Loading...
Definitions and explanations of key IT, cybersecurity, and technology terms
A/B testing compares two versions of a feature to determine which performs better based on user behavior.
ACID properties ensure reliable database transactions through Atomicity, Consistency, Isolation, and Durability.
Active Directory is a directory service developed by Microsoft that centralizes identity, authentication, authorization, and policy management in ente...
ActiveX is a legacy Microsoft technology that allows software components to run inside applications or web browsers, mainly on Windows systems.
ADFS provides single sign-on and federated identity for accessing applications across organizational boundaries.
Agile is an iterative approach to software development emphasizing flexibility, collaboration, and customer feedback.
AI refers to computer systems designed to perform tasks that normally require human intelligence, such as learning, reasoning, and decision-making.
Alpine Linux is a lightweight, security-oriented Linux distribution popular for containers due to its small size.
Ansible is an automation tool for configuration management, application deployment, and task automation using YAML playbooks.
Apache Airflow is an open-source platform for programmatically authoring, scheduling, and monitoring data workflows.
Kafka is a distributed event streaming platform for high-throughput, real-time data pipelines and streaming applications.
An API is a set of rules and endpoints that allow software applications to communicate and exchange data in a standardized and controlled way.
An API gateway is a server that acts as an entry point for APIs, handling request routing, composition, and protocol translation.
API security protects application programming interfaces from attacks by implementing authentication, authorization, and traffic management.
APM is software that monitors and manages the performance and availability of software applications.
AppArmor is a Linux security module that restricts program capabilities using per-program security profiles.
A sophisticated, long-term cyberattack campaign typically conducted by nation-states or well-funded groups against specific targets.
A protocol that maps IP addresses to MAC addresses on a local network, enabling devices to discover the hardware address of a destination.
Automation is the use of technology to perform tasks and processes automatically with minimal human intervention.
Windows Autopilot is a Microsoft cloud-based deployment technology that automates the setup and configuration of Windows devices.
AWS is a cloud computing platform that provides on-demand infrastructure, platforms, and services over the internet.
Microsoft Azure is a public cloud computing platform that provides infrastructure, platform, and software services for building, deploying, and managi...
Azure AD Connect synchronizes on-premises Active Directory identities to Entra ID for hybrid identity.
Azure Arc extends Azure management and services to any infrastructure including on-premises and multi-cloud.
Azure Policy enforces organizational standards and compliance at scale across Azure resources.
A backdoor is a hidden method of bypassing normal authentication or security controls to gain unauthorized access to a system, application, or network...
Backup and recovery protects data through copies and enables restoration after data loss or corruption.
The maximum rate of data transfer across a network path, typically measured in bits per second (bps, Mbps, Gbps).
Bare metal refers to a physical server dedicated to a single tenant, running workloads directly on hardware without a virtualization layer.
Bash is the default command-line shell on most Linux systems, providing scripting capabilities and system interaction.
A BCP is a documented plan that ensures critical business operations continue during and after disruptive incidents.
The routing protocol that makes the internet work by exchanging routing information between autonomous systems and determining the best paths for data...
BIOS is low-level firmware that initializes hardware and starts the boot process when a computer is powered on.
BitLocker is Windows' full-disk encryption feature protecting data on lost or stolen devices.
BlackCat, also known as ALPHV, is a ransomware group known for sophisticated attacks, double extortion tactics, and the use of the Rust programming la...
Blameless postmortems analyze incidents focusing on system improvements rather than individual blame.
Blockchain is a distributed ledger technology that records transactions in immutable blocks shared across a decentralized network.
The defensive security team responsible for maintaining security posture, detecting threats, and responding to incidents.
Blue-green deployment is a release strategy using two identical production environments to enable zero-downtime deployments.
A bootloader is a low-level program that initializes hardware and loads the operating system kernel during the system startup process.
Branch protection rules enforce code review, status checks, and other requirements before merging to protected branches.
Business continuity planning ensures critical business functions continue during and after disasters.
BYOD is a policy that allows employees to use their personal devices to access corporate applications, data, and services.
A byte is a unit of digital information consisting of 8 bits, commonly used to represent a single character or a small amount of data.
Infrastructure and communications channels used by attackers to maintain contact with and control compromised systems.
