🔐 Cybersecurity Glossary

A symmetric encryption algorithm established by the U.S. National Institute of Standards and Technology (NIST) in 2001, widely adopted as the global standard for encrypting sensitive data. AES supports key sizes of 128, 192, and 256 bits and is mandated by SAMA CSF for protecting financial data and by NCA ECC for securing classified government information.

A strategic security approach combining technical controls, user awareness training, and governance policies to prevent sophisticated email fraud attacks targeting organizations. This includes implementing verification procedures for financial transactions, executive impersonation detection, and incident response protocols.

One of the five primary organizational categories within the NCA ECC framework that groups related cybersecurity controls: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, Third-Party and Cloud Computing Cybersecurity, and Industrial Control Systems Cybersecurity. Each domain addresses specific aspects of an organization's cybersecurity program and contains multiple control categories with detailed implementation requirements.

A structured assessment framework within NCA ECC that measures an organization's cybersecurity capabilities across five maturity levels: Initial, Developing, Defined, Managed, and Optimized. Organizations subject to ECC must assess their maturity level and progressively improve their cybersecurity posture according to NCA timelines and requirements.

An email authentication protocol that builds on SPF and DKIM to provide domain owners with protection against unauthorized use of their domain in email attacks. DMARC enables senders to specify how receiving mail servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring.

A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.

A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.

A security solution that filters and monitors incoming and outgoing email traffic to detect and block malicious content, spam, and phishing attempts. It acts as a protective barrier between an organization's email infrastructure and external threats, enforcing security policies and compliance requirements.

A governance document that defines how long email messages must be retained, archived, and eventually deleted based on regulatory requirements, legal obligations, and business needs. This policy ensures compliance with data protection laws while managing storage resources effectively.

A structured program designed to educate employees about email-based threats such as phishing, malware, and social engineering attacks. This training is a critical component of security governance, helping organizations build a human firewall and reduce the risk of successful email attacks.

A key performance indicator that measures the average time it takes for a SOC team to discover a security incident or breach from the moment it occurs. MTTD is critical for assessing the effectiveness of security monitoring capabilities and detection controls, with lower values indicating more mature security operations.

A Zero Trust security technique that divides networks into small, isolated segments to contain breaches and limit lateral movement. Each segment has its own access controls and security policies, allowing organizations to define granular security perimeters around critical assets and enforce strict traffic inspection between segments.

Any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, or destruction, whether automated or manual.

A subset of IAM that focuses on managing and monitoring accounts with elevated privileges, such as system administrators and database administrators. PAM solutions control, monitor, and secure privileged credentials to prevent unauthorized access to critical systems and sensitive data.

A framework of policies, procedures, hardware, software, and people used to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. PKI enables secure electronic communications and is required by NCA ECC for government entities and SAMA CSF for financial institutions to authenticate users, encrypt data, and ensure non-repudiation of digital transactions.

A comprehensive structure of policies, procedures, and controls that establishes accountability and oversight for cybersecurity activities across an organization. It defines roles, responsibilities, and decision-making processes to ensure security objectives align with business goals and regulatory requirements.

A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.

An email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. SPF helps prevent email spoofing by enabling receiving servers to verify that incoming mail from a domain comes from an authorized IP address.