🔐 Cybersecurity Glossary
Over 265 professional cybersecurity terms in English & Arabic — your comprehensive reference for the cybersecurity world
265 terms
16 categories
47 frameworks
All
🏛 Governance & Strategy 35
⚖ Risk Management 17
🔑 Identity & Access 14
🌐 Network Security 16
🔒 Data Protection 11
⚡ Threat & Attack 22
🚨 Incident Response 13
☑ Compliance & Audit 12
🔐 Cryptography 11
☁ Cloud Security 9
💻 Application Security 11
§ Privacy & Data Law 12
🛡 Security Operations 17
♻ Business Continuity 9
🇸🇦 Saudi Regulations 14
🛡️ Platform Tools 1
NCA_ECC (122)
SAMA_CSF (76)
PCI_DSS (47)
ISO_27001 (39)
PDPL (34)
NIST_CSF (29)
Array (25)
NCA ECC (20)
SAMA CSF (20)
NCA_CSCC (14)
✕ Clear
148 terms
🔑 Access Control List
ACL
قائمة التحكم بالوصول
A list of permissions attached to a system resource that specifies which users or system processes are granted access.
🔐 Advanced Encryption Standard
AES
معيار التشفير المتقدم
A symmetric block cipher chosen by the US government to protect classified information, using key sizes of 128, 192, or 256 bits.
⚡ Advanced Persistent Threat
APT
التهديد المتقدم المستمر
A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
🛡️ ARIA
ARIA
آريا
AI Regulatory Intelligence Advisor — CISO Consulting's enterprise Virtual CISO (vCISO) module. ARIA provides AI-powered cybersecurity advisory services including policy generation, risk assessment, compliance gap analysis, board reports, and document generation in Word, Excel, PowerPoint, and PDF formats. Specialized in Saudi regulatory frameworks: SAMA CSF, NCA ECC, PDPL, and international standards including ISO 27001, NIST CSF, and PCI DSS.
🛡 Attack Simulation
BAS
محاكاة الهجوم
Breach and Attack Simulation — automated tools that continuously test security controls by simulating real-world attacks.
⚖ Attack Surface
سطح الهجوم
The total sum of all vulnerabilities and entry points that an attacker could potentially exploit.
☑ Audit Trail
مسار التدقيق
A chronological record of system activities that provides documentary evidence of the sequence of activities that have affected operations, procedures, or events.
🔒 Backup Encryption
تشفير النسخ الاحتياطي
The practice of encrypting backup data to protect it from unauthorized access if backup media is lost or stolen.
🛡 Blue Team
الفريق الأزرق
A group of security professionals responsible for defending against simulated and real attacks.
🏛 Board Cybersecurity Oversight
إشراف المجلس على الأمن السيبراني
The responsibility of the board of directors to oversee the organization's cybersecurity strategy and risk management.
💻 Bug Bounty
مكافأة اكتشاف الثغرات
A program offered by organizations that rewards security researchers for responsibly reporting vulnerabilities.
♻ Business Continuity Plan
BCP
خطة استمرارية الأعمال
A documented plan that outlines how an organization will continue operating during and after a disruptive event.
🏛 Business Email Compromise Prevention
BEC Prevention
منع اختراق البريد الإلكتروني للأعمال
A strategic security approach combining technical controls, user awareness training, and governance policies to prevent sophisticated email fraud attacks targeting organizations. This includes implementing verification procedures for financial transactions, executive impersonation detection, and incident response protocols.
⚖ Business Impact Analysis
BIA
تحليل تأثير الأعمال
A process that identifies and evaluates the potential effects of disruption to critical business operations.
🏛 Chief Information Security Officer
CISO
مسؤول أمن المعلومات الرئيسي
Senior executive responsible for establishing and maintaining the enterprise cybersecurity vision, strategy, and program to ensure information assets and technologies are adequately protected.
💻 Code Review
مراجعة الشفرة البرمجية
A systematic examination of source code to find and fix mistakes overlooked in initial development.
