Data Protection Terms
331 terms
Security risks in distributed network architectures where high-speed data processing occurs outside centralized security…
Systems that dynamically respond to threats.
The practice of mimicking specific threat actors' tactics and techniques for security testing.
Hyper-personalized social engineering attacks using behavioral analysis and content generation models.
A tool that monitors and secures API traffic, protecting against API-specific threats.
Encryption using paired public/private keys where data encrypted with one key requires the other for decryption.
AI-powered tools scanning networks for vulnerabilities at machine speed using predictive analytics.
Systematic security notification.
Systematic evaluation of security measures.
Systematic security settings management.
Systematic security validation.
Systematic gathering of security data.
Systematic update deployment.
Systematic fix of security issues.
Systematic security status communication.
Systematic security communication.
Systematic security validation process.
Continuous testing of security controls.
Hidden system access point bypassing normal authentication, often inserted during development.
Establishing normal network/application behavior metrics to detect anomalies through continuous monitoring.
Authentication systems analyzing unique patterns in user interactions (keystrokes, mouse movements).
The process of examining compiled software to determine its characteristics without access to source code.
Physiological/behavioral characteristics (fingerprints, voice patterns) used for identity verification.
A network of malware-infected devices controlled remotely for attacks like DDoS or spam campaigns.
Analyzing potential consequences of security breaches.
A cybersecurity technique that physically isolates an internet user's browsing activity from their local network and inf…
Policy allowing employee-owned devices for work, requiring additional mobile security controls for data protection.
Technology that enables security teams to improve basic security hygiene by ensuring security controls.
Software that sits between cloud service users and cloud applications to monitor activity and enforce security policies.
Globally recognized certification demonstrating expertise in security program management.
Legal process documenting evidence handling for forensic investigations.
Executive responsible for enterprise-wide IT security strategy and compliance.
International standard (ISO 15408) for evaluating security product effectiveness.
Measures protecting telecommunications from interception/exploitation.
Secure electronic system for transmitting medical treatment instructions.
Technologies that encrypt data in use, ensuring it remains protected during processing.
The ongoing process of testing security controls to ensure they remain effective.
Technical data requiring export controls under ITAR/EAR regulations.
Sensitive unclassified data requiring federal-mandated protection measures.
Small website file storing user preferences and session data.
A type of cyberattack where stolen account credentials are tested against multiple websites.
Rules governing international data movement.
The science of breaking cryptographic systems by identifying weaknesses in encryption algorithms.
Categorizing digital assets based on security requirements.
System for categorizing digital assets.
Identifying relationships between digital assets.
The process of identifying and cataloging all digital assets within an organization.
The collection and analysis of information about an organization's digital assets.
Systems for tracking and managing an organization's digital assets.
Managing digital assets from acquisition through retirement.
The practice of maintaining an inventory of all digital assets and their security states.
Continuous observation of digital asset security status.
System for evaluating digital asset risks.
Assigning risk values to digital assets.
The process of labeling digital assets with security-relevant metadata.
The process of handling major cybersecurity incidents and minimizing their impact.
Tools that use decoys to misdirect and trap attackers, revealing their presence.
Tools that automate security monitoring and response.
Simulated scenarios designed to test and improve security response capabilities.
A framework for organizing security tools and processes across different security domains.
Developing strategies for protecting against cyber attacks.
Creating realistic scenarios for testing security defenses.
The systematic gathering of digital evidence for security investigations.
A measure of how well an organization maintains its basic security practices.
Insurance that helps organizations recover from cybersecurity incidents and data breaches.
Combining threat intelligence from multiple sources.
A framework for understanding the stages of cyber attacks to better defend against them.
Protection of systems where computer-based algorithms interact with physical components.
Attacks bridging digital and physical systems to disrupt industrial processes or critical infrastructure.
A virtual environment used for cybersecurity training and software testing.
Evaluating the effectiveness of security training environments.
Tools for evaluating security training effectiveness.
Tools and processes for automating cybersecurity training environments.
Creating structured security training scenarios.
The technical foundation for security training environments.
The automated setup and management of cybersecurity training environments.
Creating realistic training scenarios for security teams.
Collection of security training scenarios.
Creating realistic scenarios for security training and testing.
Collection and analysis of data from cybersecurity training exercises.