A cache is a temporary storage layer that stores frequently accessed data to improve performance and reduce latency.
Canary deployment gradually rolls out changes to a small subset of users before full deployment.
A security solution that sits between cloud service users and providers to enforce security policies and provide visibility into cloud usage.
A geographically distributed network of servers that delivers web content to users from the nearest location, improving speed and reliability.
A digital certificate is an electronic document that verifies the identity of a server or entity and contains its public key.
Change management controls and documents changes to IT systems to minimize disruption and risk.
Chaos engineering is the discipline of experimenting on distributed systems to build confidence in their resilience.
ChatGPT is an AI-powered conversational assistant based on large language models (LLMs), designed to understand and generate human-like text.
Chmod is a Unix/Linux command that changes file and directory permissions for owner, group, and others.
CI/CD is a DevOps practice that automates the building, testing, and deployment of applications through pipelines.
An IP addressing method that replaces classful addressing, allowing flexible allocation of IP addresses using variable-length subnet masking.
A CLI is a text-based interface that allows users to interact with an operating system or application by typing commands.
ClickFixClickFix is a social engineering technique that tricks users into executing malicious commands or actions by pretending to offer a fix for a t...
Cloud computing is a model for delivering computing resources - such as servers, storage, networking, and software - over the internet on demand.
Clustering connects multiple servers to work together as a single system for availability and performance.
A CMDB stores information about IT assets and their relationships for configuration management.
Code review is the systematic examination of source code to find bugs, improve quality, and share knowledge.
Compliance refers to the process of meeting legal, regulatory, and internal requirements related to security, privacy, and risk management.
Compliance Manager helps organizations assess and manage compliance with regulations and standards.
Conditional Access policies enforce access requirements based on signals like user, device, location, and risk level.
Configuration management maintains consistency of systems by managing settings, software, and configurations.
A container is a lightweight, standalone executable package that includes everything needed to run an application.
A container registry is a repository for storing, managing, and distributing container images.
A cookie is a small piece of data stored by a web browser to remember user information, preferences, or session state.
Copilot is an AI-powered assistant integrated into software platforms to help users generate content, analyze data, and automate tasks using natural l...
The CPU is the primary component of a computer that executes instructions, performs calculations, and controls system operations.
Cron is a time-based job scheduler in Unix-like systems that runs commands or scripts at specified intervals.
CVE is a standardized system that assigns unique identifiers to publicly disclosed cybersecurity vulnerabilities.
CVE-2025-68613 is a unique identifier assigned to a publicly disclosed security vulnerability recorded in the Common Vulnerabilities and Exposures (CV...
A standardized framework for rating the severity of security vulnerabilities on a scale of 0.0 to 10.0.
DAST tests running applications for vulnerabilities by simulating attacks against the application.
A data breach is a security incident in which sensitive, confidential, or protected data is accessed, disclosed, or stolen without authorization.
Data classification organizes data by sensitivity and importance for appropriate protection and handling.
A data lake is a centralized repository storing raw data in native format at any scale for analytics.
A data pipeline automates the flow of data from source systems through processing stages to destination systems.
A data warehouse is a system for collecting and managing structured data from multiple sources for business intelligence.
Microsoft Defender for Endpoint is an enterprise endpoint security platform providing prevention, detection, and response capabilities.
Dependency scanning identifies vulnerabilities in third-party libraries and packages used by applications.
DevOps is a set of practices that combines software development and IT operations to deliver applications faster, more reliably, and at scale.
DevSecOps integrates security practices into the DevOps process, making security a shared responsibility.
A network protocol that automatically assigns IP addresses and network configuration to devices when they connect to a network.
Disaster recovery plans and processes enable organizations to recover IT systems after catastrophic events.
Distributed tracing tracks requests as they flow through distributed systems, helping identify bottlenecks and failures.
A Linux distribution is a complete operating system built on the Linux kernel with bundled software and package management.
DKIM is an email authentication method that uses cryptographic signatures to verify that an email message was authorized by the sending domain and was...
A set of technologies and processes that prevent sensitive data from leaving the organization through unauthorized channels.
DMARC is an email authentication protocol that uses SPF and DKIM to detect spoofed emails and enforce policies on how receiving servers should handle ...
