Cybersecurity Glossary

AI Threat Detection

AI threat detection identifies suspicious activity in digital systems by analyzing patterns in security data and detecting behavior that may indicate a cyberattack.

Autonomous SOC

Autonomous SOC refers to a security operations model where investigations, triage, and response actions are carried out largely by automated systems with minimal human intervention.

Application Security Posture Management (ASPM)

ASPM consolidates findings from multiple application security tools to deliver unified visibility, contextual risk prioritization, and continuous posture management across the full software lifecycle.

Application Security

Application security focuses on protecting software from threats by identifying and fixing vulnerabilities across the entire lifecycle, from code to runtime.

Application Vulnerability Management

Application vulnerability management is the continuous process of identifying, prioritizing, and fixing security weaknesses in software before attackers can exploit them.

Asset Discovery

Asset discovery is a critical process for identifying and tracking all hardware and software within an organization, enabling better security, compliance, and cost management across your technology landscape.

Asset Visibility

Asset visibility provides a continuously updated view of all devices, systems, and cloud resources so organizations can monitor, secure, and manage them effectively.

Attack Path Analysis

Attack path analysis maps how attackers could move through your environment by linking together vulnerabilities, identities, and access paths.

Attack Surface Monitoring

Attack surface monitoring finds and tracks every entry point hackers could use before they do—here's how it works and why it matters.

Attribute-Based Access Control (ABAC)

Learn how Attribute-Based Access Control (ABAC) enables fine-grained, context-aware access decisions by evaluating user, resource, and environmental attributes replacing static role-based models with dynamic, adaptive security.

Audit-Ready Evidence

Audit-ready evidence provides clear, verifiable proof that security controls and policies are operating as intended—allowing organizations to demonstrate compliance without scrambling during audits.

Auto-Remediation

Automatically fix security issues the moment they appear, without waiting on manual response.

Automated Threat Intelligence

Automated threat intelligence continuously collects, processes, and analyzes threat data to identify risks faster and help security teams respond before attacks escalate.

Botnets

Understand how botnets, which is a network of millions of compromised devices controlled by attackers, execute massive DDoS attacks, spam campaigns, and data theft.

Brute Force Attack

A brute force attack is a trial-and-error method used by attackers to guess credentials, encryption keys, or hidden content by systematically attempting every possible combination until the correct one is found.

Blast Radius

Blast radius measures how much damage a security incident can cause based on how far an attacker can move after gaining access.

Broken Object Level Authorization (BOLA)

Broken Object Level Authorization (BOLA) is an API vulnerability where attackers manipulate object identifiers to access data belonging to other users, bypassing intended authorization controls.

Business Email Compromise (BEC)

Business Email Compromise (BEC) is a targeted social engineering attack in which threat actors impersonate trusted figures via email to manipulate employees into transferring funds, sharing credentials, or exposing sensitive data.

CVEs

CVEs provide a standardized way to identify and track publicly known cybersecurity vulnerabilities across tools, vendors, and security teams.

CI/CD Security

CI/CD security protects the continuous integration and continuous delivery pipeline by preventing vulnerabilities, misconfigurations, and malicious code from entering software during development and deployment.

Cloud Compliance

Cloud compliance ensures cloud platforms, workloads, and data handling practices meet required security and regulatory standards.

Cloud Detection

Cloud detection provides real-time visibility into threats, anomalies, and policy violations across cloud environments, enabling organizations to identify and respond to risks before they escalate into breaches.

Cloud Infrastructure Entitlement Management (CIEM)

CIEM enables organizations to identify and right-size cloud permissions, reducing excessive entitlements that create hidden attack paths across complex multi-cloud environments.

Cloud Jacking

Cloud jacking is an identity-driven cyberattack where threat actors hijack cloud accounts and control planes to stealthily exploit resources and exfiltrate data without using malware.

Cloud Misconfiguration

Cloud computing allows organizations to deploy applications, store data, and scale infrastructure quickly. However, the flexibility of cloud platforms also introduces complexity. Each cloud service comes with dozens—or sometimes hundreds—of configuration options controlling access, networking, encryption, logging, and resource behavior. When these settings are implemented incorrectly or left in insecure states, they create security gaps...

Cloud Security

Cloud security protects dynamic cloud environments, applications, and data from cyber threats through automated, identity-centric, and intelligence-driven controls.

