Cyber Security Glossary

(ISC)²

Professional body offering CISSP and other security certifications.

3

3-2-1 Backup Rule

Best practice: keep 3 copies of data, on 2 different media types, with 1 copy offsite.

8

802.1X

Network authentication standard requiring devices to authenticate before gaining network access.

A

Acceptable Use Policy

Policy defining acceptable and prohibited uses of organisational IT resources.

Access Control

Security measures controlling who can access resources and what actions they can perform.

Access Review

Periodic review of user access rights to ensure they remain appropriate and necessary.

Account Takeover

Attack where criminals gain unauthorised access to a user's account, typically through stolen credentials.

Accreditation

Official recognition that an organisation is competent to perform specific certification or testing activities.

Active Directory

Microsoft's on-premises directory service managing users, computers, and resources in Windows networks.

Advanced Endpoint Protection

Next-generation endpoint security using AI and behavioural analysis to detect sophisticated threats.

Advanced Persistent Threat

Sophisticated, prolonged cyber attack campaigns typically conducted by well-resourced nation-states or organised groups.

Adware

Software that displays unwanted advertisements, often bundled with free programs.

AEP

Acronym for Advanced Endpoint Protection—AI-powered protection against sophisticated endpoint threats.

AES

Advanced Encryption Standard—the dominant symmetric encryption algorithm for protecting sensitive data.

Air-Gap

Physical or logical isolation of backup systems from production networks to protect against ransomware.

Air-Gapped Network

Network physically isolated from other networks and the internet for security.

Angler Phishing

Social media-based phishing where attackers pose as customer support to steal credentials.

Anti-Malware

Security software that protects against all forms of malicious software, not just viruses.

Anti-Spoofing

Controls preventing attackers from impersonating trusted domains and users in email.

Anti-Virus

Software that detects and removes malicious software from computers and devices.

APT

Acronym for Advanced Persistent Threat—sophisticated, targeted attack campaigns by nation-states or organised groups.

Asset Management

Process of identifying, tracking, and managing organisational assets throughout their lifecycle.

ATO

Acronym for Account Takeover—unauthorised access to user accounts using stolen credentials.

Attack Surface

The total number of points where an attacker could potentially access or exploit a system.

Attribution

The process of identifying who is responsible for a cyber attack or campaign.

Audit

Systematic examination of processes, controls, and records to verify compliance and effectiveness.

Authentication

Process of verifying that a user or system is who they claim to be.

Authorisation

Process of determining what actions or resources an authenticated user is permitted to access.

Automated Cyber Attack

Computer-controlled attacks that operate without human intervention, scanning and exploiting systems at scale.

Energy

Aviation Fuel

Specialised fuel for aircraft, subject to strict quality and supply chain security requirements.

Azure

Microsoft's cloud computing platform providing infrastructure, platform, and software services.

Azure AD

Former name for Microsoft Entra ID—Microsoft's cloud identity service.

B

BaaS

Acronym for Backup as a Service—managed backup delivered as a service.

Copying data to a separate location to enable recovery in case of data loss, corruption, or disaster.

Backup as a Service

Managed backup service where a provider handles backup infrastructure and operations.

Backup Retention

How long backup data is kept before being deleted or overwritten.

Backup Verification

Testing that backup data is complete, intact, and can actually be restored successfully.

Badware

Catch-all term for any software that behaves badly—malware, spyware, adware, and other unwanted programs.

Baiting

Attack that lures victims with something enticing, like infected USB drives or too-good-to-be-true offers.

Bandwidth

Maximum rate of data transfer across a network connection, typically measured in Mbps or Gbps.

Barrel Phishing

Two-stage phishing where initial harmless contact builds trust before delivering the malicious payload.

BCP

Acronym for Business Continuity Plan—documented procedures for maintaining operations during disruption.

BEC

Acronym for Business Email Compromise—targeted email fraud to steal money or data from businesses.

BIA

Acronym for Business Impact Analysis—identifying critical functions and disruption impact.

Blended Threat

Attack combining multiple malware types or techniques to increase effectiveness and evade detection.

Blue Team

Security professionals responsible for defending systems and responding to attacks.

Bot

Compromised computer controlled remotely, often as part of a larger network of infected machines.

Botnet

Network of compromised computers controlled collectively by attackers for malicious purposes.

BPSS

Baseline Personnel Security Standard—basic pre-employment screening for government contractors.

Breach Notification

Legal requirement to report certain personal data breaches to regulators and affected individuals.

Breach Notification

Legal requirement to inform regulators and affected individuals about data breaches.

Break-Fix

Traditional IT support model where you pay for repairs only when something breaks.

Brute Force Attack

Attack method that systematically tries every possible password combination until the correct one is found.

Capability to continue delivering products and services during and after a disruptive incident.

Business Continuity Plan

Documented procedures for maintaining operations during and recovering from disruptions.

Business Email Compromise

Sophisticated email fraud targeting businesses to initiate fraudulent wire transfers or steal sensitive data.

Business Impact Analysis

Assessment identifying critical business functions and the impact of their disruption.

C

CAF

NCSC's Cyber Assessment Framework for assessing cyber resilience of critical national infrastructure.

CASB

Acronym for Cloud Access Security Broker—visibility and control over cloud application usage.

CEO Fraud

Impersonation of company executives to trick employees into making fraudulent payments or sharing sensitive data.

Certificate Authority

Trusted organisation that issues and manages digital certificates verifying identities.

Certification

Formal recognition that an organisation meets the requirements of a specific standard or framework.

Chain of Custody

Documented record tracking evidence handling from collection through analysis and presentation.

