactics and techniques.

Machine Learning

Technology enabling systems to learn and improve from experience without explicit programming.

Malicious Email Attachments

Files attached to emails containing harmful code or malware.

Malware

Malicious software created to damage, disrupt, or gain unauthorized access to computer systems.

Man-in-the-Middle Attack (MITM)

A cyberattack where attackers secretly intercept and relay communications between two parties.

Masked Data

Information that has been modified to hide sensitive elements while maintaining a similar structure.

Microsoft Defender External Attack Surface Management

A tool that helps organizations discover and manage external digital assets.

Microsoft Defender for Cloud

A cloud security platform providing threat protection for cloud workloads.

Misconfiguration

Security vulnerabilities resulting from incorrect system or application settings.

Mobile Device Management (MDM)

Software for managing and securing mobile devices in an enterprise environment.

Model Theft

The unauthorized extraction or copying of machine learning models.

Multi-Factor Authentication (MFA)

A security system requiring multiple forms of verification to grant access.

NPI (Non-Public Information) - Finance

NYDFS Cybersecurity Regulation

New York's requirements for financial institutions' cybersecurity programs.

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology - organization that develops cybersecurity standards.

Network DLP

Data Loss Prevention solutions that monitor and protect data moving through network traffic.

Network Security

Measures taken to protect the usability and integrity of computer networks and data.

Obfuscated Data

Information that has been deliberately made difficult to understand.

PCI Compliance

Abidance to the Payment Card Industry Data Security Standard requirements.

PCI DSS

Payment Card Industry Data Security Standard - security standards for organizations handling credit cards.

Penetration Testing

Authorized simulated cyberattack to evaluate system security.

Personally Identifiable Information (PII)

Any data that could potentially recognize a specific individual.

Privilege Escalation

The exploiting of bugs or design flaws to gain elevated access to resources.

Prompt Injection

A type of attack targeting AI systems through manipulated input prompts.

Prompt Jailbreaking

Techniques used to bypass AI systems' built-in restrictions and safeguards.

Protected Health Information (PHI)

Protected Health Information - health data protected under HIPAA regulations.

Red Team

A group that helps organizations improve security by simulating real-world attacks.

Responsive Web Design

Retrieval-Augmented Generation (RAG)

A technique that combines language models with external knowledge retrieval to generate more accurate and contextual responses.

SOC2 Compliance

A framework ensuring service organizations securely manage customer data.

SOX Compliance

Meeting the requirements of the Sarbanes-Oxley Act for financial reporting and corporate governance.

SSensitive Personally Identifiable Information Copy

Security Information and Event Management (SIEM)

A system supplying real-time analysis of security alerts generated by network hardware and applications.

Security Operation Center (SOC)

A facility where information security experts monitor, analyze, and protect organizations from cybersecurity threats.

Security Orchestration, Automation, & Response (SOAR)

Tools that enable organizations to collect security data and automate security operations.

Security Posture Management

The continuous monitoring and improvement of an organization's overall security status.

Sensitive Data

Data that must be protected from unauthorized access to safeguard privacy or security.

Sensitive Personally Identifiable Information

Shadow Data

Sensitive information that exists outside of an organization's managed systems and security controls.

Shadow IT

Hardware or software used within an organization without IT department approval.

Shadow SaaS

Cloud services used by employees without formal IT department approval or oversight.

Single Sign-On (SSO)

An authentication method allowing users to access numerous applications with one set of credentials.

Smishing

Phishing attacks conducted through SMS text messages.

Social Engineering

Psychological manipulation techniques used to deceive people into revealing confidential information.

Social Media Archiving

The capture and storage of social media communications for compliance and record-keeping.

Software as a Service (SaaS)

Cloud based application delivery model where applications are accessed via the internet.

Unmanaged Data Stores

Data repositories that exist outside of an organization's formal management and security controls.

Unstructured Data

Information that doesn't follow a predefined data model or organization.

User Experience Design

Virtual Private Cloud (VPC)

An isolated section of a public cloud where organizations can run resources in a virtual network.

Virtual Private Network (VPN)

Virtual Private Network - encrypted connection over the internet from a device to a network.

Vishing

Voice phishing attacks conducted through phone calls.

Vulnerabilities

Weaknesses in a system that could be exploited by threats.

Vulnerability

A weakness or fault in a system, application, or process that could be exploited by malicious actors to attain unauthorized access, steal data, or disrupt operations. This can include software bugs, misconfigurations, weak passwords, or design flaws that compromise security.

Web Content Filtering

Technology that screens and excludes harmful or inappropriate web content.

Web Security

Measures protecting websites and web applications from security threats and vulnerabilities.