Glossary
of IAM and cybersecurity terminology
Threat and Attack Terms
Abuse of Trust refers to a cybersecurity attack where malicious actors exploit legitimate access privileges or relationships to compromise systems or data.
read more
read more
An access broker is a cybercriminal who specializes in gaining unauthorized access to computer systems and then selling that access to other threat actors.
read more
read more
Account enumeration is a reconnaissance technique where attackers systematically identify valid usernames or accounts on a target system.
read more
read more
An account misbinding is a security vulnerability that occurs when an authentication system incorrectly associates user credentials with the wrong account or identity.
read more
read more
An Account Recovery Abuse attack exploits legitimate password reset and account recovery mechanisms to gain unauthorized access to user accounts.
read more
read more
Account Takeovers are a general category of cyberattacks in which the intruder gains access to the account of a legitimate user on a system or network, posing as that...
read more
read more
Active reconnaissance is a cybersecurity technique where attackers directly interact with target systems to gather information.
read more
read more
An Advanced Persistent Threat, or APT, is a stealthy, network-based threat or attack against which conventional forms of cyber-defense are extremely difficult.
read more
read more
An adversary objective is a specific goal that a cybercriminal or threat actor seeks to achieve through their attack activities.
read more
read more
Adversary tradecraft refers to the specialized techniques, tools, and methodologies that cybercriminals and threat actors use to conduct attacks and evade detection.
read more
read more
An Adversary-in-the-Middle attack is a cyberattack where an attacker intercepts and potentially alters communications between two parties.
read more
read more
An anomalous authentication is an authentication event that deviates from established user behavior patterns or normal system access protocols.
read more
read more
An Application Layer Attack is a cyberattack that targets vulnerabilities in software applications rather than network or system infrastructure.
read more
read more
An attack lifecycle is the sequence of phases that cybercriminals typically follow when conducting a cyberattack, from initial planning through execution to post-attack...
read more
read more
An attack path is the sequence of steps an attacker takes to gain unauthorized access to a target system or achieve their malicious objectives.
read more
read more
A backdoor account is a hidden user account created to provide unauthorized access to a system or application.
read more
read more
A Botnet is an aggregate collection of a large number of computer systems, often dispersed around the world, that have each been silently compromised for on-demand...
read more
read more
A Brute Force Attack is an attack in which every possible combination of letters, numbers, or words is tried in response to a shared secret authentication prompt.
read more
read more
A business logic flaw is a vulnerability that exploits the intended functionality of an application rather than technical coding errors.
read more
read more
A cloud misconfiguration is an incorrect or insecure setting in cloud infrastructure that creates security vulnerabilities.
read more
read more
A Command and Control (C2) system is a communication framework that allows cybercriminals to remotely manage compromised devices or networks.
read more
read more
A compromise path is a sequence of vulnerabilities and attack vectors that an adversary exploits to gain unauthorized access to a target system or network.
read more
read more
Credential exposure occurs when user authentication information like passwords, API keys, or tokens becomes accessible to unauthorized parties.
read more
read more
A credential harvesting attack is a cyberattack designed to steal usernames, passwords, and other authentication credentials from victims.
read more
read more
Credential Sharing refers to instances in which authorized computing systems users divulge their login credentials to colleagues or other individuals that are not...
read more
read more
Credential Stuffing refers to the automated attempt to access a protected system by using a large series of stolen username and password combinations, usually obtained as...
read more
read more
A Data Breach is a situation in which information security has failed, enabling sensitive data of any kind to be accessed by unauthorized individuals despite whatever...
read more
read more
A data exfiltration path is a route or method that attackers use to steal sensitive information from an organization's network or systems.
read more
read more
Defense evasion refers to techniques used by attackers to avoid detection by security controls and monitoring systems.
read more
read more
A Denial of Service (DoS) attack is a cyberattack designed to make a computer system or network resource unavailable to legitimate users.
read more
read more
A Deployment Attack Path is a sequence of vulnerabilities and misconfigurations that attackers can exploit to compromise systems during software deployment processes.
read more
read more
A Dictionary Attack is an attack in which many possible combinations of common words and phrases are tried in response to a shared secret authentication prompt.
read more
read more
A Distributed Denial of Service (DDoS) attack is an attack designed to stop an online system's normal operation by creating a "traffic jam" of sorts.
read more
read more
A domain fronting attack is a technique that uses content delivery networks to disguise the true destination of network traffic.
read more
read more
Employee Substitution refers to the unauthorized provision of an authorized employee's credentials to another employee or to a third party, in order to enable this other...
read more
read more
Exfiltration readiness refers to the preparatory state in which an attacker has positioned stolen data for removal from a target system.
read more
read more
Exploit chaining is a cyberattack technique that combines multiple vulnerabilities or exploits in sequence to achieve a broader compromise than any single exploit could...
read more
read more
An exploit kit is a pre-packaged software toolkit that automates the process of exploiting vulnerabilities in web browsers and their plugins.
read more
read more
Exploit readiness is the state in which a system or organization is prepared to identify, respond to, and mitigate potential exploits against their infrastructure.
read more
read more
Exploitability refers to how easily a vulnerability can be leveraged by an attacker to compromise a system or application.
read more
read more
Identity spoofing is a cyberattack technique where an attacker impersonates a legitimate user or entity to gain unauthorized access to systems or data.
read more
read more
Inference Abuse is a privacy attack where adversaries extract sensitive information by analyzing patterns in data or system responses.
read more
read more
An Initial Access Vector is the method or pathway an attacker uses to first gain entry into a target system or network.
read more
read more
An Insider Threat is a case in which there is either measurable risk or actual evidence that someone with legitimate access to an information system will use or has used...
read more
read more
An intrusion is an unauthorized access or breach into a computer system, network, or digital resource.
read more
read more
Lateral Movement is a term used to describe how hackers move from an initial point of entry deeper into a network.
read more
read more
A lateral privilege escalation is a cyberattack technique where an attacker moves from one compromised account to another account with similar or different privileges...
read more
read more
License Sharing refers to situations in which two or more users regularly use a single username and password to log into and use a software-as-a-service (SaaS)...
read more
read more
Living-off-the-Land refers to a cyberattack technique where attackers use legitimate system tools and processes to conduct malicious activities.
read more
read more
A memory injection is a cyberattack technique where malicious code is inserted directly into a running process's memory space.
read more
read more
A Model Hallucination Risk is the potential for AI systems to generate false, misleading, or fabricated information presented as factual.
read more
read more
A payload is the part of malware that performs the actual malicious action once the malware has successfully infiltrated a target system.
read more
read more
Phishing is a cyberattack that relies on social engineering to try to steal valid login credentials from unsuspecting users, in order to carry out illicit activity.
read more
read more
Post-exploitation refers to the phase of a cyberattack that occurs after an attacker has successfully gained initial access to a target system.
read more
read more
A prompt injection is a cyberattack that manipulates AI language models by inserting malicious instructions into user prompts.
read more
read more
Ransomware is a type of malware that, when installed on a computing system, prevents further work from being done on the system or data from being accessed until a ransom...
read more
read more
A Remote Access Trojan, or RAT, is a type of malware that, when installed on a computing system, enables a remote attacker to surreptitiously access the system, its...
read more
read more
A Remote Code Execution (RCE) vulnerability allows an attacker to run arbitrary code on a target system from a remote location.
read more
read more
A rootkit is malicious software designed to hide its presence and maintain persistent, unauthorized access to a computer system.
read more
read more
A Rubber Ducky Attack is a cyberattack in which a custom USB device emulates a USB keyboard to attack a workstation.
read more
read more
A Security Control Bypass is a method or technique used to circumvent implemented security measures without triggering detection mechanisms.
read more
read more
A Silent Intrusion is a cyberattack that occurs without triggering security alerts or being detected by monitoring systems.
read more
read more
Social Engineering refers to any method of gaining illicit access to secured systems that relies not on technical skill, but rather on social and interpersonal skills for...
read more
read more
Spam is unsolicited electronic communication, typically email, sent in bulk to numerous recipients.
read more
read more
Spear Phishing is a particular, narrowly-targeted form of phishing attack, a social engineering attack in which users are tricked via email into surrendering login...
read more
read more
Tactics are the specific technical methods and procedures used by threat actors to achieve their objectives during a cyberattack.
read more
read more
A threat actor is an individual, group, or entity that carries out or attempts cyberattacks against computer systems, networks, or data.
read more
read more
A threat vector is a pathway or method that cybercriminals use to gain unauthorized access to a computer system or network.
read more
read more
A Token Theft is a cyberattack where malicious actors steal authentication tokens to impersonate legitimate users and gain unauthorized access to systems.
read more
read more
Training Data Poisoning is a machine learning attack where adversaries deliberately corrupt or manipulate the data used to train AI models.