Change Management

Process for controlling changes to IT systems to minimise disruption and security risk.

CISA

US Cybersecurity and Infrastructure Security Agency—leading US cyber security organisation.

CISM

Certified Information Security Manager—certification focused on security management and governance.

CISO

Chief Information Security Officer—senior executive responsible for an organisation's information security.

CISSP

Certified Information Systems Security Professional—widely recognised senior security certification.

Clean Desk Policy

Policy requiring workspaces to be cleared of sensitive information when unattended.

Clickjacking

Attack that tricks users into clicking hidden elements by overlaying them with innocent-looking content.

Clone Phishing

Attack where a legitimate email is copied and resent with malicious links or attachments substituted.

Cloud Access Security Broker

Security layer between users and cloud services that enforces security policies and provides visibility.

Cloud Backup

Backup service storing data in cloud infrastructure, providing offsite protection and accessibility.

Cloud Computing

Delivery of computing services—servers, storage, databases, networking—over the internet on demand.

Cloud Firewall

Firewall delivered as a cloud service to protect cloud workloads and distributed users.

Cloud Native Application Protection Platform

Integrated security platform protecting cloud-native applications across development and runtime.

Cloud Security

Practices and technologies for protecting cloud-based systems, data, and infrastructure.

Cloud Security Posture Management

Tools and practices for identifying misconfigurations and compliance issues in cloud environments.

CMMC

US Department of Defense cybersecurity maturity model for defence contractors.

CNAPP

Acronym for Cloud Native Application Protection Platform—comprehensive security for cloud-native applications.

Acronym for Critical National Infrastructure—essential national systems requiring protection.

Co-Managed IT

Partnership model where internal IT staff and an MSP share responsibilities for IT management.

Compensating Control

Alternative security measure implemented when a primary control cannot be applied.

Adhering to laws, regulations, standards, and contractual requirements relevant to your organisation.

Conditional Access

Entra ID feature that controls access based on conditions like user location, device compliance, and risk level.

Consent

Permission given by data subjects for specific processing of their personal data.

Containment

Actions to limit the spread and impact of a security incident while investigation continues.

Continual Improvement

Ongoing effort to improve security processes, controls, and effectiveness over time.

Continuous Monitoring

Ongoing, real-time observation of systems and networks to detect security threats and compliance issues.

Control

Measure implemented to reduce risk—whether technical, administrative, or physical.

CPNI

Centre for the Protection of National Infrastructure—advises on physical and personnel security for CNI.

Credential Stuffing

Automated attack using stolen username/password pairs from data breaches to access accounts on other services.

Crisis Communication

Managing communications with stakeholders during and after a crisis or major incident.

Crisis Management

Process of managing an organisation's response to a significant disruptive event.

Critical Functions

Business activities essential for delivering key products and services to customers.

Critical National Infrastructure

Essential systems and services whose disruption would significantly impact national security and public welfare.

Cross-Site Request Forgery

Attack that tricks authenticated users into unknowingly performing unwanted actions on web applications.

Cross-Site Scripting

Attack that injects malicious scripts into trusted websites to execute in victims' browsers.

Crypto Malware

Malware designed to encrypt files for ransom or to hijack systems for cryptocurrency mining.

Science of securing information through encoding, ensuring only authorised parties can access it.

Cryptojacking

Unauthorised use of someone's computing resources to mine cryptocurrency.

CSIRT

Computer Security Incident Response Team—group responsible for handling security incidents.

CSPM

Acronym for Cloud Security Posture Management—identifying cloud misconfigurations and risks.

CSRF

Acronym for Cross-Site Request Forgery—tricking users into performing unwanted actions.

CTI

Acronym for Cyber Threat Intelligence—analysed information about digital threats and adversaries.

CUI

Controlled Unclassified Information—US designation for sensitive information requiring protection.

CVE

Standardised identifier for publicly known security vulnerabilities (Common Vulnerabilities and Exposures).

CVSS

Standardised scoring system rating vulnerability severity from 0 to 10 (Common Vulnerability Scoring System).

Cyber Espionage

Use of cyber techniques to steal secrets, intellectual property, or sensitive information for intelligence purposes.

Cyber Essentials

UK government-backed certification scheme covering fundamental cyber security controls.

Cyber Essentials Plus

Enhanced Cyber Essentials certification with independent technical verification of security controls.

Cyber Insurance

Insurance coverage for losses and liabilities arising from cyber incidents and data breaches.

Cyber Physical Systems

Systems integrating computational elements with physical processes—where cyber attacks can cause physical effects.

Cyber Security Model

MOD framework defining cyber security controls required at different defence supply chain levels.

Cyber Threat Intelligence

Information about cyber threats analysed and processed to support security operations and strategy.

D

Dark Web Monitoring

Surveillance of dark web marketplaces and forums to detect leaked credentials, data, or threats targeting your organisat...

Data Breach

Security incident where personal data is accessed, disclosed, or lost without authorisation.

Data Breach

Security incident where sensitive, protected, or confidential data is accessed, stolen, or disclosed without authorisati...

Data Controller

Organisation that determines the purposes and means of processing personal data.

Data Destruction

Secure disposal of data ensuring it cannot be recovered or reconstructed.

Data Exfiltration

Unauthorised transfer of data out of an organisation, whether by attackers or malicious insiders.

Data Loss Prevention

Technology that detects and prevents sensitive data from leaving your organisation through unauthorised channels.

Data Minimisation

GDPR principle requiring collection of only the personal data necessary for specified purposes.

