AACS is a physical security measure to restrict access and maintain control over who goes where and when.

AAM treats agents as their own distinct NHI, and are used to govern their access to data, services, and platforms, with dynamic just-in-time access.

An ACL is a list of permissions and actions which are attached to an object, and it specifies the users or system processes that are given access.

An AI-BOM is an inventory of the components which make up your AI systems, including dependencies, models, training data, frameworks, and infrastructure. It's a foundational component of AI security.

AI-SPM provides context, observability, and the workflows for auto-remediation of risks associated with AI services, models, and agents.

A threat actor, usually with a lot of resource, who wants to gain long term access to computer systems to steal data.

A software engineer focused tool, which can be used to manage the security posture of applications deployed into production.

A security solution that defends against complex malware or hacking attacks which target sensitive data within an organisation.

A combination of strategies, policies, and procedures on how an organisation should respond to or adapt to potential threats or unforeseen disruptive events while minimising the negative impacts.

BCM is the process in which an organization will plan for and respond to potential threats that could have an impact on the business continuing to operate.

A BCP is a runbook which outlines actions that need to be taken in preparation, during, and post an event which effects the businesses ability to operate.

A BIA will help to predict the impact of a disruption to the business, and will gather any relevant information required to help with resiliency and recovery.

A BRC is a group of people who oversee an organization's risk appetite and risk strategy.

A tool which helps provide complete visibility of assets, to help prioritise vulnerabilities and highlight gaps in security controls.

A tool which aggregates data from across your cloud platforms, and provides real-time threat detection and response capabilities.

A cloud-based security policy enforcement point that is placed between cloud service consumers and providers.

A CERT is a group of cybersecurity specialists who are responsible for preventing, detecting, and mitigating digital security threats.

A CHFI is someone skilled in computer forensics and utilises their skills to capture evidence of computer misuse. In the event of an incident a CHFI can help carry out a fast and efficient investigation.

Together these principles form the cornerstone of any organisation's security infrastructure.

A CIEM provides observability of permissions that clouds identities have access to, it can be leveraged to help adhere to the principle of least privilege in the cloud.

A CIRT is a group of people responsible for preparing for, investigating, containing, eradicating, and recovering from computer security incidents.

The pinnacle of the security positions, a CISO is a senior executive responsible for all facets of information security within a business.

CNAPP is an umbrella term for a collection of cloud security tools, it is an all-in-one platform to help prevent, detect, and respond to cloud security threats.

Automates the identification and remediation of risks across cloud infrastructures.

CVE is a standardised convention for naming vulnerabilities, it provides easy identification and remediation across multiple security platforms. It is owned and maintained by the not-for-profit MITRE corporation.

CWE is a broad classification of common weaknesses found in software and hardware systems, and can be referenced to help prevent future vulnerabilities. CWE publish a Top 25 list of the most dangerous software weaknesses.

Used to protect cloud workloads, including virtual machines, containers, and serverless functions.

DAD is the opposing view of the CIA triad, it represents the 3 most common threats against information security.

DAST allows us to perform security scans against our resources at runtime, this can be achieved with an automation tool or through manual testing.

Due Diligence is the process of evaluating the security posture of a third-party tool or a potential acquisition, to evaluate the additional risk of investment.

DLP software solutions execute responses based on policy and rules defined to address the risk of inadvertent or accidental leaks or exposure of sensitive data outside authorised channels.

Also referred to as Data Privacy, Data Protection is the process of safeguarding the information that a business are custodians of, to protect against loss, damage, or corruption.

DPA is a legally binding contract, which outlines the responsibilities of data controllers and processors in handling and keeping data secure.

DPI is often a feature of modern firewalls, and it allows for examination of the payload of a request. It is used to identify malicious content through analysis of signatures to detect malware or other anomolies.

A process to help you identify and minimise the data protection risks of a project. You must perform a DPIA for processing that is likely to result in a high risk to individuals.

An enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data Protection Officers are responsible for overseeing a company's data protection strategy and its implementation to ensure compliance with GDPR requirements.

DR is a plan for recovery in the event of a natural disaster, cyber attack, resource failure, etc. It's one of the foundations of a business continuity plan, and is designed to restore a business back to normal operations as soon as possible.

DSA is the primary algorithm defined in the Digital Signature Standard (DSS) for generating digital signatures.

DSPM is a tool to catalogue and assess the security policies associated with data storage and management. They provide monitoring an alerting of data assets and reports for auditing, and help with remediation of potential vulnerabilities.

Established by the National Institute of Standards and Technology (NIST), DSS is a suite of algorithms for creating and verifying digital signatures.