A DMG is an Apple Disk Image file format used on macOS to distribute software, installers, or compressed data in a mountable virtual disk.
A DMZ is a network segment that isolates publicly accessible services from an organization’s internal network to reduce security risks.
DNS is a naming system that translates human-readable domain names into IP addresses, enabling devices to locate and communicate with services on a ne...
DNSSEC adds cryptographic authentication to DNS responses, preventing DNS spoofing and cache poisoning attacks.
Docker is a platform for developing, shipping, and running applications in lightweight, portable containers.
DORA is an EU regulation establishing ICT risk management and operational resilience requirements for the financial sector.
EchoLeak is a security vulnerability name used to describe a data leakage issue where sensitive information is unintentionally echoed or exposed throu...
eDiscovery is the process of identifying, collecting, and preserving electronic information for legal proceedings.
EDR is a cybersecurity technology that continuously monitors endpoints to detect, investigate, and respond to malicious activity.
Elasticsearch is a distributed search and analytics engine built on Apache Lucene for real-time search and data analysis.
Encryption is the process of converting data into a coded format to prevent unauthorized access.
Microsoft Entra ID is Microsoft's cloud-based identity and access management service, formerly known as Azure Active Directory.
An error budget quantifies acceptable unreliability based on SLO targets, balancing reliability and velocity.
ETL is a data integration process that extracts data from sources, transforms it, and loads it into a destination.
Exchange Online is Microsoft's cloud-based email and calendaring service as part of Microsoft 365.
An exploit is code or a technique that takes advantage of a vulnerability to perform unauthorized actions on a system.
Failover automatically switches to a standby system when the primary system fails.
Feature flags are toggles that enable or disable functionality without deploying new code.
FIDO2 is an authentication standard enabling passwordless and phishing-resistant sign-in using public-key cryptography.
A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined security rules.
Firmware is low-level software embedded in hardware devices that provides control, initialization, and basic operational instructions.
A foothold is the initial level of access an attacker gains on a compromised system or network, allowing them to persist, escalate privileges, and mov...
## What is FTP? **File Transfer Protocol (FTP)** is a **standard network protocol** designed to **upload, download, and manage files** between a clie...
GAFAM is an acronym referring to the five major U.S. technology companies: Google, Apple, Facebook (Meta), Amazon, and Microsoft.
Gatekeeper is a macOS security feature that restricts the execution of applications to those from trusted sources, helping prevent the installation of...
A gateway is a network component that connects different networks or systems and controls how data flows between them.
GCP is Google's cloud computing platform offering infrastructure, platform, and software services for cloud deployments.
A comprehensive EU data privacy law that gives individuals control over their personal data and imposes obligations on organizations processing it.
Git is a distributed version control system for tracking changes in source code during software development.
GitHub is a cloud-based platform for hosting Git repositories, collaboration, and software development workflows.
GitOps is an operational framework that applies DevOps practices to infrastructure automation using Git as the source of truth.
Glassworm is a macOS malware family designed to steal sensitive data and establish persistence on infected systems, often delivered through social eng...
Governance is the framework of policies, processes, and controls used to direct, manage, and monitor an organization’s IT, security, and data practice...
A GPO is a set of centralized configuration and security settings used to manage users and computers in a Windows domain.
A GPU is a specialized processor designed for parallel processing, now widely used for AI/ML and compute workloads.
Grafana is an open-source visualization and analytics platform for monitoring metrics, logs, and traces.
GraphQL is a query language and runtime for APIs that allows clients to request exactly the data they need in a single, structured request.
Grok is an AI-powered conversational assistant designed to answer questions, analyze information, and interact with real-time content on social platfo...
Group Policy provides centralized management of Windows settings for users and computers in Active Directory.
gRPC is a high-performance RPC framework using Protocol Buffers for efficient service-to-service communication.
A hacker is a person who uses technical skills to explore, manipulate, or compromise computer systems, either for legitimate or malicious purposes.
HAProxy is a high-performance load balancer and proxy server for TCP and HTTP applications.
HashiCorp Vault is a secrets management tool that securely stores and controls access to sensitive data.
Hashing is a one-way function that converts data into a fixed-length string, used for password storage and data integrity.
Helm is a package manager for Kubernetes that simplifies the deployment and management of applications using charts.
