Glossary

A

Advanced Persistent Threat (APT)

A sophisticated cyberattack where an adversary gains long-term, unauthorized access to a system or network. APTs typically target specific organizations, use custom tools and techniques, and remain undetected for extended periods while stealing data or establishing a foothold. The attacker's goal is persistence, not disruption.

Attack Surface

The total number of entry points—applications, systems, devices, networks, and user behaviors—where an attacker could potentially compromise an organization. A larger attack surface creates more opportunities for breach. Reducing attack surface means eliminating unnecessary systems, closing unused ports, and hardening critical infrastructure.

B

Board Communication

The practice of translating security risks and incidents into business language that board members and executives understand. This means focusing on financial impact, regulatory consequences, and competitive advantage rather than technical details. Effective board communication builds trust and ensures security gets the investment and attention it needs.

Breach Disclosure

The legal and regulatory process of notifying affected parties—customers, regulators, media—when a data breach has occurred. Disclosure timelines are mandated by law (e.g., SEC, GDPR) and vary by jurisdiction. Breach disclosure is complex, high-stakes communication that can affect stock price, customer trust, and legal liability.

Business Continuity

The organizational capability to maintain critical operations during a crisis or disaster. A business continuity plan documents which functions are essential, recovery priorities, alternative processes, and communication protocols. For CISOs, business continuity overlaps with incident response and disaster recovery planning.

C

Chief Information Security Officer (CISO)

The executive responsible for an organization's information security strategy, governance, and risk management. CISOs report directly to the CEO or board, manage security teams and budgets, and are accountable for protecting the organization's data, systems, and reputation. The role blends technical expertise with business acumen and political navigation.

Compliance

The state of adhering to laws, regulations, standards, and organizational policies. Compliance involves documenting controls, passing audits, and demonstrating that security practices meet required standards. Compliance is necessary but not sufficient—organizations can be technically compliant while still exposed to real risk.

Cyber Insurance

Insurance coverage that protects organizations against financial losses from cyberattacks, data breaches, and related incidents. Policies typically cover breach notification costs, forensics, legal fees, regulatory fines, and business interruption. Insurance doesn't prevent breaches but transfers financial risk and incentivizes strong security practices.

Cybersecurity Framework

A structured approach to organizing and implementing security controls. Frameworks like NIST provide categories (identify, protect, detect, respond, recover), common language for risk, and a roadmap for building mature security programs. Frameworks help organizations move from ad-hoc responses to systematic risk management.

D

Defense in Depth

A security strategy that uses multiple layers of controls so that if one layer fails, others continue to protect the organization. For example: firewalls protect the perimeter, endpoint protection secures individual devices, network segmentation isolates critical systems, and monitoring detects intrusions. No single control is perfect; layering provides redundancy.

Deepfake

A fabricated audio or video created using artificial intelligence to impersonate a real person. Deepfakes are increasingly used in social engineering attacks, executive impersonation scams, and disinformation campaigns. They exploit human trust in what we see and hear, making them particularly dangerous in high-stakes incidents.

Distributed Denial of Service (DDoS)

An attack that floods a website, application, or service with traffic from multiple sources, making it unavailable to legitimate users. Unlike a network outage, a DDoS is intentional and adversarial. Large DDoS attacks can disrupt business operations, embarrass organizations, and be used as cover for more serious attacks happening behind the scenes.

E

Endpoint Security

The practice of protecting individual devices—laptops, desktops, smartphones, tablets—from malware, unauthorized access, and data theft. Endpoint protection includes antivirus, host-based firewalls, encryption, and behavioral monitoring. As remote work proliferates, endpoint security becomes increasingly critical since devices are no longer contained within the corporate network.

Exfiltration

The unauthorized removal of data from an organization's systems. Exfiltration is the attacker's end goal—stealing intellectual property, customer records, financial data, or source code. Detecting exfiltration often requires monitoring unusual data transfers, outbound connections, and user behavior outside normal patterns.

F

Forensics

The systematic investigation and analysis of digital evidence to understand what happened during a security incident. Digital forensics examines logs, files, memory, network traffic, and timelines to reconstruct attacker behavior, identify entry points, and gather evidence for legal proceedings. Forensics expertise is critical during breach response.

G

General Data Protection Regulation (GDPR)

European Union regulation that mandates organizations protect personal data and privacy rights. GDPR applies to any organization processing EU resident data, regardless of location. Non-compliance results in severe fines (up to 20 million euros or 4% of global revenue). GDPR also gives individuals rights to access, correct, and delete their data.

Governance

The organizational structures, policies, and decision-making processes that guide security strategy and risk management. Security governance includes defining roles, establishing committees, setting budgets, approving projects, and ensuring accountability. Strong governance ensures security decisions are aligned with business objectives and properly funded.

I

Incident Response

The coordinated process of detecting, investigating, and responding to a security breach or cyberattack. An effective incident response includes a declared plan, trained team, clear communication protocols, and documented procedures for containment, eradication, and recovery. Speed matters—the time from detection to containment significantly affects damage and cost.

Insider Threat

Risk posed by employees, contractors, or trusted partners who have legitimate access to systems and data but misuse it—either through malice, negligence, or coercion. Insider threats are difficult to detect because the person is not bypassing security; they're exploiting the access they were legitimately granted. Controls include least-privilege access, activity monitoring, and user awareness.

