Plain-English Glossary.

A security platform that monitors endpoints (PCs, laptops, servers) for malicious behavior patterns, alerts on suspicious activity, and can automatically respond to threats. Modern replacement for signature-based antivirus.

EDR plus a human-staffed 24/7 Security Operations Center (SOC) that monitors alerts, investigates threats, and takes response actions on the customer's behalf.

A security platform that extends detection across endpoints, identity, email, cloud, and network — broader scope than EDR. Often paired with managed service (MXDR).

A team of security analysts who continuously monitor an organization's networks, endpoints, and identities for security threats, investigate alerts, and coordinate response. Can be internal or outsourced via MDR/MSSP services.

A platform that aggregates security logs from across an organization (endpoints, network, cloud, identity) for centralized correlation, alerting, and forensic investigation. Examples: Microsoft Sentinel, Splunk, Sumo Logic.

A platform that automates security incident response workflows — connecting alerts from SIEM/EDR to predefined response playbooks. Reduces analyst workload and response time.

A security model that grants application-level access based on identity and device posture instead of network location. Replaces traditional VPN access patterns.

An authentication method requiring two or more verification factors — something you know (password), something you have (phone, token), or something you are (biometric). The single most effective control against credential theft.

A security control where only pre-approved software can run on an endpoint. Everything not on the approved list is blocked by default. Formerly called whitelisting.

A social engineering attack that uses email, text, or voice to deceive recipients into revealing credentials, transferring money, or installing malware. Spear phishing targets specific individuals; whaling targets executives.

Malicious software that encrypts files and demands payment for decryption. Modern variants also exfiltrate data and threaten public release (double extortion).

A category of email fraud where attackers impersonate executives, vendors, or trusted contacts to trick employees into wiring money or sharing sensitive data. The FBI ranks BEC as one of the highest-loss cybercrime categories.

US law setting rules for protecting Protected Health Information (PHI). Applies to healthcare providers, health plans, healthcare clearinghouses, and business associates handling patient data.

US Department of Defense framework for protecting Controlled Unclassified Information (CUI) in the defense industrial base. Three levels; Level 2 requires third-party assessment.

An AICPA audit framework that verifies a service organization protects customer data across five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

Required security framework for any business that accepts, processes, stores, or transmits credit card data. Compliance requirements scale with annual transaction volume.

US law requiring financial institutions to protect customer financial information. The FTC Safeguards Rule (updated 2023) extends to non-traditional financial institutions including auto dealers, tax preparers, and mortgage brokers.

A voluntary framework from the US National Institute of Standards and Technology that organizes cybersecurity practices into Govern, Identify, Protect, Detect, Respond, and Recover functions. Widely adopted by US organizations.

NIST Special Publication 800-171 — the underlying control set (110 controls) that CMMC Level 2 builds on. Required for organizations handling Controlled Unclassified Information (CUI).

A company that delivers ongoing IT services — helpdesk, monitoring, patch management, cybersecurity, backup — under a recurring monthly agreement instead of charging hourly for incidents.

A company that specializes in cybersecurity services — SOC operations, threat detection, incident response. May overlap with MSP capabilities or operate as a standalone security-focused vendor.

A fractional senior IT leader hired on retainer to provide strategic technology guidance — budgeting, roadmaps, vendor strategy, board reporting — without the cost of a full-time C-level IT executive.

A fractional senior security leader hired on retainer to own the security program, compliance posture, and incident response coordination for organizations too small to justify a full-time CISO.

A hybrid model where an external MSP supplements an organization's existing internal IT team instead of replacing it. Common for businesses 50-200 employees.

A team or facility responsible for monitoring and maintaining the operational health of IT infrastructure — servers, networks, applications, cloud workloads. Often co-located or integrated with the SOC.

Software platforms used by MSPs to remotely monitor, manage, patch, and support endpoints across many clients. Examples: NinjaOne, Kaseya, ConnectWise, Datto RMM.