⚖ Common Vulnerabilities and Exposures
CVE
الثغرات والتعرضات الشائعة
A publicly disclosed list of cybersecurity vulnerabilities, each assigned a unique identifier for tracking and reference.
⚖ Common Vulnerability Scoring System
CVSS
نظام تسجيل الثغرات المشترك
An open framework for communicating the characteristics and severity of software vulnerabilities using a numerical score from 0 to 10.
🇸🇦 Communications, Space & Technology Commission
CST
هيئة الاتصالات والفضاء والتقنية
The Saudi regulatory body overseeing the ICT sector including telecommunications security requirements.
🚨 Computer Security Incident Response Team
CSIRT
فريق الاستجابة لحوادث أمن الحاسب
A team of IT security experts responsible for managing and responding to cybersecurity incidents.
🚨 Containment
الاحتواء
The phase of incident response focused on limiting the scope and damage of a security incident.
Continuous Authentication
CA
المصادقة المستمرة
A Zero Trust security mechanism that continuously validates user identity and device trustworthiness throughout a session, rather than only at initial login. It monitors behavioral patterns, device posture, location, and contextual factors in real-time to detect anomalies and dynamically adjust access privileges or terminate sessions when risk levels change.
☑ Continuous Compliance
الامتثال المستمر
An automated approach to maintaining compliance with regulations and standards through continuous monitoring and assessment.
♻ Crisis Management
إدارة الأزمات
The overall coordination of an organization's response to a crisis that threatens the organization or its stakeholders.
🇸🇦 Critical National Infrastructure
CNI
البنى التحتية الوطنية الحساسة
Systems and assets vital to Saudi Arabia's national security, economy, or public health that require enhanced cybersecurity protection.
⚡ Cryptojacking
التعدين الخبيث
The unauthorized use of someone else's computing resources to mine cryptocurrency.
🇸🇦 Cyber Resilience
المرونة السيبرانية
An organization's ability to continuously deliver intended outcomes despite adverse cyber events, as required by NCA.
🛡 Cyber Threat Intelligence Platform
TIP
منصة استخبارات التهديدات السيبرانية
A technology platform that aggregates, correlates, and analyzes threat data from multiple sources to provide actionable intelligence.
🏛 Cybersecurity Framework
CSF
إطار الأمن السيبراني
A structured set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risk.
🇸🇦 Cybersecurity Maturity Assessment
تقييم نضج الأمن السيبراني
NCA's periodic assessment of government entities' cybersecurity maturity against ECC controls.
🔒 Data at Rest
البيانات المخزنة
Data that is stored in databases, file systems, or other storage systems and is not actively being transmitted or processed.
§ Data Breach
انتهاك البيانات
A security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorized party.
🔒 Data Classification
تصنيف البيانات
The process of organizing data by relevant categories so that it can be protected and used more efficiently according to its sensitivity level.
🔒 Data in Transit
البيانات أثناء النقل
Data that is actively moving from one location to another, such as across the internet or through a private network.
🔒 Data Loss Prevention
DLP
منع فقدان البيانات
A set of tools and processes to ensure sensitive data is not lost, misused, or accessed by unauthorized users.
🏛 Data Privacy Impact Assessment
DPIA
تقييم أثر خصوصية البيانات
A systematic process to identify and minimize privacy risks associated with processing personal data, particularly when implementing new technologies or systems. This assessment evaluates potential impacts on individuals' privacy rights and determines appropriate safeguards and mitigation measures.
⚡ Deepfake
التزييف العميق
AI-generated synthetic media used to impersonate individuals through manipulated audio, video, or images.
🌐 Demilitarized Zone
DMZ
المنطقة منزوعة السلاح
A perimeter network segment that sits between the internal network and the external network to provide an additional layer of security.
💻 DevSecOps
تطوير الأمن والعمليات
The practice of integrating security testing and protection at every stage of the software development lifecycle.
🚨 Digital Forensics
DFIR
التحقيق الجنائي الرقمي
The process of collecting, preserving, and analyzing electronic evidence for investigating cybersecurity incidents.