Data Processing Agreement

Contract between controller and processor defining data processing terms and GDPR compliance obligations.

Data Processor

Organisation that processes personal data on behalf of a data controller.

Data Protection Act 2018

UK legislation implementing GDPR and providing the UK's data protection framework.

Data Protection Impact Assessment

Assessment required for high-risk processing to identify and mitigate data protection risks.

Data Retention

Policies governing how long personal data is kept before secure disposal.

Data Subject

The individual whose personal data is being collected, stored, or processed.

Data Subject Access Request

Request from an individual to access the personal data an organisation holds about them.

DDoS

Acronym for Distributed Denial of Service—large-scale attacks overwhelming services with coordinated traffic.

DEFCON 658

MOD directive mandating minimum cybersecurity standards for defence supply chain organisations.

Defence Cyber Compliance

Framework of cyber security requirements for organisations in the UK defence supply chain.

Defence in Depth

Security strategy using multiple layers of controls so that if one fails, others provide protection.

Defence Supply Chain

Network of companies providing products and services supporting defence and military capabilities.

Denial of Service

Attack that overwhelms a system or network with traffic to make it unavailable to legitimate users.

DHCP

Protocol that automatically assigns IP addresses and network configuration to devices.

Dictionary Attack

Password cracking attack using lists of common words and known passwords rather than random combinations.

Digital Certificate

Electronic document binding a public key to an identity, verified by a Certificate Authority.

Digital Signature

Cryptographic method proving document authenticity and integrity—electronic equivalent of handwritten signature.

Disaster Recovery

Plans and processes for restoring IT systems and data following a major disruption or disaster.

Disaster Recovery as a Service

Cloud-based disaster recovery service providing replication and failover capabilities.

Distributed Denial of Service

Coordinated attack from multiple sources overwhelming systems with traffic to cause service outages.

DKIM

DomainKeys Identified Mail—email authentication using digital signatures to verify sender identity.

DLP

Acronym for Data Loss Prevention—stopping sensitive data from leaving through unauthorised channels.

DMARC

Domain-based Message Authentication, Reporting, and Conformance—policy layer for email authentication.

DNS

Domain Name System—translates human-readable domain names into IP addresses computers use.

DNS Amplification Attack

DDoS technique using DNS servers to multiply attack traffic and overwhelm victims.

DNS Tunneling

Technique that encodes data in DNS queries to bypass security controls and exfiltrate information.

DORA

EU regulation on digital operational resilience for the financial sector.

DoS

Acronym for Denial of Service—attacks that make systems unavailable to legitimate users.

Doxxing

Researching and publicly revealing private information about individuals, typically with malicious intent.

DPIA

Acronym for Data Protection Impact Assessment—risk assessment for high-risk personal data processing.

DPO

Data Protection Officer—required role for certain organisations to oversee GDPR compliance.

DR

Acronym for Disaster Recovery—restoring IT operations after major disruptions.

DRaaS

Acronym for Disaster Recovery as a Service—cloud-based DR capabilities.

Drive-by Attack

Malware infection that occurs simply by visiting a compromised or malicious website.

DSAR

Acronym for Data Subject Access Request—individual's request for their personal data.

Healthcare

DSPT

Data Security and Protection Toolkit—NHS self-assessment tool for data security standards.

Due Diligence

Reasonable investigation and assessment before making decisions or entering relationships.

Dumpster Diving

Searching through rubbish to find confidential information, documents, or discarded equipment.

DV Clearance

Developed Vetting—highest clearance for regular access to Top Secret information.

E

EAR

Export Administration Regulations—US export controls on dual-use technology with military applications.

EASM

Acronym for External Attack Surface Management—discovering and monitoring internet-facing exposures.

EDR

Acronym for Endpoint Detection and Response—real-time threat monitoring and response for devices.

Email Archiving

Long-term storage of email for compliance, legal discovery, and business records.

Email Encryption

Protecting email content so only intended recipients can read it.

Email Filtering

Technologies that analyse and control email flow based on content, sender, and threat indicators.

Measures protecting email systems and users from threats like phishing, malware, and data loss.

Email Spoofing

Forging email headers to make messages appear from trusted sources.

Encryption

Converting data into coded form that can only be read with the correct decryption key.

Encryption

Process of converting readable data into coded form that requires a key to decode.

End-to-End Encryption

Encryption where only communicating parties can read messages—service providers cannot access content.

Endpoint Detection and Response

Security technology that continuously monitors endpoints to detect and respond to cyber threats in real time.

Endpoint Protection

Security software that protects devices like laptops, desktops, and servers from malware and attacks.

Endpoint Protection Platform

Integrated security solution providing comprehensive protection for endpoints against various threats.

ENISA

European Union Agency for Cybersecurity—EU body promoting cyber security across member states.

EPP

Acronym for Endpoint Protection Platform—comprehensive security suite for device protection.

Eradication

Removing the threat and its artefacts from affected systems during incident response.

Escalation

Process of raising incident severity or involving additional resources when needed.

Evil Twin Attack

Fake Wi-Fi access point that mimics a legitimate network to intercept users' traffic and credentials.

Exchange Online

Microsoft's cloud email service providing business email, calendar, and contacts.

Exploit

Code or technique that takes advantage of a software vulnerability to cause unintended behaviour.

Extended Detection and Response

Security platform that unifies threat detection across endpoints, networks, cloud, and email into a single view.

External Attack Surface Management

Continuous discovery and monitoring of internet-facing assets to identify security exposures.

F

Failback

Process of returning to the primary system after it's restored following a failover.

Failover

Automatic or manual switching to a backup system when the primary system fails.