read more
read more
A Trojan Horse is a malware attack in which users are fooled into installing malicious code on a computing system.
read more
read more
Unauthorized credential use is a major attack vector wherein attackers gain credentials through phishing, buying exposed credentials on the dark web, or other means.
read more
read more
In security contexts, User Carelessness refers to any action taken by a user for purposes of expedience that has a negative impact on security.
read more
read more
A virus is a type of malicious software that replicates by inserting copies of itself into other programs or files.
read more
read more
A Voice Phishing attack is a social engineering scam conducted over the telephone to steal sensitive information.
read more
read more
A Watering Hole Attack is a cyberattack that compromises websites frequently visited by a specific target group.
read more
read more
General Cybersecurity Terms
An abuse case is a scenario that describes how a system's features could be misused or exploited by malicious actors.
read more
read more
Access Path Analysis is a cybersecurity assessment technique that maps all possible routes an attacker could take to reach critical assets within a network or system.
read more
read more
Account hygiene is the practice of maintaining clean, secure, and properly managed user accounts across an organization's systems.
read more
read more
An Active Defense is a cybersecurity strategy that involves taking proactive, dynamic measures to detect, respond to, and counteract cyber threats in real-time.
read more
read more
Adversary emulation is a cybersecurity testing methodology that replicates the tactics, techniques, and procedures of real-world threat actors.
read more
read more
An Adversary Playbook is a documented collection of attack techniques, tactics, and procedures used by specific threat actors or attack groups.
read more
read more
An AI attack surface is the sum of all potential entry points and vulnerabilities that exist within an artificial intelligence system where malicious actors could launch...
read more
read more
An AI Model Exposure is a security vulnerability where sensitive details about an AI system's architecture, training data, or operational parameters are inadvertently...
read more
read more
An allowlist is a security control that permits only pre-approved entities to access a system or network.
read more
read more
API Penetration Testing is a security assessment method that evaluates application programming interfaces for vulnerabilities and weaknesses.
read more
read more
API Security is the practice of protecting Application Programming Interfaces from threats, vulnerabilities, and unauthorized access.
read more
read more
An application attack surface is the total set of entry points, interfaces, and vulnerabilities that attackers can exploit to compromise an application.
read more
read more
Application hardening is the process of securing software applications by reducing their attack surface and vulnerabilities.
read more
read more
Application Security Testing is the practice of evaluating software applications for security vulnerabilities and weaknesses throughout the development lifecycle.
read more
read more
Asset attribution is the process of identifying and linking digital assets, infrastructure, or activities to specific threat actors or organizations.
read more
read more
Asset discovery is the process of identifying and cataloging all hardware, software, and digital resources within an organization's IT infrastructure.
read more
read more
An asset exposure is a security vulnerability that makes an organizational asset accessible to potential attackers or unauthorized users.
read more
read more
An Asset Inventory is a comprehensive catalog of all hardware, software, and data resources within an organization's IT environment.
read more
read more
Assume Breach is a cybersecurity philosophy that operates under the premise that attackers have already penetrated an organization's defenses.
read more
read more
An Attack Graph is a visual representation that maps potential attack paths through a network or system.
read more
read more
An Attack Hypothesis is a structured assumption about how an adversary might compromise a system or network.
read more
read more
Attack Path Enumeration is the systematic process of identifying and mapping all possible routes an attacker could take to compromise a target system or network.
read more
read more
Attack Path Inheritance refers to the process by which security vulnerabilities and attack vectors are passed down through system hierarchies or dependencies.
read more
read more
Attack preconditions are the specific conditions, vulnerabilities, or circumstances that must exist for a cyberattack to succeed.
read more
read more
Attack Readiness is an organization's level of preparedness to detect, respond to, and recover from cybersecurity incidents.
read more
read more
An attack replay is a cyberattack where an adversary intercepts and retransmits legitimate data communications to gain unauthorized access or privileges.
read more
read more
An attack scenario is a detailed description of how a cybersecurity threat could potentially unfold against a specific target or system.
read more
read more
An attack simulation is a controlled cybersecurity exercise that mimics real-world cyberattacks to test an organization's security defenses and incident response...
read more
read more
Attack Success Criteria are the specific objectives or conditions that must be met for a cyberattack to be considered successful from the attacker's perspective.
read more
read more
An attack surface is a conceptual "area" of use and activity where security vulnerabilities may exist, and which therefore becomes a target for cybersecurity attacks.
read more
read more
An attack surface consists of all of the possible attack vectors that exist within a network.
read more
read more
Attack Surface Reduction is a cybersecurity strategy that minimizes the number of potential entry points available to attackers.
read more
read more
In cybersecurity contexts, Attribution is the action of identifying and making a record of the user(s) responsible for particular action(s) or event(s) that affect...
read more
read more
An Authentication Context is the collection of environmental and behavioral data used to verify a user's identity beyond traditional credentials.
read more
read more
Authentication strength is a measure of how secure and reliable an authentication method is against various types of attacks.
read more
read more
An authorization drift is the gradual accumulation of excessive permissions that occurs when user access rights are not properly managed over time.
read more
read more
An Authorization Graph is a visual representation that maps relationships between users, resources, and permissions within a system.
read more
read more
A baseline deviation is a measurable difference between current system behavior and an established normal operating pattern.
read more
read more
A behavior drift is a gradual change in a user's typical interaction patterns with computer systems over time.
read more
read more
A Black Box Testing is a cybersecurity testing methodology where testers evaluate a system without any knowledge of its internal structure, source code, or implementation...
read more
read more
A Blast Radius Analysis is a cybersecurity assessment that determines the potential scope of damage from a security breach or attack.
read more
read more
A Blue Team is a group of cybersecurity professionals responsible for defending an organization's systems and networks against cyberattacks.
read more
read more
Breach containment is the immediate process of limiting and stopping the spread of a cybersecurity incident once it has been detected.
read more
read more
A Breach Impact Analysis is a systematic evaluation of the consequences and scope of a cybersecurity incident after it occurs.
read more
read more
Bring Your Own Device, or BYOD, is an acronym that refers to the use of personal hardware in corporate settings.
read more
read more
A bug bounty program is a crowdsourced cybersecurity initiative where organizations offer rewards to ethical hackers for discovering and reporting security...
read more
read more
Campaign Correlation is the cybersecurity practice of linking related attack activities across multiple incidents to identify broader threat campaigns.
read more
read more
A Campaign-Based Testing is a structured cybersecurity assessment approach that simulates real-world attack scenarios over an extended period.
read more
read more
Capability-Based Testing is a cybersecurity assessment approach that evaluates an organization's defenses by simulating real-world attack scenarios based on specific...
read more
read more
Cloud Control Validation is the process of verifying that security controls implemented in cloud environments are functioning as intended and meeting compliance...
read more
read more
Cloud Identity Drift refers to the gradual accumulation of excessive or inappropriate permissions in cloud environments over time.
read more
read more
A Cloud Native Security approach is a cybersecurity strategy designed specifically for applications and infrastructure built for cloud environments.
read more
read more
Cloud penetration testing is a security assessment process that evaluates the vulnerabilities and weaknesses within cloud computing environments.
read more
read more
Cloud Permission Sprawl refers to the uncontrolled proliferation of access rights and permissions across cloud environments.
read more
read more
Cloud Risk Posture refers to an organization's overall security stance and vulnerability level across its cloud computing environments.
read more
read more
A Cloud Security Architecture is a comprehensive framework that defines security controls, policies, and procedures for protecting cloud-based systems and data.
read more
read more
A Cloud Security Assessment is a systematic evaluation of an organization's cloud infrastructure, services, and data to identify security vulnerabilities and compliance...
read more
read more
A Compromise Assessment is a comprehensive security evaluation that determines whether an organization's systems have been breached or infiltrated by attackers.
read more
read more
A Compromise Dwell Analysis is an investigation that determines how long an attacker remained undetected within a compromised system or network.
read more
read more
A Computer Emergency Response Team is a specialized cybersecurity organization that coordinates responses to computer security incidents and vulnerabilities.
read more
read more
A Conditional Access system is a security framework that enforces access controls based on specific conditions or contextual factors.
read more
read more
A confidence score is a numerical value that indicates the degree of certainty an authentication system has in its decision about a user's identity.
read more
read more
A configuration drift is the gradual divergence of a system's actual configuration from its intended or baseline configuration over time.
read more
read more
Container security is a comprehensive approach to protecting containerized applications throughout their lifecycle.
read more
read more
Containment is the cybersecurity practice of isolating compromised systems or networks to prevent malware or attackers from spreading to other parts of an organization's...
read more
read more
A containment strategy is a cybersecurity incident response plan designed to limit the spread and impact of a security breach or cyberattack.
