🔐 Cybersecurity Glossary
Over 265 professional cybersecurity terms in English & Arabic — your comprehensive reference for the cybersecurity world
265 terms
16 categories
47 frameworks
All
🏛 Governance & Strategy 35
⚖ Risk Management 17
🔑 Identity & Access 14
🌐 Network Security 16
🔒 Data Protection 11
⚡ Threat & Attack 22
🚨 Incident Response 13
☑ Compliance & Audit 12
🔐 Cryptography 11
☁ Cloud Security 9
💻 Application Security 11
§ Privacy & Data Law 12
🛡 Security Operations 17
♻ Business Continuity 9
🇸🇦 Saudi Regulations 14
🛡️ Platform Tools 1
NCA_ECC (122)
SAMA_CSF (76)
PCI_DSS (47)
ISO_27001 (39)
PDPL (34)
NIST_CSF (29)
Array (25)
NCA ECC (20)
SAMA CSF (20)
NCA_CSCC (14)
✕ Clear
37 terms
§ Anonymization
إخفاء الهوية
The process of removing personally identifiable information from data so individuals cannot be identified.
🛡️ ARIA
ARIA
آريا
AI Regulatory Intelligence Advisor — CISO Consulting's enterprise Virtual CISO (vCISO) module. ARIA provides AI-powered cybersecurity advisory services including policy generation, risk assessment, compliance gap analysis, board reports, and document generation in Word, Excel, PowerPoint, and PDF formats. Specialized in Saudi regulatory frameworks: SAMA CSF, NCA ECC, PDPL, and international standards including ISO 27001, NIST CSF, and PCI DSS.
🔑 Biometric Authentication
المصادقة البيومترية
Authentication method using unique biological characteristics such as fingerprints, facial recognition, or iris patterns.
§ Consent
الموافقة
A freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.
Continuous Authentication
CA
المصادقة المستمرة
A Zero Trust security mechanism that continuously validates user identity and device trustworthiness throughout a session, rather than only at initial login. It monitors behavioral patterns, device posture, location, and contextual factors in real-time to detect anomalies and dynamically adjust access privileges or terminate sessions when risk levels change.
§ Cross-Border Data Transfer
نقل البيانات عبر الحدود
The transfer of personal data from one country to another, subject to legal restrictions and adequacy requirements.
§ Data Breach
انتهاك البيانات
A security incident in which sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorized party.
§ Data Controller
المتحكم بالبيانات
The entity that determines the purposes and means of processing personal data.
🔒 Data Lifecycle Management
DLM
إدارة دورة حياة البيانات
A policy-based approach to managing the flow of data through its lifecycle from creation and storage to deletion.
§ Data Portability
نقل البيانات
The right of data subjects to receive their personal data in a structured, commonly used, machine-readable format.
🏛 Data Privacy Impact Assessment
DPIA
تقييم أثر خصوصية البيانات
A systematic process to identify and minimize privacy risks associated with processing personal data, particularly when implementing new technologies or systems. This assessment evaluates potential impacts on individuals' privacy rights and determines appropriate safeguards and mitigation measures.
§ Data Processor
معالج البيانات
An entity that processes personal data on behalf of the data controller.
§ Data Protection Impact Assessment
DPIA
تقييم أثر حماية البيانات
A process to identify and minimize the data protection risks of a project or system.
§ Data Protection Officer
DPO
مسؤول حماية البيانات
A designated person responsible for overseeing data protection strategy and compliance within an organization.
🔒 Data Sovereignty
سيادة البيانات
The concept that data is subject to the laws and governance structures within the nation where it is collected or processed.
Digital Forensics and Incident Response (DFIR)
DFIR
الطب الشرعي الرقمي والاستجابة للحوادث
The combined practice of collecting, preserving, analyzing, and presenting digital evidence from cybersecurity incidents while simultaneously containing and remediating the threat. It ensures evidence integrity for potential legal proceedings while enabling rapid recovery and lessons learned documentation.
🏛 Email Data Loss Prevention
Email DLP
منع فقدان البيانات عبر البريد الإلكتروني
A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.
