mobile-logo

CyberArrow Cyber Security & Compliance Glossary

Must-know cyber security and compliance terminologies

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

  • Access Control

    Access Control is a security technique that regulates who or what can access resources in a computing environment. It controls who has permission to enter a physical location, access a computer system, or execute a specific action in a software application based on predefined security policies and rules. Access control ensures that only authorized users can access the resources they need to do their jobs and helps protect sensitive information from unauthorized access or theft.

  • Advanced Persistent Threat (APT)

    APT is a specific kind of cyberattack or security lapse that is well-targeted, sophisticated, and intended to repeatedly steal sensitive data from a victim's system. APTs frequently use several undisclosed security flaws or zero-day attacks, which enable the attacker to keep access to the target even after some attack pathways are blocked.

  • Information Asset Inventory

    Information Asset Inventory is a comprehensive catalog of all the information assets, including systems, data, hardware, software, testimonials, and everything tangible & intangible that is necessary for a company's operations to run smoothly.

  • Asset Management

    Asset Management is the process of locating, categorizing, monitoring, and safeguarding an organization's many assets. It aims to reduce risks, maintain compliance requirements, and maximize the value and use of assets. The process entails implementing policies, practices, and tools to manage and keep track of the entire asset lifecycle, from acquisition to disposal.

  • Automated Evidence Collection

    Automated Evidence Collection is a process in which evidence is collected automatically from various integrations with multiple technologies in the organization to satisfy the requirement of one or more cybersecurity standards. This process is used to ensure compliance with international standards and local regulations for cybersecurity. The process is intended to replace the manual collection of evidence during cybersecurity audits or control reviews.

  • Awareness Training Platform

    Awareness Training Platform is a software product intended to provide cybersecurity instruction and training to an organization’s employees. These platforms seek to increase employee knowledge of security risks and teach them how to handle sensitive data safely and securely. The platform is used to assess the maturity of staff awareness through attack simulations and knowledge assessments.

  • AE/SCNS/NCEMA 7000

    AE/SCNS/NCEMA 7000 is a standard developed by the National Emergency Crisis and Disaster Management Authority (NCEMA) in the United Arab Emirates (UAE). It is a set of guidelines and requirements that aim to enhance the resilience of critical infrastructure in the country and ensure their ability to withstand and respond to emergencies and disasters.

  • Automated Security KPI Monitoring

    Automated Security KPI monitoring is the process of automatically monitoring specific cybersecurity Key Performance Indicators (KPIs) versus targets set by the organization. These Key Performance Indicators (KPIs) are automatically monitored based on system configurations and implementation of cybersecurity controls to determine the cybersecurity posture of the organization.

  • Business Continuity Planning (BCP)

    BCP is the process of developing a protection system to recover from potential risks of an organization. BCP's objective is to guarantee that crucial business operations and processes can continue during and after a disaster or disruption. BCP entails developing a thorough plan detailing the actions to anticipate and react to various interruptions, such as natural disasters, hacking, power failures, and other catastrophes.

  • CIS Critical Security Controls (CIS CSC)

    The Center for Internet Security (CIS) established and maintained a list of 20 cybersecurity best practices known as the CIS Critical Security Controls (CIS CSC). The CIS CSC offers a prioritized method for improving an organization's overall security posture by recognizing and thwarting the most frequent cyberattacks.

  • Cloud Security Alliance (CSA)

    Cloud Security Alliance (CSA) is a nonprofit group that advocates using best practices to guarantee security in cloud computing. CSA aims to spread awareness of the best practices for ensuring security assurance in cloud technology while educating people on how cloud computing may be used to safeguard other types of technology.

  • Compliance Automation Tool

    Compliance Automation Tool is a software that automates the process of ensuring compliance with cybersecurity standards and regulations. These tools assist firms in keeping tabs on, evaluating, and managing their cybersecurity compliance posture and automatically managing relevant risks.

