In part one of this blog series, we looked at 40+ cybersecurity terms and acronyms, ranging from RaaS (Ransomware as a Service) to SASE (Secure Access Service Edge). In part two, we take a deeper dive into Cybersecurity and give you the essential 21 cybersecurity terms you should know about.
Cybersecurity terms and acronyms
Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.
Transport Layer Security is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information.
Machine identity management is the process of governing and orchestrating the identities – digital certificates and keys – of machines – devices, workloads, applications, containers, IoT, etc. Machine identity management is essential for data security, integrity, and compliance, as it authenticates communicating parties and ensures all traffic is encrypted.
Hypertext Transfer Protocol is the set of rules for transferring files — such as text, images, sound, video and other multimedia files — over the web. As soon as a user opens their web browser, they are indirectly using HTTP.
The Internet of Things describes the network of physical objects – “things” that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
The World Wide Web Consortium (W3C) is an international organization committed to improving the web. It is made up of several hundred member organizations from a variety of related IT industries. W3C sets standards for the World Wide Web (WWW) to facilitate interoperability and cooperation among all web stakeholders.
Is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Each time you use an app like Facebook, send an instant message or check the weather on your phone, you’re using an API.
Public Key Infrastructure is the framework of encryption and cybersecurity that protects communications between the server (your website) and the client (the users). Think about all the information, people, and services that your team communicates and works with. PKI is essential in building a trusted and secure business environment by being able to verify and exchange data between various servers and users.
The word DevOps is a combination of the term’s development and operations, meant to represent a collaborative or shared approach to the tasks performed by a company’s application development and IT operations teams. In its broadest meaning, DevOps is a philosophy that promotes better communication and collaboration between these teams — and others — in an organization
Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data. An inherent feature of ssh is that the communication between the two computers is encrypted meaning that it is suitable for use on insecure networks.
Identity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities.
A hardware security module is a physical device that provides extra security for sensitive data. This type of device is used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases.
Object-oriented technology is a software design model in which objects contain both data and the instructions that work on the data. It is increasingly deployed in distributed computing.
A mobile network operator owns and operates the infrastructure and other elements necessary for mobile communications. Also called carriers or wireless service providers, MNOs provide mobile services to their subscribers.
The term “eSIM” simply means an embedded SIM card. There are no physical SIM cards involved and no physical swapping over required by you. eSIM needs to be supported by the network or carrier and enabled by them and not all networks support eSIM as yet.
AI (Artificial intelligence):
Artificial intelligence is defined as having machines do “smart” or “intelligent” things on their own without human guidance. As such, AI security involves leveraging AI to identify and stop cyber threats with less human intervention than is typically expected or needed with traditional security approaches.
Security Orchestration, Automation and Response refers to technologies that enable organizations to collect inputs monitored by the security operations team. For example, alerts from the SIEM system and other security technologies — where incident analysis and triage can be performed by leveraging a combination of human and machine power — help define, prioritize and drive standardized incident response activities. SOAR tools allow an organization to define incident analysis and response procedures in a digital workflow format.
Security Operations is a movement created to facilitate collaboration between IT security and operations teams and integrate the technology and processes they use to keep systems and data secure — all in an effort to reduce risk and improve business agility.
Endpoint detection and response, also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities
Google Cloud (also known as Google Cloud Platform or GCP) is a provider of computing resources for developing, deploying, and operating applications on the Web.
Personally Identifiable Information is a legal term pertaining to information security environments. While PII has several formal definitions, generally speaking, it is information that can be used by organizations on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.