personally identifiable information (PII)

Data that directly or indirectly identifies a specific individual, such as names, addresses, biometrics, and alphanumeric account numbers.

Phishing

A fraudulent attempt to obtain sensitive data such as usernames, passwords, and credit card details by disguising as a trustworthy entity through digital communications.

Phishing Website

A hoax website built to mimic reputable brands with the intention of misleading readers into giving up personal data such as usernames, passwords and financial information.  

platform as a service (PaaS)

A form of cloud computing in which a provider delivers hardware and software tools on its own infrastructure to users over the internet.

Pretty Good Privacy (PGP)

An encryption program that provides cryptographic privacy and authentication for data communication. See also Open PGP.

privileged access management (PAM)

Giving users only the access they need and ensuring that least privileged access is enforced. Fortra’s Core Privileged Access Manager (BoKS) product delivers privileged access management solutions.    

purple teaming

A collaborative security practice that integrates the offensive capabilities of an organization's Red Team with the defensive capabilities of its Blue Team to ensure continuous improvement and validate security controls.

ransomware

A type of malware that locks users and system administrators out of computers, files, and networks until a ransom is paid. Ransomware can be unknowingly downloaded and launched when users click on email or website links.

ransomware as a service (RaaS)

A business model where threat actors can purchase pre-packaged ransomware kits to launch on their targets without needing the expertise to develop the code themselves.

rapid penetration test (RPT)

Automation that enables admins to discover, test, and report on vulnerabilities easily.

red team

Offensive security professionals, experts in attacking systems.

redaction

Blacking out sensitive data within a document or dataset.

sanitization

Permanent removal of sensitive data from a document, image or dataset, including any hidden fields. Also known as document sanitization or data sanitization.

Sarbanes-Oxley (SOX)

A United States federal law that addresses financial recordkeeping and reporting. It requires that any publicly traded American or overseas company registered with the Securities and Exchange Commission (SEC) demonstrate strong and transparent internal control over their financial reporting (ICFR). Companies that provide financial services to such firms also fall under SOX compliance obligation. In addition, top executives ultimately are held responsible for the accuracy of the financial data of their organization, under SOX.

secure file transfer (SFT)

Secure file transfer is a data sharing method that uses secure protocols and encryption to safeguard data in transit and at rest.

secure file transfer protocol (Secure FTP)

A secure version of FTP, which facilitates data access and transfer over a Secure Shell (SSH) data stream. What is Enterprise SFTP Software?

secure mail transfer protocol/secure (SMTPs)

A more secure version of SMTP, this is a protocol for sending email messages between servers using TLS, or Transport Layer Security, and formerly SSL.

secure shell file transfer protocol (SFTP)

A network protocol that organizations can use to secure and send file transfers over SSH (Secure Shell).

security awareness training

Technology that implements educational programs designed to inform employees about cybersecurity threats, company policies, and best practices to better prepare them to recognize and avoid risks like phishing and social engineering.

security configuration management (SCM)

The management and control of configurations for an information system to enable security and facilitate the management of risk.

security information and event management (SIEM)

Software that gives organizations helpful insights into potential security threats across critical business networks. This is possible via centralized collection and analysis of normalized security data pulled from a variety of systems, including antivirus applications, firewalls, and intrusion prevention solutions. Fortra’s Core Security and Powertech product lines deliver SIEM solutions.

security operations center (SOC)

A security operations center is a strategic command center facility for fighting cyberattacks through monitoring, threat analysis, and more. SOC analysts perform around-the-clock monitoring of an organization's network and investigate any potential security incidents.

SEO Poisoning

A practice by threat actors to bend search engine results pages (SERPs) to their malicious websites for cyberattack tactics. 

shadow IT

When a company’s employees use hardware or software, particularly SaaS applications, on the corporate network without the knowledge of the IT team. This puts the organization at risk. 

single pane of glass (SPOG)

Single pane of glass is a term used throughout the IT and management fields relating to a management tool that unifies data or interfaces across several different sources and presents them in a single view.

Social Media Gripe Site

A website or platform designed for users to post negative complaints, criticism, and feedback targeting specific individuals, organizations, products, or services.

Social Media Spoofing

Also known as a “fake social media profile,” social media spoofing is the practice of creating or using a fabricated social media account to impersonate someone else or mislead people online.

software as a service (SaaS)

A software distribution model in which software is licensed on a subscription basis and is centrally hosted. It is a form of cloud computing that gives users access to software that runs on a shared resource online.

Source Code Leak

An exposure of source code data or snippets including operating system or application code.

spear phishing

A cybercrime that uses emails to carry out targeted attacks against individuals and businesses.

static application security testing (SAST)

Static application security testing is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities.

supervisory control and data acquisition (SCADA)

A system used in manufacturing for acquiring measurements of process variables and machine states, and for performing regulatory or machine control across a process area or work cell.

Takedown API

A mechanism of digital threat mitigation that enables organizations to automate the process of submitting and managing site and post takedown requests that have infringed their copyrighted content or intellectual property.

threat intelligence (TI)

The analysis of data using tools and techniques to generate meaningful information about existing or emerging threats targeting the organization that helps mitigate risks.

Threat Mitigation

Assessing vulnerabilities to create proactive threat prevention measures and an ongoing threat detection strategy.

threat vulnerability management (TVM)

The cyclical practice of identifying, assessing, classifying, remediating, and mitigating security weaknesses together with fully understanding root cause analysis to address potential flaws in policy, process and, standards – such as configuration standards.