read more
read more
Contextual Access Control is an access control method that makes authorization decisions based on multiple environmental and situational factors beyond just user identity.
read more
read more
Contextual Threat Intelligence is cybersecurity data enriched with relevant environmental and situational information to improve decision-making.
read more
read more
Continuous Discovery is the ongoing process of automatically identifying and cataloging assets, devices, and services within an organization's network infrastructure.
read more
read more
A Continuous Identity Assurance system is a security framework that continuously validates user identity throughout an entire computing session rather than just at login.
read more
read more
Continuous monitoring is the ongoing, real-time observation and analysis of systems, networks, and security controls to detect threats and vulnerabilities.
read more
read more
A Continuous Red Teaming approach is an ongoing cybersecurity testing methodology that simulates persistent adversarial attacks against an organization's systems and...
read more
read more
Continuous Threat Exposure Management is a cybersecurity approach that provides ongoing assessment and mitigation of an organization's attack surface.
read more
read more
Counter-incident operations are proactive cybersecurity activities designed to disrupt, degrade, or neutralize ongoing cyberattacks against an organization's systems.
read more
read more
Counterfactual Attack Modeling is a cybersecurity analysis technique that evaluates what might have happened if different security measures had been in place during an...
read more
read more
A credential lifecycle is the complete process of managing user credentials from creation to retirement.
read more
read more
A Critical Asset Protection strategy involves identifying and safeguarding an organization's most valuable digital and physical resources from cyber threats.
read more
read more
A Crown Jewel Analysis is a cybersecurity assessment that identifies an organization's most critical and valuable digital assets.
read more
read more
Cryptographic agility is an organization's ability to quickly adapt and transition between different cryptographic algorithms and protocols.
read more
read more
Customer Identity and Access Management (CIAM) refers to the methods that companies use to give their end users access to digital assets and to manage this access and...
read more
read more
A Cyber Kill Chain is a framework that describes the sequential stages attackers follow to execute a successful cyberattack.
read more
read more
A cyber resilience strategy is an organization's ability to maintain essential functions during and after a cyberattack or security incident.
read more
read more
Dark Web Monitoring is a cybersecurity service that continuously scans hidden parts of the internet for stolen data, credentials, and other compromised information...
read more
read more
A Data Access Path is the route that data takes as it flows through systems, networks, and applications from its source to its destination.
read more
read more
Data at Rest refers to information that is stored on physical or digital storage media and is not actively being transmitted or processed.
read more
read more
Data contextualization is the process of adding relevant background information and meaning to raw data to make it more useful for analysis and decision-making.
read more
read more
Data Exposure Risk refers to the likelihood that sensitive information will be accessed, viewed, or stolen by unauthorized parties.
read more
read more
A Data Flow Mapping is a systematic process of documenting how data moves through an organization's systems, networks, and processes.
read more
read more
Data in transit is information that is actively moving from one location to another across a network.
read more
read more
Data Usage Analytics is the practice of monitoring, measuring, and analyzing how data flows through and is utilized within an organization's systems.
read more
read more
A Defense-in-Depth strategy is a cybersecurity approach that employs multiple layers of security controls to protect information systems.
read more
read more
A defensibility assessment is a comprehensive evaluation of an organization's cybersecurity posture and ability to defend against potential threats.
read more
read more
A Defensible Security Program is a cybersecurity framework designed to withstand scrutiny from auditors, regulators, and legal authorities by demonstrating reasonable and...
read more
read more
A detection confidence is a numerical score that indicates how certain a security system is about the accuracy of a particular threat detection.
read more
read more
Detection Coverage Mapping is a cybersecurity practice that systematically identifies and visualizes which security controls can detect specific threats or attack...
read more
read more
Detection efficacy is a cybersecurity metric that measures how effectively a security system identifies genuine threats while minimizing false positives.
read more
read more
Detection Engineering is the systematic practice of creating, testing, and maintaining security detection capabilities within an organization's cybersecurity...
read more
read more
A Detection Gap Analysis is a systematic evaluation of an organization's security monitoring capabilities to identify blind spots where threats may go undetected.
read more
read more
Detection latency is the time delay between when a security incident occurs and when it is identified by security systems or personnel.
read more
read more
Detection-as-Code is a cybersecurity practice that treats detection rules and logic as software code, applying software development methodologies to security monitoring.
read more
read more
A Device Trust Posture is a comprehensive assessment of how trustworthy a device is based on its security configuration, compliance status, and risk indicators.
read more
read more
Digital exhaust refers to the trail of data created by users' online activities and digital interactions.
read more
read more
Digital Forensics and Incident Response is a specialized cybersecurity function delivered by computer emergency response or computer security incident response teams.
read more
read more
Digital trust is the confidence that users have in the security, privacy, and reliability of digital systems and services.
read more
read more
Directory Services Hardening is the process of securing directory service infrastructures like Active Directory against unauthorized access and attacks.
read more
read more
A Distributed Trust Model is a security framework where trust and authority are spread across multiple entities rather than concentrated in a single central authority.
read more
read more
DNS Security refers to protective measures that safeguard the Domain Name System from various cyber threats and attacks.
read more
read more
Dwell time has two distinct meanings in cybersecurity, one related to cyberattacks and the other related to identity authentication.
read more
read more
Emulation-based testing is a cybersecurity assessment method that uses software to mimic the tactics, techniques, and procedures of real threat actors.
read more
read more
Endpoint Detection and Response, or EDR, is a security automation technology that protects enterprise workstations or endpoints against unauthorized access and use.
read more
read more
Endpoint hardening is the process of securing individual devices and systems by reducing their attack surface and vulnerabilities.
read more
read more
Environment Parity Risk refers to security vulnerabilities that arise when development, testing, and production environments differ significantly in configuration,...
read more
read more
Environmental drift refers to the gradual changes in a system's operating environment that can affect security postures over time.
read more
read more
An Ephemeral Asset Risk is a cybersecurity vulnerability that arises from temporary or short-lived digital resources within an organization's infrastructure.
read more
read more
An Executive Tabletop is a cybersecurity simulation exercise where senior leadership discusses their response to a hypothetical cyber incident.
read more
read more
Exposure Management is the systematic process of identifying, assessing, prioritizing, and mitigating security vulnerabilities and risks across an organization's digital...
read more
read more
Exposure Validation is the process of confirming whether identified security vulnerabilities can actually be exploited in a real-world environment.
read more
read more
Extended detection and response (XDR) collects threat data from previously siloed security tools across an organization’s technology stack for easier and faster...
read more
read more
False Acceptance Rate, or FAR, is a measure of how often a biometric authentication system incorrectly authenticates an unauthorized user.
read more
read more
A false negative is a security system failure where a genuine threat or malicious activity goes undetected and is incorrectly classified as benign.
read more
read more
False Rejection Rate, or FRR, is a measure of how often a biometric authentication system incorrectly rejects an authorized user.
read more
read more
A First Responder Playbook is a structured document that outlines step-by-step procedures for cybersecurity teams to follow when responding to security incidents.
read more
read more
Forensic readiness is an organization's preparedness to conduct digital investigations effectively when security incidents occur.
read more
read more
A Forward Defense is a cybersecurity strategy that involves proactively engaging threats at their source before they can reach critical systems.
read more
read more
A Forward Incident Response is a proactive cybersecurity strategy that positions incident response capabilities and personnel closer to potential threats and...
read more
read more
A Fraud Signal Correlation is the process of analyzing multiple data points and behavioral indicators to identify patterns that suggest fraudulent activity.
read more
read more
A Full-Scope Red Team is a comprehensive cybersecurity exercise where ethical hackers simulate real-world adversaries to test an organization's entire security posture.
read more
read more
A fuzzing attack is a software testing technique that involves sending invalid, unexpected, or random data inputs to a program to identify vulnerabilities.
read more
read more
Gray box testing is a software testing methodology that combines elements of both black box and white box testing approaches.
read more
read more
A High-Value Asset is a critical system, data repository, or infrastructure component that would cause significant damage to an organization if compromised, stolen, or...
read more
read more
A Hybrid Red Team is a cybersecurity assessment approach that combines both internal security personnel and external consultants to simulate realistic cyberattacks...
read more
read more
ICS and SCADA Security Testing refers to specialized cybersecurity assessments designed to evaluate the security posture of Industrial Control Systems and Supervisory...
read more
read more
Identity and Access Management, or IAM, refers to a centralized framework of policies, systems, and software within an organization which ensure that technology resources...
read more
read more
Identity Assurance exists when the person using an account at any time is definitively known to be the proper user.
read more
read more
An Identity Attack Surface encompasses all the potential entry points and vulnerabilities that attackers can exploit to compromise user identities within an...
read more
read more
An Identity Blast Radius is the scope of systems, resources, and data that could be compromised if a particular digital identity is breached or misused.