CNAPP

CNAPP is a cloud security platform that combines posture management, workload protection, identity monitoring, and runtime threat detection into a unified system.

Compliance Automation

Compliance automation uses software to continuously track, test, and document controls, replacing manual audit prep with real time visibility.

Configuration Drift

Configuration drift happens when systems slowly diverge from their intended configuration over time, leading to inconsistencies, security vulnerabilities, and management challenges.

Continuous Compliance

Continuous compliance uses real-time monitoring and automation to keep businesses secure, reduce risk, and simplify audits without increasing headcount.

Continuous Control Monitoring

Continuous Control Monitoring is the ongoing process of tracking whether security and compliance controls are functioning correctly, rather than relying on periodic audit checks.

Control Mapping

Control mapping is the strategic process of linking internal security safeguards to multiple regulatory requirements, enabling organizations to "build once and comply many times."

Credential Stuffing

Credential stuffing is an automated cyberattack that uses stolen login credentials from one breach to gain unauthorized access to accounts across multiple services, exploiting widespread password reuse at massive scale.

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is one of the most prevalent and persistent web application vulnerabilities, enabling attackers to inject malicious client-side scripts into pages viewed by other users.

CSPM

CSPM monitors cloud environments for misconfigurations and security gaps, helping teams detect and fix risks before they lead to breaches.

Cyber Asset Attack Surface Management (CAASM)

CAASM aggregates and correlates asset data from across the security stack to give organizations a comprehensive, continuously updated view of their entire cyber asset landscape.

Cyber Insurance Readiness

Cyber insurance readiness ensures organizations meet the security controls, documentation, and risk management standards required to obtain and maintain effective cyber insurance coverage.

Cyber Resilience

Cyber resilience is the ability of an organization to prepare for cyber threats, withstand attacks, and restore operations quickly without major disruption.

Cyber Kill Chain

The Cyber Kill Chain is a seven-stage framework that models how cyberattacks unfold, helping defenders detect and stop intrusions at each phase before damage occurs.

Distributed Denial of Service (DDoS) Attack

A DDoS attack overwhelms a target system with massive volumes of malicious traffic from multiple distributed sources, rendering services unavailable to legitimate users.

Data Loss Prevention

Move beyond reactive alerts with a comprehensive guide to Data Loss Prevention (DLP)—transforming data security into a proactive, automated defense that secures sensitive assets across cloud, endpoints, and networks.

Data Security Posture Management (DSPM)

DSPM continuously discovers and classifies sensitive data across cloud environments, identifies security risks, and enforces policies to reduce exposure before breaches occur.

DMARC

DMARC is an email authentication protocol that prevents unauthorized use of a domain by aligning SPF and DKIM results with sender policy enforcement and reporting.

Endpoint Detection and Response (EDR)

Endpoint Detection and Response helps security teams detect suspicious activity on devices and respond quickly before attackers move deeper into the network.

Exposure Management

Exposure management is the practice of continuously identifying, prioritizing, and reducing security weaknesses across an organization’s entire digital attack surface.

External Attack Surface Management

External attack surface management identifies and monitors all internet-facing assets so organizations can find exposed systems, unknown infrastructure, and security weaknesses before attackers exploit them.

False Positive in Cybersecurity

A false positive in cybersecurity is an alert that flags harmless activity as malicious, often adding noise that slows down real threat detection.

FedRAMP

FedRAMP is a U.S. government security framework that standardizes how cloud services are assessed, authorized, and continuously monitored for federal use.

Fileless Malware

Fileless malware executes entirely in memory using trusted system tools, allowing attackers to stay hidden longer and bypass traditional, file-based security defenses.

GDPR Security Controls

GDPR security controls are the technical and organizational safeguards used to protect personal data and reduce the risk of breaches under GDPR requirements.

GDPR (General Data Protection Regulation)

GDPR is a landmark data protection regulation that gives individuals greater control over their personal data while holding organizations globally accountable for how that data is collected, processed, and protected.

Honeypot

A honeypot is a deliberately deployed decoy system designed to lure attackers, detect intrusions, and gather actionable threat intelligence before real assets are compromised.

HIPAA

HIPAA sets the standard for protecting patient health data, defining how it should be stored, shared, and secured.

