Cybersecurity Glossary

Symmetric encryption standard adopted by the U.S. government. Uses 128, 192, or 256-bit keys.

Advanced persistent threat: a targeted and sophisticated attack conducted by motivated actors (nation-states, organized groups) over an extended period.

Business continuity plan: a documented set of procedures enabling the maintenance or resumption of critical operations in case of major disruption.

Business impact analysis: a process to identify and evaluate the potential effects of an interruption to critical processes.

Chief Information Security Officer: an executive responsible for cybersecurity strategy and governance.

Standard system for scoring the severity of computer vulnerabilities, scale from 0 to 10.

Distributed denial of service attack: overwhelming a system with massive traffic from multiple sources to make it unavailable.

Data loss prevention: set of technologies and processes to prevent the leakage or exfiltration of sensitive data.

Disaster recovery plan: procedures for restoring IT systems and data after a disaster.

Endpoint detection and response: advanced security solution that continuously monitors and analyzes endpoints to detect and respond to threats.

Network security device that controls incoming and outgoing traffic according to predefined security rules.

European regulation governing the processing and circulation of personal data. Fines up to 4% of global revenue.

Identity and access management: framework of policies and technologies to ensure the right people access the right resources.

Intrusion detection system: device that monitors network traffic to detect suspicious activities.

Intrusion prevention system: like an IDS but automatically blocks detected threats.

International standard for business continuity management systems (BCMS).

International standard defining requirements for an information security management system (ISMS).

Multi-factor authentication: security method requiring at least two distinct identity proofs.

Maximum tolerable downtime: time beyond which the interruption of a process jeopardizes the organization's survival.

European Network and Information Security 2 directive strengthening cybersecurity requirements for essential and important entities.

Security assessment simulating a cyberattack to identify exploitable vulnerabilities in a system.

Social engineering technique using fraudulent emails to steal sensitive information or spread malware.

Malicious software that encrypts the victim's data and demands a ransom for decryption.

Maximum acceptable data loss measured in time. Ex: RPO of 1h = maximum 1 hour of data lost.

Maximum acceptable interruption duration to restore a process. Ex: RTO of 4h = restoration within 4 hours.

Solution centralizing the collection, analysis, and correlation of security events in real-time.

Technologies enabling automation and orchestration of security incident responses.

Security operations center: centralized team monitoring, detecting, and responding to security incidents 24/7.

Virtual private network: secure and encrypted connection established over a public network (Internet).

Weakness in a system, application, or process that can be exploited to compromise security.

Evolution of EDR integrating detection across endpoints, networks, cloud, and applications in a unified platform.

Security model based on the principle "never trust, always verify". Every connection must be authenticated and authorized.

Vulnerability unknown to vendors and without an available patch, exploited by attackers before public discovery.