High availability designs systems to remain operational with minimal downtime through redundancy and failover.
HIPAA is U.S. legislation establishing data privacy and security requirements for protecting health information.
A honeypot is a decoy system or service designed to attract attackers in order to detect, analyze, and study malicious activity.
Hyper-V is Microsoft's hypervisor for running virtual machines on Windows Server and Windows 10/11.
A hypervisor is a software or firmware layer that creates, runs, and manages virtual machines by abstracting and allocating physical hardware resource...
IaaS is a cloud computing model that provides virtualized computing resources - such as servers, storage, and networking - over the internet.
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using machine-readable configuration files instead of manual ...
A framework of policies and technologies ensuring the right individuals access the right resources at the right times for the right reasons.
A security technology that monitors network traffic or system activities for malicious actions and policy violations, generating alerts.
IMAP is an email protocol that allows users to access and manage messages stored on a mail server without downloading them locally by default.
Immutable infrastructure replaces servers entirely for updates rather than modifying existing servers.
Incident management is the process of detecting, responding to, and resolving service disruptions.
Incident response is the organized approach to addressing and managing security incidents.
A database index improves query performance by providing fast access paths to data based on column values.
Information barriers prevent communication between specific groups to avoid conflicts of interest.
IaC manages and provisions infrastructure through machine-readable configuration files rather than manual processes.
Microsoft Intune is a cloud-based endpoint management service that enables organizations to manage, secure, and control devices and applications.
Evidence that indicates a security breach has occurred, such as malicious IP addresses, file hashes, or unusual system behaviors.
IoT refers to a network of physical objects embedded with sensors, software, and connectivity that collect and exchange data over the internet.
IP (Internet Protocol) is a core networking protocol that identifies devices and routes data packets across networks, including the internet.
A network security technology that monitors traffic for threats and automatically takes action to block or prevent malicious activities.
iptables is the traditional Linux firewall tool for configuring packet filtering and NAT rules.
IRC is a text-based communication protocol that enables real-time messaging in channels and private chats over the internet.
An ISO file is a disk image that contains an exact copy of the data and file system structure of an optical disc, commonly used for software distribut...
An international standard for information security management systems (ISMS), providing requirements for establishing and maintaining security.
ITSM encompasses the activities and processes organizations use to design, deliver, and manage IT services.
JBOD is a storage configuration where multiple disks are combined without RAID, offering no redundancy or performance optimization by default.
JSON is a lightweight, text-based data format used to structure and exchange data between applications in a human-readable way.
A JWT is a compact, digitally signed token used to securely transmit claims between parties, commonly for authentication and API authorization.
Kanban is a visual workflow management method emphasizing continuous delivery and work-in-progress limits.
Kerberos is a network authentication protocol that uses tickets and symmetric cryptography to securely authenticate users and services.
The kernel is the core of an operating system that manages hardware resources and provides services to software.
Key management encompasses the creation, storage, rotation, and destruction of cryptographic keys.
A keylogger is malicious software or hardware that records keystrokes to capture sensitive information such as passwords and messages.
A framework describing the stages of a cyberattack, from reconnaissance to achieving objectives, used to improve defensive strategies.
KMS refers either to a key management service used to create, store, and control cryptographic keys, or to Microsoft’s Key Management Service used for...
Kubernetes is an open-source platform for automating deployment, scaling, and management of containerized applications.
KVM is a Linux kernel virtualization module that turns Linux into a hypervisor.
The time delay between sending a request and receiving a response, measured in milliseconds, critically affecting real-time applications.
Techniques attackers use to move through a network after initial compromise, accessing additional systems and data.
LDAP is a directory access protocol used to query, authenticate, and manage identities and resources stored in directory services.
Legacy refers to outdated systems, applications, or technologies that are still in use despite being superseded by modern alternatives.
Legal hold preserves electronic data that may be relevant to anticipated or ongoing litigation.
Let's Encrypt is a free, automated certificate authority providing SSL/TLS certificates to enable HTTPS adoption.
An LLM (Large Language Model) is an AI model trained on massive text datasets to understand, generate, and reason over natural language at scale.
A device or software that distributes network traffic across multiple servers to ensure high availability, reliability, and optimal resource utilizati...
Load testing evaluates system behavior under expected and peak load conditions to identify performance bottlenecks.
