Analyst Should Know Term Description Incident Response Plan A set of written instructions for detecting, responding to, and (IRP) limiting the effects of a security breach or cyberattack. Digital Rights Management Technologies used by publishers, copyright holders, and (DRM) individuals to control how digital information and media is used and distributed. Risk Appetite The level of risk that an organization is willing to accept in pursuit of its goals before action is deemed necessary to reduce the risk. Compliance Management A program that helps organizations maintain compliance with legal System requirements, and manage risk and governance throughout the enterprise. Public Key Infrastructure A set of roles, policies, hardware, software and procedures needed (PKI) to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. Data Minimization The principle of limiting personal data collection to what is directly relevant and necessary to accomplish a specified purpose. Supply Chain Attack A cyberattack that seeks to damage an organization by targeting less-secure elements in the supply network. Data Sovereignty The concept that information that has been converted and stored in digital form is subject to the laws of the country in which it is located. Security Policy A written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they occur. Quantitative Risk Analysis A method of risk analysis that quantifies risks in terms of concrete numbers, such as cost and statistical probabilities. Cyber Insurance A product that is intended to help an organization mitigate risk exposure by offsetting costs involved with recovery from a cyber- related security breach or similar events. Mobile Device Management Software that allows IT administrators to control, secure and (MDM) enforce policies on smartphones, tablets, and other endpoints. Next-Generation Firewall A part of the third generation of firewall technology that combines (NGFW) a traditional firewall with other network device filtering functionalities. Behavioral Analytics A technology used to detect anomalies in user behavior, which could indicate potential security violations. Secure Coding The practice of writing computer programs in a way that guards against the accidental introduction of security vulnerabilities. Third-Party Certification An assessment conducted by an independent body which verifies that an organization meets the requirements specified in a standard. Penetration Testing A set of guidelines and methodologies used for conducting Framework comprehensive security assessments. By Mohammed AlSubayt Data Retention Policy A policy that establishes protocols for retaining information for compliance purposes and disposing of data that is no longer needed. Cloud Security Alliance An organization dedicated to defining and raising awareness of (CSA) best practices to help ensure a secure cloud computing environment. IoT Security The area of cybersecurity focused on the network-connected devices, and the networks and data associated, protecting them from unauthorized access and harm. Access Control Security techniques that regulate who or what can view or use resources in a computing environment. Advanced Persistent Threat A prolonged and targeted cyberattack in which an intruder gains (APT) access to a network and remains undetected for an extended period of time. Asset Management The process of ensuring that the assets of an organization are accounted for, deployed, maintained, upgraded, and disposed of responsibly. Audit Trail A security-relevant chronological record that provides documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. Business Continuity Plan A document that outlines how a business will continue operating (BCP) during an unplanned disruption in service. Compliance Adherence to laws, regulations, guidelines, and specifications relevant to business processes. Cybersecurity Framework A set of industry standards and best practices to help organizations manage cybersecurity risks. Data Breach A security incident in which information is accessed without authorization. Data Encryption The method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Disaster Recovery Strategies and processes for recovering from and mitigating the effects of a disaster or event that causes significant, prolonged disruption of business operations. Encryption The process of encoding messages or information in such a way that only authorized parties can access it. Endpoint Detection and Cybersecurity technologies that address the need for continuous Response (EDR) monitoring and response to advanced threats. Governance The policies, processes, and structures used by an organization to direct its activities and meet its business objectives. Incident Response A set of procedures an organization follows when a cyber-attack occurs. Intrusion Detection System A device or software application that monitors a network for (IDS) malicious activity or policy violations. Malware Software designed specifically to disrupt, damage, or gain unauthorized access to computer systems. Network Security The policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. By Mohammed AlSubayt Patch Management The process of distributing and applying updates to software. These patches are often necessary to correct errors (known as "vulnerabilities" or "bugs") in the software. Penetration Testing An authorized simulated attack on a computer system, performed to evaluate the security of the system. Phishing A cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data. Risk Assessment The process of identifying and evaluating risks to an organization's operations and assets. Security Information and A set of tools and services offering a holistic view of an Event Management (SIEM) organization’s information security. Threat Intelligence Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice about an existing or emerging menace to assets. Vulnerability Management The cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities, particularly in software and firmware. Zero-Day Attack A cyber-attack that occurs the day a weakness is discovered in software, before it is fixed or before a fix is available to implement. SOC (Security Operations A centralized unit that deals with security issues on an Center) organizational and technical level, using real-time monitoring and detection, as well as incident response and forensics. CISO (Chief Information A senior-level executive within an organization responsible for Security Officer) establishing and maintaining the enterprise vision, strategy, and program to ensure information assets are adequately protected. ISO/IEC 27001 An international standard on how to manage information security. The standard includes requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). NIST Framework Developed by the National Institute of Standards and Technology, it provides a policy framework of computer security guidance for how private sector organizations in the US can assess and improve their ability to prevent, detect, and respond to cyber attacks. Privileged Access Cybersecurity strategies and technologies for exerting control over Management (PAM) the elevated ("privileged") access and permissions for users, accounts, processes, and systems across an IT environment. Data Privacy The aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties. Root Cause Analysis (RCA) A method of problem-solving used for identifying the root causes of faults or problems in cybersecurity events. SIEM (Security Information Software solutions that aggregate and analyze activity from many and Event Management) different resources across your IT infrastructure. Whitelisting A cybersecurity strategy under which a user can take action on their computer or network only if the action is included on the whitelist, thus blocking all non-approved actions. Blacklisting A security measure that blocks certain entities and allows others, identifying entities that are known to be malicious or suspicious. Cyber Espionage The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or By Mohammed AlSubayt classified), for personal, economic, political, or military advantage using illegal exploitation methods. Man-in-the-Middle Attack A cyberattack where the attacker secretly relays and possibly (MitM) alters the communications between two parties who believe they are directly communicating with each other. Social Engineering An attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain unauthorized access to systems, networks, or physical locations, or for financial gain. Tokenization The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Cloud Security A set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure. Compliance Audit An in-depth review to ensure an organization is following external laws, rules, and regulations or internal guidelines, such as corporate bylaws, controls, and policies and procedures. Risk Mitigation The process of developing actionable steps to reduce threats to project success, or an application of controls to lower the impact or likelihood of a risk. Two-Factor Authentication A security process in which users provide two different (2FA) authentication factors to verify themselves, enhancing the security of the login credentials and of the resources the user can access. Risk Transfer A risk management and control strategy that involves the contractual shifting of a pure risk from one party to another. Digital Forensics The process of uncovering and interpreting electronic data, then preserving the evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information for reconstructing past events. Cybersecurity Posture A comprehensive assessment of an organization’s cybersecurity strength which evaluates security measures, processes, and responses to cyber threats. Security Audit A systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. Vulnerability Scanning The automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. Compliance Framework A structured set of guidelines to detail an organization's processes for maintaining accordance with established regulations, specifications, or legislation. Third-Party Risk The process of analyzing and controlling risks associated with Management (TPRM) outsourcing to third-party vendors or service providers. Data Classification The process of organizing data into categories for its most effective and efficient use, often as part of data security and compliance regulations. Incident Management The activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurrence and to restore the service to its operational state. By Mohammed AlSubayt Threat Modeling A process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and quantified. Identity and Access The security discipline that enables the right individuals to access Management (IAM) the right resources at the right times for the right reasons, emphasizing the control of individual user access within an organization. Secure Sockets Layer (SSL) Protocols designed to provide communications security over a / Transport Layer Security computer network. (TLS) Breach Notification The process by which organizations inform affected individuals and authorities about unauthorized access to private data as required by law or regulations. Change Management A systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies. Forensic Analysis The process of identifying, preserving, recovering, analyzing, and presenting facts and opinions about the digital information found on computers or digital storage media. Key Performance Metrics used to quantitatively measure the effectiveness of GRC Indicators (KPIs) in GRC activities within an organization. Risk Profile The quantified analysis of the types of threats an organization, asset, project, or individual faces. Information Security Policy A set of policies issued by an organization to ensure that all information technology users within the domain of the organization or its networks comply with rules and guidelines related to the security of the information stored digitally at any point in the network or within the organization’s boundaries. Penetration Test Report Documentation of the findings from a penetration test, including vulnerabilities found and exploits that were successful, along with remediation recommendations. Continuous Monitoring The ongoing process of detecting, reporting, responding to, and mitigating security threats in real-time. Data Loss Prevention (DLP) A strategy for making sure that end users do not send sensitive or critical information outside the corporate network. Security Awareness The process of teaching employees about cybersecurity, IT best Training practices, and even regulatory compliance, often conducted regularly to ensure all employees are informed and vigilant about security threats. Patch Management The process of managing a network of computers by regularly applying patches, updates, and upgrades to the software. Multi-factor Authentication A security system that requires more than one method of (MFA) authentication from independent categories of credentials to verify the user's identity for a login or other transaction. Risk Analysis The process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. GDPR (General Data A regulation in EU law on data protection and privacy in the Protection Regulation) European Union and the European Economic Area, which also addresses the transfer of personal data outside the EU and EEA areas. By Mohammed AlSubayt ISO 31000 An international standard for Risk Management that provides principles, a framework, and a process for managing risk. Data Integrity The accuracy and consistency of data stored in a database, data warehouse, or other construct. Cloud Access Security Software that sits between cloud service users and cloud Broker (CASB) applications to monitor all activity and enforce security policies. Role-based Access Control A method of regulating access to computer or network resources (RBAC) based on the roles of individual users within an enterprise. Security Configuration The process of identifying and managing the security of devices in Management (SCM) an organization by performing vulnerability scanning and evaluation of device configurations. Security Orchestration, A stack of compatible software programs that enable an Automation, and Response organization to collect data about security threats and respond to (SOAR) low-level security events without human assistance. Network Segmentation The practice of splitting a computer network into subnetworks, each being a network segment or network layer, to improve performance and security. Business Impact Analysis A process that helps to predict the consequences of disruption of a (BIA) business function and process and gathers information needed to develop recovery strategies. Privileged User The practice of controlling and monitoring account activity for Management users who have elevated access to critical infrastructure or sensitive data. Intrusion Prevention A network security/threat prevention technology that examines System (IPS) network traffic flows to detect and prevent vulnerability exploits. Endpoint Security The approach to protecting a business network when accessed via remote devices such as laptops or other wireless and mobile devices. Cryptographic Controls Techniques and tools used to implement cryptographic methods involving the transformation of data into formats that are unreadable for an unauthorized user. Log Management The process of handling log data generated by computers, including collection, storage, consolidation, analysis, and disposal. Virtual Private Network A technology that creates a safe and encrypted connection over a (VPN) less secure network, such as the internet. Chief Risk Officer (CRO) An executive responsible for identifying, analyzing, and mitigating internal and external risks that could affect an organization’s assets and earnings. Security Architecture The set of resources and components of a security system that allow it to function effectively while managing the threats that it's designed to neutralize. nformation Lifecycle A policy-based approach to managing the flow of an information Management (ILM) system's data from creation and initial storage to the time when it becomes obsolete and is deleted. Security Baseline The minimum level of security that an organization requires to meet its objectives, established through a comprehensive assessment of the organization's assets and risks. Phishing Simulation A training exercise that sends simulated phishing emails to test employee awareness and preparedness for real phishing attempts. Security Governance The set of practices related to supporting, defining, and directing the security efforts of an organization. By Mohammed AlSubayt Threat Hunting A proactive cybersecurity practice that seeks to detect and isolate advanced threats before they cause harm or breach systems. Unified Threat A comprehensive solution that has evolved from the traditional Management (UTM) firewall into an all-inclusive security product capable of performing multiple security functions within one single system. Vulnerability Disclosure The practice of reporting security flaws in software or hardware that, if exploited, could potentially expose users to a cyber attack. Cyber Forensics The process of extracting information and data from computer storage media and guaranteeing its accuracy and reliability to deal with legal evidence in a court of law. Data Masking The process of obscuring specific data within a database table or cell to ensure that data security is