read more
read more
Identity Context is the comprehensive set of behavioral, environmental, and technical factors that establish a user's digital identity at any given moment.
read more
read more
Identity Correlation is the process of linking and matching digital identities across multiple systems, platforms, or data sources to establish connections between...
read more
read more
An Identity Factor is one of several general categories of identity signals that can be used to validate a user's identity.
read more
read more
Identity Lifecycle Risk refers to security vulnerabilities that emerge during different stages of a user's digital identity management process.
read more
read more
Identity Posture refers to an organization's overall security stance regarding user identities, access controls, and authentication mechanisms across its digital...
read more
read more
Identity proofing is the process of verifying that a person is who they claim to be during account registration or credential issuance.
read more
read more
Identity Threat Detection and Response technologies concern themselves with detecting mismatches between the owner of a session, grant, or set of credentials and the...
read more
read more
Identity as a signal is best understood a continuous data stream that measures the likelihood that the human being behind a computer identity is the right person.
read more
read more
In-band authentication factors are identity signals that rely for their identity check on the same system that is requesting user authentication.
read more
read more
In-session detection refers to security teams being able to spot credential misuse after login has occurred.
read more
read more
Incident classification is the systematic categorization of cybersecurity incidents based on their type, severity, and impact.
read more
read more
An Incident Escalation Matrix is a structured framework that defines when, how, and to whom cybersecurity incidents should be escalated based on their severity, impact,...
read more
read more
An incident response is a structured approach to addressing and managing cybersecurity breaches or attacks.
read more
read more
An Incident Response Team is a designated group of cybersecurity professionals responsible for detecting, analyzing, and responding to security incidents within an...
read more
read more
An Incident Severity Rating is a classification system used to prioritize cybersecurity incidents based on their potential impact and urgency.
read more
read more
Incident triage is the process of prioritizing and categorizing cybersecurity incidents based on their severity, impact, and urgency to determine appropriate response...
read more
read more
An Indicator of Compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached.
read more
read more
Information Flow Control is a security mechanism that monitors and restricts how data moves between different parts of a system or network.
read more
read more
Information Security refers to the policies and measures that an organization deploys to protect critical information and data, especially electronic data, from...
read more
read more
Infrastructure drift is the gradual divergence of deployed IT systems from their originally intended configurations and security baselines.
read more
read more
Infrastructure exposure is the condition of having critical systems, networks, or assets accessible to unauthorized parties or vulnerable to attack.
read more
read more
An Insider Risk Program is a structured organizational initiative designed to identify, assess, and mitigate threats posed by individuals with authorized access to...
read more
read more
Integrity monitoring is a cybersecurity practice that continuously tracks and detects unauthorized changes to files, systems, or data.
read more
read more
Invisible Authentication is a method of authenticating users that requires no specific activity for the purpose of establishing identity.
read more
read more
IP Data Mapping is the process of associating IP addresses with geographic locations, network ownership, and other contextual information.
read more
read more
An IP Exposure Surface is the collection of internet-facing IP addresses and associated services that an organization makes accessible from external networks.
read more
read more
An Isolation Strategy is a cybersecurity approach that separates critical systems, networks, or processes from potential threats by creating secure boundaries.
read more
read more
Just-Enough-Access is a security principle that grants users the minimum level of permissions necessary to perform their specific job functions.
read more
read more
A Just-in-Time Access system grants users temporary, elevated permissions only when needed and for limited durations.
read more
read more
Kerberos is a computer-network authentication protocol most commonly used in Microsoft’s Active Directory.
read more
read more
A Kill Chain Disruption is a cybersecurity strategy that involves interrupting an attacker's sequence of actions at any stage to prevent successful completion of a...
read more
read more
A Kill Chain Mapping is a cybersecurity analysis technique that traces and documents the sequential steps an attacker takes to compromise a target system.
read more
read more
A kill switch is a security mechanism that immediately disables or shuts down a system, application, or network connection when activated.
read more
read more
Knowledge-based Authentication, or KBA, is a method of authentication in which a user proves his or her identity by providing information that only he or she should know.
read more
read more
Kubernetes Security is the practice of protecting containerized applications and infrastructure managed by Kubernetes orchestration platforms.
read more
read more
A lateral exposure is a security vulnerability that allows an attacker to move from one compromised system to access other systems within the same network.
read more
read more
A Least Privilege Enforcement is a security practice that ensures users and systems have only the minimum access rights necessary to perform their designated functions.
read more
read more
Lessons Learned refers to the documented insights and knowledge gained from cybersecurity incidents, projects, or operational experiences.
read more
read more
Log integrity is the assurance that system logs remain accurate, complete, and unaltered from their original state.
read more
read more
Logging coverage refers to the comprehensiveness and scope of an organization's system and security event logging capabilities.
read more
read more
A Machine Identity is a digital identity assigned to non-human entities such as applications, services, containers, IoT devices, and automated systems to enable secure...
read more
read more
A Machine-to-Machine Identity is a digital credential that enables automated systems, applications, and devices to authenticate and communicate with each other without...
read more
read more
Malware refers to a diverse array of programs and software that share the characteristic of being harmful to legitimate systems and users.
read more
read more
Mean Time to Detect (MTTR) is the average time it takes for an organization to identify a security incident or breach from when it first occurs.
read more
read more
MTTR (mean time to resolve) is the average time it takes to fully resolve a failure.
read more
read more
A misuse case is a scenario that describes how a system could be exploited or attacked by malicious actors.
read more
read more
A MITRE ATT&CK Framework is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
read more
read more
Mobile Application Security Testing is a comprehensive evaluation process that identifies vulnerabilities and security flaws in mobile applications across various...
read more
read more
Mobile Penetration Testing is a security assessment methodology that evaluates the security posture of mobile applications, devices, and supporting infrastructure.
read more
read more
Model integrity refers to the assurance that an AI or machine learning model remains uncompromised and functions as intended throughout its lifecycle.
read more
read more
Multi-factor Authentication, or MFA, is a form of authentication requiring that a user prove their identity using two or more identity factors at once.
read more
read more
Network Penetration Testing is a cybersecurity assessment that simulates real-world attacks against an organization's network infrastructure to identify vulnerabilities...
read more
read more
A Non-Human Identity is a digital identity assigned to automated systems, applications, services, or devices rather than human users.
read more
read more
Non-repudiation is a legal term that refers to the highly certain attribution of computing activity to a particular individual.
read more
read more
Operational Decision Latency refers to the time delay between detecting a cybersecurity threat and taking decisive action to address it.
read more
read more
Operational Dwell Reduction refers to minimizing the time cybercriminals remain undetected within compromised systems.
read more
read more
Operational Security Effectiveness measures how well an organization's security practices protect against real-world threats and vulnerabilities.
read more
read more
Operational Technology Security refers to the protection of hardware and software systems that monitor and control physical devices and industrial processes.
read more
read more
An orphaned account is a user account that remains active in a system after the associated user has left the organization or no longer requires access.
read more
read more
Out-of-Band authentication factors are identity signals that do not rely for their veracity on the same system requesting user authentication.
read more
read more
Out-of-Policy Access occurs when users gain entry to systems, data, or resources in ways that violate established security policies or access controls.
read more
read more
Passive Authentication is a form of authentication in which the identity of the user is checked and confirmed without requiring specific additional actions for the...
read more
read more
Technology Terms
Account Lifecycle Management is the systematic process of creating, maintaining, and deactivating user accounts throughout their entire existence within an organization's...
read more
read more
Account provisioning is the process of creating, configuring, and managing user accounts and their associated access permissions within an organization's IT systems.
read more
read more
Microsoft Active Directory Federation Services, or ADFS, is a Microsoft product and related infrastructure used to enable single sign-on capability for Microsoft Active...
read more
read more
Advanced Authentication is an authentication strategy that uses real-world identity signals adaptively to provide significantly stronger identity verification for...
read more
read more
An air-gapped network is a computer network that is physically isolated from unsecured networks, including the internet.
read more
read more
Alert correlation is the process of analyzing and linking related security alerts to identify patterns and reduce false positives.
read more
read more
Amazon Web Services, or AWS, is a cloud computing and data storage architecture and service provided by Amazon.com.
read more
read more
Anomaly detection is a cybersecurity technique that identifies unusual patterns or behaviors that deviate from established baselines.
read more
read more
Antivirus is software designed to detect, prevent, and remove malicious software from computer systems.
read more
read more
An API Gateway is a server that acts as an intermediary between clients and backend services, managing API requests and responses.
read more
read more
Application Control is a cybersecurity approach that restricts which software applications can execute on a system or network.
read more
read more
Application Security Posture Management is a cybersecurity approach that continuously monitors and manages security risks across an organization's application portfolio.
read more
read more
Artificial Intelligence, or AI, refers to a general category of computing strategies, technologies, and techniques that enable computer systems to mimic human reasoning.
