Cybersecurity Glossary & Compliance Dictionary

vCISO

Virtual Chief Information Security Officer – an external, fractional executive who provides strategic cybersecurity leadership, risk management, and compliance oversight without the cost of a full‑time hire.

For client: You get a CISO without hiring – strategic guidance, compliance, and security program development.

Adversary

Any individual or group that conducts malicious activities (attacks) against networks or systems.

Attack Surface

All potential entry points where an unauthorized party could try to access or extract data from an environment.

Audit (Security Audit)

Independent examination of IT systems, policies, and controls to assess security and compliance.

Automation (Security Automation)

Using software to perform security tasks (scanning, analysis, response) without manual intervention.

Breach (Data Breach)

Security incident where unauthorized parties access confidential or sensitive information.

For client: GDPR requires notification within 72h. We help you detect and respond.

Business Continuity (BC)

Planning and processes to keep business running during and after a security incident or disaster.

BIA (Business Impact Analysis)

Process to identify critical functions, dependencies, and the impact of disruptions.

Compliance

Adherence to laws, regulations, and standards (e.g., NIS2, DORA, GDPR, ISO 27001).

CISO

Chief Information Security Officer – executive responsible for information security strategy.

Container Security

Practices to protect containerized applications (Docker, Kubernetes) from vulnerabilities.

DORA

Digital Operational Resilience Act – EU regulation for financial sector operational resilience.

For client: Applies if you’re a FinTech or serve financial institutions. We ensure compliance.

DPA (Data Processing Agreement)

Contract between data controller and processor, defining data protection responsibilities.

DPIA

Data Protection Impact Assessment – GDPR requirement for high‑risk data processing.

DPO

Data Protection Officer – GDPR role overseeing data protection compliance.

EDR

Endpoint Detection and Response – security tool monitoring endpoints for suspicious activity and enabling rapid response.

For client: Agent on computers that detects and stops threats in real‑time.

Endpoint

Any device (computer, server, mobile) connected to a network.

Encryption

Process of encoding data so only authorized parties can read it.

FIM (File Integrity Monitoring)

Security technique detecting unauthorized changes to critical files.

Firewall

Network security device filtering traffic based on rules.

Fractional CISO

Synonym for vCISO – part‑time executive security advisor.

False Positive

Security alert that turns out to be benign.

GDPR

General Data Protection Regulation – EU privacy law protecting personal data.

Gap Analysis

Comparison of current security posture against requirements (NIS2, DORA, ISO).

Host Isolation

Automatic disconnection of infected device from network to prevent attack spread.

Hunting (Threat Hunting)

Proactive search for threats that evaded automated defenses.

HIPAA

US health data protection law (reference for healthcare security).

Incident Response (IR)

Process of handling security incidents – preparation, detection, containment, eradication, recovery.

ITDR

Identity Threat Detection and Response – protecting user identities, detecting compromised accounts, especially in cloud (M365).

For client: Monitors logins – blocks suspicious activity like logins from unusual locations.

ISO 27001

International standard for Information Security Management Systems (ISMS).

IOC (Indicator of Compromise)

Evidence suggesting a breach (IPs, file hashes, domains).

Jailbreak

Removing device restrictions, creating security risks.

JWT

JSON Web Token – secure information transmission between parties.

Keylogger

Malware recording keystrokes to steal passwords.

Kill Chain

Cyberattack stages model (reconnaissance → weaponization → delivery → exploitation → installation → command & control → actions).

Kerberos

Network authentication protocol using tickets.

Least Privilege

Users/processes get only minimum access rights needed.

Log Management

Collecting, storing, and analyzing log data for security monitoring.

MDR

Managed Detection and Response – 24/7 threat monitoring, detection, and response by security analysts.

For client: Full service – tools + experts watching your environment.

MFA

Multi‑Factor Authentication – requires two+ verification factors (password + code).

MTTD / MTTR

Mean Time To Detect / Mean Time To Respond – security team performance metrics.

MITRE ATT&CK

Global knowledge base of adversary tactics and techniques.

NIS2

EU Network and Information Security Directive 2 – mandates cybersecurity for essential entities (energy, transport, health, digital infrastructure). Requires incident reporting, risk management, supply chain security.

For client: If you’re in scope, you must comply. We help with gap analysis, monitoring, and reporting.

Network Segmentation

Dividing networks into segments to limit attack spread.

OSINT

Open‑Source Intelligence – publicly available information used in threat intelligence.

OT Security

Operational Technology security (industrial control systems, SCADA).

Penetration Test

Simulated attack to identify vulnerabilities.

Phishing

Social engineering attack via fake emails to steal credentials or install malware.

Patch Management

Process of identifying, testing, and installing software updates to fix vulnerabilities.

Playbook

Predefined incident response procedure (e.g., ransomware playbook).

QR Code

Can be used in phishing (quishing) – scanning leads to malicious sites.

Quarantine

Isolating suspicious files or devices to prevent infection spread.

Ransomware

Malware encrypting data and demanding ransom for decryption.

Ransomware Canaries

Decoy files that trigger alerts if accessed – early warning system.

Red Team

Security professionals simulating real attacks to test defenses.

RTO / RPO

Recovery Time Objective / Recovery Point Objective – disaster recovery metrics.

SIEM

Security Information and Event Management – central log collection, analysis, and alerting from multiple sources.

For client: Central nervous system – collects all security events in one place.

SOC

Security Operations Center – team of analysts monitoring and responding to threats 24/7.

For client: Real people watching your systems round the clock.

SAT

Security Awareness Training – phishing simulations and cybersecurity education for employees.

For client: Train your staff to recognize and report attacks.

SOAR

Security Orchestration, Automation, Response – automates incident response workflows.

Supply Chain Security

NIS2/DORA requirement – assessing and managing security of vendors and partners.

SLA

Service Level Agreement – guaranteed response times, availability, etc.

Threat Intelligence

Information about current and emerging threats to inform defenses.

Threat Hunting

Proactive search for threats that evaded automated detection.

TLS

Transport Layer Security – protocol encrypting internet traffic.

TOMs

Technical and Organizational Measures – GDPR security requirements.

UBA (User Behavior Analytics)

Detecting insider threats by analyzing user activity patterns.

Uptime

System availability measurement.

Vulnerability

Weakness that can be exploited by attackers.

Vulnerability Assessment

Scanning and identifying security weaknesses in systems.

VPN

Virtual Private Network – encrypted connection over internet.

vCISO

Virtual Chief Information Security Officer – see A section.

WAF

Web Application Firewall – protects web apps from attacks like SQL injection, XSS.

Whitelist

List of trusted entities allowed access.

XDR

Extended Detection and Response – integrates endpoint, network, cloud, and email data for holistic detection.

XSS

Cross‑Site Scripting – web vulnerability injecting malicious scripts.

YARA

Tool for malware identification and classification.

Zero Day

Unknown vulnerability exploited before patch is available.

Zero Trust

Security model: „never trust, always verify” – strict access controls regardless of network location.