🚨 Digital Forensics and Incident Response
DFIR
الطب الجنائي الرقمي والاستجابة للحوادث
Combination of digital forensics (evidence collection and analysis) and incident response (containment, eradication, recovery) disciplines. DFIR is required by SAMA CSF TM domain and Saudi CERT recommends DFIR-trained personnel for regulated entities.
Digital Forensics and Incident Response (DFIR)
DFIR
الطب الشرعي الرقمي والاستجابة للحوادث
The combined practice of collecting, preserving, analyzing, and presenting digital evidence from cybersecurity incidents while simultaneously containing and remediating the threat. It ensures evidence integrity for potential legal proceedings while enabling rapid recovery and lessons learned documentation.
🔑 Directory Service
خدمة الدليل
A centralized database that stores and manages user identities, credentials, and access permissions (e.g., Active Directory, LDAP).
♻ Disaster Recovery Plan
DRP
خطة التعافي من الكوارث
A documented process for recovering IT infrastructure and systems following a natural or man-made disaster.
⚡ Distributed Denial of Service
DDoS
هجوم حجب الخدمة الموزع
An attack that overwhelms a target system with traffic from multiple sources, making it unavailable to legitimate users.
🌐 Domain Name System Security Extensions
DNSSEC
امتدادات أمن نظام أسماء النطاقات
A suite of extensions to DNS that adds security by enabling DNS responses to be validated as authentic.
🏛 Domain-based Message Authentication
DMARC
مصادقة الرسائل المستندة إلى النطاق
An email authentication protocol that builds on SPF and DKIM to provide domain owners with protection against unauthorized use of their domain in email attacks. DMARC enables senders to specify how receiving mail servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring.
🔐 Elliptic Curve Cryptography
ECC
تشفير المنحنى الإهليلجي
An approach to public-key cryptography based on the algebraic structure of elliptic curves, offering equivalent security with smaller key sizes.
🏛 Email Data Loss Prevention
Email DLP
منع فقدان البيانات عبر البريد الإلكتروني
A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.
🏛 Email Encryption Policy
سياسة تشفير البريد الإلكتروني
A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.
🏛 Email Gateway Security
EGS
أمن بوابة البريد الإلكتروني
A security solution that filters and monitors incoming and outgoing email traffic to detect and block malicious content, spam, and phishing attempts. It acts as a protective barrier between an organization's email infrastructure and external threats, enforcing security policies and compliance requirements.
🏛 Email Security Awareness Training
التدريب على التوعية بأمن البريد الإلكتروني
A structured program designed to educate employees about email-based threats such as phishing, malware, and social engineering attacks. This training is a critical component of security governance, helping organizations build a human firewall and reduce the risk of successful email attacks.
Encryption
التشفير
The process of converting plaintext data into ciphertext using cryptographic algorithms and keys to protect confidentiality and prevent unauthorized access to sensitive information during storage or transmission.
Encryption Key Management
EKM
إدارة مفاتيح التشفير
The administration of cryptographic keys throughout their lifecycle, including generation, distribution, storage, rotation, backup, and destruction, ensuring secure key handling practices to maintain the effectiveness of encryption systems.
End-to-End Encryption
E2EE
التشفير الشامل من طرف إلى طرف
A security method where data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediary parties, including service providers, can access the plaintext content during transmission.
🛡 Endpoint Detection and Response
EDR
كشف نقاط النهاية والاستجابة
A cybersecurity technology that continuously monitors endpoints to detect and respond to cyber threats.
🇸🇦 Essential Cybersecurity Controls
ECC
الضوابط الأساسية للأمن السيبراني
NCA's baseline cybersecurity controls that all Saudi government and critical infrastructure entities must implement.
🛡 Extended Detection and Response
XDR
الكشف والاستجابة الموسعة
A unified security solution that integrates multiple security products into a cohesive system for improved threat detection and response.
♻ Failover
التحول التلقائي
The automatic switching to a standby system, server, or network upon the failure or abnormal termination of the primary.
⚡ Fileless Malware
البرمجيات الخبيثة بدون ملفات
Malicious code that operates entirely in memory without writing files to disk, making it harder to detect by traditional antivirus.
🌐 Firewall
FW
الجدار الناري
A network security device that monitors and filters incoming and outgoing network traffic based on predetermined security rules.
☑ Gap Analysis
تحليل الفجوات
An assessment that compares an organization's current security posture against a desired standard or framework to identify areas needing improvement.
🏛 Governance, Risk and Compliance
GRC
الحوكمة والمخاطر والامتثال
Integrated framework for managing an organization's governance policies, enterprise risk management, and regulatory compliance. GRC platforms automate control assessment, risk tracking, and audit management across multiple frameworks simultaneously.
🚨 Incident Response Plan
IRP
خطة الاستجابة للحوادث
A documented plan that outlines the procedures and responsibilities for detecting, responding to, and recovering from cybersecurity incidents.
Incident Response Plan (IRP)
IRP
خطة الاستجابة للحوادث
A documented, structured approach with detailed procedures for detecting, responding to, and recovering from cybersecurity incidents. It defines roles, responsibilities, communication protocols, and step-by-step actions to minimize damage and restore normal operations efficiently.
⚡ Indicators of Attack
IoA
مؤشرات الهجوم
Proactive indicators that identify attacker behavior patterns in real-time, before damage occurs.
🚨 Indicators of Compromise
IoC
مؤشرات الاختراق
Forensic artifacts that identify potentially malicious activity on a system or network.
⚡ Insider Threat
التهديد الداخلي
A security risk that originates from within the organization, typically from current or former employees or business associates.
🌐 Intrusion Detection System
IDS
نظام كشف التسلل
A system that monitors network or system activities for malicious activities or policy violations and produces alerts.
🌐 Intrusion Prevention System
IPS
نظام منع التسلل
A network security tool that monitors traffic for threats and automatically takes action to prevent them.
🔐 Key Management
إدارة المفاتيح
The administration of cryptographic keys in a cryptosystem, including generation, exchange, storage, use, and replacement of keys.
🔑 Least Privilege
أقل الصلاحيات
The principle that users should be given the minimum levels of access needed to perform their job functions.
🛡 Log Correlation
ارتباط السجلات
The process of analyzing logs from multiple sources to identify patterns, anomalies, and potential security incidents.
⚡ Malware
البرمجيات الخبيثة
Software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
⚡ Man-in-the-Middle Attack
MITM
هجوم الوسيط
An attack where the attacker secretly relays and possibly alters communications between two parties who believe they are directly communicating.
🏛 Maturity Model
CMM
نموذج النضج
A framework for assessing the current state and improvement path of an organization's cybersecurity capabilities across defined levels.
Mean Time to Detect (MTTD)
MTTD
متوسط الوقت للكشف
A key performance indicator that measures the average time it takes for a SOC team to discover a security incident or breach from the moment it occurs. MTTD is critical for assessing the effectiveness of security monitoring capabilities and detection controls, with lower values indicating more mature security operations.
Micro-Segmentation
MS
التجزئة الدقيقة
A Zero Trust security technique that divides networks into small, isolated segments to contain breaches and limit lateral movement. Each segment has its own access controls and security policies, allowing organizations to define granular security perimeters around critical assets and enforce strict traffic inspection between segments.
⚡ MITRE ATT&CK
إطار MITRE ATT&CK
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks.
🔑 Multi-Factor Authentication
MFA
المصادقة متعددة العوامل
An authentication method requiring two or more verification factors: something you know, something you have, or something you are.
🇸🇦 National Cryptographic Standards
المعايير الوطنية للتشفير
NCA requirements for cryptographic algorithms and key lengths used by government and critical infrastructure entities.
🇸🇦 National Cybersecurity Authority
NCA
الهيئة الوطنية للأمن السيبراني
The Saudi government entity responsible for cybersecurity regulation, setting national cybersecurity policies, standards, and controls.
🏛 NCA Cloud Cybersecurity Controls
NCA CCC
ضوابط الأمن السيبراني السحابية
Specialized NCA framework governing cloud computing security for Saudi government and critical infrastructure entities. Contains 76 controls covering cloud provider selection, data residency (data must remain in KSA), shared responsibility, and cloud incident response.
🏛 NCA Cybersecurity Resilience Requirements
NCA CSCC
متطلبات مرونة الأمن السيبراني
NCA framework establishing cybersecurity resilience requirements for critical national infrastructure, focusing on continuity of essential services during cyber incidents.
🏛 NCA Essential Cybersecurity Controls
NCA ECC
الضوابط الأساسية للأمن السيبراني
Mandatory cybersecurity controls issued by the National Cybersecurity Authority of Saudi Arabia, applicable to government entities and critical national infrastructure operators. The 2024 version contains 114 controls across 7 domains.
🌐 Network Access Control
NAC
التحكم بالوصول للشبكة
A security approach that attempts to unify endpoint security and network access enforcement.
🌐 Network Segmentation
تجزئة الشبكة
The practice of splitting a network into sub-networks to improve security and performance.
🛡 Patch Management
إدارة التحديثات الأمنية
The process of distributing and applying updates to software to fix vulnerabilities and improve security.
💻 Penetration Testing
Pentest
اختبار الاختراق
An authorized simulated cyberattack on a computer system to evaluate its security and identify vulnerabilities.
⚡ Phishing
التصيد الاحتيالي
A social engineering attack that uses deceptive emails, websites, or messages to trick individuals into revealing sensitive information.
🚨 Playbook
دليل الإجراءات
A predefined set of actions and procedures for responding to a specific type of security incident.
🔐 Post-Quantum Cryptography
PQC
التشفير ما بعد الكم
Cryptographic algorithms designed to be secure against attacks from both classical and quantum computers.
Privacy Impact Assessment
PIA
تقييم أثر الخصوصية
A systematic process to identify and evaluate potential privacy risks associated with data processing activities, particularly when implementing new technologies, systems, or processes that handle personal data. Under PDPL and SAMA CSF requirements, organizations must conduct PIAs before processing high-risk personal data to ensure compliance and implement appropriate safeguards.
🔑 Privileged Access Management
PAM
إدارة الوصول المميز
A set of cybersecurity strategies and technologies for exerting control over elevated access and permissions for users, accounts, and systems.
Privileged Access Management (PAM)
PAM
إدارة الوصول المميز
A subset of IAM that focuses on managing and monitoring accounts with elevated privileges, such as system administrators and database administrators. PAM solutions control, monitor, and secure privileged credentials to prevent unauthorized access to critical systems and sensitive data.
🔐 Public Key Infrastructure
PKI
البنية التحتية للمفتاح العام
A framework of encryption and cybersecurity that protects communications between servers and clients using digital certificates.
🛡 Purple Team
الفريق البنفسجي
A collaborative approach combining Red Team and Blue Team exercises to improve security effectiveness.
⚡ Ransomware
برامج الفدية
Malicious software that encrypts victim's files and demands payment for the decryption key.
♻ Recovery Point Objective
RPO
هدف نقطة الاستعادة
The maximum acceptable amount of data loss measured in time, determining the frequency of data backups.
♻ Recovery Time Objective
RTO
هدف وقت الاستعادة
The maximum acceptable time that a system, application, or function can be offline after a disaster before business impact becomes unacceptable.
Recovery Time Objective (RTO)
RTO
الهدف الزمني للتعافي
The maximum acceptable length of time that a business process, application, or system can be down after a disaster or disruption before the organization experiences unacceptable consequences, used to prioritize recovery efforts and allocate resources.
🛡 Red Team
الفريق الأحمر
A group of security professionals authorized to simulate real-world attacks to test an organization's defenses.
☑ Remediation
المعالجة
The process of addressing and resolving identified security findings, vulnerabilities, or compliance gaps.
⚖ Risk Assessment
RA
تقييم المخاطر
The process of identifying, analyzing, and evaluating risks to determine their likelihood and potential impact on the organization.
⚖ Risk Treatment
معالجة المخاطر
The process of selecting and implementing measures to modify risk, including avoidance, mitigation, transfer, or acceptance.
🔑 Role-Based Access Control
RBAC
التحكم بالوصول القائم على الدور
A method of restricting system access to authorized users based on their role within the organization.
🇸🇦 Saudi Vision 2030 Digital Transformation
التحول الرقمي لرؤية 2030
The digital transformation component of Saudi Vision 2030 that drives cybersecurity requirements across all sectors.
🌐 Secure DNS
نظام أسماء النطاقات الآمن
DNS configurations and protocols that protect against DNS hijacking, spoofing, and cache poisoning attacks.
🌐 Secure Email Gateway
SEG
بوابة البريد الإلكتروني الآمنة
A solution that monitors emails sent and received to prevent unwanted email including spam, phishing, and malware.
💻 Secure Software Development Lifecycle
SSDLC
دورة حياة تطوير البرمجيات الآمنة
An approach to software development that integrates security activities at every phase of the development lifecycle.
🛡 Security Awareness Training
SAT
التدريب على التوعية الأمنية
An educational program designed to reduce human cybersecurity risks by teaching employees to recognize and respond to threats.
🏛 Security Baseline
خط الأساس الأمني
A minimum set of security controls required for a system or organization to operate safely.
🏛 Security Governance
حوكمة الأمن
The set of responsibilities exercised by the board and executive management to provide strategic direction and oversight of cybersecurity.
🏛 Security Governance Framework
SGF
إطار حوكمة الأمن السيبراني
A comprehensive structure of policies, procedures, and controls that establishes accountability and oversight for cybersecurity activities across an organization. It defines roles, responsibilities, and decision-making processes to ensure security objectives align with business goals and regulatory requirements.
Security Incident and Event Management (SIEM)
SIEM
إدارة الحوادث والأحداث الأمنية
A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.
🛡 Security Information and Event Management
SIEM
إدارة معلومات وأحداث الأمن
A solution that provides real-time analysis of security alerts generated by applications and network hardware through centralized log collection and correlation.
Security Information and Event Management (SIEM)
SIEM
إدارة معلومات وأحداث الأمن السيبراني
A comprehensive solution that provides real-time analysis of security alerts generated by applications and network hardware. SIEM systems collect, aggregate, and analyze log data from across an organization's IT infrastructure to identify security threats, ensure compliance, and support incident investigation and forensics.
🏛 Security Metrics
KPI
مقاييس الأمن
Quantifiable measurements used to track and evaluate the effectiveness of an organization's security program.
🚨 Security Operations Center
SOC
مركز عمليات الأمن
A centralized unit that deals with security issues on an organizational and technical level, providing 24/7 monitoring and threat detection.
Security Operations Center (SOC)
SOC
مركز العمليات الأمنية
A centralized unit that deals with security issues on an organizational and technical level, responsible for continuous monitoring, detection, analysis, and response to cybersecurity incidents using a combination of technology solutions and human expertise.
🛡 Security Orchestration, Automation and Response
SOAR
تنسيق وأتمتة واستجابة الأمن
A stack of compatible tools that allows organizations to collect security data and automate responses to low-level threats.
🏛 Security Policy
السياسة الأمنية
A formal document that defines the rules, guidelines, and practices for managing and protecting an organization's information assets.
🏛 Security Steering Committee
لجنة توجيه الأمن
A cross-functional leadership body responsible for providing strategic direction and oversight of the cybersecurity program.
🏛 Sender Policy Framework
SPF
إطار سياسة المرسل
An email authentication protocol that allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. SPF helps prevent email spoofing by enabling receiving servers to verify that incoming mail from a domain comes from an authorized IP address.
⚡ Social Engineering
SE
الهندسة الاجتماعية
The psychological manipulation of people into performing actions or divulging confidential information.
🌐 Software-Defined Networking
SDN
الشبكات المعرّفة بالبرمجيات
An approach to networking that uses software-based controllers to direct traffic on the network and communicate with hardware infrastructure.
⚡ Spear Phishing
التصيد الموجه
A targeted phishing attack directed at specific individuals or organizations using personalized information to increase credibility.
⚡ SQL Injection
SQLi
حقن SQL
A code injection technique used to attack data-driven applications by inserting malicious SQL statements into entry fields.
🌐 SSL/TLS Certificate
SSL
شهادة SSL/TLS
A digital certificate that authenticates a website identity and enables encrypted connections between a web server and browser.
⚡ Supply Chain Attack
هجوم سلسلة التوريد
An attack that targets the less-secure elements in a supply chain to compromise the final target.
♻ Tabletop Exercise
TTX
تمرين الطاولة
A discussion-based exercise where key personnel walk through a simulated scenario to test plans and identify gaps.
⚖ Third-Party Risk Management
TPRM
إدارة مخاطر الأطراف الثالثة
The process of analyzing and controlling risks presented by third parties to an organization's data and operations.
⚖ Threat
التهديد
Any circumstance or event with the potential to adversely impact organizational operations through unauthorized access, destruction, disclosure, or modification of information.
Threat Actor
TA
الجهة الفاعلة للتهديد
An individual, group, or entity that conducts or has the intent to conduct malicious cyber activities against an organization's information systems or data. Threat actors are categorized by motivation (financial, political, espionage), capability (nation-state, organized crime, hacktivists), and targeting patterns.
🛡 Threat Hunting
مطاردة التهديدات
The proactive practice of searching through networks and datasets to detect threats that evade existing security solutions.
🛡 Threat Intelligence
TI
استخبارات التهديدات
Evidence-based knowledge about existing or emerging threats that helps organizations make informed security decisions.
🚨 Threat Intelligence Sharing
مشاركة استخبارات التهديدات
The exchange of cyber threat information between organizations, government entities, and security communities using standards like STIX/TAXII.
🔐 Transport Layer Security
TLS
أمن طبقة النقل
A cryptographic protocol designed to provide communications security over a computer network, used to secure web traffic.
🏛 Virtual CISO
vCISO
مسؤول أمن المعلومات الافتراضي
Fractional or part-time CISO service providing experienced cybersecurity executive leadership to organizations that cannot justify a full-time hire. Ideal for Saudi SMEs, startups, and organizations bridging a CISO vacancy while achieving SAMA or NCA compliance.
🌐 Virtual Private Network
VPN
الشبكة الافتراضية الخاصة
A technology that creates an encrypted connection over a less secure network, providing secure remote access to organizational resources.
⚖ Vulnerability
Vuln
الثغرة الأمنية
A weakness in a system, application, or process that could be exploited by a threat to gain unauthorized access or cause harm.
🛡 Vulnerability Assessment
VA
تقييم الثغرات
A systematic review of security weaknesses in an information system to identify, quantify, and prioritize vulnerabilities.
⚡ Watering Hole Attack
هجوم حفرة الماء
An attack strategy where the threat actor infects websites frequently visited by the target group to compromise their systems.
🌐 Web Application Firewall
WAF
جدار حماية تطبيقات الويب
A security solution that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application.
🔑 Zero Trust
ZT
الثقة المعدومة
A security model based on the principle of never trust, always verify, requiring strict identity verification for every person and device attempting to access resources.
🌐 Zero Trust Architecture
ZTA
بنية الثقة الصفرية
Security model based on the principle "never trust, always verify" — every user, device, and application must be continuously authenticated regardless of network location. Key pillars: strong identity, device validation, least-privilege access, microsegmentation, and continuous monitoring.
Zero Trust Network Access
ZTNA
الوصول الشبكي بدون ثقة
A security framework that eliminates implicit trust and requires continuous verification of every user and device attempting to access network resources, regardless of their location. ZTNA operates on the principle of 'never trust, always verify' and implements least-privilege access controls with micro-segmentation.
⚡ Zero-Day Vulnerability
0-Day
ثغرة يوم الصفر
A software security vulnerability that is unknown to the vendor and for which no patch or fix is available.