read more
read more
Artificial Neural Networks, or ANN, are an artificial intelligence strategy in which computing algorithms and data structures are designed to mimic the neural networks...
read more
read more
Attribute-Based Access Control is a security model that grants or denies access based on attributes of users, resources, and environmental conditions.
read more
read more
Behavioral Biometrics is an identity verification strategy and matching set of technologies able to authenticate users' identities based on micro-patterns in everyday...
read more
read more
A Behavioral DLP is a data loss prevention system that uses user behavior analytics to detect and prevent unauthorized data exfiltration.
read more
read more
Biometrics is an identity verification strategy and matching set of technologies that authenticate users based on measured physiological attributes, such as the spacing...
read more
read more
A Breach and Attack Simulation is a cybersecurity testing methodology that uses automated tools to continuously simulate real-world cyberattacks against an organization's...
read more
read more
A Certificate Authority is a trusted third-party organization that issues and manages digital certificates used to verify identities in public key cryptography.
read more
read more
A Cloud Access Security Broker (CASB) is a security tool that sits between an organization's on-premises infrastructure and cloud service providers to monitor and control...
read more
read more
A Cloud Control Plane is the centralized management layer that orchestrates and governs all operations within a cloud computing environment.
read more
read more
A Cloud Detection and Response (CDR) solution is a cybersecurity technology that monitors cloud environments for threats and automatically responds to security incidents.
read more
read more
Cloud Entitlement Management is a cybersecurity practice that governs and controls user access permissions across cloud environments.
read more
read more
A Cloud Native Application Protection Platform is a comprehensive security solution designed to protect applications built and deployed in cloud-native environments...
read more
read more
A Cloud Security Posture Management (CSPM) solution is a cybersecurity tool that continuously monitors and assesses cloud infrastructure for security risks and compliance...
read more
read more
A Cloud Workload Protection Platform is a security solution that provides comprehensive protection for applications and workloads running in cloud environments.
read more
read more
A Configuration Management Database is a centralized repository that stores information about IT infrastructure components and their relationships within an...
read more
read more
Continuous Access Evaluation is a security model that dynamically reassesses user access permissions throughout an active session.
read more
read more
Continuous Authentication is an authentication technology that uses other compatibile authentication strategies (such as Plurilock's behavioral-biometric authentication)...
read more
read more
A Counter Unmanned Aircraft System (C-UAS) is a technology designed to detect, track, and neutralize unauthorized or malicious drones.
read more
read more
Cryptography is the practice of securing information by transforming it into formats that unauthorized parties cannot easily read or understand.
read more
read more
Data encryption is a security process that converts readable information into an unreadable format using cryptographic algorithms.
read more
read more
Data masking is a cybersecurity technique that replaces sensitive information with fictitious but realistic-looking data.
read more
read more
Data Security Posture Management is a cybersecurity approach that continuously monitors, assesses, and improves an organization's overall data protection capabilities.
read more
read more
A decision automation system is a technology that automatically makes predetermined responses to specific cybersecurity events without human intervention.
read more
read more
Decryption is the process of converting encrypted or encoded data back into its original, readable form.
read more
read more
A Demilitarized Zone (DMZ) is a network segment that sits between an organization's internal network and the external internet, providing a buffer zone for publicly...
read more
read more
Device-free MFA refers to any multi-factor authentication strategy that confirms user identity using signal(s) beyond a username and password pair but does so without...
read more
read more
A DevSecOps pipeline is an automated software development workflow that integrates security practices throughout the entire development lifecycle.
read more
read more
A digital certificate is a cryptographic document that verifies the identity of an entity and binds it to a public key.
read more
read more
A digital signature is a cryptographic mechanism that verifies the authenticity and integrity of digital documents or messages.
read more
read more
Dynamic Access Control is a security framework that adjusts user permissions in real-time based on current context and risk factors.
read more
read more
Dynamic Application Security Testing is a cybersecurity testing method that analyzes applications while they are running to identify vulnerabilities.
read more
read more
Egress filtering is a network security practice that monitors and controls data leaving an organization's network.
read more
read more
Encryption is the process of converting plaintext data into an unreadable format using mathematical algorithms and cryptographic keys.
read more
read more
An Endpoint is any network-connected, non-infrastructure computing device in an enterprise environment.
read more
read more
Face ID or Facial Recognition is a type of biometric authentication that identifies users based on the structure, contours, and heat patterns present in their faces.
read more
read more
Federated authorization is a security model that allows users to access multiple systems or applications using a single set of credentials managed across different...
read more
read more
Identity Federation is a series of applications and techniques to enable user identities to be linked across multiple separate user directories.
read more
read more
Fingerprint Scans are a type of biometric authentication that identifies users based on the pattern of ridges present on the tips of their finger(s) or thumb(s).
read more
read more
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
read more
read more
A hashing function is a mathematical algorithm that converts input data of any size into a fixed-length string of characters called a hash value or digest.
read more
read more
A honeypot is a cybersecurity tool designed to attract and detect unauthorized access attempts by mimicking vulnerable systems or services.
read more
read more
A Host-Based Intrusion Detection System (HIDS) is a security tool that monitors and analyzes activity on a single computer or server to detect potential threats.
read more
read more
An Identity Control Plane is a centralized framework that manages and governs all identity-related operations across an organization's digital infrastructure.
read more
read more
An Identity Fabric is a comprehensive, integrated architecture that connects and manages all identity-related systems, processes, and technologies across an...
read more
read more
Identity Governance and Administration is a cybersecurity framework that manages digital identities and their access rights throughout an organization.
read more
read more
An Identity Risk Engine is a cybersecurity system that continuously analyzes user behavior and contextual data to assess authentication and access risks in real-time.
read more
read more
An Identity Signal is a form of data that can be used to uniquely identify an individual.
read more
read more
An Identity-Aware Proxy is a security service that controls access to applications based on user identity and contextual factors rather than network location.
read more
read more
Industrial Control Systems are specialized computing systems that monitor and control industrial processes in critical infrastructure sectors.
read more
read more
Infrastructure as Code is a practice where computing infrastructure is provisioned and managed using machine-readable definition files rather than manual processes.
read more
read more
An Integrated GRC Platform is a unified software solution that combines governance, risk management, and compliance functions into a single system.
read more
read more
The Internet of Things describes the part of the electronic universe that comprises network-attached appliances and embedded devices.
read more
read more
An Intrusion Detection System is a security tool that monitors network traffic and system activities to identify potential security threats and malicious behavior.
read more
read more
An Intrusion Prevention System (IPS) is a network security technology that monitors traffic in real-time and automatically blocks detected threats.
read more
read more
IT Asset Management is the systematic process of tracking, managing, and optimizing an organization's technology resources throughout their lifecycle.
read more
read more
A Key Management Service is a centralized system that handles the creation, distribution, storage, and lifecycle management of cryptographic keys.
read more
read more
Keystroke Dynamics are tiny patterns and variations in keyboard-based hand and finger movement that occur naturally as users type.
read more
read more
A Large Language Model is an artificial intelligence system trained on vast amounts of text data to understand and generate human-like language.
read more
read more
Machine Learning refers to a general category of algorithms, statistical models, and computing technologies designed to enable computing systems to perform tasks...
read more
read more
A Managed Detection and Response (MDR) service is a cybersecurity solution that combines technology and human expertise to hunt, detect, and respond to threats.
read more
read more
A Managed Security Service Provider (MSSP) is a third-party company that provides outsourced cybersecurity services to organizations.
read more
read more
A micro-segmentation strategy divides a network into small, isolated segments to limit lateral movement and reduce attack surfaces.
read more
read more
Mouse Dynamics are tiny patterns and variations in mouse- or pointer-based hand and finger movement that occur naturally as users interact with their screen pointer.
read more
read more
Multi-tenancy is a software architecture where a single application instance serves multiple customers or organizations simultaneously.
read more
read more
A National Vulnerability Database is a comprehensive repository of cybersecurity vulnerability data maintained by the US National Institute of Standards and Technology...
read more
read more
Network Access Control is a security approach that regulates which devices and users can connect to a network and what resources they can access.
read more
read more
A network segmentation is a security practice that divides a computer network into smaller, isolated subnetworks or segments.
read more
read more
A Network-Based Intrusion Detection System (NIDS) is a security tool that monitors network traffic to detect malicious activities and policy violations.
read more
read more
A Next-Generation Firewall (NGFW) is an advanced network security device that combines traditional firewall capabilities with additional security features like...
read more
read more
Penetration Testing as a Service is a cloud-based security service that provides ongoing vulnerability assessments without requiring in-house expertise.
read more
read more
A Policy Decision Point is a component in access control systems that evaluates authorization requests and renders access decisions based on predefined policies.