Ticketing and project management software used by MSPs to track client work, time, billing, and SLA compliance. Examples: ConnectWise PSA, HaloPSA, Autotask.

A contractual agreement specifying the service standards a provider commits to — response times, resolution targets, uptime guarantees — and the penalties for missing them.

Microsoft's cloud productivity suite — Outlook, Word, Excel, PowerPoint, Teams, SharePoint, OneDrive — combined with Windows licensing and security tooling depending on plan tier.

Microsoft's cloud-hosted Windows desktop service. Users connect from any device to a Windows session running in Azure, with desktop, apps, and data staying in the cloud.

Microsoft's AI assistant integrated into M365 apps. Drafts documents, summarizes emails and meetings, analyzes Excel data, generates PowerPoint decks, and queries SharePoint using your tenant's own data as context.

Microsoft's cloud identity and access management platform, formerly known as Azure Active Directory (Azure AD). Powers single sign-on, MFA, and Conditional Access across Microsoft and third-party SaaS.

Microsoft's mobile device management (MDM) and mobile application management (MAM) platform. Manages Windows, macOS, iOS, and Android devices with configuration, security policy, and app deployment.

A Microsoft Entra ID feature that enforces granular access policies based on user identity, device compliance, location, and risk signals. The technical foundation of Zero Trust on Microsoft platforms.

Microsoft's FedRAMP High-equivalent Microsoft 365 environment for US defense contractors handling Controlled Unclassified Information (CUI). Required for CMMC Level 2 compliance on M365 workloads.

The maximum acceptable time to restore a system after an incident. Measured in hours or days. Drives backup architecture decisions like local appliance vs cloud-only.

The maximum acceptable data loss measured by the time between backups. An RPO of 1 hour means backups must occur at least hourly.

The combined disciplines of keeping a business operating during disruption (BC) and restoring full operations after a major incident (DR). Includes backup, replication, runbooks, and tested recovery procedures.

A backup best practice: 3 copies of important data, on 2 different storage types, with 1 copy offsite. Modern variants extend to 3-2-1-1-0 with an immutable copy and zero verified errors.

A backup copy stored in a way that cannot be modified or deleted for a defined retention period, even by an attacker with administrator credentials. Critical defense against ransomware.

A networking architecture that uses software to manage and optimize traffic across multiple WAN connections (broadband, MPLS, LTE), often improving performance and reducing carrier costs vs traditional MPLS-only deployments.

A cloud-delivered architecture combining SD-WAN, ZTNA, SWG, CASB, and FWaaS into a unified network and security platform. Pronounced "sassy."

A logical segmentation of a physical network into multiple isolated broadcast domains. Used to separate departments, guest Wi-Fi, IoT devices, or production from corporate traffic.

A method of extending a private network across a public network, encrypting traffic between remote users/sites and corporate resources. Increasingly replaced by ZTNA in modern environments.

An authentication arrangement where one set of credentials grants access to multiple applications. Reduces password fatigue, improves security through centralized policy enforcement, and simplifies offboarding.

An XML-based open standard for exchanging authentication and authorization data between identity providers and service providers. Common protocol for enterprise SSO.

An open standard for access delegation, allowing third-party applications to access resources on behalf of users without sharing passwords. Foundation for "Sign in with Google/Microsoft" flows.

A category of security tools that secure, control, and monitor privileged accounts (administrator, root, service accounts). Includes credential vaulting, session recording, and just-in-time access.

A workplace policy allowing employees to use personally-owned devices for work. Requires careful security policy (Intune/MAM, conditional access) to protect corporate data on uncontrolled hardware.

The full lifecycle cost of a technology investment — purchase, deployment, training, maintenance, support, and eventual replacement — beyond just sticker price.

The practice of managing IT infrastructure (servers, networks, configurations) through declarative code stored in version control rather than manual configuration. Examples: Terraform, Bicep, Ansible.

A defined interface that allows software systems to communicate with each other. The connective tissue between modern SaaS applications, integrations, and automation workflows.