🔐 Cybersecurity Glossary
Over 265 professional cybersecurity terms in English & Arabic — your comprehensive reference for the cybersecurity world
265 terms
16 categories
47 frameworks
All
🏛 Governance & Strategy 35
⚖ Risk Management 17
🔑 Identity & Access 14
🌐 Network Security 16
🔒 Data Protection 11
⚡ Threat & Attack 22
🚨 Incident Response 13
☑ Compliance & Audit 12
🔐 Cryptography 11
☁ Cloud Security 9
💻 Application Security 11
§ Privacy & Data Law 12
🛡 Security Operations 17
♻ Business Continuity 9
🇸🇦 Saudi Regulations 14
🛡️ Platform Tools 1
NCA_ECC (122)
SAMA_CSF (76)
PCI_DSS (47)
ISO_27001 (39)
PDPL (34)
NIST_CSF (29)
Array (25)
NCA ECC (20)
SAMA CSF (20)
NCA_CSCC (14)
✕ Clear
53 terms
🏛 Acceptable Use Policy
AUP
سياسة الاستخدام المقبول
A document that outlines the rules and guidelines for using an organization's information technology resources.
🛡️ ARIA
ARIA
آريا
AI Regulatory Intelligence Advisor — CISO Consulting's enterprise Virtual CISO (vCISO) module. ARIA provides AI-powered cybersecurity advisory services including policy generation, risk assessment, compliance gap analysis, board reports, and document generation in Word, Excel, PowerPoint, and PDF formats. Specialized in Saudi regulatory frameworks: SAMA CSF, NCA ECC, PDPL, and international standards including ISO 27001, NIST CSF, and PCI DSS.
♻ Business Continuity Plan
BCP
خطة استمرارية الأعمال
A documented plan that outlines how an organization will continue operating during and after a disruptive event.
🏛 Business Email Compromise Prevention
BEC Prevention
منع اختراق البريد الإلكتروني للأعمال
A strategic security approach combining technical controls, user awareness training, and governance policies to prevent sophisticated email fraud attacks targeting organizations. This includes implementing verification procedures for financial transactions, executive impersonation detection, and incident response protocols.
🚨 Chain of Custody
سلسلة الحفظ
The documented chronological history of the handling and transfer of digital evidence.
☑ Continuous Compliance
الامتثال المستمر
An automated approach to maintaining compliance with regulations and standards through continuous monitoring and assessment.
☑ Control Objective
هدف الضابط الرقابي
A statement of the desired result or purpose to be achieved by implementing a security control.
☑ Corrective Action
الإجراء التصحيحي
An action taken to eliminate the cause of a detected nonconformity to prevent recurrence.
🔒 Data Classification
تصنيف البيانات
The process of organizing data by relevant categories so that it can be protected and used more efficiently according to its sensitivity level.
🔒 Data Lifecycle Management
DLM
إدارة دورة حياة البيانات
A policy-based approach to managing the flow of data through its lifecycle from creation and storage to deletion.
🔒 Data Masking
إخفاء البيانات
The process of hiding specific data within a database to ensure that sensitive data is not exposed to unauthorized personnel.
§ Data Protection Impact Assessment
DPIA
تقييم أثر حماية البيانات
A process to identify and minimize the data protection risks of a project or system.
🔐 Digital Signature
التوقيع الرقمي
A mathematical scheme for verifying the authenticity and integrity of digital messages or documents.
🏛 Domain-based Message Authentication
DMARC
مصادقة الرسائل المستندة إلى النطاق
An email authentication protocol that builds on SPF and DKIM to provide domain owners with protection against unauthorized use of their domain in email attacks. DMARC enables senders to specify how receiving mail servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring.
🏛 Email Data Loss Prevention
Email DLP
منع فقدان البيانات عبر البريد الإلكتروني
A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.
🏛 Email Encryption Policy
سياسة تشفير البريد الإلكتروني
A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.
🏛 Email Gateway Security
EGS
أمن بوابة البريد الإلكتروني
A security solution that filters and monitors incoming and outgoing email traffic to detect and block malicious content, spam, and phishing attempts. It acts as a protective barrier between an organization's email infrastructure and external threats, enforcing security policies and compliance requirements.
🏛 Email Retention Policy
سياسة الاحتفاظ بالبريد الإلكتروني
A governance document that defines how long email messages must be retained, archived, and eventually deleted based on regulatory requirements, legal obligations, and business needs. This policy ensures compliance with data protection laws while managing storage resources effectively.
🏛 Email Security Awareness Training
التدريب على التوعية بأمن البريد الإلكتروني
A structured program designed to educate employees about email-based threats such as phishing, malware, and social engineering attacks. This training is a critical component of security governance, helping organizations build a human firewall and reduce the risk of successful email attacks.
☑ Evidence Collection
جمع الأدلة
The systematic gathering of proof that security controls are implemented and effective to satisfy compliance requirements.
☑ Gap Analysis
تحليل الفجوات
An assessment that compares an organization's current security posture against a desired standard or framework to identify areas needing improvement.
🏛 Governance, Risk and Compliance
GRC
الحوكمة والمخاطر والامتثال
Integrated framework for managing an organization's governance policies, enterprise risk management, and regulatory compliance. GRC platforms automate control assessment, risk tracking, and audit management across multiple frameworks simultaneously.