L

Lateral Movement

An attacker's technique of moving from one compromised system to another within a network to expand their reach and access. After breaking into the network perimeter, attackers use lateral movement to find and steal higher-value data, escalate privileges, or establish persistence. Detecting lateral movement requires monitoring internal network traffic and user behavior anomalies.

N

NIST Cybersecurity Framework

A voluntary framework developed by the US National Institute of Standards and Technology that provides structured guidance for managing cybersecurity risk. NIST organizes security into five functions (Identify, Protect, Detect, Respond, Recover) and is widely adopted across government and industry as a common language for security maturity and risk assessment.

P

Penetration Testing (Pen Test)

An authorized simulated attack where security professionals attempt to breach systems, applications, and networks to identify vulnerabilities before malicious attackers do. A good pen test includes reconnaissance, exploitation, and reporting—not just a checklist scan. Pen tests reveal security theater (controls that look good on paper but fail in practice).

Phishing

A social engineering attack that tricks users into clicking malicious links, downloading malware, or disclosing sensitive information by impersonating a trusted source. Phishing typically arrives via email but can also be delivered through SMS, phone calls, or social media. Phishing remains one of the most common attack vectors because humans are the most exploitable layer in security.

R

Ransomware

Malware that encrypts an organization's files and systems, making them inaccessible, and demands payment (ransom) to decrypt them. Ransomware attacks disrupt operations, hold data hostage, and create pressure to pay. Modern ransomware gangs often steal data before encrypting systems, threatening to publish stolen data if ransom isn't paid.

Risk Assessment

A systematic evaluation of threats, vulnerabilities, and potential impact to determine organizational risk. A risk assessment identifies what could go wrong, how likely it is, what the financial or operational impact would be, and what controls reduce that risk. Risk assessments inform budgeting, prioritization, and board communication.

Risk Register

A documented, living inventory of identified risks, their severity, mitigation strategies, and ownership. A risk register typically scores risks by likelihood and impact, tracks mitigation progress, and is regularly reviewed by leadership. Risk registers provide transparency and accountability for what risks the organization is aware of and how they're being managed.

S

Securities and Exchange Commission (SEC) Compliance

In the United States, public companies must disclose material cybersecurity incidents to the SEC and investors. SEC rules require timely disclosure of breaches that could affect financial results, customer trust, or regulatory standing. SEC oversight means CISOs must communicate incident severity, cost, and business impact in financial terms.

Security Champion

An employee (usually not from security) who advocates for secure practices within their team or department. Security champions receive training on threats, controls, and policies; they educate their peers, report incidents, and embed security thinking into day-to-day work. Champions distribute security responsibility across the organization rather than concentrating it in a single team.

Security Culture

The shared beliefs, values, and behaviors of an organization regarding security and risk. A strong security culture means employees understand why security matters, report incidents and concerns without fear, and make security-conscious decisions. Building security culture requires leadership commitment, clear communication, and consistent messaging—not mandates or threats.

Security Operations Center (SOC)

The centralized hub where security analysts monitor networks and systems 24/7 for signs of attack, investigate alerts, and coordinate incident response. A SOC may be staffed internally or outsourced (MSOC). SOC tools include SIEM (event log aggregation), threat intelligence feeds, and communication platforms. The SOC is the frontline of detection and response.

Shadow IT

Systems, applications, and services used within an organization that IT and security departments don't know about or support. Shadow IT includes unapproved cloud apps, personal devices, custom scripts, and workarounds. Shadow IT creates blind spots in security, regulatory risk, and support costs, but often emerges because official processes are too slow or restrictive.

Supply Chain Attack

An attack that compromises an organization through a trusted vendor, supplier, or partner rather than directly. Supply chain attacks exploit the trust and connectivity between organizations. A vendor breach can cascade to thousands of downstream customers. Managing supply chain risk requires vendor assessment, monitoring, and incident response coordination.

T

Tabletop Exercise

A low-stress, structured simulation where a team discusses how they would respond to a hypothetical security incident or crisis. Tabletop exercises don't require technical setup; they test decision-making, communication, and coordination during time pressure. They reveal gaps in plans, unclear roles, and communication breakdowns before a real incident occurs.

Threat Actor

An individual, group, or nation-state that conducts cyberattacks. Threat actors vary in motivation (profit, espionage, activism, disruption), sophistication (amateur to state-sponsored), and targeting (opportunistic to highly focused). Understanding the threat actor's goals and capabilities informs detection, response, and defensive strategy.

V

Vulnerability Management

The ongoing process of identifying, evaluating, prioritizing, and fixing security vulnerabilities in systems and applications. Vulnerability management includes scanning for known flaws, assessing the risk of each vulnerability based on severity and exposure, and coordinating patches and remediations. Mature vulnerability management reduces the window of time attackers can exploit known flaws.

Z

Zero Trust

A security architecture that assumes no trust by default—not even for users or systems already inside the network. Zero Trust requires verification of every access request, assumes breach, and applies principle of least privilege to minimize damage. Zero Trust is a strategic shift from traditional "trust the perimeter" security toward granular access control and continuous verification.