ECDSA is a method of public key cryptography, which uses elliptic-curve cryptography keys and is defined in the National Institute of Standards and Technology (NIST) Digital Signature Standard (DSS).

An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

The relationship between each building block or element of risk can be measured mathematically and assigned a monetary value, so that ultimately risk can be calculated as financial loss exposure.

A process for continuously validating the integrity of OS components and applications to ensure they haven't been tampered with.

GDPR is a regulation established by the European Union to ensure the collection, storage, processing, and sharing of personal data relating to European citizens is handled appropriately. It also provides individuals with more control over their data.

This is a suite of security tools within GitHub that are freely accessible to individual users with public repositories, or alternatively under an enterprise license with GHAS added on. It covers secret scanning, code scanning, and dependency management with dependabot.

Aims to synchronise information and activity across governance, and compliance in order to operate more efficiently, enable effective informaton sharing, more effectively report activities, and avoid wasteful overlaps.

A methodology for AI first software development, where humans help guide the agent through tasks, intervening when necessary, and verifying and approving the actions that are taken.

A physical device for generating, protecting, and managing encryption keys. They're used to adhere to compliance requirements and improve data security.

A web security policy which enforces the use of HTTPS and helps to prevent MITM attacks.

IoA are dynamic indicators that a system is likely to be attacked, which can help to intercept threats before compromise occurs. Aspects of theMITRE ATT&CK frameworkare a good representation of what might constitute an IoA.

An IoC is an indicator that a cyber incident has occurred within your environment, this evidence is usually gathered in response to an investigation based on Indicators of Attack (IoA) or security auditing.

The UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

A monitoring system that detects suspicious activity and generates alerts.

IEM is the practice of discovering, assessing, and reducing identity-related risks such as excessive privileges, exposed credentials, and misconfigurations across identity systems.

Also referred to as Identity Security, IGA helps security adminitrators to automate the management of user identities and their level of access to enterprise software.

A technology that keeps an eye on a network for any malicious activities attempting to exploit a known vulnerability and stops them.

An ISAC collates threat intelligence data and distributes it to it's members along with actions to mitigate potential threats.

Controls that an organisation needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities.

An ISO is focused on operationalising an Information Security Management System (ISMS) within a business.

ISPs are a foundation of security within a business, and highlight the approach of the business to Information Security. Each practice and area of the business will be covered by it's own security policies.

ITDR is it's own security platform focused solely on protecting identities. It collects data from Identity and Access Management (IAM) sources and monitors and alerts based on anomolous activity, breaches, and identity-based threats.

This term was born from the principle of least privilege (PoLP) and refers to only providing identities with the minimum required permissions to complete necessary tasks.

This term is used to describe the period of time that access is granted, permissions should be provided only when needed and then revoked.

The processes for onboarding new employees, changing access for people who change roles, and removing access when people leave the business.

Used to reduce the risk when exchanging keys, and is part of the Kerberos network authentication protocol.

A deep learning model which has been trained on huge amounts of data, which allows it to generate human-like text based on the probability of what word comes next.

LPE is a technqiue where an attacker with limited access to a system exploits a vulnerability to gain higher privileges.

A protected part of Windows OS which is responsible for enforcing the security policy on the system.

A Network Access Control method which allows devices to connect to a network without being subject to authentication checks, which is susceptible to spoofing.

Represents the total amount of downtime that can occur without causing significant harm to the organisation's mission.

Often used to help with endpoint management where Bring Your Own Device (BYOD) is in place, and operates at the application level. It helps secure business data, while keeping personal data private.

Often used to help with endpoint management where Bring Your Own Device (BYOD) is in place, and operates at the Operating System (OS) level, which is higher risk for protection of personal data.

A platform for sharing information about malware threats and indicators of compromise.

A type of attack where the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.

A third-party provider of security services, a common example of which is a managed Security Operations Center (SOC) as a service.

An NGFW is an advanced firewall that goes beyond traditional static rules for traffic ingress and egress. They include features such as Deep Packet Inspection (DPI), malware detection, Transport Layer Security (TLS) inspection, etc.

A NHI is an identity which is not associated with a human, but instead with a machine, service, or application. These are more important as Aritifical Intelligence (AI) becomes more prevalent.

A NOC's primary focus is ensuring the health of a organisation's network and lends itself to the availability aspect of the CIA triad.

OASIS is a consortium, which come together to define standards for open collaboration.

A nonprofit organization that focuses on improving the security of software.

A PAM platform can be utilised to ensure access is controlled sufficiently, with the appropriate monitoring and auditing capabilities.

