IT & CYBERSECURITY GLOSSARY
IT & Cybersecurity Glossary
Industry terms decoded without jargon — what they mean, when they matter, and how they apply to small and medium businesses.
Glossary terms A to Z
B
-
Compliance
Business Associate Agreement
BAAContract required under HIPAA between a covered entity and any vendor that will handle protected health information on its behalf. Makes the vendor legally liable for HIPAA compliance.
-
Security
Business Email Compromise
BECTargeted scam that impersonates an executive, vendor, or trusted contact to redirect wire transfers or invoice payments to attacker-controlled accounts. Among the most expensive cyber-attack categories per incident.
C
-
Network
Content Delivery Network
CDNGlobal network of cache servers that delivers static content (images, CSS, JavaScript, HTML) from the location closest to each user — speeds up page load and absorbs traffic spikes at the edge.
-
General IT
Cyber Insurance
Insurance product that covers financial losses from cyber incidents — ransomware, breach response, business interruption, regulatory fines. Underwriting requirements have tightened sharply since 2020.
E
-
Security
Endpoint Detection and Response
EDRSecurity tooling that continuously monitors endpoints (laptops, servers, workstations) for malicious behavior, blocks active threats, and gives responders the forensics they need to investigate after the fact.
-
Security
Extended Detection and Response
XDRSecurity platform that correlates signals across endpoints, identity, email, network, and cloud — catching attacks that any single layer would miss in isolation.
M
-
Security
Managed Detection and Response
MDREDR or XDR platform plus a 24/7 security operations center (SOC) that monitors alerts, performs threat hunting, and takes containment actions on your behalf.
-
General IT
Managed Service Provider
MSPA company that proactively manages a client's IT infrastructure and end-user systems for a recurring fee, instead of charging hourly when things break.
-
Identity & MFA
Multi-Factor Authentication
MFALogin requirement that combines something you know (password) with something you have (phone, hardware key) or are (biometric). Single most effective control for stopping credential-stuffing and phishing attacks.
P
-
Identity & MFA
Passkeys
WebAuthnPhish-resistant authentication that replaces passwords with cryptographic key pairs stored on your device — Face ID or fingerprint unlocks the local key, the website never sees a shared secret to steal.
-
Compliance
Payment Card Industry Data Security Standard
PCI DSSSecurity framework that any business handling credit card data must comply with. Set by the major card brands; enforced through banks and payment processors via contract, not government regulation.
-
Security
Phishing
Social-engineering attack that impersonates a trusted party (a colleague, vendor, bank, login page) to trick a target into revealing credentials, clicking a malicious link, or wiring money.
-
Compliance
Protected Health Information
PHIAny individually identifiable health information held or transmitted by a HIPAA-covered entity or its business associates. The data category at the heart of HIPAA — defining what triggers the law's full scope.
R
-
Security
Ransomware
Malware that encrypts a victim's files (and increasingly, exfiltrates them) then demands payment for decryption keys and non-disclosure. The financially defining cyber threat to small and medium business since 2017.
-
General IT
RTO and RPO
RTO/RPOThe two key metrics for backup and disaster recovery planning. RTO is how long you can be down before the business hurts; RPO is how much data you can afford to lose. They drive every backup design decision.
S
-
Network
Secure Access Service Edge
SASECloud-delivered networking + security architecture that combines SD-WAN, ZTNA, secure web gateway, CASB, and FWaaS into one platform — designed for remote-first, cloud-heavy businesses.
-
Security
Security Information and Event Management
SIEMCentralized log-and-event collection platform that aggregates security data from across the environment and lets analysts query, correlate, and alert on patterns of interest. The power tool of a security operations center.
-
General IT
Service-Level Agreement
SLAContractual commitment from a service provider that specifies response times, resolution targets, uptime guarantees, and the credits or penalties for missing them.
-
Identity & MFA
Single Sign-On
SSOOne identity, one login, many applications. Users authenticate once with their corporate identity provider and then access every SSO-integrated app without separate logins.
-
Cloud
Software as a Service
SaaSApplication delivered over the internet on a subscription, with the vendor handling infrastructure, updates, and maintenance. You log in and use it; you don't install or run anything.
Term you don't see covered?
Ask us — we'll add it. The glossary is shaped by what real clients actually need defined.