FCA

Financial Conduct Authority—UK regulator for financial services with operational resilience requirements.

Federation

Linking identity systems across organisations to enable seamless authentication and access.

FedRAMP

US government programme standardising security assessment for cloud services used by federal agencies.

File Integrity Monitoring

Security control that detects unauthorised changes to critical system files and configurations.

Fileless Malware

Sophisticated malware that operates entirely in memory, leaving no files for traditional antivirus to detect.

FIM

Acronym for File Integrity Monitoring—detecting unauthorised changes to critical files.

Firewall

Network security device that monitors and controls traffic based on defined security rules.

Flooding

DoS technique that overwhelms targets with massive volumes of traffic or connection requests.

Forensics

Systematic investigation and analysis of digital evidence following security incidents.

Fork Bomb

Malicious code that rapidly replicates itself to exhaust system resources and crash the target.

Full Backup

Complete copy of all selected data, providing a standalone recovery point.

G

Gap Analysis

Assessment comparing current state against requirements to identify what needs to change.

GDPR

EU regulation governing the protection of personal data and privacy rights of individuals.

Governance, Risk, and Compliance

Integrated approach to managing governance, risk management, and compliance activities across an organisation.

Acronym for Governance, Risk, and Compliance—integrated management of these interconnected disciplines.

Group Policy

Windows feature for centrally managing and configuring operating systems, applications, and user settings.

H

Hacker

Person who uses technical skills to gain unauthorised access to systems, with varying motivations and ethics.

Hacktivism

Hacking motivated by political or social activism rather than financial gain.

Hardening

Process of securing systems by reducing attack surface through configuration changes and removing unnecessary features.

Hardware Security Module

Physical device for secure cryptographic key storage and operations, resistant to tampering.

Hashing

One-way function converting data into a fixed-size output, used for integrity verification and password storage.

Help Desk

Technical support function providing assistance for IT problems and questions.

HIDS

Acronym for Host-based Intrusion Detection System—monitoring individual devices for threats.

High Availability

System design ensuring minimal downtime through redundancy and automatic failover.

HIPAA

US law protecting health information, requiring safeguards for patient data privacy and security.

HIPS

Acronym for Host-based Intrusion Prevention System—automatically blocking threats on individual devices.

Host-based Intrusion Detection System

Security software installed on individual devices to monitor for suspicious activity and policy violations.

Host-based Intrusion Prevention System

Security software on individual devices that detects and automatically blocks malicious activity.

HTTPS

Secure version of HTTP using TLS encryption for protected web communications.

Human Factor

The role of human behaviour, decisions, and errors in security incidents and defence.

Hybrid Cloud

Computing environment combining on-premises infrastructure with public and private cloud services.

I

IaaS

Acronym for Infrastructure as a Service—cloud-delivered computing infrastructure.

Acronym for Identity and Access Management—controlling who can access what resources.

IASME

Certification body and governance organisation for Cyber Essentials and related schemes.

ICO

Information Commissioner's Office—UK's data protection regulator and supervisory authority.

ICS

Acronym for Industrial Control Systems—technology controlling physical industrial processes.

Identity and Access Management

Framework of policies and technologies ensuring the right people have appropriate access to resources.

Identity Provider

Service that authenticates users and provides identity information to applications.

IDPS

Acronym for Intrusion Detection and Prevention Systems—combined monitoring and blocking of network threats.

IDS

Acronym for Intrusion Detection System—monitoring for malicious network or system activity.

Immutable Backup

Backup that cannot be modified or deleted for a specified period, protecting against ransomware.

Incident Communication

Coordinating information sharing during incidents with stakeholders, responders, and affected parties.

Incident Management

Process for detecting, responding to, and learning from security and operational incidents.

Organised approach to detecting, containing, eradicating, and recovering from security incidents.

Incident Response Plan

Documented procedures for detecting, responding to, and recovering from security incidents.

Incremental Backup

Backup method that copies only data changed since the last backup, reducing time and storage.

Indicator of Compromise

Observable evidence that a system may have been breached—such as malicious IPs, file hashes, or domain names.

Indicators of Compromise

Observable evidence that a system has been breached—IPs, file hashes, domain names, patterns.

Industrial Control Systems

Systems controlling industrial processes—manufacturing, utilities, and critical infrastructure operations.

Information Security Management System

Systematic approach to managing sensitive information through policies, processes, and controls.

Information Sharing and Analysis Center

Industry-specific organisations that share threat intelligence and best practices among member organisations.

Infrastructure as a Service

Cloud model providing virtualised computing infrastructure—servers, storage, and networking—on demand.

Inherent Risk

Risk level before any controls or risk treatment measures are applied.

Insider Threat

Security risk from people within the organisation—employees, contractors, or partners with legitimate access.

Internet of Things

Network of physical devices embedded with sensors and connectivity, enabling data collection and remote control.

Intrusion Detection and Prevention Systems

Combined security systems that both detect malicious activity and automatically block threats.

Intrusion Detection System

Security system that monitors network traffic or system activity for malicious behaviour and policy violations.

Intrusion Prevention System

Security system that detects and automatically blocks malicious network traffic or activity.

IOC

Acronym for Indicator of Compromise—technical evidence of a potential security breach.

IoT

Acronym for Internet of Things—connected devices with sensors and network capability.

IP Address

Numerical identifier assigned to devices on a network, enabling communication and routing.

IPS

Acronym for Intrusion Prevention System—automatically blocking detected network threats.

ISAC

Acronym for Information Sharing and Analysis Center—sector-specific threat intelligence sharing organisations.