🏛 Email Encryption Policy
سياسة تشفير البريد الإلكتروني
A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.
🏛 Email Retention Policy
سياسة الاحتفاظ بالبريد الإلكتروني
A governance document that defines how long email messages must be retained, archived, and eventually deleted based on regulatory requirements, legal obligations, and business needs. This policy ensures compliance with data protection laws while managing storage resources effectively.
Encryption
التشفير
The process of converting plaintext data into ciphertext using cryptographic algorithms and keys to protect confidentiality and prevent unauthorized access to sensitive information during storage or transmission.
Encryption Key Management
EKM
إدارة مفاتيح التشفير
The administration of cryptographic keys throughout their lifecycle, including generation, distribution, storage, rotation, backup, and destruction, ensuring secure key handling practices to maintain the effectiveness of encryption systems.
End-to-End Encryption
E2EE
التشفير الشامل من طرف إلى طرف
A security method where data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediary parties, including service providers, can access the plaintext content during transmission.
🏛 Governance, Risk and Compliance
GRC
الحوكمة والمخاطر والامتثال
Integrated framework for managing an organization's governance policies, enterprise risk management, and regulatory compliance. GRC platforms automate control assessment, risk tracking, and audit management across multiple frameworks simultaneously.
🇸🇦 National Data Management Office
NDMO
مكتب إدارة البيانات الوطنية
The Saudi entity under SDAIA responsible for national data governance policies and data classification standards.
§ Personal Data
PII
البيانات الشخصية
Any data that relates to an identified or identifiable natural person.
🇸🇦 Personal Data Protection Law
PDPL
نظام حماية البيانات الشخصية
Saudi Arabia's comprehensive data protection law issued by Royal Decree M/19, administered by SDAIA.
🏛 Personal Data Protection Law
PDPL
نظام حماية البيانات الشخصية
Saudi Arabia's data protection law enacted by Royal Decree in September 2021 and enforced from September 2023. Governs collection, processing, storage, and transfer of personal data, requiring consent, DPO appointment, and 72-hour breach notification to SDAIA.
§ Privacy by Design
PbD
الخصوصية حسب التصميم
An approach where privacy and data protection are embedded into the design of systems and business practices from the outset.
Privacy Impact Assessment
PIA
تقييم أثر الخصوصية
A systematic process to identify and evaluate potential privacy risks associated with data processing activities, particularly when implementing new technologies, systems, or processes that handle personal data. Under PDPL and SAMA CSF requirements, organizations must conduct PIAs before processing high-risk personal data to ensure compliance and implement appropriate safeguards.
§ Pseudonymization
الترميز المستعار
Processing personal data so it can no longer be attributed to a specific data subject without the use of additional information.
Recovery Time Objective (RTO)
RTO
الهدف الزمني للتعافي
The maximum acceptable length of time that a business process, application, or system can be down after a disaster or disruption before the organization experiences unacceptable consequences, used to prioritize recovery efforts and allocate resources.
🔒 Right to be Forgotten
حق النسيان
The right of individuals to have their personal data erased when it is no longer necessary for the purpose it was collected.
🏛 Right to Erasure
حق المحو
Data subject right under PDPL to request deletion of their personal data held by an organization under specific circumstances, including withdrawal of consent or when data is no longer necessary for the original purpose.
🇸🇦 Saudi Data & AI Authority
SDAIA
هيئة البيانات والذكاء الاصطناعي
The Saudi government entity responsible for data governance and AI strategy, administering the PDPL.
Security Incident and Event Management (SIEM)
SIEM
إدارة الحوادث والأحداث الأمنية
A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.
Security Operations Center (SOC)
SOC
مركز العمليات الأمنية
A centralized unit that deals with security issues on an organizational and technical level, responsible for continuous monitoring, detection, analysis, and response to cybersecurity incidents using a combination of technology solutions and human expertise.
Zero Trust Network Access
ZTNA
الوصول الشبكي بدون ثقة
A security framework that eliminates implicit trust and requires continuous verification of every user and device attempting to access network resources, regardless of their location. ZTNA operates on the principle of 'never trust, always verify' and implements least-privilege access controls with micro-segmentation.