A log is a recorded event generated by a system, application, or device to document activity, behavior, or errors.
LXC provides operating system-level virtualization for running multiple isolated Linux systems on a single host.
Lynx is a ransomware threat actor known for conducting targeted attacks against organizations and using data theft and extortion techniques.
A unique hardware identifier assigned to network interface cards, used for communication on the local network segment at the data link layer.
macOS is Apple’s desktop operating system designed for Mac computers, combining a Unix-based architecture with a graphical user interface.
Malware is any software intentionally designed to disrupt systems, steal data, gain unauthorized access, or damage devices, networks, or digital servi...
MAM is a management approach that secures and controls corporate applications and data on devices without requiring full device management.
MBR is a legacy disk partitioning and boot mechanism that stores boot code and partition information at the beginning of a storage device.
MDM is a device management approach that enables organizations to enroll, configure, secure, and monitor mobile devices through centralized policies.
A message queue is middleware that enables asynchronous communication between applications by storing messages until processed.
MFA (Multi-Factor Authentication) is a security mechanism that requires users to verify their identity using two or more independent factors before ac...
Microservices is an architectural style that structures an application as a collection of loosely coupled, independently deployable services.
Microsoft 365 is a subscription service combining Office applications, cloud services, and security features.
Microsoft Purview provides data governance, compliance, and risk management across Microsoft 365 and Azure.
Microsoft Sentinel is a cloud-native SIEM and SOAR solution providing intelligent security analytics across the enterprise.
Microsoft Teams is a collaboration platform combining chat, video meetings, file storage, and application integration.
A comprehensive knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks.
MongoDB is a document-oriented NoSQL database designed for scalability and flexibility with JSON-like documents.
MPLS is a networking technology that directs data using labels instead of IP routing, enabling predictable performance and traffic prioritization acro...
MySQL is an open-source relational database management system widely used for web applications and data storage.
n8n is an open-source workflow automation platform that allows users to connect applications, APIs, and services to automate processes.
A security solution that controls device access to networks by verifying identity and compliance with security policies before granting connectivity.
NAS is a dedicated file storage device that provides data access to multiple clients over a network.
A method of remapping IP addresses by modifying network address information in packet headers, allowing multiple devices to share a single public IP.
Nginx is a high-performance web server, reverse proxy, and load balancer used to serve web content and manage traffic.
NIS2 is an EU directive establishing cybersecurity requirements for essential and important entities across member states.
A U.S. federal agency that develops technology standards and guidelines, including influential cybersecurity frameworks.
Network Level Authentication (NLA) is a security feature that requires users to authenticate before a remote desktop session is established.
NoSQL databases provide flexible schemas and horizontal scaling for data that doesn't fit traditional relational models.
Notarization is an Apple security process that scans macOS software for malicious content and validates it before allowing distribution outside the Ap...
An NPU is a specialized processor designed specifically for accelerating neural network and AI workloads.
NTFS is a Windows file system that supports advanced features such as permissions, encryption, journaling, and large file sizes.
NTP is a network protocol used to synchronize clocks of computers and devices over packet-switched networks with high accuracy.
NVMe is a high-speed storage protocol designed for solid-state drives to maximize performance over PCIe.
OAuth is an open authorization framework that allows applications to access user data or services on another platform without exposing the user’s pass...
OAuth 2.0 is an authorization framework that enables third-party applications to obtain limited access to user accounts.
Observability is the ability to understand a system's internal state by examining its external outputs: metrics, logs, and traces.
On-call is a rotation where team members are available to respond to incidents outside normal hours.
OneDrive is Microsoft's cloud storage service for personal and business file storage and synchronization.
OpenAI is an artificial intelligence research and deployment company focused on developing advanced AI systems and making them accessible through prod...
OpenTelemetry is an observability framework providing APIs, libraries, and tools for telemetry data collection.
ORM maps database tables to programming objects, enabling database operations through code without raw SQL.
A link-state routing protocol used within large enterprise networks to find the shortest path for data packets using Dijkstra algorithm.
An OU (Organizational Unit) is a logical container in a directory service used to organize objects and apply administrative policies.
PaaS is a cloud computing model that provides a managed platform for developing, deploying, and running applications without managing underlying infra...