ISACA

Professional association for IT governance, providing certifications and guidance.

ISMS

Acronym for Information Security Management System—structured approach to security management.

ISO 22301

International standard for business continuity management systems.

ISO 27001

International standard for information security management systems, requiring comprehensive security controls.

ISO 27002

Companion standard to ISO 27001 providing detailed guidance on security controls implementation.

IT Service Management

Framework for designing, delivering, managing, and improving IT services aligned with business needs.

IT/OT Convergence

Integration of information technology and operational technology systems, creating new security challenges.

ITAR

International Traffic in Arms Regulations—US export controls affecting defence-related technology and data.

ITIL

Industry framework of best practices for IT service management and delivery.

ITSM

Acronym for IT Service Management—structured approach to delivering IT services.

K

Key Management

Processes for generating, distributing, storing, rotating, and destroying cryptographic keys securely.

Key Performance Indicator

Measurable value demonstrating how effectively services or objectives are being achieved.

Keylogger

Malware or device that records keystrokes to capture passwords, messages, and other typed information.

Kill Chain

Model describing the stages of a cyber attack from initial reconnaissance to achieving objectives.

KPI

Acronym for Key Performance Indicator—measurable metrics for evaluating service effectiveness.

L

Latency

Time delay for data to travel from source to destination across a network.

Lawful Basis

Legal justification required under GDPR for processing personal data.

Least Privilege

Security principle granting users only the minimum access necessary to perform their job functions.

List X

MOD-approved contractor status for handling classified information at company premises.

Log Monitoring

Collecting and analysing system and application logs to detect security incidents and support investigations.

Logic Bomb

Malicious code that triggers when specific conditions are met, such as a date or user action.

M

M365

Common abbreviation for Microsoft 365—the cloud productivity and security platform.

Macro Virus

Malware embedded in document macros that executes when the document is opened with macros enabled.

Malvertising

Use of online advertising to spread malware, often on legitimate websites through compromised ad networks.

Malware

Malicious software designed to damage, disrupt, or gain unauthorised access to computer systems.

Man-in-the-Middle Attack

Attack where criminals secretly intercept and potentially alter communications between two parties.

Managed Detection and Response

Outsourced security service providing 24/7 threat monitoring, detection, and human-led response.

Managed Security Service Provider

Specialised provider delivering outsourced security monitoring, management, and incident response.

Managed Service Provider

Company that remotely manages a customer's IT infrastructure and systems on an ongoing basis.

Maximum Tolerable Downtime

Longest time a business function can be unavailable before causing unacceptable damage.

MDR

Acronym for Managed Detection and Response—24/7 security monitoring with human analysts who respond to threats.

Mean Time Between Failures

Average time between system failures, indicating reliability and stability.

Mean Time to Repair

Average time taken to fully resolve an incident and restore normal service.

Mean Time to Respond

Average time taken to acknowledge and begin working on an incident or service request.

MFA

Acronym for Multi-Factor Authentication—requiring multiple verification factors for access.

Microsoft 365

Cloud-based productivity and collaboration suite including Office apps, email, and security features.

Microsoft 365 Business Premium

Microsoft 365 tier for SMEs including productivity apps plus advanced security and device management.

Microsoft 365 E5

Enterprise Microsoft 365 tier with comprehensive security, compliance, and analytics capabilities.

Microsoft Defender for Cloud Apps

Cloud Access Security Broker (CASB) providing visibility and control over cloud application usage.

Microsoft Defender for Endpoint

Enterprise endpoint security platform providing threat protection, detection, and response capabilities.

Microsoft Defender for Identity

Cloud security solution that uses Active Directory signals to detect advanced threats and compromised identities.

Microsoft Defender for Office 365

Email and collaboration security service protecting against phishing, malware, and business email compromise.

Microsoft Entra ID

Microsoft's cloud identity and access management service, formerly known as Azure Active Directory.

Microsoft Intune

Cloud-based endpoint management service for managing devices, apps, and security policies.

Microsoft Purview

Data governance and compliance platform including data classification, DLP, and information protection.

Microsoft Secure Score

Security posture measurement tool showing how well your Microsoft 365 environment is configured.

Microsoft Sentinel

Cloud-native SIEM and SOAR platform for security monitoring, threat detection, and automated response.

Microsoft Teams

Collaboration platform combining chat, video meetings, file sharing, and application integration.

MitM

Acronym for Man-in-the-Middle—intercepting communications between two parties.

MITRE ATT&CK

Comprehensive knowledge base of adversary tactics and techniques based on real-world observations.

MOD

Ministry of Defence—UK government department responsible for defence policy and armed forces.

MSP

Acronym for Managed Service Provider—outsourced IT management and support.

MSSP

Acronym for Managed Security Service Provider—outsourced security operations and monitoring.

Multi-Cloud

Strategy using multiple cloud providers to avoid vendor lock-in and leverage best-of-breed services.

Multi-Factor Authentication

Security method requiring two or more verification factors to prove identity.

N

NAC

Network Access Control—security approach verifying devices before allowing network access.

NCSC

National Cyber Security Centre—UK's technical authority for cyber security guidance and incident response.

Need to Know

Security principle restricting access to information only to those who require it for their work.

Network Operations Centre

A facility that monitors and manages an organisation's network infrastructure, focusing on availability and performance.

Network Segmentation

Dividing networks into separate zones to contain breaches and limit lateral movement.

Next-Generation Firewall

Advanced firewall that combines traditional filtering with application awareness, intrusion prevention, and threat intel...