Specialized backup and recovery solutions designed to protect against cyber attacks.
An organization's ability to maintain operations during/after cyber incidents through adaptive defenses and recovery pla…
An organization's ability to prepare for, respond to, and recover from cyber attacks.
The process of evaluating and assigning numerical values to cyber risks.
Initiatives designed to promote security awareness and behavior throughout an organization.
The process of aligning security controls with various security frameworks.
A composable and scalable approach to extending security controls across distributed assets.
A score that indicates an organization's security posture based on observable data.
Critical shortage of skilled professionals capable of managing AI-enhanced security systems.
Coverage for breach-related costs including fines and legal fees.
DoD framework assessing contractors' ability to safeguard defense-related data.
Unindexed internet segment often used for illegal data trading.
Private encrypted networks requiring specific software/configurations, distinct from the broader dark web.
Unauthorized access/exposure of sensitive information like personal records or intellectual property.
System for categorizing data sensitivity.
Entity determining purposes/methods of data processing.
Systems that monitor and flag unauthorized attempts to transfer sensitive data outside the organization.
Methods to ensure that data remains unaltered during storage and transmission.
Technologies preventing unauthorized data exfiltration via endpoints/networks.
Emerging technologies designed to prevent unauthorized data exfiltration and leaks.
Techniques to obscure sensitive information within data sets, ensuring privacy during non-production use.
Structure for privacy implementation.
Visualization of data handling flows.
Documentation of data handling activities.
Third party processing data on controller's behalf.
Assessment of data protection measures.
Database of protection measures.
Timeline for data storage and deletion.
Interface for privacy rights requests.
Evaluation of cross-border data movement risks.
Method for secure data movement.
Approaches that focus on securing data directly, regardless of where it resides or how it is accessed.
Impersonation attacks using AI-generated voice/video to manipulate victims into unauthorized transactions.
Layered security strategy combining physical/technical/administrative controls across multiple system tiers.
The structured approach to implementing security controls and countermeasures.
Evaluating the coverage and effectiveness of security controls.
The practice of integrating security practices within the DevOps process.
Methods that introduce controlled noise into data analysis to protect individual identities.
The potential cybersecurity risks that third-party vendors, suppliers, or service providers might introduce.
Security monitoring and response activities conducted across multiple locations.
An email authentication protocol designed to prevent email spoofing.
Protecting distributed computing environments at the network's edge.
Protecting devices (computers/mobiles) with antivirus and intrusion detection.
Holistic strategy identifying/prioritizing organizational cyber risks.
Authorized system penetration testing to identify vulnerabilities.
License agreement outlining software usage terms/data practices.
US legislation requiring federal agencies to implement security programs.
US government program standardizing cloud service provider security assessments.
Processes to confirm that firmware has not been tampered with and remains authentic during its lifecycle.
Protecting the low-level software that provides hardware control and basic operation instructions.
US law mandating federal agencies implement information security programs.
US law enabling public access to government records.
EU regulation governing personal data handling, emphasizing transparency and user rights.
AI systems trained to anticipate novel attack vectors by simulating attacker methodologies.
Temporary block/allow list requiring additional verification.
Temporary blocklist requiring additional verification (e.g., email sender authentication) before allowing access.
A set of security recommendations for a specific technology product or platform.
A physical computing device that safeguards and manages digital keys for strong authentication.
US law mandating safeguards for protected health information (PHI).
Decoy system designed to attract and study cyberattack methods.
Storage systems that guarantee data, once written, cannot be modified or erased.
ISO 27001-aligned framework for maintaining data confidentiality/integrity.
Strategies focused on detecting and stopping the unauthorized transfer of sensitive data from within an organization.
Protocol suite securing internet communications through encryption and authentication.
International standard for implementing information security management systems.
Protection frameworks for integrated industrial control systems (OT) and enterprise networks (IT) in smart factories.
Malicious USB charging stations stealing device data.
Malicious USB charging ports that install malware or steal data from connected devices.
System generating/storing cryptographic keys securely.
Protocol for accessing directory services in networked environments.
Protection for information repositories.
Systematic collection/analysis of system logs to detect anomalies and support forensic investigations.
Malware distribution through compromised online advertisements on legitimate websites.
