Glossary

Automated deployment of security updates and fixes to reduce exposure windows.

The solid, consolidated rock beneath soil and loose material. It forms over geologic time, provides a stable foundation for large structures, and separates surface layers from deeper rock and magma.

A data type with two possible values (true or false) used for logical conditions.

An automated program that can simulate user actions; often used for scraping or abuse.

Controls that protect browsers from phishing, malicious downloads, and unsafe web interactions.

A temporary memory region used to store data during processing, often for I/O operations.

Completely Automated Public Turing test to tell Computers and Humans Apart; a challenge to reduce automated abuse.

Security controls that protect collaboration platforms by governing access, sharing, and content movement.

The ability to demonstrate control coverage, evidence, and policy alignment for regulatory requirements.

Policies that grant or deny access based on identity, device posture, location, and risk signals.

Linking security controls to risks, policies, and compliance requirements to show coverage and gaps.

Cross-Site Request Forgery; an attack that tricks a user into submitting unintended requests to a trusted site.

Dynamic Application Security Testing; testing a running application from the outside to identify vulnerabilities and misconfigurations.

A device's security state based on configuration, compliance checks, and real-time health signals used for access decisions.

DomainKeys Identified Mail; cryptographic signatures that help validate email authenticity.

Domain-based Message Authentication, Reporting, and Conformance; a policy to validate email sender identity and reduce spoofing.

The unique name that identifies an organization or service on the internet, used in email and web addressing.

Endpoint Detection and Response; platforms that collect endpoint telemetry, detect threats, and enable containment actions.

Transforming data into a safe representation to prevent unintended interpretation by browsers or parsers.

Transforming data into ciphertext using keys so only authorized parties can read it, in transit or at rest.

A user device or compute node that connects to the network, such as a laptop, workstation, server, or mobile device.

Data Loss Prevention controls on endpoints to detect and block unauthorized data movement.

Endpoint Protection Platform; security tooling that prevents, detects, and blocks threats on endpoints.

Exploit Prediction Scoring System; a data-driven score that estimates the likelihood a vulnerability will be exploited.

Prioritizing remediation based on likelihood of exploitation and potential impact.

Reducing attack surface by securely configuring systems, disabling unnecessary services, and applying baselines.

A hidden field or decoy used to detect automated form submissions and reduce spam.

HyperText Markup Language; the standard markup language for structuring web content.

Environments that combine traditional IT systems with operational technology such as industrial control systems and field devices.

Internet Key Exchange; protocol used to set up secure VPN tunnels and negotiate encryption parameters.

Risk posed by authorized users through misuse, error, or compromise of legitimate access.

Known Exploited Vulnerabilities; CISA catalog of vulnerabilities confirmed to be exploited in the wild.

Mobile Device Management; centralized enforcement of device configuration, compliance, and security policies.

Multi-Factor Authentication; requires two or more verification factors to confirm a user's identity.

Object-Document Mapper; a layer that maps application objects to document databases.

Object-Relational Mapper; a layer that maps application objects to relational databases.

Privileged Access Management; controls and monitoring for high-risk administrative access.

A software update that fixes vulnerabilities, bugs, or configuration issues to reduce risk.

Coordinated planning and execution of patch deployment across systems to reduce risk and downtime.

Descriptive or judgment-based assessment that relies on expert evaluation rather than numerical scoring.

Numeric assessment based on measurable data, scoring, or calculations.

A policy that caps request volume over time to prevent abuse and maintain service stability.

A current-state view of threats, exposures, and control gaps used to prioritize remediation.

A quantitative or qualitative ranking of risk based on likelihood, impact, and exposure.

Cleaning or removing unsafe input to prevent injection, scripting, or malformed data.

Static Application Security Testing; analysis of source code or binaries to find security issues without running the application.

Network and workload isolation that limits lateral movement and reduces the blast radius of incidents.

Search Engine Optimization; practices that improve a site's visibility and ranking in search results.

Input validation performed on the server to enforce rules and prevent malformed or malicious submissions.

Simple Mail Transfer Protocol; the standard protocol for sending email between servers.

Single Sign-On; a centralized authentication method that lets users access multiple applications with one login.

A sequence of characters used to represent text in software and data systems.

Security and operational data collected from endpoints, networks, and platforms for detection and response.

A control that slows repeated requests to protect services from abuse or resource exhaustion.

Unified Endpoint Management; a single platform to manage devices, apps, and policies across endpoints.

Automated discovery of known weaknesses in systems, software, and configurations.

Extended Detection and Response; platforms that unify telemetry across endpoints, networks, and cloud to improve detection and response.

A security model that continuously verifies users, devices, and workloads, rather than relying on network location.

Zero Trust Network Access; identity-aware access that restricts connections to specific applications or services.