Cybersecurity Glossary

A comprehensive reference of cybersecurity terms, frameworks, and concepts used by security leaders and virtual CISOs.

B

Business Continuity

Planning and processes to ensure critical business functions continue during and after a disruption.

C

Chief Information Security Officer

The executive responsible for an organization's information security strategy and program.

Compliance Audit

A formal assessment to verify an organization meets regulatory or framework requirements.

D

Data Loss Prevention

Technologies and processes that prevent sensitive data from leaving the organization.

Disaster Recovery

Procedures and infrastructure for restoring IT systems after a catastrophic event.

E

EDR (Endpoint Detection and Response)

Security technology that monitors endpoints for threats and enables rapid investigation and response.

Encryption

The process of converting data into an unreadable format to protect it from unauthorized access.

H

HIPAA

The Health Insurance Portability and Accountability Act, a U.S. law governing healthcare data protection.

I

Incident Response Plan

A documented set of procedures for detecting, responding to, and recovering from security incidents.

ISO 27001

An international standard for information security management systems (ISMS).

M

Multi-Factor Authentication

A security method requiring two or more verification factors to access a system or account.

N

NIST Cybersecurity Framework

A voluntary framework of standards and best practices for managing cybersecurity risk.

P

PCI-DSS

The Payment Card Industry Data Security Standard for organizations that handle credit card data.

Penetration Testing

An authorized simulated cyberattack to evaluate the security of systems and identify vulnerabilities.

R

Risk Assessment

The process of identifying, analyzing, and evaluating cybersecurity risks to an organization.

S

Security Awareness Training

Education programs that teach employees to recognize and respond to cybersecurity threats.

Security Operations Center

A centralized facility where security professionals monitor, detect, and respond to threats.

Security Policy

A formal document that defines an organization's rules and expectations for information security.

Security Program

The comprehensive set of policies, controls, and processes that protect an organization's information assets.

SIEM (Security Information and Event Management)

Technology that aggregates and analyzes security logs to detect threats and support compliance.

SOC 2

A compliance framework for service organizations that evaluates security, availability, and confidentiality controls.

V

Vendor Risk Management

The process of assessing and managing security risks from third-party vendors and partners.

Virtual CISO

A part-time or outsourced executive who provides strategic security leadership without full-time cost.

Vulnerability Management

The ongoing process of identifying, classifying, remediating, and mitigating security vulnerabilities.

Z

Zero Trust Architecture

A security model that requires strict verification for every user and device, regardless of network location.

Need Help Navigating Cybersecurity?

A virtual CISO translates these concepts into actionable strategy for your organization.

Schedule a Discovery Call