Security Glossary

Keep up-to-date with best practices in InfoSec, learn about recent breaches and the implications for the industry, and join us on a journey to trust-led growth.

ADFS SSO

Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft....

See complete definition

Apple SSO

Give users the ability to sign into applications with their Apple ID.

See complete definition

Audit Logs

Describes an organization's ability to document activities that impact operations, procedures, or events that occur within its software.

See complete definition

Auto Scaling

A cloud computing pattern/technique for dynamically allocating and deallocating computing resources.

See complete definition

Bug Bounty

A policy surrounding the potential for individuals to receive recognition or compensation for discovering and reporting bugs.

See complete definition

Business Continuity Plan

Outlines how a business will continue operating during an unplanned disruption in service.

See complete definition

C5

The Cloud Computing Compliance Criteria Catalogue, also referred to as C5:2020.

See complete definition

C5 - Data Center

Indicates that a processor’s data storage solution meets the minimum standards of the C5 framework.

See complete definition

C5 Attestation

A report issued by an independent third-party that acts as verification of an organization's compliance with C5 requirements.

See complete definition

CCPA

The California Consumer Privacy Act is a state statute intended to enhance privacy rights and consumer protections for residents of California, in the United States.

See complete definition

COPPA

The Children's Online Privacy Protection Act (COPPA) is a policy on the collection of data of users under the age of 13, relating to the laws surrounding marketing to underage individuals.

See complete definition

CSA C-STAR Assessment

A robust third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards.

See complete definition

CSA GDPR Code of Conduct Certification

A certification based on a third-party evaluation of the compliance of a cloud services provider's services to the GDPR.

See complete definition

CSA GDPR Code of Conduct Self-Assessment

A self-assessment that can be completed by a cloud service provider to evaluate the compliance of its services to the GDPR.

See complete definition

CSA STAR

The Cloud Security Alliance's Security, Trust & Assurance Registry Certification is a rigorous third-party independent assessment of the security of a cloud service provider.

See complete definition

CSA STAR - Level 1

A free way for any CSP to provide their customers with the security assurances that a STAR certification offers.

See complete definition

CSA STAR - Level 1 Continuous

A continuously audited version of the CSA STAR - Level 1 certification.

See complete definition

CSA STAR - Level 2

Helps cloud service providers offer more transparency and assurance than Level 1.

See complete definition

CSA STAR - Level 2 Continuous

A continuously audited version of the the CSA STAR - Level 2 certification.

See complete definition

CSA STAR - Level 3

Automating the process of validating security control effectiveness in real-time.

See complete definition

CSA STAR Attestation

Provides guidelines for CPAs to use to conduct SOC 2 engagements.

See complete definition

CSA STAR CAIQ

The CAIQ was developed to create commonly accepted industry standards to document the security controls in infrastructure-as-a-service, platform-as-a-service and software-as-a service applications.

See complete definition

CSA STAR Certification

Based on a third-party audit of a cloud service provider's security.

See complete definition

CSA STAR Self-Assessment

Used to document the security controls provided by cloud computing offerings.

See complete definition

Confidentiality Agreements

Indicates that an organization has procedures and policies relating to NDAs and employee confidentiality agreements.

See complete definition

C5

The Cloud Computing Compliance Criteria Catalogue, also referred to as C5:2020.

See complete definition

C5 Attestation

A report issued by an independent third-party that acts as verification of an organization's compliance with C5 requirements.

See complete definition

CCPA

The California Consumer Privacy Act is a state statute intended to enhance privacy rights and consumer protections for residents of California, in the United States.

See complete definition

COPPA

The Children's Online Privacy Protection Act (COPPA) is a policy on the collection of data of users under the age of 13, relating to the laws surrounding marketing to underage individuals.

See complete definition

CSA C-STAR Assessment

A robust third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards.

See complete definition

CSA GDPR Code of Conduct Certification

A certification based on a third-party evaluation of the compliance of a cloud services provider's services to the GDPR.

See complete definition

CSA GDPR Code of Conduct Self-Assessment

A self-assessment that can be completed by a cloud service provider to evaluate the compliance of its services to the GDPR.

See complete definition

CSA STAR

The Cloud Security Alliance's Security, Trust & Assurance Registry Certification is a rigorous third-party independent assessment of the security of a cloud service provider.

See complete definition

CSA STAR - Level 1

A free way for any CSP to provide their customers with the security assurances that a STAR certification offers.

See complete definition

CSA STAR - Level 1 Continuous

A continuously audited version of the CSA STAR - Level 1 certification.

See complete definition

CSA STAR - Level 2

Helps cloud service providers offer more transparency and assurance than Level 1.

See complete definition

CSA STAR - Level 2 Continuous

A continuously audited version of the the CSA STAR - Level 2 certification.