A packet is a small unit of data transmitted over a network, containing both payload data and control information such as source and destination addre...
A security discipline focused on controlling, monitoring, and auditing elevated access to critical systems and sensitive data.
Passkeys are phishing-resistant, passwordless authentication credentials using FIDO2/WebAuthn standards.
Patch management is the process of distributing and applying updates to software to fix vulnerabilities and bugs.
PCI-DSS is a security standard for organizations handling credit card data, establishing requirements to protect cardholder information.
An authorized simulated cyberattack performed to evaluate the security of systems by identifying vulnerabilities before malicious actors can exploit t...
Perplexity is an AI-powered search and answer engine that combines large language models with real-time web sources and citations.
Phishing is a social engineering attack that tricks users into revealing credentials, installing malware, or granting access by impersonating a truste...
Ping is a network diagnostic tool used to test connectivity and measure latency between two devices on an IP network.
A PKF (Public Key Fingerprint) is a short, unique hash derived from a public key, used to verify its authenticity and integrity.
A framework of policies, hardware, software, and procedures for creating, managing, and revoking digital certificates and public keys.
A playbook is a documented and repeatable set of actions used to respond consistently to specific security incidents or operational scenarios.
POP3 is an email protocol that downloads messages from a mail server to a local device, typically removing them from the server after retrieval.
PostgreSQL is an advanced open-source relational database known for reliability, feature robustness, and SQL standards compliance.
Power Automate is Microsoft's workflow automation tool for creating automated processes between applications.
Power BI is Microsoft's business analytics service for interactive data visualizations and business intelligence.
Power Platform is Microsoft's low-code platform including Power Apps, Power Automate, Power BI, and Power Virtual Agents.
PowerShell is a cross-platform task automation and configuration management framework with command-line shell.
The exploitation of vulnerabilities or misconfigurations to gain elevated access levels beyond what was initially authorized.
Problem management identifies and resolves the root causes of incidents to prevent recurrence.
Prometheus is an open-source monitoring system and time-series database designed for reliability and scalability.
Proxmox VE is an open-source virtualization platform combining KVM and LXC with web-based management.
A proxy is an intermediary server that forwards client requests to other servers, providing control, security, and performance benefits.
A pull request is a method of submitting code changes for review before merging into the main codebase.
A business model where ransomware developers sell or lease their malware to affiliates who conduct attacks and share the profits.
RabbitMQ is an open-source message broker supporting multiple messaging protocols for reliable message delivery.
RADIUS is a networking protocol providing centralized authentication, authorization, and accounting for network access.
RAID combines multiple drives for improved performance, redundancy, or both through various configurations.
RAM is volatile computer memory that provides fast read/write access for active programs and data.
Ransomware is a type of malware that encrypts or locks data and systems, demanding payment - usually in cryptocurrency - to restore access.
Remote Code Execution (RCE) is a vulnerability that allows an attacker to execute arbitrary code on a remote system without physical or local access.
RDP is a network protocol developed by Microsoft that allows users to remotely access and control a computer over a network connection.
A group of security experts that simulates real-world attacks against an organization to test defenses and identify weaknesses.
Redis is an in-memory data store used as a database, cache, and message broker for high-performance applications.
Database replication copies data across multiple servers for high availability, disaster recovery, and read scaling.
REST is an architectural style for designing APIs that use standard HTTP methods to access and manipulate resources in a stateless way.
REST API is an architectural style for building web services using HTTP methods to perform CRUD operations on resources.
Retention policies define how long content is kept and what happens when the retention period expires.
RHEL is a commercial Linux distribution designed for enterprise environments with long-term support and certification.
Root is the superuser account in Unix/Linux systems with complete administrative privileges over the system.
Rootkits are stealthy malicious tools designed to hide malware, maintain privileged access, and evade detection by modifying operating system or firmw...
A network device that forwards data packets between networks by examining destination IP addresses and determining the best path.
RPO defines the maximum acceptable amount of data loss measured in time after a disaster.
RTO defines the maximum acceptable time to restore systems after a disaster or outage.
A runbook documents step-by-step procedures for handling operational tasks and incident response.
SaaS is a cloud computing model where software applications are delivered over the internet and managed entirely by the service provider.
