---
title: "IT & Cybersecurity Glossary | Bytes Unlimited"
description: "Plain-English definitions of managed IT, cybersecurity, cloud, and networking terms — MSP, EDR, ZTNA, MFA, SASE, NGFW, and more. Built for SMBs evaluating IT services."
canonical: https://www.bytesunlimited.com/glossary/
---

 IT & CYBERSECURITY GLOSSARY 

#  IT & Cybersecurity Glossary 

 Industry terms decoded without jargon — what they mean, when they matter, and how they apply to small and medium businesses. 

## Jump to a letter

* [B](#dir-B)
* [C](#dir-C)
* [E](#dir-E)
* [H](#dir-H)
* [I](#dir-I)
* [M](#dir-M)
* [N](#dir-N)
* [P](#dir-P)
* [R](#dir-R)
* [S](#dir-S)
* [V](#dir-V)
* [W](#dir-W)
* [Z](#dir-Z)

## Glossary terms A to Z

## B

* [ Compliance Business Associate Agreement  BAA Contract required under HIPAA between a covered entity and any vendor that will handle protected health information on its behalf. Makes the vendor legally liable for HIPAA compliance. ](/glossary/baa/)
* [ Security Business Email Compromise  BEC Targeted scam that impersonates an executive, vendor, or trusted contact to redirect wire transfers or invoice payments to attacker-controlled accounts. Among the most expensive cyber-attack categories per incident. ](/glossary/bec/)

## C

* [ Network Content Delivery Network  CDN Global network of cache servers that delivers static content (images, CSS, JavaScript, HTML) from the location closest to each user — speeds up page load and absorbs traffic spikes at the edge. ](/glossary/cdn/)
* [ General IT Cyber Insurance Insurance product that covers financial losses from cyber incidents — ransomware, breach response, business interruption, regulatory fines. Underwriting requirements have tightened sharply since 2020. ](/glossary/cyber-insurance/)

## E

* [ Security Endpoint Detection and Response  EDR Security tooling that continuously monitors endpoints (laptops, servers, workstations) for malicious behavior, blocks active threats, and gives responders the forensics they need to investigate after the fact. ](/glossary/edr/)
* [ Security Extended Detection and Response  XDR Security platform that correlates signals across endpoints, identity, email, network, and cloud — catching attacks that any single layer would miss in isolation. ](/glossary/xdr/)

## H

* [ Compliance Health Insurance Portability and Accountability Act  HIPAA U.S. federal law that sets privacy and security rules for protected health information (PHI). Applies to healthcare providers, health plans, clearinghouses, and any vendor handling their data. ](/glossary/hipaa/)

## I

* [ Cloud Infrastructure as a Service  IaaS Cloud-hosted virtual machines, storage, and networking that you rent by the hour or month — you manage the operating system and applications on top. ](/glossary/iaas/)

## M

* [ Security Managed Detection and Response  MDR EDR or XDR platform plus a 24/7 security operations center (SOC) that monitors alerts, performs threat hunting, and takes containment actions on your behalf. ](/glossary/mdr/)
* [ General IT Managed Service Provider  MSP A company that proactively manages a client's IT infrastructure and end-user systems for a recurring fee, instead of charging hourly when things break. ](/glossary/msp/)
* [ Identity & MFA Multi-Factor Authentication  MFA Login requirement that combines something you know (password) with something you have (phone, hardware key) or are (biometric). Single most effective control for stopping credential-stuffing and phishing attacks. ](/glossary/mfa/)

## N

* [ Network Next-Generation Firewall  NGFW Network firewall that does more than port-and-IP filtering — it inspects application traffic, decrypts and re-inspects TLS, identifies the user making each request, and blocks based on threat intelligence. ](/glossary/ngfw/)

## P

* [ Identity & MFA Passkeys  WebAuthn Phish-resistant authentication that replaces passwords with cryptographic key pairs stored on your device — Face ID or fingerprint unlocks the local key, the website never sees a shared secret to steal. ](/glossary/passkeys/)
* [ Compliance Payment Card Industry Data Security Standard  PCI DSS Security framework that any business handling credit card data must comply with. Set by the major card brands; enforced through banks and payment processors via contract, not government regulation. ](/glossary/pci-dss/)
* [ Security Phishing Social-engineering attack that impersonates a trusted party (a colleague, vendor, bank, login page) to trick a target into revealing credentials, clicking a malicious link, or wiring money. ](/glossary/phishing/)
* [ Compliance Protected Health Information  PHI Any individually identifiable health information held or transmitted by a HIPAA-covered entity or its business associates. The data category at the heart of HIPAA — defining what triggers the law's full scope. ](/glossary/phi/)

## R

* [ Security Ransomware Malware that encrypts a victim's files (and increasingly, exfiltrates them) then demands payment for decryption keys and non-disclosure. The financially defining cyber threat to small and medium business since 2017. ](/glossary/ransomware/)
* [ General IT RTO and RPO  RTO/RPO The two key metrics for backup and disaster recovery planning. RTO is how long you can be down before the business hurts; RPO is how much data you can afford to lose. They drive every backup design decision. ](/glossary/rto-rpo/)

## S

* [ Network Secure Access Service Edge  SASE Cloud-delivered networking + security architecture that combines SD-WAN, ZTNA, secure web gateway, CASB, and FWaaS into one platform — designed for remote-first, cloud-heavy businesses. ](/glossary/sase/)
* [ Security Security Information and Event Management  SIEM Centralized log-and-event collection platform that aggregates security data from across the environment and lets analysts query, correlate, and alert on patterns of interest. The power tool of a security operations center. ](/glossary/siem/)
* [ General IT Service-Level Agreement  SLA Contractual commitment from a service provider that specifies response times, resolution targets, uptime guarantees, and the credits or penalties for missing them. ](/glossary/sla/)
* [ Identity & MFA Single Sign-On  SSO One identity, one login, many applications. Users authenticate once with their corporate identity provider and then access every SSO-integrated app without separate logins. ](/glossary/sso/)
* [ Cloud Software as a Service  SaaS Application delivered over the internet on a subscription, with the vendor handling infrastructure, updates, and maintenance. You log in and use it; you don't install or run anything. ](/glossary/saas/)

## V

* [ Network Virtual Private Network  VPN Encrypted tunnel that gives a remote user network-level access to internal resources as if they were physically on the office network. Increasingly being supplanted by ZTNA for security reasons. ](/glossary/vpn/)

## W

* [ Network Web Application Firewall  WAF Filter that sits in front of a web application and inspects every request — blocking known attack patterns (SQL injection, XSS, file inclusion) before they reach your code. ](/glossary/waf/)

## Z

* [ Network Zero Trust Network Access  ZTNA Access model that verifies every connection request — user, device, application, context — instead of trusting the network it comes from. The successor to "if you're on the VPN, you're trusted". ](/glossary/ztna/)

##  Term you don't see covered? 

 Ask us — we'll add it. The glossary is shaped by what real clients actually need defined. 

[ Suggest a term ](/contact/)

## Sitemap

- [Site map](https://www.bytesunlimited.com/sitemap.md)
- [llms.txt](https://www.bytesunlimited.com/llms.txt)
- [Canonical URL list](https://www.bytesunlimited.com/sitemap.xml)