See complete definition

CSA STAR - Level 3

Automating the process of validating security control effectiveness in real-time.

See complete definition

CSA STAR Attestation

Provides guidelines for CPAs to use to conduct SOC 2 engagements.

See complete definition

CSA STAR CAIQ

The CAIQ was developed to create commonly accepted industry standards to document the security controls in infrastructure-as-a-service, platform-as-a-service and software-as-a service applications.

See complete definition

CSA STAR Certification

Based on a third-party audit of a cloud service provider's security.

See complete definition

CSA STAR Self-Assessment

Used to document the security controls provided by cloud computing offerings.

See complete definition

EU-US Privacy Shield

A framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.

See complete definition

FDA 21 CFR Part 11

The FDA's regulations for electronic documentation and electronic signatures.

See complete definition

FISMA

The Federal Information Security Management Act (FISMA) of 2002 is a framework of security standards to protect government information that is handled by third-party vendors, contractors, and partners.

See complete definition

FISMA - Data Center

Indicates that a processor's data storage solution is protected by a security infrastructure that meets the standards of the FISMA framework.

See complete definition

FISMA - High

A compliance level reserved for third-parties handling the highest-impact data, or that which if compromised would have severe or catastrophic implications.

See complete definition

FISMA - High - Data Center

Indicates that a processor's data storage solution is protected by a security infrastructure that meets the standards of the FISMA - High certification.

See complete definition

FISMA - Low

A compliance level reserved for third parties handling information that, if compromised, would have minimally-impactful implications.

See complete definition

FISMA - Low - Data Center

Indicates that a processor's data storage solution is protected by a security infrastructure that meets the standards of the FISMA - Low certification.

See complete definition

FISMA - Moderate

A compliance level reserved for third parties handling information that, if compromised, would have moderately severe implications.

See complete definition

FISMA - Moderate - Data Center

Indicates that a processor's data storage solution is protected by a security infrastructure that meets the standards of the FISMA - Moderate certification.

See complete definition

FedRAMP

A government-wide program that promotes the adoption of secure cloud services across the United States federal government.

See complete definition

FedRAMP - High

High (Impact) data is usually in Law Enforcement and Emergency Services systems, Financial systems, Health systems, and any other system where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

See complete definition

FedRAMP - Low

Low (Impact) is most appropriate for cloud security offerings where the loss of confidentiality, integrity, and availability would result in limited adverse effects on an agency’s operations, assets, or individuals.

See complete definition

FedRAMP - Moderate

Moderate (Impact) is most appropriate for cloud security offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals.

See complete definition

FedRAMP Authorization Report

A report which is comprised of two parts: first, a full security assessment which is an independent audit focused on a number of parameters, and secondly, an agency authorization process is undergone.

See complete definition

FedRAMP Authorized

Indicates an organization is compliant with the FedRAMP set of security standards.

See complete definition

GDPR

A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

See complete definition

HIPAA

The Health Insurance Portability and Accountability Act designed to protect patient personally identifiable information and healthcare information from nonconsensual disclosure.

See complete definition

HITECH

The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 was enacted to promote and expand the adoption of electronic health records.

See complete definition

ISO 22301

An international standard that provides a robust framework for developing effective incident response and recovery procedures to ensure your organization can recover quickly in the event of a disruption.

See complete definition

ISO 27001

An international standard on how to manage information security.

See complete definition

ISO 27001 Certificate

The certificate obtained from ISO 27001 compliance.

See complete definition

ISO 27017

A security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

See complete definition

ISO 27017 Certificate

The certificate obtained from ISO 27001 compliance.

See complete definition

ISO 27018

The first international standard created specifically for data privacy in cloud computing.

See complete definition

ISO 27018 Certificate

The certificate obtained from ISO 27018 compliance.

See complete definition

ISO 27032

An international standard that provides guidance for improving the state of Cybersecurity.

See complete definition

ISO 27032 Certificate

The certificate obtained from ISO 27032 compliance.

See complete definition

ISO 27701

An international standard on how to manage information security.

See complete definition

ISO 27701 Certificate

The certificate obtained from ISO 27701 compliance.

See complete definition

PCI-DSS

The Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Data Center

Signifies that the processor's data storage satisfies the Payment Card Industry Data Security Standard,

See complete definition

PCI-DSS - Level 1

The Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 1 - Data Center

Signifies that the processor's data storage satisfies Level 1 of the Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 2

The Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 2 - Data Center

Signifies that the processor's data storage satisfies Level 2 of the Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 3

The Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 3 - Data Center

Signifies that the processor's data storage satisfies Level 3 of the Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 4

The Payment Card Industry Data Security Standard.

See complete definition

PCI-DSS - Level 4 - Data Center

Signifies that the processor's data storage satisfies Level 4 of the Payment Card Industry Data Security Standard.

