Key Security Terms

Understanding key security terms is essential for any organization working to protect sensitive data, maintain customer trust, and meet regulatory requirements. Here you can find clear definitions of the most important concepts in modern cybersecurity and data protection. 

Access Control

The process of selectively restricting access to systems, data, and networks based on user roles and permissions. It ensures that only authorized users can view or manipulate specific resources. Access control mechanisms include role-based access control (RBAC), mandatory access control (MAC), and discretionary access control (DAC), and are enforced through authentication and authorization processes.

Access Monitoring

The practice of observing and analyzing user activity during sessions;defined as the period in which a user is logged into a system or application. Monitoring helps detect anomalies, unauthorized behavior, and policy violations. Access monitoring can be real-time (proactive) or retrospective (reactive), supporting incident investigation and compliance audits.

Audit Log

A chronological record of system and user activities. Audit logs capture details such as login attempts, changes to files, access to sensitive data, and configuration changes. These logs are critical for forensic investigations, accountability, and regulatory compliance (e.g., HIPAA, PCI DSS), as they help determine what happened, when, and by whom.

Authentication

The process of confirming a user’s identity through credentials such as passwords, biometrics, or cryptographic tokens. It ensures that users are who they claim to be before they are granted access to systems or data.

Authorization

Determines what actions an authenticated user is permitted to perform. This includes which files they can read, what systems they can access, and which operations they can execute. Often enforced by access control lists (ACLs) or policy-based engines.

Advanced Persistent Threat (APT)

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period. APTs are often carried out by nation-states or organized groups, using sophisticated techniques to steal data or disrupt operations.

Bug Bounty

A program where organizations offer financial rewards to external ethical hackers or researchers who discover and responsibly disclose vulnerabilities in software. Bug bounties enhance security by leveraging the collective intelligence of the hacker community, supplementing traditional security testing methods.

Code Analysis (Static and Dynamic)

• Static Code Analysis examines source code without executing it, identifying vulnerabilities like insecure coding practices or potential logic flaws.
  
  
• Dynamic Code Analysis evaluates an application while it’s running, simulating real-world attacks to uncover issues that only manifest during execution.

Data Access

The authorized ability to retrieve, modify, delete, or move data across environments. Secure data access involves authentication, encryption, and monitoring to ensure data integrity and prevent unauthorized exposure; whether the data is at rest, in transit, or in use.

Data Center Infrastructure Security

Protects physical and digital assets within data centers. This includes:

• Physical security: e.g., biometric access, surveillance, and guards.
  
  
• Network security: e.g., firewalls, IDS/IPS, segmentation.
  
  
• Environmental controls: e.g., cooling, fire suppression, backup power systems. Cloud providers typically assume responsibility for data center physical security under the shared responsibility model.

Data Deletion

The removal of file references from a file system’s index (e.g., FAT or MFT), making the data invisible to users but not actually removed from storage. Deleted data can often be recovered unless it is overwritten or securely erased.

Data Erasure

A secure data sanitization method that overwrites existing information on a storage device with random or fixed patterns (like 0s and 1s) to prevent recovery. Often used to ensure sensitive information is irretrievable before device disposal or reuse.

Data Loss Prevention (DLP)

A strategy and set of tools designed to prevent unauthorized transmission or exposure of sensitive data. DLP systems monitor data in motion, in use, and at rest to block leaks caused by insider threats, malware, or misconfigured systems.

Data Security

Encompasses the tools, policies, and procedures used to protect data from unauthorized access, corruption, or theft throughout its lifecycle. Core components include encryption, access controls, backup strategies, tokenization, and secure disposal practices.

Denial of Service (DoS)

An attack that seeks to make a system, application, or network unavailable by overwhelming it with traffic or exploiting vulnerabilities to crash the system. A distributed version (DDoS) uses many compromised devices to scale the attack.

Encryption (General)

A method of converting readable data into an unreadable format using an algorithm and encryption key. Only authorized users with the decryption key can access the original information. Encryption helps maintain confidentiality and integrity.

Encryption at Rest

Protects stored data (e.g., on hard drives, databases, backups) by encrypting it using software or hardware mechanisms. Common in cloud environments, this helps secure sensitive information against physical theft or unauthorized storage access.

Encryption in Transit

Secures data while it is moving between systems or across networks (e.g., during file transfers, API calls, or login sessions). Techniques like HTTPS, TLS, and VPNs protect data against interception or man-in-the-middle attacks.

Firewall

A security device (hardware or software) that controls traffic between networks based on predefined rules. It acts as a barrier between trusted and untrusted networks, filtering malicious traffic and enforcing access control policies.

Information Security Policy

A documented set of rules and guidelines that define how an organization protects its information assets. It governs acceptable use, access controls, incident response, and data protection practices, helping align behavior with security goals and compliance requirements.

Intrusion Detection System (IDS)

Monitors network or system activity for signs of malicious behavior or policy violations. IDS tools alert security teams of potential breaches, enabling a rapid response. Variants include network-based (NIDS) and host-based (HIDS) systems.

Multi-Factor Authentication (MFA)

An authentication method that requires users to present two or more verification factors: something they know (password), something they have (token), or something they are (biometric). MFA significantly enhances account security.

Penetration Test Report

A comprehensive document generated after a simulated cyberattack (penetration test). It outlines vulnerabilities found, methods used to exploit them, and prioritized recommendations for remediation. Pen test reports are often shared with customers as proof of security diligence.

Phishing

A deceptive technique used by attackers to trick individuals into revealing sensitive information, such as passwords or financial details. Phishing often takes the form of emails or messages that appear to come from trusted sources.

Physical Security

Protects IT infrastructure and personnel from physical threats such as theft, vandalism, natural disasters, and unauthorized physical access. This includes building access controls, surveillance, environmental monitoring, and disaster recovery planning.

Ransomware

A type of malicious software that encrypts a victim’s data and demands payment for its release. Ransomware attacks often disrupt business operations and can lead to permanent data loss or reputational damage if backups are not maintained.

Social Engineering

The use of deception and manipulation to trick individuals into divulging confidential information. Common tactics include pretexting, baiting, and impersonation; often exploiting human trust rather than technical flaws.

Virtual Private Network (VPN)

Creates a secure, encrypted connection over the internet between a user and a network, allowing remote access to systems while protecting transmitted data from eavesdropping or tampering.

Vulnerability & Patch Management

• Vulnerability Management: Identifying, classifying, remediating, and mitigating weaknesses in systems.
  
  
• Patch Management: The process of distributing and applying updates to software or firmware to fix known vulnerabilities. Both practices reduce an organization’s attack surface and are essential for maintaining security posture.

Vulnerability

A flaw or weakness in a system, software, or network that can be exploited to gain unauthorized access or cause disruption. Vulnerabilities may stem from poor coding practices, misconfigurations, or outdated components.