The payment card industry data security standard, is a set of security standards designed to ensure that ALL companies that accept, process, store, or transmit credit card information maintain a secure environment.

They give people specific privacy rights in relation to electronic communications; marketing calls, emails, texts, faxes, cookies, secure communications, and customer privacy.

PII is any information held which can be used by itself or in combination with other pieces of data to indentify a specific person. It is important to ensure privacy, protect from identity theft, and to comply with government regulations such as General Data Protection Regulation (GDPR).

PoLP is an important design consideration which means to limit the level of access provided to a user, service, or process, and only give the exact permissions required to carry out their function.

PSI is any information held that if exposed could cause harm to an individual. Examples might include medical documents, financial documents, sexual orientation, religious identity, criminal record, or political affiliation.

In cryptography, a PSK is a shared secret which was previously shared between the two parties using a secure channel before it needs to be used.

A PUP is generally installed onto a device unintentionally or without user consent. They're often bundled in with other software and can contain trackers, advertisements, vulnerabilities, and have a negative impact on performance.

QKD is a secure communication method involving quantum mechanics to allow two parties to share a random encryption key for symmetric encryption of communication data.

A matrix project management tool, used to clarify roles and responsibilities.

A method of restricting network access based on the roles of individual users within an enterprise.

A type of attack where a hacker executes malicious code on a remote machine.

RMF is a process for identifying, assessing, managing, and mitigating risk within a business.

How much data can the business afford to lose, and therefore what frequency of data backups will be required.

RSA is the most common form of asymmetric encryption, and it is named after it's inventors. It relies on the factoring problem of prime numbers.

Determine the point in time after an incident by which an activity or its dependency must be resumed.

You have the right to ask an organisation whether or not they are using or storing your personal information. You can also ask them for copies of your personal information, verbally or in writing.

SARIF is an OASIS standard, which makes static analysis tools interoperable by providing a standard data format.

SASE combines network functions and security services within a single framework, it was born out of the expanding investment in cloud technology and enablement of a remote workforce.

SAST is used to discover and remediate vulnerabilities in code before they reach production, and it is a key component of a "shift left" strategy.

An SBOM is an inventory of all the dependencies of a software application, which is machine readible and speeds up triage when new vulnerabilities are published.

SCIM is a set of protocols, which form a standard, for managing users, groups, and roles and supports an efficient Joiners, Movers, Leavers (JML) process.

SHA is a suite of hashing functions used to produce a predictable length hash as the output regardless of the input. They are usually used for password storage, integrity checks, and digital signatures.

A single security management system that offers full visibility into activity within your network - which empowers you to respond to threats in real-time.

A SoA is a document usually found in ISO 27001, which defines which controls from the standard are in scope.

Part of a SIEM that helps to automate incident response.

A centralised function within an organisation employing people, processes, and technology to continuously monitor and improve an organisation's security posture while preventing, detecting, analysing, and responding to cyber security incidents.

Prevents content from one origin being loaded in another origin.

A framework for ensuring security is baked into each stage of the Software Development Lifecycle.

SSE forms the security aspects of SASE, it includes cloud based services aimed at replacing or enhancing traditional perimeter-based security tools, such as VPNs.

Still widely referred to when discussing certificates, although it has been deprecated for a long time.

SSPM is an automated security tool aimed at discovering broken access control, misconfigurations, and other cloud security issues associated with SaaS applications.

A SWG acts as a barrier between users and potentially malicious websites, it can filter traffic, block malware, and provide analytics. It can also be leveraged to apply company policy, for example blocking access to anything remotely fun from your work laptop.

A cryptographic protocol for encrypting data in transit, which superseded SSL.

Used to describe the behaviour of a threat actor.

In the absense of an automated system, a UAR can be performed to understand who has access to what to ensure access levels are appropriate across users and services.

Part of a SIEM that detects anomalous behaviour by users.

A platform for monitoring, managing, and patching end user devices.

An approach for identifying vulnerabilities and confirming whether they can be exploited through testing.

An authorised programme for ethical hackers to report vulnerabilities to organisations.

A technology that allows you to create a secure and encrypted connection over a less secure network, such as the internet.

A firewall for protecting web applications by monitoring, filtering, and blocking HTTP traffic between a web application and the Internet.

A type of data storage that can only be written to once but can be read multiple times, which is used for secure data storage and improving data integrity.

XDR handles threat detection and response, and provides visibility of all data; providing a proactive response to threats and attacks.

ZTNA is a model which dictates that no user, device, or service can be trusted by default. This ensures least privilege is applied, access is provided Just-In-Time (JIT), and authentication continuously verified.