See complete definition

PECR

A UK law also known as the Privacy and Electronic Communications Regulations.

See complete definition

POPIA

A South African regulation also known as the Protection of Personal Information Act

See complete definition

SOC 1

A set of compliance requirements that applies to companies' internal control over financial reporting.

See complete definition

SOC 1 - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 1 audit and obtained the corresponding report.

See complete definition

SOC 1 Type I

An audit and corresponding report focus on describing a service organization’s control processes.

See complete definition

SOC 1 Type I - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 1 Type I audit and obtained the corresponding report.

See complete definition

SOC 1 Type I Report

A document detailing the SOC 1 Type I audit of a company by an independent entity.

See complete definition

SOC 1 Type II

A SOC 1 Type II audit and corresponding report.

See complete definition

SOC 1 Type II - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 1 Type II audit and obtained the corresponding report.

See complete definition

SOC 1 Type II Report

A document detailing the SOC 1 Type II audit of a company by an independent entity.

See complete definition

SOC 2

A set of compliance requirements that applies to companies' handling of cloud-based customer data.

See complete definition

SOC 2 - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 2 audit and obtained the corresponding report.

See complete definition

SOC 2 Type I

A certification describing a service organization’s control processes.

See complete definition

SOC 2 Type I - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 2 Type I audit and obtained the corresponding report.

See complete definition

SOC 2 Type I Report

A document detailing the SOC 2 Type I audit of a company by an independent entity.

See complete definition

SOC 2 Type II

A certification describing how a product safeguards customer data and how effective those measures are.

See complete definition

SOC 2 Type II - Data Center

Signifies that a processor's data storage has undergone and passed a SOC 2 Type II audit.

See complete definition

SOC 2 Type II Report

A document detailing the SOC 2 Type II audit of a company by an independent entity.

See complete definition

SOC 3

A standard outlining a service organization's internal controls for the AICPA's five Trust Principles.

See complete definition

SOC 3 - Data Center

Signifies that a processor's data storage solution has a SOC 3 report.

See complete definition

SOC 3 Report

A report intended for a general audience relating to SOC 2.

See complete definition

Swiss-US Privacy Shield

A framework for regulating transatlantic exchanges of personal data.

See complete definition

TRUSTe

An Enterprise Privacy & Data Governance Practices Assessment Criteria.

See complete definition

ePrivacy

An EU directive focused on protecting the confidentiality of electronic communication that occurs between parties.

See complete definition

ADFS SSO

Active Directory Federation Services (ADFS) is a Single Sign-On (SSO) solution created by Microsoft....

See complete definition

Apple SSO

Give users the ability to sign into applications with their Apple ID.

See complete definition

Audit Logs

Describes an organization's ability to document activities that impact operations, procedures, or events that occur within its software.

See complete definition

Facebook SSO

A Single Sign-On (SSO) solution created by Facebook. It give users the ability to sign into applications with their Facebook credentials.

See complete definition

GitHub SSO

A Single Sign-On (SSO) solution created by GitHub. It give users the ability to sign into applications with their GitHub credentials.

See complete definition

Google SSO

A Single Sign-On (SSO) solution created by Google. It give users the ability to sign into applications with their Google credentials.

See complete definition

IP-Based Access Control

A control that restricts access to applications or resources based on IP address.

See complete definition

LDAP SSO

A software protocol for authenticating users on an AD network, and it enables anyone to locate resources on the Internet or on a corporate intranet.

See complete definition

LinkedIn SSO

A Single Sign-On (SSO) solution created by LinkedIn.

See complete definition

Microsoft SSO

A Single Sign-On (SSO) solution created by Microsoft.

See complete definition

Multi-Factor Authentication

An electronic authentication method requiring two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

See complete definition

Product Security Roadmap

A useful tool to exemplify the actions being taken to secure a product.

See complete definition

Role-Based Access Control (RBAC)

Ability to restrict access based on a person's position.

See complete definition

SAML SSO

Security assertion markup language single sign-on.

See complete definition

SCIM User Management

The System for Cross-Domain user management.

See complete definition

SSO

An authentication system using a single credential.

See complete definition

Salesforce SSO

A single sign-on solution created by Salesforce.

See complete definition

Self-Serve User Management

Definition coming soon!

See complete definition

Twitter SSO

A single sign-on solution created by Twitter.

See complete definition

Data Backups

Indicates that an organization has automated and recurring backup procedures.

See complete definition

Data Breach Notification

Indicates that an organization has specific policies related to the notification of users following unauthorized access to data.

See complete definition

Data Encrypted At-Rest

Encryption and protection for stored data.

See complete definition

Data Encrypted In-Transit

Encryption and protection for data as it moves from one location to another.

See complete definition

Data Processing Addendum (DPA)

A contract between data controllers and data processors or data processors and subprocessors.

