Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Advanced Persistent Threat (APT)
An Advanced Persistent Threat (APT) is a stealth cyberattack campaign where a hacker remains undetected inside a network to steal data for extended periods of time.
An attack surface is the sum of all possible malicious points of entry on a digital surface.
A cyber attack vector is a method of gaining unauthorized access to a private IT network. Cybercriminals exploit attack vectors to launch cyberattacks and inject malicious payloads.
Bank Secrecy Act (BSA)
The Bank Secrecy Act (BSA) aims to prevent financial institutions from laundering money.
Bill C-11 is a proposed cybersecurity law in Canada that mandates stricter customer data collection consent requirements.
A CASB (cloud access security broker) is a cloud security tool that enforces security policies between users in an organization and cloud services. CASBs are one of five major security functions in the increasingly popular SASE (Secure Access Service Edge) security model, alongside software-defined wide area network (SD-WAN), firewall-as-a-service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA).
Caches temporarily store data that hardware or software frequently access. As cached data is stored closer to a device, it enables faster load times and improved user experience.
Common Vulnerabilities & Exposures
Common Vulnerabilities and Exposures (CVEs) is a public catalog of known cybersecurity issues in software solutions.
Compliance management is the practice of submitting all policies and IT solutions to the cybersecurity regulations that apply to a particular industry.
A cyber attack is any unauthorized access to an IT network or digital devices for malicious purposes such as data theft, malware injection, or the initiation of additional attacks.
A cyber threat is any action or event that could result in an unwanted impact on IT infrastructures.
Cybersecurity is the practice of protecting sensitive data and IT networks from unauthorized access and cyber attacks.
A Distributed Denial-of-Service (DDoS) attack is an attempt to overwhelm a web server with fake internet traffic with the objective of forcing it offline.
A data breach is a critical security incident in which sensitive data is accessed without authorization or lost. These events are usually initiated by cybercriminals.
Data exfiltration is the malicious transfer of sensitive information from a compromised system to remote cybercriminal servers.
A data leak is an overlooked exposure of sensitive data usually occurring through a software vulnerability.
Digital risk involves all of the negative consequences resulting from digital transformation. Digital transformation is the process of scaling a business by increasing its dependency on digital solutions.
Digital Risk Management
Digital risk management is the process of mitigating digital risk across all risk categories.
During an enumeration attack, hackers verify records stored in a web server using brute-force methods.
FINRA is a U.S. organization that oversees the protection of brokerage customer data from compromise.
Fourth-party risk is risk brought on by your vendors’ vendors. An organization’s cybersecurity practices can become obsolete if its vendors do not have a robust third-party risk management (TPRM) program in place to manage fourth-party risk.
ISO/IEC 27001 is an international standard for improving the cyber resilience of information systems.
Indicators of Attack (IOAs)
An Indicator of Attack is real-time evidence of a cyberattack taking place. IOAs indicate the intentions behind the attack and the likely techniques that will be implemented.
Intrusion Detection System
An intrusion detection system (IDS) identifies cyber attacks on a network or a host. Such attacks could include botnets, Distributed Denial of Service (DDoS), and ransomware.
A keylogger is a program that records every keystroke made by users. They are primarily used by cybercriminals to steal sensitive information like passwords and credit card numbers.
Malware is malicious software designed to compromise computer devices and IT networks.
Metasploit is a penetration testing framework, consisting of a number of tools used to test network security and discover system vulnerabilities.
The National Institute of Standards and Technology (NIST) is the United State's equivalent of the International Organization for Standardization (ISO).
OSFI Self Assessments
OSFI self-assessments are security self-assessments by the Office of the Superintendent of Financial Institutions (OFSI).
Open Source Intelligence
Open source intelligence (OSINT) is data obtained from publically available sources which is analyzed and processed for intelligence purposes.
The Payment Card Industry Data Security Standards (PCI DSS) is a set of standards preventing credit card fraud and protecting credit card holders from personal data theft.
Payment Services Directive (PSD 2)
The Payment Services Directive (PSD 2) is a European directive for preventing monopolization in the banking sector.
A proxy server acts as a middle man that forwards data requests from a user to the origin server.
Ransomware is a type of malware that encrypts computer systems to block user access until a set ransom is paid.
Ransomware Action Plan
Australia’s Ransomware Action Plan outlines the Australian Government’s commitment to responding to the growing threat of ransomware attacks.
SASE (Security Access Service Edge), pronounced “sassy”, is an emerging cybersecurity concept that converges networking and security functionalities into a cloud-native architecture.
Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley (SOX) act of 2002 is a regulation that mandates financial practices to prevent fraud.
Security Operations Center (SOC)
A security operations center (SOC) is a hub staffed by security personnel who continuously monitor an organization’s entire IT infrastructure. A SOC collects security event data from applications, security devices, data centers, cloud resources, and other systems via a Security Information Event Management (SIEM) system.
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act of 2018 (CCPA) gives Californian consumers greater authority over how their personal data is collected and processed in California.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is Europe’s mandatory regulation for protecting the personal data of its citizens.
The Gramm–Leach–Bliley Act (GLBA)
The Gramm–Leach–Bliley Act (GLBA) is a U.S law that mandates the disclosure of customer data collection practices for organizations selling financial products and/or services.
Threat intelligence is information gathered by information security teams that is used to identify an organization’s cyber threats and mitigate the impact of any cyber attacks. Ongoing challenges across the cybersecurity landscape, like costly data breaches and increasing advanced persistent threats (APTs), are highlighting the importance of threat intelligence.
The UK-GDPR is the United Kingdom’s version of the European GDPR, created after Brexit.
Vendor tiering is the process of categorizing third-party vendors by the level of security risk they introduce to an ecosystem.
No terms found
Sorry, no terms matched that search.
View all terms
Sign up to our newsletter
Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score
How secure is your organization?
Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
- Instant insights you can act on immediately
- Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities