Security Glossary

Security glossary — A to Z.

66 terms from IT security, compliance, and data protection — concise, clear, practical. In German and English.

0123456789A B C D E F G H IJK L M N O P Q R S TUV W XYZ66 terms

2FA2: Two-factor authentication. A subset of MFA combining exactly two factors — typically password and TOTP or SMS. Often used interchangeably with MFA, but strictly speaking a special case.

AVVA: Data processing agreement (DPA). Mandatory document under GDPR Art. 28 when a service provider processes personal data on behalf of a controller. Defines purpose, nature of processing, instructions, and technical/organisational measures.

BackdoorB: A hidden access point in a system or software that allows unauthorised access — often installed by attackers after a compromise or intentionally built in by a vendor. Backdoors bypass normal authentication mechanisms.
BaitingB: A social engineering attack where a victim is lured by an enticing offer — e.g. a USB drive labelled 'Salary Overview 2025' — into executing malware. Exploits curiosity as the attack vector.
BECB: Business Email Compromise. A targeted attack in which attackers compromise or impersonate legitimate business email accounts to trigger wire transfers, data disclosures, or other actions. Often highly personalised. See also CEO fraud.
BSI IT-GrundschutzB: Methodological framework from the German Federal Office for Information Security (BSI) for systematic information security management. Contains building blocks (including ORP.3 for awareness) and underpins ISO 27001 certifications in Germany.

CASBC: Cloud Access Security Broker. A security layer between cloud users and cloud services that provides visibility, compliance, data security, and threat protection for cloud applications (SaaS, IaaS, PaaS).
CEO-FraudC: A variant of BEC where attackers impersonate the CEO or another executive to pressure employees — typically in finance — into urgent wire transfers or data disclosures. Exploits authority and time pressure as manipulation levers.
CVEC: Common Vulnerabilities and Exposures. A public registry of known security vulnerabilities, maintained by the MITRE Corporation. Each vulnerability receives a unique CVE identifier (e.g. CVE-2024-12345) to facilitate industry-wide communication.

Data LeakD: Unintended or unauthorised disclosure of confidential data. Can result from external attacks, insider errors, misconfigurations, or shadow IT. GDPR and nDSG require notification to supervisory authorities for certain data breaches.
DKIMD: DomainKeys Identified Mail. An email authentication method in which outgoing emails are cryptographically signed. The receiving server verifies the signature against a public key in DNS. Prevents email tampering in transit.
DLPD: Data Loss Prevention. Technologies and processes that prevent the inadvertent or malicious exfiltration of sensitive data — for example by content analysis of emails, file uploads, or USB transfers.
DMARCD: Domain-based Message Authentication, Reporting and Conformance. Builds on SPF and DKIM and allows domain owners to specify how emails that fail both checks should be handled (e.g. reject or quarantine). A key tool against email spoofing.
DPAD: Data Processing Agreement. Mandatory contract under GDPR Art. 28 between a data controller and a processor. See also AVV.
DSGVOD: Datenschutz-Grundverordnung. The German name for the EU General Data Protection Regulation (GDPR). See GDPR.

EBAE: European Banking Authority. EU supervisory authority for the banking sector. Issues guidelines on ICT risk management and cybersecurity that are binding for EU banks and explicitly require awareness measures.
EDRE: Endpoint Detection and Response. A security solution that continuously monitors endpoints (laptops, servers) for suspicious behaviour, detects attacks, and enables automated or manual responses. An evolution from classical antivirus towards behavioural detection.

FIDO2F: Fast Identity Online 2. An open authentication standard enabling passwordless or phishing-resistant login via hardware keys (e.g. YubiKey) or device-native biometrics. The foundation for passkeys.
FINMAF: Swiss Financial Market Supervisory Authority. The Swiss regulator for banks, insurers, and other financial institutions. FINMA Circular 2023/1 contains explicit requirements on cybersecurity and awareness.

GDPRG: General Data Protection Regulation. EU Regulation 2016/679, in force since May 2018, setting uniform rules for processing personal data of EU residents. Applicable to any organisation processing such data regardless of location.

HoneypotH: An intentionally vulnerable or attractive system placed as a lure for attackers. Activity on the honeypot indicates an attack, since legitimate users have no reason to access it.