Hybrid Cloud Security

Hybrid cloud security protects data and workloads across on-premises and cloud environments by unifying visibility, enforcing consistent policies, and adapting defenses to a distributed, constantly changing attack surface.

Indicators of Compromise (IoC)

Indicators of Compromise (IoC) are forensic artifacts and observable evidence that signal a potential or active security breach within an organization's environment.

Insider Threats

Insider threats exploit trusted access and everyday behavior, making them harder to detect and often more damaging than external cyberattacks.

Identity Governance and Administration (IGA)

Identity Governance and Administration (IGA) centralizes the management of digital identities and access rights, enabling organizations to enforce least-privilege policies, automate lifecycle processes, and maintain continuous compliance.

Identity Threat Detection and Response (ITDR)

Identity Threat Detection and Response (ITDR) protects enterprises by detecting and responding to identity-based attacks before credentials are misused.

Incident Escalation

Incident escalation is the formal process of transferring responsibility to higher-level experts or management to ensure complex security threats are resolved swiftly and effectively.

Infrastructure As Code Security

Infrastructure as Code security focuses on finding and fixing risky cloud and infrastructure configurations before they are deployed through code.

ISO 27001

ISO 27001 is an international information security standard that helps organizations manage security risks through structured policies, controls, and continuous risk management practices.

JWT (JSON Web Token)

JSON Web Tokens enable fast, stateless authentication across APIs and distributed systems—but only when implemented and validated with strong security discipline.

Kerberos

Kerberos secures network authentication using encrypted tickets, enabling safe, scalable, and single sign-on access while minimizing credential exposure and replay attacks.

Known Exploited Vulnerabilities (KEV)

The Known Exploited Vulnerabilities (KEV) catalog is a curated list maintained by CISA that identifies vulnerabilities actively exploited in the wild, enabling organizations to prioritize remediation based on real-world threat activity.

Kubernetes Security Posture Management (KSPM)

Kubernetes has become the de facto standard for container orchestration, with over 90% of organizations now using or evaluating containers in production according to the Cloud Native Computing Foundation. However, the complexity and dynamic nature of Kubernetes environments introduce significant security challenges. Misconfigurations remain the leading cause of security incidents in containerized environments, with Gartner...

Logic Bombs

Logic bombs are stealthy, trigger-based cyber threats that lie dormant within legitimate systems until activated, causing disruption, data loss, or financial damage.

Lateral Movement

Lateral movement is when an attacker already inside a network shifts from system to system, quietly expanding access toward higher value targets.

LDAP

LDAP is a directory access protocol used to manage user identities, authentication, permissions, and organizational data across networks and enterprise systems.

Man-in-the-Middle (MitM) Attack

A Man-in-the-Middle attack occurs when an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.

Malware

Malware is malicious software designed to damage, disrupt, or gain unauthorized access to computers and networks.

Mean Time to Contain (MTTC) in Cybersecurity

Mean Time to Contain (MTTC) measures how quickly a security team can stop a threat from spreading after it’s detected.

Mean Time to Respond (MTTR)

Slow MTTR isn’t just a technical problem—it’s the result of alert overload, manual processes, fragmented tools, and missing context that delay response and increase business risk.

MITRE

MITRE is a federally funded nonprofit organization that operates critical cybersecurity frameworks, including ATT&CK, used globally to classify adversary tactics, techniques, and procedures.

MTBF (Mean Time Between Failures)

MTBF measures how long a system typically runs before it fails, helping teams track reliability and reduce unexpected downtime.

MTTD (Mean Time to Detect)

MTTD measures how long it takes to detect a security incident after it begins, revealing how quickly an organization can spot threats before they escalate.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) requires users to verify their identity through two or more independent factors before gaining access, dramatically reducing the risk of credential compromise.

Network Access Control (NAC)

Network Access Control (NAC) ensures only authorized and compliant devices can access your network, reducing risk and enforcing security policies in real time.

Network Detection and Response (NDR)

Network Detection and Response (NDR) continuously analyzes network behavior to uncover stealthy threats that evade traditional security tools, enabling faster detection, deeper visibility, and smarter incident response.

NIST

A practical guide to what NIST is and how its frameworks help organizations manage cybersecurity risk and structure their security programs.

