Knowledge Hub
CISO Glossary
Plain-English definitions of the terms, acronyms, and concepts every security leader and board member should know.
- APT (Advanced Persistent Threat)
- A sophisticated, long-term cyberattack in which an intruder gains access to a network and remains undetected for an extended period, often with state-sponsored backing.
- Attack Surface
- The total number of points where an unauthorised user could try to enter or extract data from an environment. Includes devices, applications, cloud services, and people.
- Blue Team
- The defensive security group responsible for protecting an organisation against attacks and improving security posture over time.
- Board Reporting
- The practice of translating technical security risks, metrics, and incidents into business language so that non-executive directors can understand and act on them.
- Business Continuity
- The planning and preparation an organisation undertakes to ensure that critical business functions can continue during and after a disaster or disruption.
- CISO (Chief Information Security Officer)
- The senior executive responsible for establishing and maintaining an organisation's security strategy, policies, and risk management programme.
- Compliance
- Adherence to laws, regulations, and standards relevant to an organisation's operations. In cybersecurity, common frameworks include GDPR, ISO 27001, SOC 2, NIS2, and DORA.
- CTEM (Continuous Threat Exposure Management)
- A Gartner-defined approach that continuously evaluates and reduces an organisation's attack surface by prioritising exposures based on exploitability and business impact.
- CVE (Common Vulnerabilities and Exposures)
- A publicly disclosed cybersecurity vulnerability that has been assigned a unique identifier to enable consistent tracking and discussion.
- CVSS (Common Vulnerability Scoring System)
- An open framework for rating the severity of security vulnerabilities on a scale from 0.0 (low) to 10.0 (critical).
- Cyber Insurance
- An insurance product designed to help organisations mitigate risk exposure by offsetting costs involved with recovery from a cyber-related security breach or similar events.
- Data Classification
- The process of organising data into categories based on its sensitivity, value, and regulatory requirements so that appropriate security controls can be applied.
- DLP (Data Loss Prevention)
- A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorised users.
- EDR (Endpoint Detection and Response)
- A cybersecurity solution that continuously monitors endpoints to detect and investigate suspicious activity in real time.
- fCISO (Fractional CISO)
- An experienced cybersecurity executive who provides strategic security leadership to organisations on a part-time or retainer basis.
- IAM (Identity and Access Management)
- The framework of policies and technologies that ensures the right individuals access the right resources at the right times for the right reasons.
- Incident Response
- The organised approach to addressing and managing the aftermath of a security breach or cyberattack, with the goal of limiting damage and reducing recovery time.
- KEV (Known Exploited Vulnerabilities)
- A catalogue maintained by CISA and other bodies of vulnerabilities that have been observed being actively exploited in the wild.
- Living off the Land
- A technique where attackers use legitimate tools and software already present on a target system to carry out malicious activities, making detection more difficult.
- Malware
- Any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, or gain unauthorised access.
- MDR (Managed Detection and Response)
- An outsourced security service that combines technology and human expertise to detect, investigate, and respond to threats in real time.
- MFA (Multi-Factor Authentication)
- A security mechanism that requires users to provide two or more verification factors to gain access to a resource, making stolen passwords alone insufficient.
- MTTD (Mean Time to Detect)
- The average time it takes for an organisation to identify a security incident from the moment it occurs.
- MTTR (Mean Time to Respond / Recover)
- The average time it takes to contain, remediate, and recover from a security incident once it has been detected.
- N-day
- A vulnerability that has been publicly disclosed and for which a patch is available, but remains exploitable on unpatched systems.
- PAM (Privileged Access Management)
- A security discipline that manages, monitors, and controls privileged access to critical systems and sensitive data.
- Penetration Testing
- A simulated cyberattack against your computer system to check for exploitable vulnerabilities, often conducted by external specialists.
- Phishing
- A social engineering attack in which an attacker sends fraudulent communications that appear to come from a reputable source, usually to steal credentials or deploy malware.
- Purple Team
- A collaborative exercise that combines red team (offensive) and blue team (defensive) activities to improve an organisation's security posture through shared learning.
- Ransomware
- A type of malicious software designed to block access to a computer system or data until a sum of money is paid.
- Red Team
- A group of security professionals authorised to emulate real-world attackers in order to test and improve an organisation's defences.
- Risk Assessment
- The process of identifying, analysing, and evaluating risks to an organisation's assets, operations, and reputation.
- RPO (Recovery Point Objective)
- The maximum acceptable amount of data loss measured in time. It determines how frequently backups must be taken to meet business continuity requirements.
- RTO (Recovery Time Objective)
- The maximum acceptable time that a system or service can be down after a disruption before unacceptable consequences occur.
- Security Culture
- The shared values, behaviours, and practices that determine how seriously an organisation and its employees take security in their day-to-day work.
- Security Posture
- The overall strength of an organisation's cybersecurity programme, including its policies, controls, and readiness to defend against threats.
- Shadow AI
- The unauthorised or unmonitored use of AI tools within an organisation, often by employees without IT or security oversight.
- Shadow IT
- The use of information technology systems, devices, software, applications, and services without explicit IT department approval.
- SIEM (Security Information and Event Management)
- A solution that aggregates and analyses security data from across an organisation to detect threats, support investigations, and enable compliance reporting.
- SOAR (Security Orchestration, Automation and Response)
- A stack of software solutions that allow organisations to collect data about security threats and respond to security events with minimal human intervention.
- Social Engineering
- The manipulation of people into performing actions or divulging confidential information, typically through deception.
- Supply Chain Security
- The practice of securing the networks, systems, and vendors that contribute to an organisation's products and services.
- Tabletop Exercise
- A discussion-based simulation where key stakeholders walk through a hypothetical security incident or crisis scenario to test plans, identify gaps, and improve response readiness.
- Technical Debt
- The implied cost of additional rework caused by choosing an easy solution now instead of using a better approach that would take longer.
- Third-Party Risk
- The potential threat presented to an organisation by external parties such as vendors, suppliers, contractors, and partners who have access to its systems or data.
- Threat Actor
- Any individual or group that poses a cybersecurity threat, including nation-states, criminal organisations, hacktivists, and insiders.
- Threat Intelligence
- Evidence-based knowledge about existing or emerging threats to assets, including context, mechanisms, indicators, and actionable advice.
- Threat Landscape
- The overall picture of the threats currently facing an organisation or industry, including the types of attackers, methods, and vulnerabilities in play.
- vCISO (Virtual CISO)
- A CISO who delivers security leadership remotely, often through a managed service or consultancy arrangement.
- Vulnerability Management
- The continuous process of identifying, evaluating, remediating, and reporting on security vulnerabilities in systems and software.
- XDR (Extended Detection and Response)
- A security platform that unifies detection and response across multiple data sources - such as endpoints, networks, email, and cloud - to improve threat visibility and response speed.
- Zero Day
- A software vulnerability that is unknown to the vendor and has no available patch at the time it is discovered or exploited.
- Zero Trust
- A security model that assumes no user or device should be trusted by default, regardless of whether they are inside or outside the network perimeter. Access is granted strictly on a need-to-know, verified basis.
Need Help Making Sense of It All?
If you are struggling to translate these terms into action, our fractional CISOs can help cut through the jargon and build a security programme that fits your business.
Book a Call