NGFW

Acronym for Next-Generation Firewall—advanced perimeter security with application awareness and integrated threat preven...

Healthcare

NHS

National Health Service—UK's publicly funded healthcare system with specific cyber security requirements.

NIS Regulations

UK regulations implementing cyber security requirements for essential services and digital infrastructure.

NIS2

EU directive strengthening cybersecurity requirements for essential and important entities across Europe.

NIST

US National Institute of Standards and Technology—developer of widely-used security frameworks and standards.

NIST Cybersecurity Framework

US framework providing standards and best practices for managing cybersecurity risk.

NOC

Acronym for Network Operations Centre—monitoring network availability and performance.

O

Telecomms

Ofcom

UK communications regulator overseeing telecoms security under NIS and Telecoms Security Act.

Offboarding

Process of transitioning away from a service provider, including knowledge transfer and tool removal.

Official-Sensitive

UK government classification marking for sensitive information requiring protection but not fully classified.

Energy

Ofgem

UK energy regulator responsible for electricity and gas markets including CNI security oversight.

Onboarding

Process of transitioning a new client onto managed services, including discovery, documentation, and tool deployment.

OneDrive for Business

Cloud storage for individual users, integrated with Microsoft 365 for file sync and sharing.

Operational Resilience

Ability of financial services firms to prevent, respond to, recover from operational disruptions.

Operational Technology

Hardware and software controlling physical processes—industrial systems, SCADA, building management.

Operator of Essential Services

Organisation providing essential services designated under NIS Regulations with mandatory security requirements.

OT

Acronym for Operational Technology—systems controlling physical processes and industrial equipment.

P

PaaS

Acronym for Platform as a Service—cloud platform for application development and hosting.

Packet Sniffing

Capturing and analysing network traffic to intercept data, including credentials and sensitive information.

PAM

Acronym for Privileged Access Management—securing and controlling administrative access.

Password Policy

Rules governing password creation, use, and management across the organisation.

Password Spraying

Attack that tries a few common passwords against many accounts to avoid triggering lockouts.

Passwordless Authentication

Authentication methods that eliminate passwords, using biometrics, security keys, or device-based factors.

Patch

Software update that fixes security vulnerabilities, bugs, or adds functionality.

Patch Management

Process of identifying, acquiring, testing, and deploying patches to keep systems secure.

Healthcare

Patient Data

Personal information about patients including medical records, treatment, and health status.

PCI DSS

Payment Card Industry Data Security Standard—requirements for organisations handling card payment data.

Pen Test

Shortened term for penetration testing—authorised simulated attacks to evaluate security.

Penetration Tester

Professional who ethically hacks systems to find vulnerabilities before malicious attackers do.

Penetration Testing

Authorised simulated attack to evaluate security by exploiting vulnerabilities as a real attacker would.

Personal Data

Any information relating to an identified or identifiable living individual.

Phishing

Fraudulent attempt to steal sensitive information by disguising as a trustworthy source, typically via email.

Phishing Simulation

Controlled fake phishing campaigns testing employee awareness and identifying training needs.

Phishing Simulation

Controlled fake phishing campaigns testing and improving employee awareness.

PKI

Acronym for Public Key Infrastructure—the trust framework for digital certificates.

Platform as a Service

Cloud model providing a platform for developing and running applications without managing infrastructure.

Playbook

Documented procedure defining steps to follow for specific incident types or scenarios.

Post-Incident Review

Analysis conducted after incidents to identify lessons learned and improve future response.

Power Platform

Low-code development platform including Power Apps, Power Automate, Power BI, and Power Virtual Agents.

PRA

Prudential Regulation Authority—UK regulator focusing on financial system stability and prudential requirements.

Prime Contractor

Main contractor with direct government contract, responsible for managing subcontractors and delivery.

Privacy by Design

Approach embedding data protection into systems and processes from the outset rather than as an afterthought.

Privacy Notice

Document informing individuals about how their personal data will be collected, used, and protected.

Private Cloud

Cloud infrastructure dedicated to a single organisation, either on-premises or hosted by a provider.

Privileged Access Management

Controls for securing, managing, and monitoring accounts with elevated permissions.

Professional Services Automation

Software platform for managing MSP business operations—ticketing, billing, projects, and contracts.

PSA

Acronym for Professional Services Automation—MSP business and service management platform.

Pseudonymisation

Processing personal data so it can no longer be attributed to an individual without additional information.

Public Cloud

Cloud services delivered over the public internet by third-party providers, shared across multiple customers.

Public Key Infrastructure

Framework for managing digital certificates and public-key encryption to enable secure communications.

Purple Team

Collaborative approach combining red team attacks and blue team defence to improve security together.

Purpose Limitation

GDPR principle requiring personal data be collected for specified, explicit, and legitimate purposes only.

Q

Quarantine

Holding area for suspicious emails pending review or automatic deletion.

R

RaaS

Acronym for Ransomware as a Service—criminal subscription model for deploying ransomware attacks.

Ransomware

Malware that encrypts files or systems and demands payment for restoration.

Ransomware as a Service

Criminal business model where ransomware developers provide tools to affiliates for a share of ransom payments.

RBAC

Acronym for Role-Based Access Control—permissions assigned through role membership.

Recovery

Restoring affected systems to normal operation after incident containment and eradication.

Recovery Point Objective

Maximum acceptable amount of data loss measured in time—how much work can you afford to lose?

Recovery Time Objective

Maximum acceptable time to restore systems and resume operations after a disaster.

Red Team

Security professionals who simulate real-world attacks to test an organisation's defences comprehensively.