🔐 Homomorphic Encryption
التشفير المتماثل الشكل
A form of encryption that allows computations to be performed on encrypted data without first decrypting it.
🔑 Identity Provider
IdP
مزود الهوية
A system that creates, maintains, and manages identity information for users while providing authentication services.
🔒 Information Rights Management
IRM
إدارة حقوق المعلومات
Technology that controls access to documents, emails, and files beyond the boundaries of the organization's network.
🏛 Information Security Management System
ISMS
نظام إدارة أمن المعلومات
A systematic approach consisting of policies, processes, and systems to manage sensitive information so that it remains secure, encompassing people, processes, and IT systems.
🏛 Inherent Risk
المخاطر الذاتية
The level of risk existing before any controls are applied. Used in risk assessments to establish baseline risk level before evaluating the effectiveness of existing controls to arrive at residual risk.
☑ Internal Audit
IA
التدقيق الداخلي
An independent assessment conducted within the organization to evaluate and improve the effectiveness of risk management, control, and governance.
🔑 Least Privilege
أقل الصلاحيات
The principle that users should be given the minimum levels of access needed to perform their job functions.
Mean Time to Detect (MTTD)
MTTD
متوسط الوقت للكشف
A key performance indicator that measures the average time it takes for a SOC team to discover a security incident or breach from the moment it occurs. MTTD is critical for assessing the effectiveness of security monitoring capabilities and detection controls, with lower values indicating more mature security operations.
Micro-Segmentation
MS
التجزئة الدقيقة
A Zero Trust security technique that divides networks into small, isolated segments to contain breaches and limit lateral movement. Each segment has its own access controls and security policies, allowing organizations to define granular security perimeters around critical assets and enforce strict traffic inspection between segments.
🔑 OAuth 2.0
OAuth
بروتوكول OAuth 2.0
An authorization framework that enables applications to obtain limited access to user accounts via delegation tokens.
§ Personal Data
PII
البيانات الشخصية
Any data that relates to an identified or identifiable natural person.
§ Privacy by Design
PbD
الخصوصية حسب التصميم
An approach where privacy and data protection are embedded into the design of systems and business practices from the outset.
Privileged Access Management (PAM)
PAM
إدارة الوصول المميز
A subset of IAM that focuses on managing and monitoring accounts with elevated privileges, such as system administrators and database administrators. PAM solutions control, monitor, and secure privileged credentials to prevent unauthorized access to critical systems and sensitive data.
🔐 Public Key Infrastructure
PKI
البنية التحتية للمفتاح العام
A framework of encryption and cybersecurity that protects communications between servers and clients using digital certificates.
🏛 RACI Matrix
RACI
مصفوفة المسؤوليات
A responsibility assignment matrix defining who is Responsible, Accountable, Consulted, and Informed for each task.
⚖ Residual Risk
المخاطر المتبقية
The risk that remains after security controls have been applied.
⚖ Risk Assessment
RA
تقييم المخاطر
The process of identifying, analyzing, and evaluating risks to determine their likelihood and potential impact on the organization.
⚖ Risk Register
سجل المخاطر
A documented repository of identified risks, their analysis, and planned response actions.
⚖ Risk Treatment
معالجة المخاطر
The process of selecting and implementing measures to modify risk, including avoidance, mitigation, transfer, or acceptance.
🔑 Role-Based Access Control
RBAC
التحكم بالوصول القائم على الدور
A method of restricting system access to authorized users based on their role within the organization.
🏛 SAMA Cybersecurity Framework
SAMA CSF
إطار الأمن السيبراني لساما
Mandatory cybersecurity framework issued by the Saudi Arabian Monetary Authority for all regulated financial institutions. Version 2.0 contains 251 sub-controls across 12 domains covering governance, risk, IAM, operations, and business continuity.
🔑 SAML
SAML
لغة توكيد أمن التأليف
Security Assertion Markup Language — an XML-based standard for exchanging authentication and authorization data between parties.
☑ Scope
النطاق
The boundaries of a compliance assessment defining which systems, processes, and locations are included in the evaluation.
🏛 Security Architecture
البنية الأمنية
A unified security design that addresses the necessities and potential risks involved in a certain scenario and specifies when and where to apply security controls.
🏛 Security Governance Framework
SGF
إطار حوكمة الأمن السيبراني
A comprehensive structure of policies, procedures, and controls that establishes accountability and oversight for cybersecurity activities across an organization. It defines roles, responsibilities, and decision-making processes to ensure security objectives align with business goals and regulatory requirements.
Security Incident and Event Management (SIEM)
SIEM
إدارة الحوادث والأحداث الأمنية
A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.
🏛 Security Policy
السياسة الأمنية
A formal document that defines the rules, guidelines, and practices for managing and protecting an organization's information assets.
🏛 Sender Policy Framework
SPF
إطار سياسة المرسل
An email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. SPF helps prevent email spoofing by enabling receiving servers to verify that incoming mail from a domain comes from an authorized IP address.
🔑 Single Sign-On
SSO
تسجيل الدخول الموحد
An authentication scheme that allows a user to log in with a single ID to gain access to multiple related but independent systems.
☑ Statement of Applicability
SoA
بيان التطبيق
A document that lists all ISO 27001 Annex A controls and indicates whether each is applicable, implemented, or excluded with justification.
☑ Third-Party Audit
تدقيق الطرف الثالث
An independent assessment conducted by an external qualified auditor to verify compliance with standards or regulations.