  • Computer Network Defense

    Computer Network Defense (CND) is a set of security parameters and tools for defending computer networks against intrusion, misuse, theft, and damage. Security measures like firewalls, access control, intrusion detection systems, and encryption must be implemented to stop cyberattacks and illegal access.

  • Cryptography

    Cryptography is a method of using mathematical procedures to transform plaintext into unreadable ciphertext and back again (decryption) to protect the confidentiality, integrity, and authenticity of data being communicated or stored. It is the study of private communication methods when outside parties are present. It comprises the creation and validation of digital signatures and the encryption and decryption of messages.

  • Common Vulnerabilities and Exposures (CVE)

    CVE is a database open to the public and offers a standardized method for locating and tracking security flaws in software and other technology. A unique identification, a description of the vulnerability, its impact, and instructions on how to mitigate it are all included in each CVE entry. New attacks and exploits are frequently listed in a CVE long before a vendor acknowledges the problem or issues an update or patch to fix it.

  • Cyberattack

    Cyberattack is an act of malice to hack into a digital network or system to steal sensitive data, damage it, or interfere with regular operations. Cyberattacks can take many forms, including DDoS attacks, ransomware, phishing, and malware.

  • Cybersecurity

    Cybersecurity is the practice of preventing unwanted access, use, exploitation, theft, or damage to computer networks, systems, and information. It helps stop cyber attacks and illegal access; requires putting in place several security measures, protections, security protocols, and remedies that are logical/technical, structural, and personnel-focused.

  • Data Breach

    Data Breach is the unauthorized access of private information, usually kept in electronic form. Data breaches can be caused by hacking, theft, human mistake, or other security issues, and they can have significant repercussions for people, companies, and governmental organizations.

  • Data Integrity

    Data Integrity is the correctness and completeness of data across its entire lifecycle, from generation to disposal. It ensures that data doesn't get lost, changed, or tampered with, either mistakenly or on purpose, and keeps its original context and meaning.

  • Distributed Denial of Service (DDoS)

    DDoS is a cyberattack that seeks to stop a computer system or network from operating normally by flooding it with traffic from many sources. A DDoS assault aims to overwhelm a website or network with traffic so that it can no longer handle genuine requests, rendering it unavailable to users.

  • Digital Certificate

    Digital Certificate is a piece of electronic documentation that authenticates the identity of a person, business, or device. In internet security protocols like SSL/TLS, digital certificates are frequently used to build trust between parties and safeguard the transport of sensitive data

  • Eavesdropping

    Eavesdropping is the act of intercepting and hearing other people's communication without that person's knowledge or consent. Eavesdropping, as used in cybersecurity, describes the unauthorized interception of electronic communications such as voice-over IP (VoIP) conversations, chat, and email.

  • Firewall

    A firewall is a device that can be hardware or software used to block unauthorized access to or outbound connections to a private network. It is a network security device that keeps track of incoming and outgoing network traffic before deciding whether to allow or block a specific type of traffic following a predetermined set of security criteria.

  • General Data Protection Legislation (GDPR)

    GDPR stands for General Data Protection Regulation. It is a set of regulations established by the European Union (EU) in May 2018 to protect the privacy and personal data of EU citizens. The GDPR aims to give individuals greater control over their personal data and to simplify the regulatory environment for international businesses.

  • Governance, Risk, and Compliance (GRC)

    GRC is a framework for regulating an organization‘s governance, risk management practices, and compliance with rules and laws. It guarantees that a business can successfully manage its risk and adhere to applicable regulations. GRC enables firms to manage governance, risk, and keeping more efficiently by helping them understand how these three elements interact.

  • Hacktivism

    Hacktivism is a process of using hacking techniques to disrupt or influence websites, databases, and other computer networks for political or societal objectives. Hacktivists frequently hack official or commercial websites to make a point, sometimes employing Distributed Denial of Service (DDoS) attacks.