Redundancy

Duplication of critical components or systems to provide backup if primary elements fail.

Regulatory Compliance

Meeting requirements set by government regulations and regulatory bodies.

Remediation

Process of addressing identified gaps, vulnerabilities, or non-compliance issues.

Remediation

The process of fixing identified security vulnerabilities and weaknesses.

Remote Monitoring and Management

Software platform enabling MSPs to monitor, maintain, and support client systems remotely.

Reporting Culture

Environment where staff feel comfortable reporting security concerns without fear of blame.

Residual Risk

Risk remaining after security controls and risk treatment measures have been applied.

Resilience

Ability to prepare for, withstand, recover from, and adapt to adverse events and disruptions.

Retainer

Pre-arranged agreement with incident response providers ensuring availability during emergencies.

Right to Erasure

Data subject right to have personal data deleted in certain circumstances—also called right to be forgotten.

Risk Appetite

The level of risk an organisation is willing to accept in pursuit of its objectives.

Risk Assessment

Systematic process of identifying and evaluating risks to determine appropriate responses.

Risk Management

Process of identifying, assessing, and addressing risks to achieve organisational objectives.

Risk Register

Document tracking identified risks, their assessment, treatment decisions, and current status.

Risk Tolerance

The acceptable variation from risk appetite—the boundaries of acceptable risk.

Risk Treatment

Selecting and implementing measures to address identified risks—mitigate, accept, transfer, or avoid.

Risk-Based Vulnerability Management

Prioritising vulnerability remediation based on actual risk to the organisation rather than just CVSS scores.

RMM

Acronym for Remote Monitoring and Management—the platform powering MSP service delivery.

Role-Based Access Control

Access control model where permissions are assigned to roles, and users are assigned to roles.

Root Cause Analysis

Systematic investigation to identify the fundamental cause of an incident.

Rootkit

Stealthy malware designed to hide its presence while maintaining privileged access to a system.

Router

Network device that forwards traffic between different networks, directing packets to their destinations.

RPO

Acronym for Recovery Point Objective—maximum acceptable data loss in time.

RTO

Acronym for Recovery Time Objective—maximum acceptable downtime for recovery.

S

S/MIME

Standard for email encryption and digital signatures using certificates.

SaaS

Acronym for Software as a Service—cloud-delivered applications accessed via browser.

Safe Attachments

Microsoft Defender feature that detonates email attachments in sandbox environments to detect malware.

Safe Links

Microsoft Defender feature that scans URLs in emails and documents at click time for malicious content.

SAML

Security Assertion Markup Language—standard protocol for exchanging authentication and authorisation data.

SASE

Security architecture combining network and security services delivered from the cloud.

SC Clearance

Security Check—clearance level for access to Secret classified information.

SCADA

Supervisory Control and Data Acquisition—systems monitoring and controlling distributed industrial processes.

Scareware

Malicious software that frightens users with fake warnings to trick them into paying or installing more malware.

Script Kiddie

Inexperienced attacker who uses pre-made tools and scripts without understanding how they work.

SD-WAN

Software-defined networking technology that simplifies WAN management and optimises connectivity.

Secret

UK government classification for information whose compromise would cause serious damage to national security.

Secure Email Gateway

Email security platform filtering inbound and outbound email for threats and policy violations.

Security Analyst

Professional who monitors systems, analyses threats, and responds to security incidents.

Security Architect

Professional who designs security frameworks and ensures systems are built securely from the ground up.

Security Assessment

Evaluation of an organisation's security posture to identify weaknesses and improvement opportunities.

Security Awareness

Programmes and activities educating staff about security risks and their responsibilities.

Security Awareness Training

Programmes educating employees about security risks and their role in protecting the organisation.

Security Clearance

Government vetting status allowing individuals to access classified information at specified levels.

Security Culture

Shared values and behaviours that make security a natural part of how an organisation operates.

Security Engineer

Professional who designs, implements, and maintains security systems and infrastructure.

Security Incident

Event that threatens the confidentiality, integrity, or availability of information or systems.

Security Information and Event Management

Platform that collects and analyses security logs from across your IT environment to detect threats and support complian...

Security Operations Centre

A dedicated facility or team that monitors an organisation's security around the clock and responds to incidents.

Security Orchestration Automation and Response

Technology that automates security tasks and coordinates response actions across multiple security tools.

Security Policy

Documented rules and guidelines governing how an organisation protects its information assets.

Security Posture

Overall security status of an organisation including controls, vulnerabilities, and risk exposure.

Serverless Computing

Cloud model where the provider manages all infrastructure and customers only deploy code or functions.

Service Desk

Single point of contact for users to report issues, request services, and get IT support.

Service Level Agreement

Formal contract defining the expected level of service, response times, and performance metrics.

Shared Responsibility Model

Framework defining security responsibilities split between cloud providers and customers.

SharePoint Online

Cloud-based platform for document management, collaboration, and intranet sites.

Shoulder Surfing

Stealing information by observing someone's screen, keyboard, or paperwork over their shoulder.

SIEM

Acronym for Security Information and Event Management—centralised security logging and threat detection.

Single Point of Failure

Component whose failure would cause the entire system or process to stop working.

Single Sign-On

Authentication method allowing users to access multiple applications with one set of credentials.

SLA

Acronym for Service Level Agreement—contractual service commitments and targets.

Smart Grid

Modernised electrical grid using digital technology for monitoring, control, and efficiency.

Energy

Smart Meter

Digital energy meters enabling remote reading and two-way communication with suppliers.

Smishing

Phishing conducted via SMS text messages to trick victims into revealing information or clicking malicious links.