A salt is random data added to passwords before hashing to prevent rainbow table attacks and ensure unique hashes.
An XML-based standard for exchanging authentication and authorization data between identity providers and service providers.
A SAN is a high-speed network providing block-level storage access to servers, typically for enterprise workloads.
A cloud architecture combining network and security services into a unified, globally distributed platform for secure access anywhere.
SAST analyzes source code for security vulnerabilities without executing the application.
An SBOM is a formal record of all components and dependencies used to build a software product.
SCA identifies open-source components in codebases and detects known vulnerabilities and license risks.
MECM is Microsoft's on-premises endpoint management solution for deploying software, updates, and configurations.
Scrum is an Agile framework using sprints, defined roles, and ceremonies for iterative product development.
A technology that virtualizes WAN connections, enabling centralized control, intelligent traffic routing, and the use of multiple transport types.
Secret scanning detects accidentally committed secrets like API keys and passwords in code repositories.
Secrets management securely stores, accesses, and manages sensitive data like passwords, API keys, and certificates.
Secure Boot is a UEFI feature that ensures only trusted software runs during system startup.
Security groups are collections of users, devices, or services used to assign permissions and control access to resources.
Security Operations encompasses the people, processes, and technologies responsible for monitoring and responding to security threats.
SELinux is a Linux kernel security module providing mandatory access controls beyond traditional Unix permissions.
Sensitivity labels classify and protect documents and emails based on data sensitivity levels.
Serverless is a cloud execution model where the provider manages server infrastructure and automatically scales based on demand.
A service mesh is an infrastructure layer that handles service-to-service communication with features like load balancing, encryption, and observabili...
ServiceNow is a cloud platform for IT service management, operations, and business workflow automation.
Sharding horizontally partitions data across multiple databases to improve scalability and performance.
SharePoint is Microsoft's web-based collaboration platform for document management, intranet, and team sites.
Shift left moves testing and security activities earlier in the software development lifecycle.
ShinyHunters is a cybercriminal group known for large-scale data breaches, data theft, and the resale or public disclosure of stolen information.
SIEM is a security platform that collects, correlates, and analyzes logs and events from multiple systems to detect threats and support incident respo...
An SLA is a contract defining the expected level of service between a provider and customer.
An SLI is a quantitative measure of a service level, such as latency, availability, or error rate.
An SLO is an internal target for service reliability, typically more stringent than customer-facing SLAs.
Smishing is a form of phishing carried out via SMS or mobile messaging, designed to trick users into revealing information or clicking malicious links...
SMTP is the standard protocol used to send and relay email messages between mail servers and from email clients to servers.
A protocol for collecting and organizing information about managed devices on IP networks and modifying device configurations.
SOAP is a protocol for exchanging structured information between applications using XML, commonly used in enterprise and legacy web services.
SOAR is a security approach and platform that automates and orchestrates incident response workflows across multiple security tools.
A SOC is a centralized team and function responsible for monitoring, detecting, investigating, and responding to cybersecurity threats.
An auditing framework developed by AICPA that evaluates service organizations on five trust service criteria for data security.
Social engineering is a manipulation technique that exploits human psychology to trick individuals into revealing information, granting access, or per...
Spam is unsolicited and unwanted digital communication, typically sent in bulk, often for advertising, scams, or malicious purposes.
SPF is an email authentication method that specifies which mail servers are authorized to send emails on behalf of a domain.
Spoofing is a technique where an attacker falsifies identity or source information to impersonate a trusted entity and deceive systems or users.
SQL is a standard language for managing and querying relational databases.
SRE applies software engineering principles to infrastructure and operations for reliable, scalable systems.
SSH is a cryptographic network protocol for secure remote access, command execution, and encrypted communications.
SSL is a cryptographic protocol originally designed to secure communications over a network by encrypting data between a client and a server.
An authentication method allowing users to access multiple applications with one set of credentials through a single login session.
Stress testing pushes a system beyond normal capacity to identify breaking points and failure behavior.
A logical subdivision of an IP network that divides a larger network into smaller, more manageable segments for better organization and security.
Sudo is a Unix/Linux command that allows users to run programs with the security privileges of another user, typically root.
A cyberattack that targets less-secure elements in a supply chain to compromise the primary target through trusted relationships.
