- APT
- Advanced Persistent Threat - A sophisticated cyber attack normally used to target large companies and government agencies who deal with high value data (manufacturing plans, designs, intellectual property, defense projects, etc.). APT’s are ongoing in nature and are designed to give the attacker prolonged access to exfiltrate data and/or deliver malicious software at will without being detected.
- CISA
- Certified Information Systems Auditor - A certification for professionals who monitor, audit, control and assess information systems.
- CISSP
- Certified Information Systems Security Professional (CISSP) is a widely recognized independent information security certification granted by the International Information System Security Certification Consortium. It is awarded to individuals who have demonstrated proficiency in the security of the design, architecture, controls and management of highly secure digital environments.
- CISO
- A Chief Information Security Officer (CISO) is the senior high-level executive ultimately responsible for the security of an organization’s data and digital assets.
- DFARS
- The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the broader Federal Acquisition Regulation (FAR) that provides the Department of Defense (DoD) specific acquisition regulations by detailing the complex set of rules governing the federal government's purchasing process. Any entity bidding to do business with the DoD must abide by its requirements.
- DLP
- Data Loss Prevention (DLP) describes the strategy, tools and processes used to ensure organizational data not lost, misused, or accessed by unauthorized users outside of the organization.
- HIPAA
- The Health Insurance Portability and Accountability Act (HIPPA) is a regulatory compliance law enacted in 1996 to protect the privacy of patient data. Penalties for non-compliant healthcare entities can include substantial fines and/or other sanctions.
- ICS (Security)
- ICS is the acronym for Industrial Control System (ICS). ICS security refers to the safeguarding of industrial control systems, the integrated hardware and software designed to monitor and control the operation of machinery and associated devices in industrial environments.
- IoT
- IoT stands for the Internet of Things, which refers to the ever-growing network of physical objects that feature an IP address for Internet connectivity and have the capacity to communicate (transfer data) between such objects and other Internet-enabled devices and systems.
- EDR
- Endpoint Detection and Response (EDR) solutions are designed to provide visibility and detect anomalies and threats in organizational “endpoints,” which are any devices connected to the network (workstation, server, modem, router, printer, etc.).
- NIST
- The National Institute of Standards and Technology (NIST) is the U.S. federal agency responsible for developing and maintaining the “Framework for Improving Critical Infrastructure Cybersecurity,” a collection of voluntary guidelines designed to give organizations a proven framework to follow to identify/remediate/manage their information security risks.
- PCI-DSS
- The Payment Card Industry Data Security Standard (PCI-DSS) is a set of information security practices issued by the global payment card industry. Any merchant and/or service provider that accepts credit/debit cards is required to comply with its standards.
- SCADA
- Supervisory Control and Data Acquisition (SCADA) refers to a computer system used for monitoring and/or controlling a plant or equipment in infrastructure industries like telecommunications, water and waste control, energy, oil and gas refining and transportation. SCADA systems also allow for data to be gathered and analyzed in real time.
- SIEM
- Security Information and Event Management (SIEM) describes software used to monitor, log, provide alerts and analyze security events to support threat detection and incident response.
- SOX
- The Sarbanes-OXley Act (SOX) is a law enacted in 2002 requiring companies to certify that they have sufficient , acceptable controls in place to prevent financial/accounting fraud. Penalties for non-compliant financial industry entities can include substantial fines and/or other sanctions.
- SSL
- SSL (Secure Sockets Layer) is the standard security technology used for establishing an encrypted link between a Web server and a user’s browser.
- TCP/IP
- Transmission Control Protocol/Internet Protocol (TCP/IP) is a set protocols governing communications between all devices connected to the Internet. It dictates how information should be packaged, sent, and received, as well as how to get to its destination.