Cybersecurity Glossary

API security is the practice of protecting your application programming interfaces from attacks, misuse, and data exposure through authentication, authorization, rate limiting, input validation, and monitoring.

Attack Surface Management (ASM) is the continuous discovery, inventory, classification, and monitoring of all internet-facing assets that belong to an organisation to reduce exposure to threats.

Brand impersonation is when attackers create fake websites, social profiles, mobile apps, or deepfake content that looks like your brand to trick customers into giving up credentials or money.

Cloud security encompasses the policies, technologies, controls, and best practices used to protect data, applications, and infrastructure hosted in cloud environments (IaaS, PaaS, SaaS).

Compliance automation is the use of technology to continuously monitor, assess, and enforce adherence to regulatory requirements and security frameworks: replacing manual audits with real-time, automated evidence collection.

CVE (Common Vulnerabilities and Exposures) is a public catalog of known cybersecurity vulnerabilities. Each entry gets a unique identifier like CVE-2024-12345 so teams can track and discuss specific flaws consistently.

Cyber threat hunting is the proactive, human-led process of searching through networks, endpoints, and datasets to find advanced threats that have evaded automated security controls.

Dark web monitoring is the practice of scanning dark web marketplaces, forums, paste sites, and Telegram channels for leaked credentials, data dumps, and threat actor chatter that may impact an organisation.

Data Loss Prevention (DLP) is a set of tools and policies designed to detect and prevent the unauthorised transmission, sharing, or exfiltration of sensitive data outside an organisation's boundaries.

Digital Risk Protection (DRP) is a cybersecurity discipline that identifies and mitigates threats targeting an organisation's digital presence: including brand impersonation, data leaks, social media fraud, and rogue apps.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that protects domains from unauthorised use such as phishing and spoofing.

Endpoint Detection and Response (EDR) is a security solution that continuously monitors endpoint devices (laptops, servers, mobile devices) to detect, investigate, and respond to advanced threats that bypass traditional antivirus.

Identity and Access Management (IAM) is a framework of policies, processes, and technologies that ensures the right individuals have appropriate access to technology resources at the right time and for the right reasons.

Incident Response (IR) is the structured process your organization follows to detect, contain, remove, and recover from a cybersecurity incident while limiting damage and downtime.

Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more independent verification factors: something they know, something they have, or something they are: to prove their identity.

OSINT (Open Source Intelligence) is the practice of collecting and analyzing publicly available information to identify security threats, map adversary infrastructure, or assess external risk.

Penetration testing is a simulated cyberattack against your systems, performed with permission and a defined scope, to find exploitable weaknesses before real attackers do.

Phishing is a social engineering attack in which a threat actor impersonates a trusted entity via email, SMS, or fake websites to trick victims into revealing credentials, financial data, or installing malware.

Ransomware is malware that encrypts your files or locks your systems, then demands payment, usually in cryptocurrency, for the decryption key.

SaaS security is the set of practices and tools you use to protect data, manage access, and enforce policies across your Software-as-a-Service applications, including both approved and unapproved apps.

Security awareness training teaches employees how to recognize and respond to cybersecurity threats, including phishing, social engineering, and unsafe data handling.

Shadow IT is the use of IT systems, software, devices, or cloud services inside your organization without explicit approval from your IT or security team.

SIEM (Security Information and Event Management) is a platform that collects logs from across your IT infrastructure, correlates them in real time, and flags suspicious patterns that indicate an attack.

A Security Operations Centre (SOC) is the team and facility that monitors your environment for threats around the clock, detects suspicious activity, investigates alerts, and coordinates response.

Social engineering is a manipulation technique that exploits human psychology: trust, fear, urgency, or curiosity: to trick individuals into revealing confidential information, granting access, or performing actions that compromise security.

A supply chain attack is a cyberattack that targets an organisation by compromising a trusted third-party vendor, software provider, or service in the supply chain rather than attacking the organisation directly.

Threat intelligence is evidence-based knowledge about existing or emerging cyber threats, including threat actors and their tactics, techniques, and procedures (TTPs), that helps you make informed security decisions.

Vendor Risk Management (VRM) is the process of identifying, assessing, monitoring, and mitigating the cybersecurity and operational risks introduced by third-party vendors, suppliers, and partners.

Vulnerability management is the ongoing work of finding, ranking, fixing, and verifying security weaknesses in your systems, applications, and infrastructure.

Zero Trust is a security framework that requires all users and devices: whether inside or outside the network perimeter: to be continuously authenticated, authorised, and validated before being granted access to resources.