NIS2 Directive

The NIS2 Directive is the European Union's updated cybersecurity legislation requiring essential and important entities to implement robust risk management measures, report incidents promptly, and ensure supply chain security across critical sectors.

OSINT (Open Source Intelligence)

OSINT turns publicly available information into actionable intelligence for cybersecurity, risk management, and threat detection.

PCI DSS

PCI DSS is a global security standard that defines how organizations must protect cardholder data when storing, processing, or transmitting payment information.

Penetration Testing (Pentesting)

Penetration testing simulates real-world cyberattacks to identify exploitable vulnerabilities and measure true business risk before attackers do.

Pentesting

Pentesting simulates real-world cyberattacks to uncover exploitable vulnerabilities and validate security defenses before malicious actors can cause harm.

PHI (Protected Health Information)

PHI (Protected Health Information) is any health-related data that can identify a person and is protected under HIPAA, covering everything from medical records to insurance and clinical communication.

Phishing

Phishing is a social engineering attack that uses deceptive communications to trick individuals into revealing sensitive information, credentials, or installing malware.

Privileged Access Management (PAM)

Privileged Access Management (PAM) secures, controls, and monitors elevated access to critical systems, reducing the risk of credential-based attacks and insider threats.

Prompt Injection

Prompt injection is an AI attack technique that manipulates language model instructions to produce unintended behavior, bypass restrictions, or expose sensitive data.

QR Code Phishing (Quishing)

QR code phishing (“quishing”) hides malicious links inside scannable codes, bypassing traditional email defenses and targeting mobile users to steal credentials or deploy malware.

Risk Register

A risk register is a structured record that helps organizations track security risks, assess their business impact, and prioritize remediation actions.

Ransomware

Ransomware is a type of malicious software that encrypts data or locks systems, demanding payment from victims to restore access.

RBAC

RBAC streamlines access management by assigning permissions to defined roles rather than individual users, enabling scalable, consistent, and auditable access control across the organization.

Risk Acceptance

Risk acceptance is a deliberate decision to acknowledge a cybersecurity or business risk without taking immediate mitigation steps.

Risk-Based Vulnerability Management (RBVM)

Risk-Based Vulnerability Management (RBVM) prioritizes remediation by evaluating vulnerabilities against real-world threat context, asset criticality, and business impact rather than relying on severity scores alone.

Sandbox in Cybersecurity

A sandbox in cybersecurity is an isolated testing environment where suspicious files or programs can run safely without risking the main system.

Security Data Lake

A security data lake consolidates security telemetry from across the enterprise into a scalable, cost-effective repository purpose-built for advanced analytics, threat hunting, and long-term compliance retention.

Security Questionnaire

A security questionnaire is a structured set of questions used to evaluate a vendor’s security practices, compliance controls, and ability to protect sensitive data.

SOC 2 Bridge Letter

A SOC 2 bridge letter is a document that confirms whether a company’s security controls and compliance posture have materially changed since its last SOC 2 audit period ended.

SOC Report

A SOC report is an independent audit report that evaluates how a company manages security controls, customer data, and operational risk.

Supply Chain Attack

A supply chain attack compromises trusted vendors, software, or services to infiltrate downstream targets, bypassing conventional perimeter defenses by exploiting inherent trust relationships.

SaaS Security Posture Management (SSPM)

SSPM provides continuous visibility and automated remediation of security risks across SaaS applications, addressing misconfigurations, identity exposures, and compliance violations before they lead to breaches.

SaaS Security

SaaS security refers to the policies, controls, and technologies used to protect cloud-based applications, data, and user access.

SAST

SAST scans code for security flaws during development, helping teams fix vulnerabilities before they reach production.

SBOM

SBOM (Software Bill of Materials) is a structured inventory of software components and dependencies that improves supply chain visibility and accelerates vulnerability response. Secure.com automates SBOM generation and integrates it into continuous security workflows.

SCA (Software Composition Analysis)

Software Composition Analysis (SCA) identifies and tracks open source components in your code to detect vulnerabilities, manage licenses, and reduce software supply chain risk.

Secure SDLC

Most software teams don’t set out to ship insecure code. It still happens. Not because developers don’t care, but because security often shows up too late, usually right before release, when fixing issues is slow, expensive, and sometimes ignored. Secure SDLC changes that timing. Secure SDLC, or Secure Software Development Life Cycle, is the practice...