IAMI: Identity and Access Management. A framework of policies and technologies controlling who can access which resources — including identity verification, role assignment, access rights, and audit logging.
IdPI: Identity Provider. A service that manages identities and issues authentication assertions to other services (service providers). Examples: Microsoft Entra ID, Okta, Google Workspace. The foundation for SSO.
Insider ThreatI: A security risk originating from current or former employees, contractors, or business partners — either intentional (sabotage, data theft) or unintentional (mistakes, negligence). One of the most difficult risks to detect.
IOCI: Indicator of Compromise. Forensic artefacts indicating a past attack — e.g. suspicious IP addresses, file hashes, registry entries, or domain names. Shared between security teams to speed up attack detection.
ISMSI: Information Security Management System. A systematic approach to managing information security risks — comprising policies, processes, roles, and technologies. ISO 27001 is the leading international standard for ISMS.
ISO 27001I: International standard for Information Security Management Systems (ISMS). Sets requirements for systematic risk management and includes Annex A with 93 controls, including A.7.2.2 on employee awareness and training.

KRITISK: Critical infrastructure. In Germany, the BSI Act (BSIG) defines KRITIS sectors (energy, water, transport, etc.) subject to enhanced cybersecurity obligations. Similar definitions exist in the NIS2 Directive at EU level.

Least PrivilegeL: Principle of least privilege. Users, applications, and processes receive only the permissions strictly necessary for their task — nothing more. Significantly limits damage in the event of a compromise.

MalwareM: An umbrella term for any kind of malicious software — viruses, trojans, ransomware, spyware, rootkits, worms. Goals include data theft, system disruption, extortion, or establishing backdoors.
MDRM: Managed Detection and Response. An outsourced security service where an external provider handles threat detection, analysis, and response — typically around the clock. A complement or alternative to an in-house SOC.
MFAM: Multi-factor authentication. A login method combining at least two different factors: knowledge (password), possession (hardware token, smartphone), and inherence (biometrics). Prevents account takeover even when passwords are stolen.
MFA-MüdigkeitM: Attack method in which attackers bombard victims with MFA push notifications until they accept one out of frustration or by accident. Also known as MFA fatigue or push bombing.
MITRE ATT&CKM: A publicly accessible knowledge base of real-world adversary tactics, techniques, and procedures (TTPs) based on observed attacks. Used as a common language for threat analysis, SOC rules, and red team exercises.

nDSGN: New Data Protection Act (Switzerland). In force since September 2023. Modernises Swiss data protection law and aligns with the GDPR's level of protection. Applies to natural persons domiciled in Switzerland.
NIS2N: Network and Information Security Directive (EU 2022/2555). In force since October 2024. Significantly expands the scope of NIS1 and requires, among other things, ongoing security awareness training (Art. 21(2)(g)).

OAuthO: Open Authorization. An open standard for delegated authorisation that allows applications to access resources on behalf of a user without knowing their password. The basis for 'Sign in with Google' and similar mechanisms.
OIDCO: OpenID Connect. An identity layer built on top of OAuth 2.0 that adds authentication (who is the user?). Enables single sign-on and is today the de facto standard for modern web applications.

PAMP: Privileged Access Management. A security discipline that monitors, controls, and protects privileged accounts (admins, service accounts). Particularly critical since compromised admin accounts can cause maximum damage.
PasskeyP: A phishing-resistant login option based on FIDO2/WebAuthn. Replaces passwords with cryptographic key pairs stored on-device. No password is transmitted — making phishing and credential stuffing ineffective.
PhishingP: Attempt to obtain credentials, payment data, or actions from a recipient via fake emails, websites, or messages. The most common form of cyber attack targeting employees. See also spear phishing, whaling, smishing, quishing, vishing.
Phishing-resistente MFAP: MFA methods that cannot be compromised by phishing — specifically FIDO2/Passkeys and hardware tokens. By contrast, SMS OTP and TOTP can be intercepted and relayed through real-time phishing attacks.
PretextingP: A social engineering technique in which an attacker constructs a fabricated scenario (pretext) to gain the victim's trust — for example posing as IT support or a government agency. The basis for many CEO fraud and BEC attacks.
Push-BombingP: Synonym for MFA fatigue. Attackers repeatedly send MFA push notifications until the victim approves. Number matching or FIDO2 effectively mitigates push bombing.

