A comprehensive glossary explaining common cybersecurity and IT terms in simple language. Generative AI can easily compile and define such terms, making complex topics accessible to a wider audience.
Glossary
Traditional Security Concepts
2026 relevant terminology and structured strictly by the 8 CISSP Domains. This format is designed to help your readers transition from foundational security concepts to the advanced, automated, and AI-driven ecosystem they face today.
New and Modern/Emerging Concepts
Modern Glossary of Terms
Here is a modernized comprehensive glossary of terms used in cybersecurity and IT
Domain 1: Security and Risk Management
Governance, Compliance, Risk Management, and Legal/Regulatory concepts.
| Term | Definition |
| BCS | Business Continuity Steering is the leadership committee that oversees the strategic alignment of recovery efforts with business objectives. |
| CTEM | Continuous Threat Exposure Management is a 5-stage framework (Scoping, Discovery, Prioritization, Validation, Mobilization) that replaces static vulnerability scanning. |
| Due Care | Due Care. The legal standard of reasonableness that an organization must meet to protect its assets and data; often described as what a prudent person would do. |
| Due Diligence | Due Diligence. The investigative process of verifying that the necessary Due Care is actually being implemented and remains effective over time. |
| Exposure Management | Exposure Management. Is a shift from finding CVEs to analyzing the exploitability of an entire attack surface, including misconfigurations and risky behaviors. |
| Pillars of InfoSec | The CIA Triad (Confidentiality, Integrity, Availability), expanded to include Authenticity and Non-repudiation. |
| SCRM | Supply Chain Risk Management focuses on the security of third-party vendors, from hardware manufacturing (silicon root of trust) to software libraries. |
| SBOM | Software Bill of Materials is a machine-readable ingredient list for software, used to track vulnerabilities in open-source dependencies. |
| AIBOM | An AI Bill of Materials (AIBOM) is a comprehensive, machine-readable inventory of the components required to develop, train, and run an AI model. It is the AI-specific evolution of the traditional Software Bill of Materials (SBOM). |
Domain 2: Asset Security
Information and asset lifecycle, classification, and data protection methods.
| Term | Definition |
| Data Sovereignty | Data Sovereignty. The principle that data is subject to the laws of the country where it is physically stored (e.g., GDPR requirements for data residency). |
| DDR | Data Detection and Response provides real-time monitoring of data access and movement to stop exfiltration across Cloud and SaaS apps. |
| DLP | Data Loss Prevention is a set of tools that inspects data in use, in transit, and at rest to prevent unauthorized transmission of sensitive info. |
| Shadow AI | Shadow AI. The use of unapproved AI tools by employees, which risks the leakage of proprietary code or PII into public LLM training sets. |
| Tokenization | Tokenization. Replacing sensitive data with non-sensitive tokens that have no value if stolen, commonly used in PCI-DSS compliance. |
Domain 3: Security Architecture and Engineering
Security models, engineering principles, cloud security (CSPM/CWPP), and cryptography.
| Term | Definition |
| AI-SPM | AI Security Posture Management secures the AI stack, detecting Shadow AI and protecting models from prompt injection or data poisoning. |
| ASPM | Application Security Posture Management provides a unified view of risk across the SDLC by correlating SAST, DAST, and SCA data. |
| CSPM | Cloud Security Posture Management monitors the cloud control plane to find misconfigurations like open S3 buckets or unencrypted disks. |
| CWPP | Cloud Workload Protection Platform focuses on the inside of the workload, providing runtime security for VMs, containers, and serverless functions. |
| HSM | Hardware Security Module is a physical device that manages digital keys and provides high-speed cryptographic operations. |
| PQC | Post-Quantum Cryptography refers to new algorithms designed to withstand attacks from future quantum computers. |
| TEE | Trusted Execution Environment is a secure enclave in a processor that protects data and code even if the host OS is compromised. |
| Zero Trust | Zero Trust. An architecture based on the principle of never trust, always verify, removing the concept of a trusted internal network. |
Domain 4: Communication and Network Security
Network design, secure protocols, and the convergence of networking and security.
