Cybersecurity Glossary
Clear definitions of key cybersecurity terms, certifications, technologies, and frameworks referenced across SLAMM LLC training and services
Careers
SOC Analyst
A cybersecurity professional who monitors, detects, and responds to security threats within a Security Operations Center. SOC analysts operate across three tiers: Tier 1 (triage/monitoring), Tier 2 (investigation/response), and Tier 3 (threat hunting/engineering).
Certifications
CISSP (Certified Information Systems Security Professional)
A globally recognized certification from ISC² validating expertise in information security. Covers eight domains: Security & Risk Management, Asset Security, Security Architecture, Communication & Network Security, IAM, Security Assessment, Security Operations, and Software Development Security.
Cloud
Cloud Security
The practice of protecting cloud-based systems, data, and infrastructure from threats. Encompasses identity management, data encryption, network security, compliance monitoring, and shared responsibility models across IaaS, PaaS, and SaaS deployments.
Compliance
NIST Cybersecurity Framework (CSF)
A voluntary framework developed by the National Institute of Standards and Technology providing a set of industry standards and best practices for managing cybersecurity risk. Organized around five core functions: Identify, Protect, Detect, Respond, and Recover.
Data Protection
Data Loss Prevention (DLP)
A set of tools and processes designed to detect and prevent unauthorized transmission of sensitive data outside organizational boundaries. DLP solutions monitor data at rest, in transit, and in use across endpoints, networks, and cloud services.
Identity & Access Management
Access Control
The selective restriction of access to a resource. Access control mechanisms enforce policies that determine which users, systems, or processes can view or use resources in a computing environment.
Identity and Access Management (IAM)
The framework of policies, processes, and technologies that ensure the right individuals have appropriate access to technology resources. Core components include authentication, authorization, single sign-on (SSO), and privileged access management (PAM).
Multi-Factor Authentication (MFA)
An authentication method requiring users to provide two or more verification factors to gain access. Factors include something you know (password), something you have (token/phone), and something you are (biometric). MFA is a fundamental Zero Trust control.
Privileged Access Management (PAM)
A cybersecurity strategy and set of technologies for controlling, monitoring, and securing access to critical assets by privileged users. Core PAM capabilities include credential vaulting, session monitoring, just-in-time access, and privilege elevation management.
Single Sign-On (SSO)
An authentication scheme that allows users to log in with a single set of credentials to access multiple applications and services. SSO reduces password fatigue, improves user experience, and strengthens security by centralizing authentication controls.
Incident Response
Digital Forensics
The scientific process of collecting, preserving, analyzing, and presenting digital evidence in a manner that is legally admissible. Follows NIST SP 800-86 guidelines and maintains strict chain-of-custody documentation.
Management
Governance, Risk, and Compliance (GRC)
An integrated approach to managing organizational governance, enterprise risk management, and regulatory compliance. GRC frameworks align IT operations with business objectives while ensuring adherence to laws and industry standards.
Schema
DefinedTerm
A Schema.org type used to mark up definitions within structured data. Enables search engines and AI systems to understand and extract precise definitions of specialized vocabulary.
JSON-LD (JavaScript Object Notation for Linked Data)
A lightweight linked data format that encodes structured data as JSON objects. Used to implement Schema.org markup on web pages, enabling search engines and AI systems to parse content semantically rather than relying solely on HTML structure.
Schema.org
A collaborative community creating and maintaining schemas for structured data markup on web pages. Schema.org vocabulary is used by Google, Bing, and AI systems to understand page content and generate rich results in search engines.
Structured Data
Standardized formats for providing information about a page and classifying page content. For web pages, structured data is typically implemented using JSON-LD following Schema.org vocabulary, enabling search engines and AI systems to extract and understand content semantically.
Security Architecture
Zero Trust Architecture (ZTA)
A security model based on the principle of 'never trust, always verify.' Zero Trust eliminates implicit trust in any user, device, or network segment, requiring continuous verification of every access request. Aligned with NIST SP 800-207 and the CISA Zero Trust Maturity Model.
Zero Trust Network Access (ZTNA)
A technology that creates identity- and context-based logical access boundaries around applications, replacing traditional VPN-based access. ZTNA verifies users and devices before granting access to specific applications rather than granting broad network access.
Security Operations
Blue Team
The defensive security team responsible for protecting an organization's information systems. Blue teams monitor networks, detect threats, respond to incidents, and harden defenses against attacks.
Incident Response (IR)
The structured methodology for handling security breaches, cyberattacks, and data breaches. The NIST incident response lifecycle includes Preparation, Detection & Analysis, Containment/Eradication/Recovery, and Post-Incident Activity.
Security Operations Center (SOC)
A centralized team and facility responsible for continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents. SOCs operate 24/7 using a combination of technology (SIEM, EDR, SOAR) and skilled analysts following defined processes and playbooks.
Security Services
Penetration Testing
An authorized simulated cyberattack against a computer system, network, or application to evaluate its security. Unlike vulnerability scanning (which is automated), penetration testing involves manual exploitation techniques to determine real-world impact and risk.
Red Team
A group of security professionals authorized to simulate real-world attacks against an organization's defenses. Unlike penetration testing (which is scope-limited), red team engagements test detection and response capabilities across people, processes, and technology.
Vulnerability Assessment
The systematic process of identifying, quantifying, and prioritizing vulnerabilities in systems, applications, and networks. Unlike penetration testing, vulnerability assessments rely primarily on automated scanning tools and produce prioritized lists of findings.
Security Tools
Endpoint Detection and Response (EDR)
A cybersecurity technology that continuously monitors endpoint devices for suspicious behavior and provides automated response capabilities. EDR solutions collect telemetry data, detect threats in real-time, and enable forensic investigation.
Security Information and Event Management (SIEM)
A security solution that collects, aggregates, and analyzes log data from across an organization's technology infrastructure. SIEM platforms provide real-time threat detection, compliance reporting, and centralized visibility for security operations teams.
Threat Intelligence
Advanced Persistent Threat (APT)
A prolonged, targeted cyberattack in which an intruder gains unauthorized access to a network and remains undetected for an extended period. APTs are typically associated with nation-state actors or organized criminal groups pursuing specific strategic objectives.
Indicators of Compromise (IOC)
Forensic artifacts observed on a network or operating system that indicate a security breach with high confidence. Common IOCs include unusual outbound traffic, anomalies in privileged user activity, geographic irregularities, and known malicious file hashes or IP addresses.
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations of cyberattacks. Used by security teams for threat modeling, detection engineering, and red team exercise planning.
Threat Intelligence
Evidence-based knowledge about existing or emerging threats to assets. Cyber threat intelligence (CTI) is collected, processed, and analyzed across three levels: strategic (trends/motivations), operational (campaigns/TTPs), and tactical (IOCs/artifacts).
Ready to Apply These Concepts?
Our training programs and consulting services help organizations operationalize these cybersecurity fundamentals.