🔐 Cybersecurity Glossary
Over 265 professional cybersecurity terms in English & Arabic — your comprehensive reference for the cybersecurity world
265 terms
16 categories
47 frameworks
All
🏛 Governance & Strategy 35
⚖ Risk Management 17
🔑 Identity & Access 14
🌐 Network Security 16
🔒 Data Protection 11
⚡ Threat & Attack 22
🚨 Incident Response 13
☑ Compliance & Audit 12
🔐 Cryptography 11
☁ Cloud Security 9
💻 Application Security 11
§ Privacy & Data Law 12
🛡 Security Operations 17
♻ Business Continuity 9
🇸🇦 Saudi Regulations 14
🛡️ Platform Tools 1
NCA_ECC (122)
SAMA_CSF (76)
PCI_DSS (47)
ISO_27001 (39)
PDPL (34)
NIST_CSF (29)
Array (25)
NCA ECC (20)
SAMA CSF (20)
NCA_CSCC (14)
✕ Clear
26 terms
🛡️ ARIA
ARIA
آريا
AI Regulatory Intelligence Advisor — CISO Consulting's enterprise Virtual CISO (vCISO) module. ARIA provides AI-powered cybersecurity advisory services including policy generation, risk assessment, compliance gap analysis, board reports, and document generation in Word, Excel, PowerPoint, and PDF formats. Specialized in Saudi regulatory frameworks: SAMA CSF, NCA ECC, PDPL, and international standards including ISO 27001, NIST CSF, and PCI DSS.
🏛 Business Email Compromise Prevention
BEC Prevention
منع اختراق البريد الإلكتروني للأعمال
A strategic security approach combining technical controls, user awareness training, and governance policies to prevent sophisticated email fraud attacks targeting organizations. This includes implementing verification procedures for financial transactions, executive impersonation detection, and incident response protocols.
Continuous Authentication
CA
المصادقة المستمرة
A Zero Trust security mechanism that continuously validates user identity and device trustworthiness throughout a session, rather than only at initial login. It monitors behavioral patterns, device posture, location, and contextual factors in real-time to detect anomalies and dynamically adjust access privileges or terminate sessions when risk levels change.
🏛 Data Privacy Impact Assessment
DPIA
تقييم أثر خصوصية البيانات
A systematic process to identify and minimize privacy risks associated with processing personal data, particularly when implementing new technologies or systems. This assessment evaluates potential impacts on individuals' privacy rights and determines appropriate safeguards and mitigation measures.
Digital Forensics and Incident Response (DFIR)
DFIR
الطب الشرعي الرقمي والاستجابة للحوادث
The combined practice of collecting, preserving, analyzing, and presenting digital evidence from cybersecurity incidents while simultaneously containing and remediating the threat. It ensures evidence integrity for potential legal proceedings while enabling rapid recovery and lessons learned documentation.
🏛 Domain-based Message Authentication
DMARC
مصادقة الرسائل المستندة إلى النطاق
An email authentication protocol that builds on SPF and DKIM to provide domain owners with protection against unauthorized use of their domain in email attacks. DMARC enables senders to specify how receiving mail servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring.
🏛 Email Data Loss Prevention
Email DLP
منع فقدان البيانات عبر البريد الإلكتروني
A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.
🏛 Email Encryption Policy
سياسة تشفير البريد الإلكتروني
A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.
🏛 Email Gateway Security
EGS
أمن بوابة البريد الإلكتروني
A security solution that filters and monitors incoming and outgoing email traffic to detect and block malicious content, spam, and phishing attempts. It acts as a protective barrier between an organization's email infrastructure and external threats, enforcing security policies and compliance requirements.
🏛 Email Security Awareness Training
التدريب على التوعية بأمن البريد الإلكتروني
A structured program designed to educate employees about email-based threats such as phishing, malware, and social engineering attacks. This training is a critical component of security governance, helping organizations build a human firewall and reduce the risk of successful email attacks.
Encryption
التشفير
The process of converting plaintext data into ciphertext using cryptographic algorithms and keys to protect confidentiality and prevent unauthorized access to sensitive information during storage or transmission.
Encryption Key Management
EKM
إدارة مفاتيح التشفير
The administration of cryptographic keys throughout their lifecycle, including generation, distribution, storage, rotation, backup, and destruction, ensuring secure key handling practices to maintain the effectiveness of encryption systems.
End-to-End Encryption
E2EE
التشفير الشامل من طرف إلى طرف
A security method where data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediary parties, including service providers, can access the plaintext content during transmission.
Incident Response Plan (IRP)
IRP
خطة الاستجابة للحوادث
A documented, structured approach with detailed procedures for detecting, responding to, and recovering from cybersecurity incidents. It defines roles, responsibilities, communication protocols, and step-by-step actions to minimize damage and restore normal operations efficiently.
Mean Time to Detect (MTTD)
MTTD
متوسط الوقت للكشف
A key performance indicator that measures the average time it takes for a SOC team to discover a security incident or breach from the moment it occurs. MTTD is critical for assessing the effectiveness of security monitoring capabilities and detection controls, with lower values indicating more mature security operations.
Micro-Segmentation
MS
التجزئة الدقيقة
A Zero Trust security technique that divides networks into small, isolated segments to contain breaches and limit lateral movement. Each segment has its own access controls and security policies, allowing organizations to define granular security perimeters around critical assets and enforce strict traffic inspection between segments.
Privacy Impact Assessment
PIA
تقييم أثر الخصوصية
A systematic process to identify and evaluate potential privacy risks associated with data processing activities, particularly when implementing new technologies, systems, or processes that handle personal data. Under PDPL and SAMA CSF requirements, organizations must conduct PIAs before processing high-risk personal data to ensure compliance and implement appropriate safeguards.
Privileged Access Management (PAM)
PAM
إدارة الوصول المميز
A subset of IAM that focuses on managing and monitoring accounts with elevated privileges, such as system administrators and database administrators. PAM solutions control, monitor, and secure privileged credentials to prevent unauthorized access to critical systems and sensitive data.
Recovery Time Objective (RTO)
RTO
الهدف الزمني للتعافي
The maximum acceptable length of time that a business process, application, or system can be down after a disaster or disruption before the organization experiences unacceptable consequences, used to prioritize recovery efforts and allocate resources.
🏛 Security Governance Framework
SGF
إطار حوكمة الأمن السيبراني
A comprehensive structure of policies, procedures, and controls that establishes accountability and oversight for cybersecurity activities across an organization. It defines roles, responsibilities, and decision-making processes to ensure security objectives align with business goals and regulatory requirements.
Security Incident and Event Management (SIEM)
SIEM
إدارة الحوادث والأحداث الأمنية
A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.
Security Information and Event Management (SIEM)
SIEM
إدارة معلومات وأحداث الأمن السيبراني
A comprehensive solution that provides real-time analysis of security alerts generated by applications and network hardware. SIEM systems collect, aggregate, and analyze log data from across an organization's IT infrastructure to identify security threats, ensure compliance, and support incident investigation and forensics.
Security Operations Center (SOC)
SOC
مركز العمليات الأمنية
A centralized unit that deals with security issues on an organizational and technical level, responsible for continuous monitoring, detection, analysis, and response to cybersecurity incidents using a combination of technology solutions and human expertise.
🏛 Sender Policy Framework
SPF
إطار سياسة المرسل
An email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. SPF helps prevent email spoofing by enabling receiving servers to verify that incoming mail from a domain comes from an authorized IP address.
Threat Actor
TA
الجهة الفاعلة للتهديد
An individual, group, or entity that conducts or has the intent to conduct malicious cyber activities against an organization's information systems or data. Threat actors are categorized by motivation (financial, political, espionage), capability (nation-state, organized crime, hacktivists), and targeting patterns.
Zero Trust Network Access
ZTNA
الوصول الشبكي بدون ثقة
A security framework that eliminates implicit trust and requires continuous verification of every user and device attempting to access network resources, regardless of their location. ZTNA operates on the principle of 'never trust, always verify' and implements least-privilege access controls with micro-segmentation.