read more
read more
A Policy Enforcement Point is a system component that actively enforces access control policies by intercepting and evaluating requests for protected resources.
read more
read more
A Policy-as-Code approach is a cybersecurity practice that defines security policies and compliance rules using machine-readable code rather than traditional...
read more
read more
A proxy server is an intermediary server that forwards requests between clients and other servers.
read more
read more
A Public Key Infrastructure is a comprehensive framework that manages digital certificates and public-private key pairs for secure communications.
read more
read more
A Retina Scanner, sometimes mistakenly referred to as an iris scanner, is a device used for biometric authentication.
read more
read more
Robotic process automation, or RPA, refers to the development of software "robots" that are able to autonomously perform complex, repetitive software tasks.
read more
read more
Runtime Application Self-Protection is a security technology that enables applications to detect and respond to attacks in real-time during execution.
read more
read more
A Secure Access Service Edge (SASE) is a cloud-based security framework that combines network security and wide area networking capabilities into a single service.
read more
read more
A Secure Web Gateway is a cybersecurity solution that filters and monitors web traffic between users and the internet to block malicious content and enforce security...
read more
read more
A Security Operations Center is a centralized facility where cybersecurity professionals monitor, detect, analyze, and respond to security threats in real-time.
read more
read more
Security Orchestration, Automation, and Response (SOAR) is a cybersecurity framework that integrates security tools and automates incident response processes.
read more
read more
SMS Authentication is a kind of identity proof often used for two-factor authentication (2FA) or multi-factor authentication (MFA).
read more
read more
Software Composition Analysis is a security practice that identifies and inventories open source and third-party components within software applications.
read more
read more
A Software Development Lifecycle is a structured process that guides the creation, testing, and maintenance of software applications from conception to retirement.
read more
read more
A Software-Defined Perimeter (SDP) is a security framework that creates encrypted micro-tunnels between users and specific applications they need to access.
read more
read more
Static Application Security Testing is a cybersecurity testing method that analyzes application source code without executing the program.
read more
read more
Step-up Authentication is an additional step in a login or authentication workflow in which a user is asked to provide additional confirmation of their identity.
read more
read more
Supervisory Control and Data Acquisition (SCADA) is a control system used to monitor and control industrial processes and critical infrastructure.
read more
read more
A threat feed is a structured data stream that provides real-time or near-real-time information about current cybersecurity threats and indicators of compromise.
read more
read more
A Threat Intelligence Platform is a centralized system that aggregates, analyzes, and disseminates cybersecurity threat data from multiple sources to support...
read more
read more
Tokenization is a data protection technique that replaces sensitive data with non-sensitive placeholder values called tokens.
read more
read more
A Trust Evaluation Engine is a cybersecurity system that continuously assesses and scores the trustworthiness of users, devices, or entities within a network.
read more
read more
User friction describes the degree to which a common workflow is difficult, time-consuming, or irritating for a user to complete.
read more
read more
A Virutal Desktop Infrastructure, or VDI, is a software infrastructure and set of processes for enabling users to interact with the desktop environment of one computer...
read more
read more
A Virtual Private Network, or VPN, is a network topology in which network traffic is routed to and from a remote endpoint in such a way that the endpoint can be reached...
read more
read more
A vulnerability scanning is an automated process that identifies security weaknesses in computer systems, networks, and applications.
read more
read more
A Web Application Firewall is a security solution that monitors, filters, and blocks HTTP traffic between web applications and the internet.
read more
read more
A Zero Trust Architecture is a cybersecurity framework that assumes no user or device should be trusted by default, regardless of location or network access.
read more
read more
A Zero Trust Network Access (ZTNA) is a security framework that requires verification of every user and device before granting access to network resources.
read more
read more
Compliance Terms
23 NYCRR 500 requires banks, insurance companies, and other financial services institutions regulated by the New York Department of Financial Services (NYDFS or simply...
read more
read more
Access Governance is a cybersecurity framework that systematically manages and oversees user permissions and access rights across an organization's digital resources.
read more
read more
An access review is a systematic evaluation of user permissions and access rights within an organization's systems and applications.
read more
read more
Access Transparency is a security feature that provides detailed, real-time logging and monitoring of all administrative access to an organization's systems and data.
read more
read more
Annualized Loss Expectancy is a risk assessment metric that estimates the total monetary loss an organization can expect from a specific threat over one year.
read more
read more
Application Risk Profiling is the systematic assessment of security vulnerabilities and threats associated with software applications within an organization's environment.
read more
read more
Asset Criticality is a measure of how essential a particular IT asset is to an organization's operations and mission success.
read more
read more
Asset Ownership refers to the assignment of responsibility for specific digital assets within an organization's cybersecurity framework.
read more
read more
An attestation is a cryptographic process that verifies the integrity and authenticity of a system, device, or software component.
read more
read more
Audit evidence is information collected and examined during a security or compliance audit to evaluate an organization's adherence to policies, procedures, and regulatory...
read more
read more
Audit fatigue is the gradual decline in effectiveness and engagement that occurs when organizations or individuals are subjected to excessive or repetitive security...
read more
read more
An audit program is a systematic plan that outlines the procedures, scope, and timeline for conducting a cybersecurity audit.
read more
read more
Audit scope creep is the gradual expansion of an audit's original boundaries beyond its initially defined parameters.
read more
read more
An audit trail integrity refers to the assurance that logged security events and system activities remain unaltered and authentic over time.
read more
read more
An Authentication Assurance Level is a measure of confidence in the identity verification process used during authentication.
read more
read more
A Board Risk Appetite Statement is a formal document that defines the level and types of risk an organization is willing to accept in pursuit of its objectives.
read more
read more
Board Risk Reporting is the systematic communication of cybersecurity risks, incidents, and program status to an organization's board of directors.
read more
read more
A Business Continuity Plan is a documented strategy that outlines how an organization will continue operating during and after a disruptive incident.
read more
read more
Business Disruption Modeling is a cybersecurity planning methodology that analyzes how cyberattacks could interrupt critical business operations and processes.
read more
read more
A Business Impact Analysis is a systematic process that identifies and evaluates the potential effects of disruptions on critical business operations.
read more
read more
A Business-Aligned Risk is a cybersecurity risk assessment approach that evaluates threats based on their potential impact to specific business objectives and operations.
read more
read more
A Capability Maturity Model is a framework for assessing and improving an organization's processes and practices in a specific domain.
read more
read more
A Chain of Custody is a documented chronological record that tracks the handling of digital evidence from collection to presentation in legal proceedings.
read more
read more
Change Control is a systematic process for managing and documenting modifications to IT systems, software, or security configurations.
read more
read more
A Chief Information Security Officer is a senior executive responsible for establishing and maintaining an organization's information security strategy, policies, and...
read more
read more
The Center for Internet Security Critical Security Controls, or CIS CSC, are a set of guidelines intended to help organizations to protect themselves and their systems...
read more
read more
A Cloud Identity Governance system is a security framework that manages user identities and access rights across cloud-based applications and services.
read more
read more
A compensating control is an alternative security measure implemented when a primary control cannot be used or is insufficient to meet compliance requirements.
read more
read more
Compliance Evidence Automation is the use of technology to automatically collect, organize, and present documentation required for regulatory compliance.
read more
read more
A Compliance Gap Analysis is a systematic evaluation that identifies differences between an organization's current security practices and required regulatory or industry...
read more
read more
Compliance mapping is the process of systematically aligning an organization's security controls and policies with specific regulatory requirements and industry standards.
read more
read more
Compliance scope definition is the process of identifying and documenting which systems, processes, data, and personnel fall under specific regulatory or framework...
read more
read more
A configuration baseline is a documented, approved set of system configurations that serves as a reference point for security and operational standards.
read more
read more
Continuous Authorization is an ongoing security process that continuously evaluates and adjusts user access permissions based on real-time risk assessment and contextual...
read more
read more
A Continuous Authorization to Operate (cATO) is an ongoing security authorization approach that replaces traditional periodic security assessments with real-time...
read more
read more
Continuous Controls Monitoring is the ongoing, automated assessment of an organization's security controls and compliance posture.
read more
read more
Control Cost Efficiency is a cybersecurity metric that measures the financial effectiveness of security controls relative to their implementation and operational costs.
read more
read more
A Control Coverage Gap is a situation where security controls fail to adequately protect against specific threats or vulnerabilities within an organization's attack...
read more
read more
Control effectiveness is a measure of how well a cybersecurity control achieves its intended security objectives and mitigates identified risks.
read more
read more
A control framework is a structured set of guidelines, standards, and best practices that organizations use to manage and mitigate cybersecurity risks.
read more
read more
Control Inheritance is the practice of deriving security controls from higher-level systems or parent organizations rather than implementing them independently.