See complete definition

Data Protection Officer (DPO)

A designated role in an organization for ensuring compliance regarding privacy laws and regulations on personal data.

See complete definition

Data Protection Officer (DPO) Email

The email address to reach a Data Protection Officer.

See complete definition

Data Redundancy

Indicates that the same data is stored in two or more separate places.

See complete definition

Data Removal Requests

The right of individuals to have their personal data erased upon request.

See complete definition

Data Retention Policy

A policy concerning what data should be stored or archived, where that should happen, and for exactly how long.

See complete definition

Passwords Encrypted

The practice of translating login credentials into a secure format for storage.

See complete definition

Privacy Policy

Explains how a website or organization will collect, store, protect, and utilize PII.

See complete definition

Web Cookies

Small blocks of data, created by a web server and placed onto a user’s device.

See complete definition

Incident Response Plan (IRP)

A set of instructions to help employees detect, respond to, and recover from network security incidents in areas like: cybercrime, data loss, and service outages.

See complete definition

Auto Scaling

A cloud computing pattern/technique for dynamically allocating and deallocating computing resources.

See complete definition

Denial of Service (DoS) Protection

Measures taken to protect against Denial of Service attacks, wherein attackers flood the target host/network with incoming traffic until the target is unable to respond or crashes.

See complete definition

Infrastructure Redundancy

The process of adding additional instances of network devices and lines of communication to help ensure network availability and decrease the risk of failure along any critical data paths.

See complete definition

Quality Assurance Testing

Quality Assurance (QA) testing ensures that an organization delivers the best products or services possible.

See complete definition

Service Monitoring

A system or set of tools used to check on the health of servers in a network.

See complete definition

Business Continuity Plan

Outlines how a business will continue operating during an unplanned disruption in service.

See complete definition

Disaster Recovery Plan

A document that contains outlines a company's response to unplanned incidents such as natural disasters.

See complete definition

Environmental Safeguards

Indicates that a company utilizes environmental and physical controls that work together to protect physical and digital assets from theft and damage.

See complete definition

Environmental Safeguards - Data Center

Indicates a processor's data center implements environmental safeguards.

See complete definition

Bug Bounty

A policy surrounding the potential for individuals to receive recognition or compensation for discovering and reporting bugs.

See complete definition

Dynamic Application Security Testing (DAST)

A method of security testing that emphasizes attacking an application from the outside to find security vulnerabilities.

See complete definition

Penetration Testing

Testing is a simulated cyberattack on a system performed for the purpose of testing the system's security

See complete definition

Responsible Disclosure

A vulnerability disclosure model.

See complete definition

Static Application Security Testing (SAST)

Static Application Security Testing (SAST) is a testing methodology that emphasizes analyzing source code to find security vulnerabilities.

See complete definition

Vulnerability Scanning

Assesses computers, servers, networks, or applications for known security weaknesses.

See complete definition

Confidentiality Agreements

Indicates that an organization has procedures and policies relating to NDAs and employee confidentiality agreements.

See complete definition

Employee Background Checks

Employers run background checks to avoid hiring someone who may pose a threat to the workplace or become a liability to the employer.

See complete definition

Employee Security Training

A strategy used by IT and security professionals to prevent and mitigate user risk.

See complete definition

Employee Workstations Automatically Locked

The policy of automatically locking employee devices after a period of inactivity and requiring a password to unlock it.

See complete definition

Employee Workstations Encrypted

The policy of encrypting employee hard drives to prevent unauthorized access to data stored on their devices.

See complete definition

Limited Employee Access (Principle of Least Privilege)

The idea that at any user, program, or process should have only the bare minimum privileges necessary to perform its function.

See complete definition

Personnel Screening

The practice of analyzing the background of job applicants to ensure their credibility and fit for a role.

See complete definition

Physical Access Control

A system to ensure only authorized individuals are granted access to a company's premises.

See complete definition

Physical Access Control - Data Center

A functioning Physical Access Control System for a processor’s data storage.

See complete definition

Secure Remote Network Access

Any security policy or technology that allows employees to connect to a company's internal network and prevents unauthorized access.

See complete definition

C5 - Data Center

Indicates that a processor’s data storage solution meets the minimum standards of the C5 framework.

See complete definition

Multi-Tenant Architecture

An architecture which allows a single instance of a software application to serve multiple customers.

See complete definition

Sarbanes-Oxley (SOX) - Data Center

Definition coming soon!

See complete definition

Single-Tenant Architecture

A single instance of the software and supporting infrastructure serve a single customer.

See complete definition

Zero-Trust Architecture

A security framework requiring all users to be authenticated, authorized, and continuously validated.

See complete definition

Best-in-class Trust Operations, all in one platform.

Be up-and-running in minutes, not months.
Check mark
No credit card required
Check mark
Enterprise-grade security