Glossary
MFT agents
Lightweight applications that work to automate file transfers and workflows on systems (both remote and on-premises) throughout an enterprise. MFT Agents: Definitions, Differences, and Use Cases
multifactor authentication (MFA)
Electronic authentication method in which a user is granted access to a website or application only after presenting two or more pieces of identity authentication.
National Cyber Security Centre (UK) (NCSC)
Supports the UK’s critical organizations, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, NCSC provides effective incident response to minimize harm to the UK, help with recovery, and learn lessons for the future. https://www.ncsc.gov.uk/
National Institute of Standards and Technology (NIST)
A physical sciences laboratory, and a nonregulatory agency of the U.S. Department of Commerce. The NIST promotes U.S. innovation and industrial competitiveness in the fields of technology, engineering, IT, and more. What is NIST?
network detection and response (NDR)
Network detection and response (NDR) is a burgeoning field of cybersecurity that enables organizations to monitor network traffic for malicious actors and suspicious behavior and react and respond to the detection of cyber threats to the network.
network intrusion detection system (NIDS)
A network intrusion detection system is as a hardware device or software program that oversees networks or systems for malevolent actions or breaches of regulations. Instances of intrusion or breaches prompt notifications directed to an administrator or are centrally gathered through a security information and event mechanism.
North American Electric Reliability Corporation (NERC)
A nonprofit international regulatory body whose ‘mission it is to assure the effective and efficient reduction of risks to the reliability and security of the grid.’
North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)
NERC Critical Infrastructure Protection (NERC-CIP) is a set of requirements designed to secure the assets required for operating North America's bulk electric system.
on-premises, on-prem
Software and technology located within the physical confines of an enterprise, often in the company’s data center as opposed to running remotely on hosted servers or in the cloud.
Open PGP
A popular encryption standard that protects the privacy and integrity of sensitive files. Open PGP is an open-source offshoot of PGP that uses PGP as its foundation. Everything You Need to Know About Open PGP Encryption
open source
Software that comes with permission to use, copy, and distribute, either as-is or with modifications, and that may be offered either free or with a charge.
Open Worldwide Application Security Project (OWASP)
The Open Worldwide Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources.
operating system (OS)
The software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals. Examples include Windows, IBM i, Linux, VIOS, AIX, and UNIX.
optical character recognition (OCR)
The process of detecting and extracting text from an image file, an image embedded within an electronic document, or a scan of a document.
original equipment manufacturer (OEM)
A company that produces complex equipment (such as a computer system) from components usually bought from other manufacturers.
Payment Card Industry Data Security Standard (PCI DSS, PCI)
The comprehensive set of requirements designed to ensure that any company that processes, stores, or transmits credit card information does so by maintaining a secure environment. The requirements were established to help prevent payment data breaches and payment card fraud.
PCI Security Standards Council (PCI SSC)
PCI Security Standards Council (PCI SSC), made up of major payment companies, including Visa, MasterCard, American Express, Discover, and JCB, administers and manages the PCI DSS standard. However, enforcing the compliance of PCI DSS is the responsibility of the individual payment brands.
penetration testing
Also called pen testing. An attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. Fortra’s Core Security Core Impact, Cobalt Strike, and IBM i product lines deliver pen testing solutions.
personally identifiable information (PII)
Data that directly or indirectly identifies a specific individual, such as names, addresses, biometrics, and alphanumeric account numbers.
platform as a service (PaaS)
A form of cloud computing in which a provider delivers hardware and software tools on its own infrastructure to users over the internet.
portable document format (PDF)
A file format that provides an electronic image of text or text and graphics that looks like a printed document and can be viewed, printed, and electronically transmitted.
Pretty Good Privacy (PGP)
An encryption program that provides cryptographic privacy and authentication for data communication. See also Open PGP.
privileged access management (PAM)
Giving users only the access they need and ensuring that least privileged access is enforced. Fortra’s Core Privileged Access Manager (BoKS) product delivers privileged access management solutions.
protected health information (PHI)
Any information in a medical record that can be used to identify an individual and that was created, used, or disclosed while providing a healthcare service such as diagnosis or treatment.
provisioning (PROV)
Provisioning is the process of setting up IT infrastructure. It can also refer to the steps required to manage access to data and resources and make them available to users and systems.
quality assurance (QA)
A program for the systematic monitoring and evaluation of the various aspects of a project, service, or facility to ensure that standards of quality are being met.
ransomware
A type of malware that locks users and system administrators out of computers, files, and networks until a ransom is paid. Ransomware can be unknowingly downloaded and launched when users click on email or website links.
ransomware as a service (RaaS)
A business model where threat actors can purchase pre-packaged ransomware kits to launch on their targets without needing the expertise to develop the code themselves.
rapid penetration test (RPT)
Automation that enables admins to discover, test, and report on vulnerabilities easily.
red team
Offensive security professionals, experts in attacking systems.
redaction
Blacking out sensitive data within a document or dataset.
remote monitoring and management (RMM)
A category of software that enables managed service providers (MSPs) to automate the monitoring and management of a client’s critical IT infrastructure, such as networks, hardware, workstations, servers, and other endpoints.
representational state transfer (REST)
An architectural style consisted of a coordinated set of architectural constraints applied to components, connectors, and data elements, all within a distributed hypermedia system.
sanitization
Permanent removal of sensitive data from a document, image or dataset, including any hidden fields. Also known as document sanitization or data sanitization.
Sarbanes-Oxley (SOX)
A United States federal law that addresses financial recordkeeping and reporting. It requires that any publicly traded American or overseas company registered with the Securities and Exchange Commission (SEC) demonstrate strong and transparent internal control over their financial reporting (ICFR). Companies that provide financial services to such firms also fall under SOX compliance obligation. In addition, top executives ultimately are held responsible for the accuracy of the financial data of their organization, under SOX.
secure file transfer (SFT)
Secure file transfer is a data sharing method that uses secure protocols and encryption to safeguard data in transit and at rest.