read more
read more
A control objective is a specific goal or outcome that an organization aims to achieve through the implementation of security controls and risk management practices.
read more
read more
Control Overlap is when multiple cybersecurity controls address the same risk or vulnerability within a system.
read more
read more
Control Rationalization is a cybersecurity risk management practice where organizations justify reduced security controls based on perceived cost-benefit analysis or...
read more
read more
Control testing is the systematic evaluation of security controls to verify they function as intended and effectively mitigate identified risks.
read more
read more
Control Validation is the process of testing and verifying that cybersecurity controls are functioning as intended and effectively mitigating identified risks.
read more
read more
Control-to-Risk Traceability is the ability to directly link cybersecurity controls to the specific risks they are designed to mitigate.
read more
read more
Crisis Decision Velocity refers to the speed at which an organization can make critical cybersecurity decisions during an active security incident or breach.
read more
read more
Crisis Management is the coordinated response to cybersecurity incidents to minimize damage and restore normal operations.
read more
read more
A Cyber Operating Model is a structured framework that defines how an organization manages, executes, and governs its cybersecurity operations and capabilities.
read more
read more
Cyber risk appetite is the level of cybersecurity risk an organization is willing to accept in pursuit of its business objectives.
read more
read more
Cyber Risk Economics is the study of how organizations evaluate, quantify, and manage cybersecurity risks through financial and economic analysis.
read more
read more
Cyber Risk Quantification is the process of measuring and expressing cybersecurity risks in numerical, often monetary terms.
read more
read more
A Cyber Risk Register is a comprehensive document that catalogs and tracks all identified cybersecurity risks within an organization.
read more
read more
Cyber Supply Chain Risk Management is the practice of identifying and mitigating cybersecurity threats that originate from an organization's supply chain partners,...
read more
read more
A Cybersecurity Maturity Assessment is a systematic evaluation that measures an organization's current cybersecurity capabilities against established frameworks and best...
read more
read more
A Cybersecurity Maturity Model Certification (CMMC) is a framework that measures and verifies cybersecurity practices across the Defense Industrial Base.
read more
read more
Data Access Governance is a framework of policies, procedures, and controls that manages who can access what data within an organization.
read more
read more
Data classification is a systematic approach to organizing and categorizing data based on its sensitivity, value, and regulatory requirements.
read more
read more
Data minimization is the practice of collecting, processing, and storing only the minimum amount of personal data necessary to accomplish a specific purpose.
read more
read more
Data residency refers to the physical or geographic location where data is stored and processed.
read more
read more
A Data Retention Policy is a formal document that specifies how long different types of data should be kept and when they should be deleted.
read more
read more
A data risk scoring system is a methodology that assigns numerical values to data assets based on their potential security vulnerabilities and business impact.
read more
read more
Data sovereignty is the concept that data is subject to the laws and governance structures of the nation or jurisdiction in which it is collected or stored.
read more
read more
A DevSecOps Maturity Model is a framework that assesses and guides organizations in integrating security practices throughout their development and operations lifecycle.
read more
read more
A Disaster Recovery Plan is a documented strategy for restoring IT systems and data after a disruptive event.
read more
read more
The Dodd Frank Wall Street Reform and Consumer Protection Act is a regulatory act applying to the US financial industry designed to limit risk and enforce transparency...
read more
read more
A Dynamic Risk Scoring system is a security mechanism that continuously evaluates and updates risk assessments based on real-time user behavior and contextual factors.
read more
read more
eDiscovery is the electronic identification, collection, and production of digitally stored information for use in legal proceedings.
read more
read more
Electronic Health Records and Electronic Medial Records are data gathered, manipulated, stored, or transmitted during the provision of healthcare services.
read more
read more
Electronic Protected Health Information, or ePHI, includes data gathered, manipulated, stored, or transmitted during the provision of healthcare, medical, or related...
read more
read more
Enterprise Risk Management is a comprehensive approach to identifying, assessing, and mitigating risks across an entire organization.
read more
read more
An Enterprise Risk Register is a centralized database that systematically documents, tracks, and manages all identified risks across an organization.
read more
read more
An entitlement review is a systematic audit of user access permissions across an organization's systems and applications.
read more
read more
Evidence collection is the systematic process of gathering, preserving, and documenting digital artifacts during a cybersecurity incident or forensic investigation.
read more
read more
Evidence freshness refers to how recently digital evidence was collected or how current the data is at the time of analysis.
read more
read more
Executive Cyber Fluency refers to the level of cybersecurity knowledge and understanding that senior leaders possess to make informed strategic decisions about...
read more
read more
Factor Analysis of Information Risk (FAIR) is a quantitative risk analysis methodology that helps organizations measure and understand cybersecurity and operational risk...
read more
read more
The Family Educational Rights and Privacy Act is a US federal law protecting the student privacy and the information contained in student education records.
read more
read more
The Federal Information Security Management Act is a US law that establishes cybersecurity requirements for federal agencies and their information systems.
read more
read more
A Federal Risk and Authorization Management Program is a US government-wide program that provides a standardized approach to security assessment, authorization, and...
read more
read more
The Federal Financial Institutions Examination Council, or FFIEC, is a formal US government interagency body composed of six voting representatives from other regulatory...
read more
read more
Financial Risk Modeling is the process of using mathematical and statistical techniques to quantify potential financial losses from cybersecurity threats.
read more
read more
The FIPS Publication 200 standard addresses the specification of minimum security requirements for US federal information under the Federal Information Security...
read more
read more
A Fourth-Party Exposure is a cybersecurity risk that arises when an organization's third-party vendors have their own external vendors or partners who pose security...
read more
read more
A fourth-party risk is the cybersecurity threat posed by vendors or service providers that work with an organization's direct third-party vendors.
read more
read more
Governance refers to the framework of policies, procedures, and oversight mechanisms that guide an organization's cybersecurity strategy and operations.
read more
read more
A Governance Framework is a structured system of policies, procedures, and controls that organizations use to manage and oversee their operations, risks, and compliance...
read more
read more
Governance, Risk, and Compliance (GRC) is a framework that helps organizations manage corporate governance, risk management, and regulatory compliance in a coordinated...
read more
read more
The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, requires financial institutions to document the methods that they use to...
read more
read more
The Health Information Technology for Economic and Clinical Health Act, or HITECH Act, promotes the adoption of electronic health record (EHR) systems for efficiency,...
read more
read more
The Healthcare Insurance Portability and Accountability Act of 1996, or HIPAA, is a US federal statute regulating the data privacy and security practices of healthcare...
read more
read more
An Incident Response Plan is a documented set of procedures for detecting, responding to, and recovering from cybersecurity incidents.
read more
read more
Inherent risk is the level of risk that exists in a process or system before any controls or safeguards are applied.
read more
read more
Intellectual Property refers to creations of the mind that are protected by law from unauthorized use or reproduction.
read more
read more
An IP Concentration Risk occurs when an organization relies too heavily on internet traffic from a limited number of IP addresses or IP ranges.
read more
read more
ISO 27001 a standard issued by the International Standards Organization (ISO) to help organizations protect their information assets and enable them to document the...
read more
read more
A Key Performance Indicator is a quantifiable metric used to measure the effectiveness of cybersecurity programs and controls.
read more
read more
A Key Risk Indicator is a metric used to provide early warning signals of increasing risk exposure in an organization's cybersecurity posture.
read more
read more
A Loss Event Frequency is a quantitative measure of how often a particular type of security incident or loss event occurs within a specified time period.
read more
read more
Loss Magnitude is the quantified extent of damage or impact resulting from a realized cybersecurity threat or incident.
read more
read more
Material Cyber Risk refers to cybersecurity threats that could significantly impact an organization's financial performance, operations, or reputation.
read more
read more
A materiality threshold is a predetermined benchmark used to determine whether a cybersecurity incident or data breach is significant enough to warrant formal disclosure,...
read more
read more
Mission Impact Modeling is a cybersecurity risk assessment methodology that evaluates how cyber threats affect an organization's core business operations and strategic...
read more
read more
Multi-cloud governance is the practice of establishing policies, procedures, and controls to manage resources and operations across multiple cloud service providers.
read more
read more
The National Futures Association Rulebook, or NFA Rulebook, is a publication by the National Futures Association providing guidelines for self-regulation and best...
read more
read more
US National Institute of Standards and Technology (NIST) 800-171 publications and subsequent revisions codify security requirements for non-federal computer systems that...
read more
read more
US National Institute of Standards and Technology (NIST) 800-53 publications and subsequent revisions codify requirements for security and privacy controls in federal...
read more
read more
A NIST Cybersecurity Framework is a voluntary guidance document that provides organizations with a structured approach to managing cybersecurity risks.
read more
read more
The North American Electric Reliability Corporation Critical Infrastructure Protection, or NERC CIP, is a plan outlining requirements to secure the assets which operate...