  • Awareness Training Platform

    Awareness Training Platform is a software product intended to provide cybersecurity instruction and training to an organization’s employees. These platforms seek to increase employee knowledge of security risks and teach them how to handle sensitive data safely and securely. The platform is used to assess the maturity of staff awareness through attack simulations and knowledge assessments.

  • Health Insurance Portability and Accountability Act (HIPAA)

    HIPAA is a federal law establishing standards in the United States. It aims to safeguard the confidentiality and protection of individuals' medical data. All organizations that deal with confidential health information, such as healthcare professionals, private insurers, and healthcare clearinghouses, are subject to HIPAA regulations.

  • Information Security Management System (ISMS)

    ISMS is a systematic, preventative strategy for managing sensitive data and guaranteeing its availability, confidentiality, and integrity. The risk management framework serves as the foundation for the ISMS, which was created to specifically address the needs and goals of the organization.

  • Internet of Things (IoT) Assessment

    IoT Assessment is a process of evaluating a company's IoT systems, connections, and devices that identify security flaws and assess the efficacy of the security protocols already in place. In addition to ensuring the security and privacy of sensitive data, the assessment strives to detect and reduce risks related to IoT devices.

  • Intrusion Detection System (IDS)

    IDS is a hardware or software program that can automatically identify and notify security administrators of cybersecurity threats, including unauthorized access attempts or malicious behavior. IDS can be used to instantly identify intrusions and offer details about their nature and the possible harm they might do

  • Intrusion Prevention System (IPS)

    IPS is a security system that keeps track of network traffic and uses real-time detection and blocking to stop the malicious activity and unauthorized access attempts. IPS is made to actively block harmful traffic, as opposed to only detecting it like an IDS, to stop intrusions from happening.

  • ISO 22301

    ISO 22301 is a global standard for business continuity management (BCM), which offers businesses a framework for developing, establishing, operating, monitoring, reviewing, maintaining, and continuously enhancing BCM procedures.

  • ISO/IEC 27001

    ISO/IEC 27001 is an international standard for information security management systems (ISMS). It provides a framework for organizations to manage and protect their information assets, including confidential data and sensitive information, against various threats and risks.

  • ISO/IEC 27002

    ISO/IEC 27002 is an international standard that provides guidelines and best practices for information security management. The standard's 2022 revision covers subjects like risk assessment, security protocols, authentication protocols, and incident investigation and offers revised principles and requirements for information security management.

  • ISO 27035

    ISO 27035 is an international standard that provides guidelines for incident management related to information security. It outlines a framework for incident management that includes processes for detecting, reporting, assessing, and responding to security incidents.

  • ISR V2

    ISR V2 is an information security regulation issued by the Dubai Government mandating all government entities to implement a set of information security controls. These information security controls must be implemented to protect Dubai government data from any security breach.

  • IT Security Policy

    IT Security Policy is a legal statement that describes an organization's security policies, processes, and rules for safeguarding its information technology (IT) systems, networking, and data. The IT security policy is an essential part of an organization's overall security architecture and aids in protecting the privacy, availability, and integrity of sensitive data.

  • Keylogger

    Keylogger is a malicious program that records keystrokes performed on a computer or other device. Cybercriminals employ keyloggers to steal private data, including codes, credit card credentials, and other personal data.

  • Link Jacking

    Link jacking is a method used by online criminals to divert users to websites or pages other than the ones they plan to view when they click a hyperlink. Link jacking happens when a malicious entity changes the target URL of an existing hyperlink or installs a malicious attachment into a website that is legitimate.

  • Malware

    Malware is any software created to harm a computer, system, or other devices, which can appear as viruses, worms, Keyloggers, spyware, and ransomware, among other things.

  • National Cybersecurity Authority Critical Systems Cybersecurity Control (NCA CSCC)

    The National Cybersecurity Authority Critical Systems Cybersecurity Control (NCA CSCC) is a framework developed by the National Cybersecurity Authority (NCA) in Saudi Arabia. The framework provides a set of controls and guidelines to enhance the cybersecurity posture of critical information infrastructure (CII) in the country.