Multi-factor authentication using ≥2 verification methods.
A security technique that enables fine-grained security policies to be assigned to data center applications.
Dynamic security approach that continuously alters network configurations to disrupt attacker reconnaissance.
Risk management guidelines with six core functions for organizational resilience.
Cybersecurity guidelines for risk management.
Open standard allowing secure delegated access without sharing passwords.
The practice of building security tools and techniques for authorized system testing.
Layered encryption technique enabling anonymous communication.
Community-driven initiative improving software security through best practices.
Open community improving software security.
Simulated cyberattacks to evaluate system defenses.
Simulated cyberattacks evaluating defensive capabilities.
Redirecting users to fake sites to steal credentials.
A cybercrime where targets are contacted by email, phone or text by someone posing as a legitimate institution.
Fraudulent attempts to obtain sensitive data by impersonating legitimate entities.
Next-gen encryption standards being standardized by NIST to counter quantum computing threats.
Reusable privacy design structure.
Integrating robust privacy protections into the design and architecture of systems from the outset.
Systems for handling user privacy permissions.
Evaluation of privacy protection measures.
Structure for privacy protection.
Standard for privacy improvement.
Tools and techniques designed to protect personal data and enable privacy compliance.
Analysis evaluating data processing risks under regulations like GDPR.
Systematic analysis of privacy risks.
Tracking privacy measure effectiveness.
Visual display of privacy performance.
Handling of privacy policy communications.
Automated privacy notice creation tool.
Automated handling of privacy requests.
Systems for handling privacy-related requests.
Isolated environment for privacy testing.
Building privacy into system architecture.
Technologies enabling data processing while maintaining privacy.
Techniques for extracting insights from data sets while protecting individual privacy.
Data protection method replacing identifiers with artificial values.
A security methodology that combines red team and blue team functions to maximize cybersecurity effectiveness.
PCI DSS-certified professional conducting compliance validations.
Encryption using quantum mechanics principles.
The science of exploiting quantum mechanical properties to secure the transmission of data.
Encryption methods designed to withstand decryption attempts by quantum computers using lattice-based or hash-based algo…
Security technology that's embedded into an application to detect and block attacks in real-time.
Tools and processes that automate penetration testing and security assessment activities.
Challenges complying with conflicting cybersecurity laws across different jurisdictions.
Methodical evaluation of threats and vulnerabilities to prioritize mitigations.
Foundational digital certificate establishing trust hierarchies for SSL/TLS encryption chains.
Malware granting privileged access while hiding presence.
Protection mechanisms that operate while software is executing.
Isolating untrusted programs in restricted environments.
A network architecture that combines network security functions with WAN capabilities to support secure access needs of …
A method for using specific standards to enable automated vulnerability management.
Integrating security best practices throughout the development, testing, and deployment of APIs.
A process that ensures a device boots using only software trusted by the manufacturer, preventing unauthorized code exec…
The process of replacing sensitive data elements with non-sensitive placeholders to mitigate risk.
Technology that prevents mission-critical email data from being corrupted, stolen, or lost.
Security solutions that prevent unsecured internet traffic from entering an organization's network.
Evaluating the effectiveness of security control placement.
Structured approach to evaluating security designs.
Detailed plan for security control implementation.
Recording and maintaining security control implementations.
The process of creating representations of security control implementations.
Reusable solutions to common security design problems.
Collection of reusable security design solutions.
Standard templates for security control implementation.
A governance body that evaluates and approves security architecture decisions.
Standardized security design patterns.
A measure of confidence that security features and architecture meet security requirements.
Programs designed to educate users about cybersecurity best practices and potential threats.
Evaluating systems against established security standards.
A documented set of specifications for system components.
Measuring variations from security standards.
Maintaining security standards.
Individuals embedded within development teams who promote security practices and culture.
The practice of intentionally introducing security failures to test system resilience.
Evaluating system settings against security best practices.
The practice of handling security settings across systems and keeping them in a secure state.
The process of understanding the security implications of a specific situation or environment.
The testing or evaluation of security controls to determine their effectiveness.
Verification of security control implementation.
Examining security measures for compliance and effectiveness.
Comprehensive list of security measures.
Plan for implementing security measures.
Recording security measure details.
Measurements of how well security controls perform.