read more
read more
Operational Dependency Risk refers to the cybersecurity vulnerabilities that arise when an organization relies heavily on third-party services, systems, or infrastructure.
read more
read more
Operational resilience is an organization's ability to continue critical business functions during and after disruptive events, including cyberattacks.
read more
read more
The Payment Card Industry Data Security Standard, or PCI DSS, is a voluntary cybersecurity certification for companies that accept credit card payments.
read more
read more
A Plan of Action and Milestones (POA&M) is a formal document that tracks cybersecurity vulnerabilities and their remediation progress.
read more
read more
Probable Loss Exposure is the estimated financial impact an organization may face from cybersecurity incidents within a given timeframe.
read more
read more
A Recovery Point Objective is the maximum amount of data loss an organization can tolerate during a disaster or system failure.
read more
read more
A Recovery Time Objective (RTO) is the maximum acceptable time a system or service can remain unavailable after a disruption.
read more
read more
Regulatory Compliance refers to the degree to which an organization subject to particular security rules and policies is meeting the requirements outlined in them.
read more
read more
A residual risk is the level of risk that remains after security controls and mitigation measures have been implemented.
read more
read more
Risk Acceptance is a cybersecurity risk management strategy where an organization consciously decides to acknowledge and tolerate a specific risk without implementing...
read more
read more
Risk Acceptance Rationale is a formal document that explains why an organization chooses to accept a specific cybersecurity risk rather than mitigate it.
read more
read more
Risk aggregation is the process of combining multiple individual cybersecurity risks to understand their cumulative impact on an organization.
read more
read more
Risk Aggregation Bias is a cognitive error where security professionals underestimate total risk by evaluating individual threats separately rather than considering their...
read more
read more
Risk communication is the process of exchanging information about cybersecurity threats, vulnerabilities, and mitigation strategies between stakeholders.
read more
read more
A Risk Confidence Interval is a statistical range that quantifies the uncertainty around a cybersecurity risk assessment or measurement.
read more
read more
Risk decomposition is the process of breaking down complex cybersecurity risks into smaller, more manageable components for analysis and mitigation.
read more
read more
A Risk Distribution Curve is a graphical representation that shows the probability and potential impact of various cybersecurity risks across an organization's threat...
read more
read more
A Risk Heat Map is a visual tool that displays cybersecurity risks using color-coded matrices to indicate severity and likelihood.
read more
read more
Risk mitigation is the process of reducing the likelihood or impact of identified cybersecurity threats through strategic planning and implementation of protective...
read more
read more
Risk normalization is the psychological tendency for individuals and organizations to gradually accept higher levels of cybersecurity risk as routine or acceptable.
read more
read more
A risk owner is the individual or entity assigned responsibility for managing and monitoring a specific identified risk within an organization.
read more
read more
A Risk Scenario Modeling is a cybersecurity planning methodology that involves creating detailed, hypothetical attack scenarios to assess potential vulnerabilities and...
read more
read more
Risk Sensitivity Analysis is a cybersecurity assessment technique that evaluates how changes in key variables affect overall risk levels within an organization's security...
read more
read more
A risk signal quality is a measure of how reliable and actionable a security alert or indicator is for threat detection purposes.
read more
read more
A risk transfer is a risk management strategy that shifts the potential impact of a cybersecurity threat from one party to another through contractual or financial...
read more
read more
Risk treatment is the process of selecting and implementing measures to modify risk levels within an organization's cybersecurity framework.
read more
read more
Risk Velocity is the speed at which cybersecurity risks emerge, evolve, and potentially impact an organization.
read more
read more
The Sarbanes Oxley Act of 2002, or SOX Act, is a US federal law establishing a variety of auditing and financial regulations for public companies.
read more
read more
Scenario Severity Modeling is a risk assessment methodology that evaluates potential cybersecurity incidents by analyzing their likely impact and consequences.
read more
read more
The Securities and Exchange Commission is a US federal agency that regulates financial markets and enforces securities laws.
read more
read more
A Security Control Baseline is a standardized set of minimum security controls that an organization must implement to protect its information systems and data.
read more
read more
Security Control Ownership is the assignment of responsibility for implementing, maintaining, and monitoring specific cybersecurity controls within an organization.
read more
read more
A security policy is a formal document that defines an organization's cybersecurity rules, procedures, and standards.
read more
read more
Security Program Maturity is a measure of how developed, comprehensive, and effective an organization's cybersecurity capabilities are.
read more
read more
A Security ROI is a metric that measures the financial return on investment in cybersecurity initiatives and technologies.
read more
read more
A Service Organization Control 2 (SOC 2) is a compliance framework that evaluates how organizations manage customer data based on five trust service criteria.
read more
read more
A Shared Responsibility Model is a framework that divides cybersecurity responsibilities between cloud service providers and their customers.
read more
read more
A Software Bill of Materials (SBOM) is a comprehensive inventory listing all software components, libraries, and dependencies within an application or system.
read more
read more
A Stakeholder Impact Mapping is a systematic process for identifying and analyzing how a cybersecurity incident or breach affects different individuals and groups within...
read more
read more
A Supervisory Expectation Mapping is a cybersecurity governance framework that documents and aligns expected security behaviors, responsibilities, and outcomes across...
read more
read more
A System Security Plan is a comprehensive document that outlines security controls and procedures for protecting a specific information system.
read more
read more
Third-Party Risk Management is the process of identifying, assessing, and mitigating cybersecurity risks introduced by external vendors, suppliers, and business partners.
read more
read more
A tolerance threshold is the predetermined level of deviation or error that a security system will accept before triggering an alert or response.
read more
read more
A Top Risk Narrative is a comprehensive document that articulates an organization's most critical cybersecurity risks in business terms for executive leadership and board...
read more
read more
Uncertainty modeling is a mathematical approach used in cybersecurity to account for incomplete or imperfect information when making security decisions.
read more
read more
Vendor Concentration Risk refers to the cybersecurity vulnerabilities that arise when an organization relies too heavily on a single vendor or a small number of vendors...
read more
read more
A Vendor Risk Assessment is a systematic evaluation of security risks posed by third-party suppliers and service providers.
read more
read more
A Zero Trust Maturity Model is a framework that helps organizations assess and progress their implementation of zero trust security principles across different stages of...
read more
read more
Plurilock Terms
Plurilock ADAPT
Plurilock ADAPT is a Plurilock product that provides invisible, frictionless, biometric multi-factor authentication (MFA). ADAPT uses behavioral-biometric, environmental, and contextual identity factors to authenticate users during login workflows. ADAPT relies on machine learning to maintain a fingerprint-unique profile of users’ identity characteristics.¶If during login the authenticating individual does not match the expected user’s profile, they may either be excluded (login failed) or prompted to perform step-up authentication (such as with a phone code or email link) to confirm identity.
ADAPT makes stolen credentials useless to attackers; even if an attacker has captured a user’s password, their location behavior, network characteristics, and behavioral-biometric typing and pointing style won’t match the intended user, ensuring that inappropriate access is not granted.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Adaptive Factor Stack
Plurilock’s Adaptive Factor Stack is a combination of behavioral-biometric, environmental, and contextual identity signals that are processed by Plurilock’s machine learning engine to assemble an identity profile unique to every user. By combining or layering these factors, Plurilock’s machine learning engine is able to authoritatively identify real people, not just credentials, as they try to log in—drastically reducing the chance that an attacker can use stolen credentials to assume a legitimate user’s identity.
Plurilock AWARE
Plurilock AWARE is a Plurilock product that provides continuous identity monitoring for enterprise workstations or endpoints. AWARE uses behavioral-biometric, environmental, and contextual identity signals to validate and users’ identities continuously, as they carry out computing tasks.
This ongoing record of identity validation can be provided in real time to SIEM systems or other infrastructure for further activity, enabling, for example, automated exclusion of unauthorized users or the automatic maintenance of an audit log for non-repudiation purposes.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Plurilock DEFEND
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Endpoint Agent
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Enrollment
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Impossible Travel
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
JavaScript Agent
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Location Data
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Master Profile
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Network Context
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Plurilock API
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Profile
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Score
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Threshold
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Plurilock Terms
Impossible Travel
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
JavaScript Agent
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Location Data
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Master Profile
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Network Context
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Plurilock API
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Profile
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Score
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Threshold
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Compliance Terms
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Threat Terms
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Security Terms
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content
Example Information Security
The policies and measures to protect information, especially electronic data, from unauthorized users.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on Behavioral Biometrics, check out our Behavioral Biometrics Guide.Â
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean porta erat neque, sed condimentum urna eleifend eu. Donec luctus facilisis nisi, vel ornare libero bibendum eget.
For more information on privacy in security, check out ourPDF GUIDE
Accordion Content