IT & Cybersecurity Terms in Plain English

A security approach that assumes no user, device, or application should be trusted by default—even if it sits inside the corporate network. Access is granted only after verifying identity, device health, and context for every request, which limits how far attackers can move if they breach a single control.

Software that continuously monitors laptops, servers, and workstations for suspicious activity. It records behavior, blocks malicious processes, and gives responders the forensic data they need to investigate and remediate threats quickly.

An evolution of EDR that combines telemetry from endpoints, email, cloud platforms, and networks. By stitching those signals together, XDR provides a single console for spotting complex attacks and automating containment across multiple layers.

A broad email or text campaign designed to trick recipients into clicking malicious links or sharing sensitive information. Messages are often generic—think fake shipping notices or payroll alerts—and rely on volume to catch victims.

A highly targeted phishing attack crafted for a specific individual or organization. Attackers research their target, reference real projects or colleagues, and often impersonate executives in order to steal credentials or initiate fraudulent wire transfers.

Malicious software that encrypts files or entire systems and demands payment for a decryption key. Modern ransomware gangs add extortion by threatening to leak stolen data or disrupt operations if the victim refuses to pay.

A login requirement that combines something you know (password), something you have (phone, hardware token), or something you are (biometrics). MFA blocks the majority of credential theft because stolen passwords alone are no longer enough to gain access.

A subset of MFA that requires exactly two different credential types. Common combinations pair a password with a smartphone app code or text message, adding an extra layer of security without major disruption for users.

A team of analysts who monitor security alerts around the clock, investigate suspicious activity, and coordinate incident response. A SOC blends people, processes, and tools to keep threats from turning into business outages.

A platform that collects logs from across your environment, correlates events, and raises alerts when patterns indicate a potential attack. SIEMs are the data engine that power SOC teams and compliance reporting.

An authorized, simulated attack carried out by security professionals to uncover exploitable weaknesses before criminals do. Pen tests validate whether controls work as expected and provide proof points for leadership and regulators.

A structured review that scans systems, applications, and configurations for known weaknesses. Unlike penetration testing, it does not actively exploit issues—it identifies them, assigns severity, and helps prioritize remediation efforts.

A complete copy of all selected data at a single point in time. Full backups simplify restores because everything you need is in one set, but they consume more storage and bandwidth than incremental approaches.

A copy that captures only the data changed since the last backup of any type. Incrementals are efficient and quick to run, though restoring requires the original full backup plus every incremental taken afterward.

A backup that stores data changed since the last full backup. It strikes a balance between full and incremental strategies by simplifying restores—only two backup sets are required—while still saving time and storage.

The maximum amount of time your business can tolerate a system being offline before it causes unacceptable impact. RTO guides how quickly backups and failover solutions must bring services back online after a disruption.

The amount of data loss your organization can accept, measured in time between backups. If your RPO is one hour, your backup strategy must capture changes at least every 60 minutes so recovery never exceeds that gap.

The broader strategy for keeping critical operations running during disruptions. It includes alternative work locations, manual processes, communication plans, and the technology required to deliver services when normal conditions fail.

A focused subset of business continuity that addresses restoring IT systems and data after an outage. Disaster recovery plans outline backup methods, failover steps, and responsibilities for bringing technology back online safely.

A U.S. law that sets national standards for protecting patient health information. Covered entities and business associates must implement administrative, physical, and technical safeguards—and can face heavy fines if they fall short.

A Federal Trade Commission regulation that requires financial institutions—including automotive dealerships offering financing—to implement a written information security program with nine specific elements. Non-compliance can lead to penalties up to $50,000 per violation.

The Department of Defense framework that verifies contractors are protecting controlled unclassified information. CMMC levels range from foundational hygiene to advanced controls and will be required for many defense contracts moving forward.

An auditing standard from the American Institute of CPAs that evaluates how organizations secure data across five trust principles: security, availability, processing integrity, confidentiality, and privacy. Passing a SOC 2 audit demonstrates strong control maturity to customers and partners.

A logic statement inside a SIEM that links related events—like multiple failed logins followed by a successful one from a new location—and escalates them as a single actionable alert. Well-tuned correlation rules reduce noise and surface real threats faster.

A backup copy that cannot be altered, encrypted, or deleted for a defined retention period. Immutable storage is a critical defense against ransomware because attackers cannot tamper with your last line of recovery.

A security principle that grants users and applications only the minimum level of access they need to perform their tasks. Enforcing least privilege limits the damage a compromised account can cause and simplifies compliance audits.

Technology solutions—often cloud apps or personal devices—adopted by employees without formal approval. Shadow IT expands the attack surface and can violate compliance requirements because data lives outside managed, monitored systems.

The ongoing process of evaluating, testing, and applying software updates to close security vulnerabilities. Effective patch management includes prioritized scheduling, rollback planning, and documented proof that critical systems remain current.

A discussion-based simulation where stakeholders walk through how they would respond to an incident. Tabletop drills validate roles, communication plans, and decision-making processes before a real-world crisis hits.

A documented guide that outlines how your organization detects, contains, eradicates, and recovers from security events. It defines roles, communication channels, regulatory requirements, and post-incident review steps to ensure each response is consistent and effective.