A network device that connects devices on a LAN and uses MAC addresses to forward data frames only to the intended destination port.
Systemd is a system and service manager for Linux providing parallel startup, service supervision, and system management.
TACACS+ is a protocol providing separate authentication, authorization, and accounting for network device administration.
TCP is a core internet transport protocol that ensures reliable, ordered, and error-checked delivery of data between systems.
Microsoft Teams is a collaboration platform that combines chat, meetings, calling, and file sharing within the Microsoft 365 ecosystem.
Technical debt is the implied cost of future rework caused by choosing quick solutions over better approaches.
Terraform is an Infrastructure as Code tool that enables defining and provisioning infrastructure across multiple cloud providers.
A threat is any potential event, action, or actor that could exploit a vulnerability and cause harm to systems, data, or organizations.
TLS is a cryptographic protocol that secures data in transit by providing encryption, authentication, and integrity between communicating systems.
Toil is manual, repetitive operational work that scales linearly with service growth and should be automated.
A token is a digital object used to represent identity, permissions, or access rights in authentication and authorization processes.
A torrent is a peer-to-peer (P2P) method for distributing files by sharing data fragments directly between users instead of downloading from a single ...
TPM is a hardware-based security component that securely stores cryptographic keys and performs security functions to protect system integrity.
A trojan is a type of malware that disguises itself as legitimate software to trick users into installing it, then performs malicious actions in the b...
TTL (Time To Live) is a value that defines how long data - such as a DNS record or a network packet - can exist before being discarded or refreshed.
Two-Factor Authentication (2FA) is a security method that requires two different verification factors to confirm a user’s identity.
Ubuntu is a popular Debian-based Linux distribution known for ease of use and strong community support.
UDP is a transport-layer protocol that sends data without establishing a connection, favoring speed and low latency over reliability.
UEFI is modern firmware interface between operating systems and hardware, replacing legacy BIOS.
UEM is a unified approach to managing, securing, and monitoring all endpoint devices and applications from a single centralized platform.
A UPS provides emergency power during outages and protects equipment from power quality issues.
Virtualization is a technology that allows multiple virtual environments—such as virtual machines or containers - to run on a single physical system b...
A logical subdivision of a physical network that groups devices together regardless of their physical location, improving security and traffic managem...
A VM (Virtual Machine) is a software-based emulation of a physical computer that runs its own operating system and applications on shared hardware.
VMware provides enterprise virtualization platforms including vSphere, ESXi, and cloud solutions.
VoIP is a technology that delivers voice communications over IP networks instead of traditional telephone lines.
A VPC is an isolated virtual network within a public cloud that provides private, configurable network space for resources.
A technology that creates an encrypted tunnel between your device and a remote server, protecting your internet traffic and masking your IP address.
A vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise security, integrity, or availability.
Vulnerability management is the continuous process of identifying, classifying, prioritizing, and remediating security vulnerabilities.
Vulnerability scanning automatically identifies security weaknesses in systems, networks, and applications.
A security solution that monitors, filters, and blocks HTTP traffic to and from web applications to protect against application-layer attacks.
A WAN is a network that connects multiple local networks across large geographic areas using public or private communication links.
A webhook is an HTTP callback that sends real-time data to other applications when specific events occur.
A family of wireless networking protocols based on IEEE 802.11 standards that enables devices to connect to local networks without physical cables.
Windows Autopilot simplifies Windows device deployment with cloud-based zero-touch provisioning.
Windows Hello provides passwordless sign-in to Windows devices using biometrics or PIN.
Windows Server is a Microsoft operating system designed to run server workloads such as identity management, networking, virtualization, and applicati...
Workflows are structured sequences of steps that define how tasks or processes are executed, automated, and monitored.
A worm is a type of malware that self-replicates and spreads automatically across networks without requiring user interaction.
WSL enables running Linux binary executables natively on Windows without dual-booting or VMs.
XDR is a cybersecurity approach that correlates data across multiple security layers to detect, investigate, and respond to threats in a unified way.
XML is a markup language used to structure, store, and exchange data in a hierarchical, human- and machine-readable format.
Zero Trust is a security model that assumes no user, device, or network is inherently trusted and requires continuous verification for every access re...
A security model that grants access to applications based on identity verification and context, regardless of network location.