Glossary

Periodic review of user entitlements to enforce the Principle of Least Privilege, ensure orphaned accounts are removed, and reduce internal threats and compliance violations.

A user-initiated process to gain permission to access an IT asset within an organization’s infrastructure.

A security feature typically used to prevent a Brute-Force Attack by temporarily disabling a user account after a set number of failed login attempts.

Gaining unauthorized access to a user account.

Current and factual condition of a system or its data as opposed to the Desired State.

A fundamental process in cybersecurity, used to identify events or patterns that deviate from expected behavior within systems, networks, or datasets and that could indicate a security threat, such as a network intrusion, malware, or unauthorized access.

Manages user roles, account assignments, and performs access reviews and audits for an IT asset.

Person or group responsible for an IT asset.

NIST standard to assess the degree of confidence and reliability of an authentication process.

Reasonable effort to satisfy a request but without guaranteeing success.

Entitlements automatically granted to a user when they join an organization or change roles within it.

Often used to guess authentication credentials or discover hidden content/pages within a web application using a trial-and-error method.

Protocol developed by the FIDO Alliance and complementary to the W3C's WebAuthn specification that allows a client (for example, an operating system, browser, or application) to communicate with a device designed to authenticate the user.

The creation of balanced and aesthetically pleasing color combinations.

The study of how colors interact with each other and how they can influence people’s emotions and perceptions.

A circular diagram used to show the relationships between colors.

The process of removing Personally Identifiable Information from a dataset in an irreversible and permanent manner. This can serve as a mechanism of privacy protection. In the context of data governance, anonymized data is no longer considered Personally Identifiable Information according to the current regulatory interpretation.

Incident involving copying, transmitting, viewing, or processing sensitive, protected, or confidential information by unauthorized individuals or for unauthorized purposes.

The planned state of a system, usually defined as data or code in a SSOT.

Measures designed to identify, record, and report a security incident after it has occurred.

The difference between the Desired State of a system and its Actual State.

The access rights an account has on an asset.

A set of open standards published by the FIDO Alliance for stronger, simpler, and phishing-resistant user authentication.

Regulation that governs how the personal data of individuals in the EU may be processed and transferred.

Identity and access management is a framework of policies, technologies, and business processes aimed at facilitating the management of digital identities and their access.

Cybersecurity discipline that includes tools and best practices for protecting user identities and identity systems from cyber threats.

An umbrella term that covers all technical means used to handle information and facilitate communication.

The practice of assuring information quality and managing risks related to the use, processing, storage, and transmission of information.

The study or use of hardware and software to manage, store, retrieve, and deliver data.

Hardware and software (e.g., applications, systems, virtual resources, data) that an organization uses to support its business objectives.

Systems to manage the lifecycle of IT assets, including tracking, maintaining and disposing of hardware and software.

Identity belonging to a machine, service account, containerized workload, or autonomous agent.

Account that retains access to an asset without an active owner.

Native or built-in feature or functionality of a product, included by default and that works immediately after first setup.

Designed to prevent an event or an unauthorized action from occurring.

Security concept whereby a user or service is granted the minimum levels of access and authorization necessary to perform the requested task.

A strategy designed to prevent attacks and identify vulnerabilities before they are exploited.

Reported at the same time something takes place or delivered in a short time.

Used to describe a computer system that guarantee to process events and perform tasks within a specific time constraints.

Targeted duration of time between the event of failure and the point where operations resume.

Agreed maximum time, based on risk analysis, between the failure event and the restoration of operations.

Measures designed to respond to and rectify security violations or incidents after they have been identified.

Person directly responsible for identifying, assessing, monitoring, reporting, responding to, and defining intervention strategies in relation to risks associated with an IT asset.

Safeguards and countermeasures that help protect an organization’s assets, systems, and data from potential risks and threats.

Mechanism designed to prevent errors and fraud by dividing the actions required to complete a task among different employees.

Practice of centralizing all of an organization’s data related to a given subject in a single, reliable location, ensuring that every person and every system operates with the same up-to-date information.

A comprehensive inventory of all the components used in a software.

The load balancer decrypts the incoming encrypted traffic (same as in SSL-Termination) and re-encrypts it when sending to the destination (e.g. backend instances).

The load balancer passes the encrypted traffic to the destination (e.g. backend instances) without decrypting it.

Because the load balancer only sees encrypted traffic, it is not possible to perform layer 7 (OSI model) actions.

The load balancer decrypts the incoming encrypted traffic and sends it to the destination (e.g. backend instances) unencrypted.

A professional with in-depth, specialized knowledge in a particular field, process, or technology who acts as a trusted advisor, guiding teams, validating information, and solving complex problems to ensure accuracy, efficiency, and successful project outcomes.

Specification that defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

Security framework that requires all users, devices, and systems, whether inside or outside the organization’s network, to be continuously authenticated, authorized, and validated before gaining access to applications and data.