Security Case Management

Modern security teams face an overwhelming volume of alerts, incidents, and investigative tasks. Security operations centers (SOCs) must track suspicious activity, investigate threats, coordinate responses, and document every action taken during an incident. Without a structured system, investigations often become fragmented—spread across emails, spreadsheets, ticketing systems, and multiple security tools. Security case management addresses this...

Security Observability

Security observability helps organizations understand and investigate threats by connecting telemetry, behavior, and system activity across environments in real time.

Separation of Duties

Separation of Duties is a fundamental control that prevents fraud and errors by dividing responsibilities across multiple individuals.

Shadow IT

Shadow IT is the use of unapproved apps and services inside an organization, creating hidden visibility gaps that can increase security risk.

Shift Left Security

Shift left security embeds automated security checks into design and development so teams catch and fix vulnerabilities early—reducing costs, accelerating releases, and preventing production-stage fire drills.

SIEM

SIEM centralizes and analyzes security data from across the environment to help organizations detect, investigate, and respond to threats faster.

SOAR

SOAR unifies security tools, automates repetitive workflows, and accelerates incident response to help SOC teams operate faster and more efficiently.

SOC 1

SOC 1 is a compliance framework that evaluates how organizations manage controls related to financial reporting and customer data handling.

SOC 3

SOC 3 is a public-facing compliance report that shows an organization meets key security and trust service criteria.

SOC Threat Hunting

SOC threat hunting is the proactive search for hidden threats in an organization’s network before they can cause damage.

SOC2

SOC 2 is a compliance framework that evaluates how organizations protect customer data using the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy.

Social Engineering

Social engineering exploits human trust and psychological manipulation to bypass technical defenses, making it one of the most persistent and effective attack vectors in modern cybersecurity.

Spear Phishing

Spear phishing is a highly targeted form of phishing that uses personalized deception to trick specific individuals into compromising sensitive information, credentials, or systems.

SQL Injection (SQLi)

SQL Injection (SQLi) is a code injection technique that exploits vulnerabilities in application data layers, enabling attackers to manipulate database queries to access, modify, or destroy sensitive data.

Threat Exposure Management (TEM)

Threat Exposure Management is a continuous process that identifies, prioritizes, and reduces real attack paths across an organization’s environment based on business impact.

Threat Modeling

Threat modeling is the process of identifying potential attack paths, security risks, and defensive controls before attackers can exploit weaknesses in a system.

Typosquatting

Typosquatting exploits simple URL misspellings to impersonate trusted brands, redirect users to malicious sites, and steal sensitive data before victims realize their mistake.

Unauthorized Access

Unauthorized access occurs when a person gains entry to systems, data, or accounts without permission, often becoming the starting point of a larger security breach.

Vulnerability Assessment

A vulnerability assessment identifies, analyzes, and prioritizes security weaknesses across systems so organizations can fix risks before they are exploited.

Vulnerability Management

Vulnerability management is the ongoing process of identifying, assessing, and addressing security weaknesses before they can be exploited.

Vulnerability Prioritization

Prioritize vulnerabilities based on real-world risk—not just severity—to reduce remediation backlog, improve MTTR, and focus on what truly threatens your business.

White Box Testing

White box testing is a software testing method that validates an application by examining its internal code structure, logic, and execution paths.

Workload Security

Workload security protects the applications, services, and computing resources running in cloud and data-center environments from vulnerabilities, misconfigurations, and active cyber threats.

XDR – Extended Detection and Response

Extended Detection and Response (XDR) unifies threat detection, investigation, and response across endpoints, networks, cloud, and identity layers.

YAML Security Configuration

YAML security configuration defines how to safely structure YAML files to prevent misconfigurations and vulnerabilities in applications and infrastructure.

Zero Day Attack

A zero-day attack exploits an unknown software vulnerability before vendors release a fix, giving attackers a dangerous head start over defenders.

Zero Trust Architecture

Zero Trust Architecture is a cybersecurity framework that continuously verifies users, devices, and access requests instead of automatically trusting anything inside the network.

Zero-Day Vulnerability

A zero-day vulnerability is a previously unknown software flaw that attackers can exploit before developers release a fix.