Cybersecurity Glossary

API security is the practice of protecting Application Programming Interfaces (APIs) from attacks, misuse, and data exposure by implementing authentication, authorisation, rate limiting, input validation, and continuous monitoring.

Attack Surface Management (ASM) is the continuous discovery, inventory, classification, and monitoring of all internet-facing assets that belong to an organisation to reduce exposure to threats.

Brand impersonation is a form of cyber fraud where threat actors create fake websites, social media profiles, or mobile apps that mimic a legitimate brand to deceive customers and steal credentials or money.

Cloud security encompasses the policies, technologies, controls, and best practices used to protect data, applications, and infrastructure hosted in cloud environments (IaaS, PaaS, SaaS).

Compliance automation is the use of technology to continuously monitor, assess, and enforce adherence to regulatory requirements and security frameworks — replacing manual audits with real-time, automated evidence collection.

CVE (Common Vulnerabilities and Exposures) is a publicly maintained catalogue of known cybersecurity vulnerabilities, each assigned a unique identifier (e.g. CVE-2024-12345) to enable consistent tracking and communication across tools and organisations.

Cyber threat hunting is the proactive, human-led process of searching through networks, endpoints, and datasets to find advanced threats that have evaded automated security controls.

Dark web monitoring is the practice of scanning dark web marketplaces, forums, paste sites, and Telegram channels for leaked credentials, data dumps, and threat actor chatter that may impact an organisation.

Data Loss Prevention (DLP) is a set of tools and policies designed to detect and prevent the unauthorised transmission, sharing, or exfiltration of sensitive data outside an organisation's boundaries.

Digital Risk Protection (DRP) is a cybersecurity discipline that identifies and mitigates threats targeting an organisation's digital presence — including brand impersonation, data leaks, social media fraud, and rogue apps.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that protects domains from unauthorised use such as phishing and spoofing.

Endpoint Detection and Response (EDR) is a security solution that continuously monitors endpoint devices (laptops, servers, mobile devices) to detect, investigate, and respond to advanced threats that bypass traditional antivirus.

Identity and Access Management (IAM) is a framework of policies, processes, and technologies that ensures the right individuals have appropriate access to technology resources at the right time and for the right reasons.

Incident Response (IR) is the structured process an organisation follows to detect, contain, eradicate, and recover from a cybersecurity incident while minimising damage and reducing recovery time.

Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more independent verification factors — something they know, something they have, or something they are — to prove their identity.

OSINT (Open Source Intelligence) is the collection and analysis of publicly available information — from websites, social media, DNS records, and public databases — to identify security threats or gather actionable intelligence.

Penetration testing (pen testing) is an authorised simulated cyberattack performed against an organisation's systems to identify exploitable vulnerabilities before real attackers do.

Phishing is a social engineering attack in which a threat actor impersonates a trusted entity via email, SMS, or fake websites to trick victims into revealing credentials, financial data, or installing malware.

Ransomware is a type of malware that encrypts a victim's files or locks their systems, then demands a ransom payment — typically in cryptocurrency — in exchange for the decryption key.

SaaS security is the set of practices and tools used to protect data, manage access, and enforce policies across an organisation's Software-as-a-Service applications — including both sanctioned and unsanctioned (shadow) SaaS.

Security awareness training is an educational programme designed to teach employees how to recognise and respond to cybersecurity threats — including phishing, social engineering, and safe data handling practices.

Shadow IT refers to the use of IT systems, software, devices, or cloud services within an organisation without explicit approval from or knowledge of the IT or security department.

SIEM (Security Information and Event Management) is a security solution that aggregates and analyses log data from across an organisation's IT infrastructure to detect threats, support compliance, and enable incident investigation.

A Security Operations Centre (SOC) is a centralised function that continuously monitors, detects, analyses, and responds to cybersecurity threats using a combination of people, processes, and technology.

Social engineering is a manipulation technique that exploits human psychology — trust, fear, urgency, or curiosity — to trick individuals into revealing confidential information, granting access, or performing actions that compromise security.

A supply chain attack is a cyberattack that targets an organisation by compromising a trusted third-party vendor, software provider, or service in the supply chain rather than attacking the organisation directly.

Threat intelligence is evidence-based knowledge about existing or emerging cyber threats — including threat actors, their tactics, techniques, and procedures (TTPs) — that helps organisations make informed security decisions.

Vendor Risk Management (VRM) is the process of identifying, assessing, monitoring, and mitigating the cybersecurity and operational risks introduced by third-party vendors, suppliers, and partners.

Vulnerability management is the continuous process of identifying, evaluating, prioritising, and remediating security weaknesses in an organisation's systems, applications, and infrastructure.

Zero Trust is a security framework that requires all users and devices — whether inside or outside the network perimeter — to be continuously authenticated, authorised, and validated before being granted access to resources.