  • National Cybersecurity Authority Essential Cybersecurity Controls (NCA ECC)

    The National Cybersecurity Authority Essential Cybersecurity Controls (NCA ECC) is a framework developed by the National Cybersecurity Authority (NCA) in Saudi Arabia. The framework provides a set of essential controls and guidelines to enhance the cybersecurity posture of organizations operating in the country.

  • NIST Cybersecurity Framework

    The National Institute of Standards and Technology (NIST) created the NIST Cybersecurity Framework (NIST CSF) to aid enterprises in managing and lowering cybersecurity risk. The framework is made adaptable so that it may be customized to meet the unique requirements of various organizations and sectors.

  • Open Web Application Security Project (OWASP)

    OWASP stands for the Open Web Application Security Project. It is a nonprofit organization dedicated to improving the security of software applications. OWASP provides a range of resources, including tools, documentation, and best practices, to help developers and security professionals design, develop, and maintain secure applications.

  • Payment Card Industry Data Security Standard (PCI DSS)

    The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards developed by major credit card companies, including Visa, Mastercard, and American Express, to protect against credit card fraud and data breaches. PCI DSS applies to all organizations that accept, process, store, or transmit credit card information.

  • Phishing

    Phishing is a social engineering technique in which an attacker deceives victims into divulging critical information through phony emails or websites, such as passwords, credit card numbers, and other personal information. Since the attacker may utilize social engineering strategies to make the emails or web pages seem legitimate, phishing attempts can be challenging to spot.

  • Qatar Cloud Policy Framework

    Qatar Cloud Policy Framework is a collection of rules and specifications for cloud computing use in Qatar. The framework offers enterprises a particular set of policies and processes using cloud computing services to safeguard their applications and information from online dangers.

  • Qualitative Risk Assessment

    Qualitative Risk Assessment assesses the likelihood and potential consequences of various hazards in an organization. In the risk management framework, qualitative risk assessment is frequently used as the first stage to identify and rank dangers and lay the groundwork for more in-depth quantitative risk evaluations.

  • Quantitative Risk Assessment

    Quantitative risk assessment is a method used to assess the possibility and potential effects of various risks in an organization using numerical data and statistical models. Compared to qualitative risk assessment, quantitative risk analysis offers a more complete and systematic evaluation of risk, enabling companies to allocate funds and prioritize risk mitigation initiatives with more excellent knowledge.

  • Ransomware

    Ransomware is a form of the virus that encrypts the files of an organization and demands money in exchange for the decryption key. Attacks using ransomware can be highly damaging since firms may lose access to vital information and files and need to pay a ransom to get them back.

  • Report on Compliance (ROC)

    ROC is a document that details an organization's compliance level with a given set of rules or requirements. A Report on Compliance may be necessary for cybersecurity to prove that a business complies with pertinent security rules and guidelines, such as PCI DSS or NIST.

  • Risk Management

    Risk Management is determining, assessing, and reducing risks in an organization. Risk management in cybersecurity entails determining and evaluating potential security hazards and taking action to mitigate those risks.

  • SAMA Cybersecurity Framework

    The SAMA Cybersecurity Framework is a set of guidelines and requirements developed by the Saudi Arabian Monetary Authority (SAMA) to enhance the cybersecurity posture of financial institutions in the Kingdom of Saudi Arabia.

  • Sandboxing

    Sandboxing is a security technique that isolates a procedure or application from other system components—sandboxing stops malware from spreading or harmful processes from accessing sensitive data. Sandboxing is a practical software testing method for executing potentially risky programs in a safe setting.

  • Saudi Data and Artificial Intelligence Authority (SDAIA) - National Data Governance

    The Saudi Data and Artificial Intelligence Authority (SDAIA) - National Data Governance standard is a framework developed by the SDAIA in Saudi Arabia to establish standards for data governance across the country.