| Term | Definition |
| CNAPP | Cloud-Native Application Protection Platform converges CSPM, CWPP, and CIEM into a single platform for code-to-cloud security. |
| Digital Twin Security | Creating virtual replicas of physical systems (ICS/SCADA) to safely simulate cyberattacks and test defense responses. |
| SD-WAN Security | Integrating security functions (Firewall, IPS) directly into the software-defined networking layer to secure branch-to-cloud traffic. |
| SSE | Security Service Edge unifies web security (SWG), cloud security (CASB), and private access (ZTNA) into a single cloud service. |
| ZTNA | Zero Trust Network Access provides granular, application-level access to remote users without putting them on the corporate network. |
Domain 5: Identity and Access Management (IAM)
Controlling access, federated identities, and identity-centric security (ITDR).
| Term | Definition |
| CIEM | Cloud Infrastructure Entitlement Management calculates effective permissions to identify and remove over-privileged cloud accounts. |
| FIDO2 | A modern passwordless authentication standard that uses public-key cryptography to stop phishing and MFA-fatigue attacks. |
| ITDR | Identity Threat Detection and Response focuses on detecting credential misuse, privilege escalation, and lateral movement in identity stores. |
| JIT-TRUST | Just-in-Time Trust grants elevated privileges only when requested and for a limited time, rather than having standing permissions. |
| SCIM | System for Cross-domain Identity Management is an open standard for automating user provisioning/deprovisioning between apps. |
| ZSP | Zero Standing Privileges is the goal of a mature Zero Trust system where no account has persistent administrative rights. |
Domain 6: Security Assessment and Testing
Vulnerability assessment, penetration testing, and continuous security validation.
| Term | Definition |
| Adversarial ML | Adversarial ML. Testing AI models by attempting to trick them with adversarial inputs to bypass security filters or extract training data. |
| BAS | Breach and Attack Simulation tools that automate the execution of threat actor TTPs to continuously validate security controls. |
| IAST | Interactive Application Security Testing uses agents inside the app to find vulnerabilities during runtime with high accuracy. |
| Penetration Testing | Penetration Testing. A structured, authorized attempt to exploit vulnerabilities in a system to evaluate the security of that system. |
Domain 7: Security Operations
Incident response, logging, monitoring, and operational excellence.
| Term | Definition |
| Detection Engineering | Treates detections as code, focusing on building logic to identify TTPs while reducing false positives and alert fatigue. |
| EDR | Endpoint Detection and Response provides continuous monitoring and response capabilities for endpoints (laptops, servers). |
| SOAR | Security Orchestration, Automation, and Response tools that integrate security products to automate incident response workflows. |
| UEBA | User and Entity Behavior Analytics uses ML to detect deviations from a normal baseline for users and devices. |
| VDP | Vulnerability Disclosure Program is the formal process for receiving and managing vulnerability reports from the public. |
Domain 8: Software Development Security
Securing the SDLC, application security testing, and DevSecOps.
| Term | Definition |
| Deepfake | AI-generated synthetic media used in modern BEC 3.0 attacks to impersonate executives via video or audio during a breach. |
| DevSecOps | The cultural and technical shift of integrating security testing and compliance into every stage of the DevOps pipeline. |
| SAST | Static Application Security Testing analyzes source code or binaries for vulnerabilities without actually running the code. |
| DAST | Dynamic Application Security Testing tests a running application from the outside, mimicking how an attacker would find flaws. |
| SCA | Software Composition Analysis identifies and manages the risks associated with third-party and open-source libraries. |
| Legacy Term / Concept | Modern Counterpart | The Why (Strategic Shift) |
| Antivirus (AV) | EDR / XDR | From signature-based file blocking to behavioral analysis and flight recorder visibility. |
| VPN (Virtual Private Network) | ZTNA / SSE | From all-or-nothing network access to granular, application-level Zero Trust access. |
| Firewall (Stateful) | NGFW / WAF | From simple port/IP blocking to deep packet inspection and application-layer awareness. |
| Vulnerability Scanning | CTEM / Exposure Mgmt | From a once-a-quarter to-do list to a continuous cycle of prioritizing reachable risks. |
| IAM (Static Roles) | CIEM / ITDR | From basic User/Pass management to real-time entitlement analysis and identity threat response. |
| On-Prem SIEM | SOAR / Cloud SIEM | From a passive log bucket to an automated, cloud-scale orchestration and response engine. |
| Standing Privileges | ZSP / JIT-Trust | From Admins are always Admins to Admins are only Admins for 30 minutes while they fix this. |
| Perimeter Defense | CNAPP | From building a wall to securing the code, the workload, and the cloud fabric simultaneously. |
This glossary provides a comprehensive overview of terms used in cybersecurity and IT, covering various aspects of security measures, malware, password management, and user education.