Measuring security measure success.
Managing security requirement deviations.
Managing deviations from security standards.
Mapping security controls to multiple compliance frameworks.
Identifying missing security measures.
The process of deploying and configuring security measures.
Detailed instructions for deploying security measures.
Plan for deploying security measures.
The process by which security controls are passed down from parent to child systems.
Evaluating how security controls propagate through systems.
Tracking propagation of security controls.
The evolution of security controls from implementation to retirement.
Managing security measure evolution.
Aligning security controls across different compliance frameworks.
Organized view of security measures across an environment.
Tracking security measure status.
Tools that automate the deployment and management of security controls across environments.
Procedure for reverting security changes.
Validating the implementation of security measures.
Plan for validating security measures.
The process of testing security controls against real-world attack scenarios.
Studying differences in control implementation.
Managing security control changes.
Categorizing data based on sensitivity and protection requirements.
The management of security-related data throughout its lifecycle.
A centralized repository for storing security-related data for analysis.
Tracking and addressing accumulated security issues.
Evaluating security risks in software dependencies.
The process of evaluating system designs for potential security issues.
A process for implementing security best practices in software development.
The process of determining how changes might affect system security.
The practice of collecting, organizing, and sharing security-related information.
The process of collecting and centralizing security-related log data from multiple sources.
A collaborative ecosystem of security tools working together to improve overall security posture.
A distributed architectural approach to scalable, flexible, and reliable cybersecurity control.
Defined limits for security measurements.
Evaluating security performance data for insights.
The gathering and organization of security performance data.
Tools for gathering security performance data.
Finding relationships between security measurements.
A visual interface showing key security performance indicators.
Tools for visualizing security performance data.
Structure for communicating security performance.
Creating visual representations of security performance data.
A centralized unit that deals with security issues on an organizational and technical level.
Team monitoring networks for threats using SIEM and EDR tools.
Evaluating the effectiveness of security settings.
Standard security settings for systems and applications.
Setting up security controls according to best practices.
The process of fine-tuning security controls for maximum effectiveness.
Tools for fine-tuning security settings.
Predefined sets of security settings for specific use cases.
Evaluating the effectiveness of security control settings.
Structured approach to evaluating security settings.
Adjusting security settings for optimal performance.
Analysis of security effectiveness.
Reference point for security measurements.
Visual security status display.
Measurements used to evaluate the effectiveness of security programs.
Tracking security effectiveness.
Improving security effectiveness.
An organization's overall cybersecurity strength and how well it can predict, prevent and respond to cyber threats.
Quantitative assessment of overall security strength.
The process of determining and documenting security needs for systems.
The process of allocating resources to maintain and improve security posture.
A structured methodology for analyzing and managing cybersecurity risks.
Framework for evaluating risks.
Framework for measuring security risks.
Studying patterns in security risks.
A tool that measures and reports on an organization's security posture.
Cloud-based security services that provide secure access to websites, SaaS applications and private applications.
Processing and analyzing security monitoring data.
Subscription-based security testing services delivered via cloud platforms.
The process of replacing sensitive data with unique identification symbols that retain essential information.
Audit document detailing cloud providers' security controls.
Systems that collect and analyze security data to detect threats.
Technology solutions that allow organizations to collect security data and alerts from different sources.
Security Operations Center monitoring/responding to threats.
Tools that analyze open-source software components for security vulnerabilities.
Configuration standards for securing hardware and software systems.
Creating artificial datasets for testing purposes without exposing real, sensitive information.
Audit framework evaluating service providers' data security controls.
Physical security breach where unauthorized personnel follow authorized users into restricted areas.
Processes assessing vendor security postures and compliance.
Replacing sensitive data with non-sensitive tokens.
Isolated environments within a processor that guarantee the integrity and confidentiality of code and data during execut…
Techniques aimed at protecting sensitive personal data collected by wearable technologies.
Allowing pre-approved applications/entities system access.
A unified security solution that automatically collects and correlates data from multiple security layers.
Cross-site scripting attacks injecting malicious code into websites.
Security model requiring continuous verification for access.
Security model requiring continuous verification of all users/devices regardless of network location.
Security model requiring continuous verification for all access requests.
Security measures designed to prevent exploitation of previously unknown vulnerabilities.