  • SOC 2

    SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It is designed to evaluate and report on the controls related to security, availability, processing integrity, confidentiality, and privacy of a service organization's systems and services.

  • Social Engineering

    Social Engineering is a form of cybercrime that uses psychological tricks to trick people into disclosing private information or taking activities that could be harmful to an organization. This can involve pretexting, luring, and phishing assaults.

  • Threat Monitoring

    Threat Monitoring is the continuous process of identifying, evaluating, and reacting to possible security threats to a company's information systems. This may involve watching for malware, shady network activities, and recognized security flaws.

  • Two Factor Authentication

    Two-factor Authentication (2FA) is a security method that requires two different forms of identity to access an internet application. The first component, which is typically a passcode, enables one to ensure that only those with authorization can access confidential material. The second aspect can be a tangible token, like a secure link or a one-time password given by SMS or email.

  • UAE IA

    The UAE Information Assurance Standard is a framework developed by the UAE government to ensure the confidentiality, integrity, and availability of information in the country's government and critical infrastructure sectors. The standard outlines a set of controls and guidelines that organizations must follow to manage their information security risks. It includes requirements for access control, cryptography, incident management, network security, physical security, and other areas related to information security.

  • Vendor Assessment

    Vendor Assessment assesses a vendor's goods and services for security, dependability, and quality. This may entail examining the vendor's security measures, evaluating their business continuity strategy, and performing an operational risk analysis.

  • Vendor Management Policy

    Vendor Management Policy is a collection of rules that manages an organization's vendor connections and processes. The policy establishes a framework for evaluating vendor hazards and sets expectations and guidelines for vendors, covering security and confidentiality standards.

  • Virtual Private Network (VPN)

    VPN allows individuals to access a company's resources from distant locations through a secure network interface. A VPN establishes a safe and private line of communication by establishing an encryption method between a targeted computer and the company's network.

  • Vulnerability Assessment

    Vulnerability Assessment is the process of locating, examining, and ranking security flaws in an organization's network systems. The vulnerability assessment’s objectives are to pinpoint risky areas for the company and offer suggestions for reducing such risks.

  • Vulnerability Management

    Vulnerability Management is the continual process of locating, evaluating, and addressing security flaws in an organization's operational systems. This includes doing routine vulnerability assessments, installing security patches, and taking further steps to lower the possibility of a successful cyber attack.

  • Worm

    A worm is a malicious code that spreads from device to device without human intervention. Worms can harm by using up network bandwidth, slowing down systems, and exposing private data.

  • Zombie

    Zombie is a computer infected by malicious programs and vulnerable to remote assault. Zombies are frequently employed in Distributed Denial of Service (DDoS) assaults, spam distribution campaigns, and malware distribution campaigns.

Join the world’s biggest brands that run their enterprise GRC programs using CyberArrow

Bupa Bupa
Emirates Emirates
Amex Amex
Etisalat Etisalat
Mobily Mobily

CyberArrow – Your Compliance Hero

compliance expert icon

Speak to Compliance Experts

Get chat support from CyberArrow’s compliance experts.

security report icon

Security Reports

Share your real-time security posture in report-format using CyberArrow.

KPI monitoring icon

KPI Monitoring

CyberArrow’s real-time KPI monitoring, assures you adhering to your security KPIs.

dedicated support icon

Dedicated Support

We provide global support. Both for technical issues and compliance questions.

Risk assessment icon

Risk Assessment

CyberArrow automates your risk-assessment end-to-end.

security icon

Security Training

CyberArrow includes a Native Awareness module to educate your staff on cyber security.

asset inventory icon

Asset Inventory

Integrate CyberArrow with your favorite asset management solution.

third party security icon

Third Party Security

Run third party assessments to ensure that your vendor's security is up to the mark.

evidence collection icon

Automated Evidence Collection

CyberArrow automatically gathers evidence across systems and documents.

CyberArrow can help you automate your GRC efforts with ease.

Schedule Demo