maintained and sensitive information is not exposed to unauthorized personnel. Endpoint Protection A solution deployed on endpoint devices to prevent file-based Platform (EPP) malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts. Fraud Detection Systems Systems designed to prevent money or property from being obtained through false pretenses by identifying anomalies, inconsistencies, and patterns indicative of fraudulent activities. ISO 27002 An international standard that provides guidelines for the best Information Security management practices. Network Access Control Security method that determines which devices are allowed to (NAC) connect to a network based on a specific set of security criteria. Red Teaming An exercise where a group of security professionals authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an organization's security posture. Security Automation The automatic handling of security operations-related tasks without human intervention, which is designed to expedite the identification and containment of cyber exploits and breaches. Tokenization The process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Whitelisting A security process where a list of permitted entities (such as email addresses, users, applications) is used to provide access to a system, while all others are blocked. Zero Trust Model A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. Access Governance The process and technology associated with overseeing, monitoring, and controlling who within an organization has access to what information and when. Business Resilience The ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets, and overall brand equity. Extended Detection and A security solution that automatically collects and correlates data Response (XDR) from multiple security layers – email, endpoint, server, cloud workloads, and network – to improve threat detection and provide an integrated response. By Mohammed AlSubayt Cybersecurity Posture An evaluation process to determine the strength of an Assessment organization's cybersecurity defenses and its ability to handle cyber threats based on its security capabilities and potential vulnerabilities. Security Service Edge (SSE) A security framework advocating a converged set of security services delivered at the edge of the network to enforce consistent policies across all connections without compromising performance. Zero Trust Architecture A cybersecurity paradigm focused on the belief that organizations (ZTA) should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect before granting access. Data Ethics The branch of ethics that studies and evaluates the moral problems related to data (including generation, recording, curation, processing, dissemination, sharing, and use), algorithms (artificial intelligence and data analytics), and corresponding practices (responsible innovation, programming, hacking, and professional codes), in relation to the moral issues of social impact. Quantum Cryptography The use of quantum mechanics to perform cryptographic tasks and provide secure communication that is theoretically tamper-proof. Cyber Physical Systems Systems controlled or monitored by computer-based algorithms, (CPS) tightly integrated with the internet and its users, such as smart grids, autonomous automobile systems, and medical monitoring devices. Operational Technology Security measures and controls applied to protect Operational Security Technology (OT), including systems that manage, monitor, and control industrial operations. Dark Web Monitoring The process of searching for and monitoring the release of data on the dark web, typically to discover threats or exposure of sensitive corporate data or personal information. Third-Party Risk Evaluating and managing risks associated with outsourcing to Assessment third-party vendors or service providers, especially in areas like cybersecurity, compliance, and operational execution. Global Data Protection Adherence to the stringent privacy and security laws under the Regulation (GDPR) GDPR, which require businesses to protect the personal data and Compliance privacy of EU citizens. National Institute of A framework that consists of standards, guidelines, and best Standards and Technology practices to manage cybersecurity-related risk without placing (NIST) Cybersecurity additional regulatory requirements. Framework Cyber Warfare The use and targeting of computers and networks in warfare. It involves the use of digital attacks like hacking and denial-of-service (DoS) attacks to disable systems, steal data, or use a breached computer system to launch attacks on others. Cloud Security Posture Automated tools and services that help manage cloud security Management (CSPM) compliance and reduce risk by fixing misconfigurations and violations of cloud security best practices. Incident Response The use of pre-configured security defense actions that can Automation automatically assess and remediate security threats without human intervention. Cybersecurity Capacity Efforts aimed at enhancing the cybersecurity skills and capabilities Building of organizations or countries to strengthen their ability to prevent, detect, and respond to cyber attacks effectively. By Mohammed AlSubayt Sensitive Data Exposure The unauthorized disclosure, loss, or unauthorized access of sensitive information that could lead to significant consequences, such as identity theft or other forms of fraud. Cybersecurity Insurance A specialized lines insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Secure Software A process that incorporates security at every phase of software Development Lifecycle development, aiming to ensure that security is built into the end (SSDLC) product. Microsegmentation A security technique that enables fine-grained security policies to be assigned to data center applications, down to the workload level.