SOAR

Acronym for Security Orchestration, Automation and Response—automating and coordinating security operations.

SOC

Acronym for Security Operations Centre—the team and facility dedicated to monitoring and responding to security threats.

SOC 2

Audit framework for service organisations demonstrating security, availability, and data handling controls.

SOC as a Service

Outsourced security operations centre providing 24/7 monitoring and incident response without building an internal team.

SOCaaS

Acronym for SOC as a Service—outsourced security monitoring and response.

Social Engineering

Psychological manipulation of people to trick them into making security mistakes or revealing information.

Social Engineering Defence

Controls and awareness measures protecting against manipulation and deception attacks.

Software as a Service

Cloud model delivering complete applications over the internet, accessed via web browser.

Spam Filter

Technology that identifies and blocks unsolicited bulk email before it reaches inboxes.

Spear Phishing

Targeted phishing attack aimed at specific individuals using personalised information to increase credibility.

Special Category Data

Sensitive personal data requiring additional protections—health, race, religion, sexual orientation, etc.

SPF

Sender Policy Framework—email authentication preventing sender address spoofing.

Spoofing

Disguising communication or identity to appear as a trusted source, including email, caller ID, or IP addresses.

Spyware

Malware that secretly monitors user activity and collects information without consent.

SQL Injection

Attack that inserts malicious SQL code into application queries to access or manipulate databases.

SQLi

Acronym for SQL Injection—exploiting database queries to access or manipulate data.

SSL/TLS

Cryptographic protocols securing communications over networks, enabling HTTPS and encrypted connections.

SSO

Acronym for Single Sign-On—one login for multiple applications.

Supply Chain Attack

Attack that targets organisations by compromising their suppliers, software vendors, or service providers.

SWIFT

Global financial messaging network connecting banks, with mandatory security controls for members.

Switch

Network device connecting devices within a network, forwarding traffic based on MAC addresses.

T

Tabletop Exercise

Discussion-based exercise where participants talk through their response to a simulated scenario.

Tactics, Techniques, and Procedures

The patterns of behaviour, methods, and tools that threat actors use to conduct attacks.

Tailgating

Physical security breach where an unauthorised person follows an authorised person through secured access points.

Technology Business Review

Regular strategic meeting between MSP and client to review IT performance and plan improvements.

Telecomms

Telecoms Security Act

UK legislation establishing security requirements for telecoms networks and addressing high-risk vendors.

Third-Party Risk Management

Process of identifying, assessing, and managing security risks from vendors and partners.

Threat Actor

Any individual, group, or entity that conducts malicious cyber activities against organisations or individuals.

Threat Feed

Automated stream of threat indicators and intelligence integrated into security tools for detection.

Threat Hunting

Proactive searching through systems and data to find threats that automated tools have missed.

Evidence-based knowledge about threats used to inform security decisions and improve defences.

Threat Landscape

The overall view of threats facing an organisation, sector, or region at a given time.

Tiered Support

Multi-level support structure where issues are escalated to increasingly specialised technicians.

Top Secret

UK's highest classification for information whose compromise would cause exceptionally grave damage.

Triage

Initial assessment to determine incident severity and appropriate response level.

Trojan

Malware disguised as legitimate software that tricks users into installing it.

TTP

Acronym for Tactics, Techniques, and Procedures—how threat actors conduct their attacks.

Two-Factor Authentication

Authentication requiring exactly two verification factors—a specific form of MFA.

Typosquatting

Registering domains similar to legitimate ones to catch users who mistype URLs.

U

UK GDPR

The retained EU GDPR as incorporated into UK law after Brexit.

UKAS

United Kingdom Accreditation Service—the national body accrediting certification organisations.

Unified Threat Management

All-in-one security appliance combining firewall, antivirus, content filtering, and intrusion prevention.

UTM

Acronym for Unified Threat Management—all-in-one security appliance for comprehensive network protection.

V

vCIO

Virtual Chief Information Officer—strategic IT leadership provided as a service.

Virus

Self-replicating malware that attaches to legitimate programs and spreads when those programs run.

Vishing

Voice phishing—fraudulent phone calls attempting to extract sensitive information or payments.

VLAN

Virtual Local Area Network—logical network segment created within physical network infrastructure.

VPN

Encrypted tunnel creating secure connections over public networks for remote access or site linking.

Vulnerability

A weakness in a system, application, or process that could be exploited to cause harm.

Vulnerability Assessment

Systematic identification and classification of security weaknesses in systems and networks.

Vulnerability Scanning

Automated process of identifying security weaknesses in systems, networks, and applications.

W

WAF

Acronym for Web Application Firewall—protecting web applications from common attacks.

WannaCry

Notorious 2017 ransomware attack that spread globally through a Windows vulnerability, notably affecting the NHS.

Web Application Firewall

Security control that protects web applications by filtering and monitoring HTTP traffic for attacks.

Whaling

Phishing attack specifically targeting senior executives and high-value individuals within an organisation.

Wi-Fi

Wireless networking technology enabling devices to connect to networks without physical cables.

Windows Autopilot

Zero-touch deployment technology for provisioning new Windows devices without manual imaging.

Windows Server

Microsoft's server operating system for running applications, services, and infrastructure.

Worm

Self-replicating malware that spreads automatically across networks without requiring user action.

WPA3

Latest Wi-Fi security protocol providing stronger encryption and protection against attacks.

X

XDR

Acronym for Extended Detection and Response—unified threat detection across your entire IT environment.

XSS

Acronym for Cross-Site Scripting—injecting malicious scripts into web pages.

Z