Quid pro quoQ: A social engineering attack in which the attacker offers something to the victim (e.g. technical support) in exchange for access or information. 'Something for something' — exploits the human desire for reciprocity.
QuishingQ: QR code phishing. The attacker places a fraudulent QR code on a physical object (parking meter, sticker) or in emails. The goal is to redirect to a phishing page. Often bypasses email filters that do not scan QR codes.

RansomwareR: Malware that encrypts data on infected systems and demands ransom. Modern ransomware groups exfiltrate data before encryption (double extortion) and threaten to publish it. Often spread via phishing or compromised RDP access.

SAMLS: Security Assertion Markup Language. An XML-based standard for exchanging authentication and authorisation data between an identity provider and a service provider. The dominant standard for enterprise SSO, increasingly complemented by OIDC.
SCIMS: System for Cross-domain Identity Management. A standard protocol for automated user provisioning and deprovisioning between an IdP and applications. Ensures user accounts are created promptly and disabled when employees leave.
Shadow ITS: IT systems, software, or services used by employees without the knowledge or approval of the IT department — for example personal cloud services for company data. Bypasses security controls and significantly increases the risk of data leaks.
SIEMS: Security Information and Event Management. A platform that centrally collects, correlates, and analyses log data from various sources (servers, firewalls, applications) for anomalies. The foundation for SOC operations and incident response.
SmishingS: SMS phishing. Phishing attacks delivered via SMS or messaging apps (WhatsApp, iMessage) — often with fake parcel tracking links or bank messages. Particularly effective as many people perceive SMS as trustworthy.
SOCS: Security Operations Centre. A team (in-house or outsourced) of security professionals monitoring security events around the clock, analysing them, and responding to incidents. Typically operates a SIEM.
Social EngineeringS: An umbrella term for attack methods that exploit human psychology (trust, fear, curiosity, helpfulness) to gain information or trigger actions — rather than attacking technical vulnerabilities. Includes phishing, pretexting, tailgating, baiting, vishing, and more.
Spear-PhishingS: Targeted phishing attacks on a specific person or organisation — as opposed to broad mass phishing. Uses personal information (name, job title, current projects) to craft highly convincing messages.
SPFS: Sender Policy Framework. A DNS-based email authentication standard that specifies which mail servers are permitted to send email on behalf of a domain. Prevents basic email spoofing, but not complete protection without DKIM and DMARC.
SSOS: Single Sign-On. An authentication scheme where a single login grants access to multiple applications — without re-entering a password. Improves both security (centralised control) and usability. Typically implemented via SAML or OIDC.

TailgatingT: A physical social engineering attack where an unauthorised person follows an authorised employee through a secured door — without their own access. Exploits politeness and social norms ('holding the door open').
TOTPT: Time-based One-Time Password. Time-dependent one-time passwords regenerated every 30 seconds (e.g. in authenticator apps). More secure than SMS OTP, but vulnerable to real-time phishing. Less secure than FIDO2/passkeys.
TrojanerT: Malware that disguises itself as a useful program to gain access to a system. Unlike viruses, a trojan does not self-replicate. Often serves as an entry point for further malware, backdoors, or ransomware.
TTPT: Tactics, Techniques, and Procedures. Describes the attack behaviour of threat actors at three levels of abstraction: tactical goal (e.g. initial access), technical method (e.g. spear phishing), and specific procedure. A core concept in MITRE ATT&CK.

VishingV: Voice phishing. Fraudulent calls where attackers pose as IT support, banks, authorities, or suppliers. An increasing risk with AI voice cloning, which can convincingly imitate the voices of known individuals.

WhalingW: Spear phishing attacks specifically targeting top executives (C-suite) — CEOs, CFOs, CISOs. More carefully prepared than regular spear phishing, as high-value targets are researched more intensively.

XDRX: Extended Detection and Response. An evolution of EDR that integrates and correlates data from multiple security layers (endpoint, network, cloud, email) to better detect and combat complex attacks.

Zero DayZ: A security vulnerability unknown to the vendor for which no patch yet exists. Attackers who discover a zero day can exploit it undetected ('zero days' for the vendor to respond).
Zero TrustZ: A security architecture that trusts no user or device automatically — neither inside nor outside the network. Every request is explicitly authenticated, authorised, and encrypted. Principle: 'Never trust, always verify.'

Ready to take awareness seriously?

30-minute demo. We'll show you a real phishing campaign, a quarterly report, and the NIS2 mapping — for your industry.

Book a demo →Contact us