🔐 Cybersecurity Glossary

A symmetric encryption algorithm established by the U.S. National Institute of Standards and Technology (NIST) in 2001, widely adopted as the global standard for encrypting sensitive data. AES supports key sizes of 128, 192, and 256 bits and is mandated by SAMA CSF for protecting financial data and by NCA ECC for securing classified government information.

A documented collection of procedures and information that enables an organization to respond to disruptions, maintain critical business functions, and recover operations to predefined levels following a disaster or significant incident. The BCP identifies critical business processes, recovery time objectives (RTO), recovery point objectives (RPO), and the resources required to sustain operations during adverse conditions.

A strategic security approach combining technical controls, user awareness training, and governance policies to prevent sophisticated email fraud attacks targeting organizations. This includes implementing verification procedures for financial transactions, executive impersonation detection, and incident response protocols.

The process of obtaining, recording, and managing explicit permission from data subjects before collecting, processing, or sharing their personal information, including mechanisms for withdrawal and audit trails as required by privacy regulations.

A Zero Trust security mechanism that continuously validates user identity and device trustworthiness throughout a session, rather than only at initial login. It monitors behavioral patterns, device posture, location, and contextual factors in real-time to detect anomalies and dynamically adjust access privileges or terminate sessions when risk levels change.

Legal instruments and safeguards required under PDPL Article 36 for transferring personal data outside Saudi Arabia, including adequacy decisions, standard contractual clauses, binding corporate rules, or explicit consent, ensuring that data transferred internationally maintains equivalent protection standards as required within the Kingdom.

One of the five primary organizational categories within the NCA ECC framework that groups related cybersecurity controls: Cybersecurity Governance, Cybersecurity Defense, Cybersecurity Resilience, Third-Party and Cloud Computing Cybersecurity, and Industrial Control Systems Cybersecurity. Each domain addresses specific aspects of an organization's cybersecurity program and contains multiple control categories with detailed implementation requirements.

A structured assessment framework within NCA ECC that measures an organization's cybersecurity capabilities across five maturity levels: Initial, Developing, Defined, Managed, and Optimized. Organizations subject to ECC must assess their maturity level and progressively improve their cybersecurity posture according to NCA timelines and requirements.

A privacy principle requiring organizations to collect and process only the minimum amount of personal data necessary to achieve specific, legitimate purposes, reducing privacy risks and compliance obligations.

The right of individuals to control how their personal information is collected, used, stored, and shared by organizations, ensuring that data handling practices comply with legal and regulatory requirements while protecting individual privacy rights.

The combined practice of collecting, preserving, analyzing, and presenting digital evidence from cybersecurity incidents while simultaneously containing and remediating the threat. It ensures evidence integrity for potential legal proceedings while enabling rapid recovery and lessons learned documentation.

A documented process focused specifically on restoring IT systems, applications, data, and technology infrastructure following a catastrophic event or major disruption. The DRP is a subset of the broader Business Continuity Plan and details technical recovery procedures, backup strategies, system restoration sequences, and roles and responsibilities for IT recovery teams to minimize downtime and data loss.

A secondary physical or cloud-based facility equipped with necessary infrastructure, systems, and data backups that enables an organization to resume critical IT operations and business functions following a major disruption, cyber attack, or disaster at the primary site.

An email authentication protocol that builds on SPF and DKIM to provide domain owners with protection against unauthorized use of their domain in email attacks. DMARC enables senders to specify how receiving mail servers should handle messages that fail authentication checks and provides reporting mechanisms for monitoring.

A security strategy and technology that monitors, detects, and blocks sensitive information from being transmitted via email in violation of organizational policies or regulatory requirements. Email DLP helps prevent accidental or intentional data breaches by enforcing content inspection and policy-based controls.

A governance framework that defines requirements and procedures for encrypting email communications to protect sensitive information in transit and at rest. This policy establishes standards for encryption methods, key management, and compliance with data protection regulations such as PDPL.

A security solution that filters and monitors incoming and outgoing email traffic to detect and block malicious content, spam, and phishing attempts. It acts as a protective barrier between an organization's email infrastructure and external threats, enforcing security policies and compliance requirements.

A governance document that defines how long email messages must be retained, archived, and eventually deleted based on regulatory requirements, legal obligations, and business needs. This policy ensures compliance with data protection laws while managing storage resources effectively.

A structured program designed to educate employees about email-based threats such as phishing, malware, and social engineering attacks. This training is a critical component of security governance, helping organizations build a human firewall and reduce the risk of successful email attacks.

The process of converting plaintext data into ciphertext using cryptographic algorithms and keys to protect confidentiality and prevent unauthorized access to sensitive information during storage or transmission.

The administration of cryptographic keys throughout their lifecycle, including generation, distribution, storage, rotation, backup, and destruction, ensuring secure key handling practices to maintain the effectiveness of encryption systems.

A security method where data is encrypted on the sender's device and only decrypted on the recipient's device, ensuring that no intermediary parties, including service providers, can access the plaintext content during transmission.

A communication security method where data is encrypted on the sender's device and only decrypted on the recipient's device, preventing intermediaries including service providers from accessing the plaintext content. This approach aligns with PDPL Article 18 requirements for protecting personal data during transmission and NCA ECC controls for secure communications in critical infrastructure sectors supporting Vision 2030 digital transformation.

A documented, structured approach with detailed procedures for detecting, responding to, and recovering from cybersecurity incidents. It defines roles, responsibilities, communication protocols, and step-by-step actions to minimize damage and restore normal operations efficiently.

A documented set of predefined procedures and workflows that guide SOC teams through the process of identifying, containing, eradicating, and recovering from specific types of security incidents, ensuring consistent and effective response actions.

Forensic artifacts or observable patterns on a network or operating system that with high confidence indicate a computer intrusion or malicious activity. IoCs include file hashes, IP addresses, domain names, URLs, email addresses, and registry keys.

A key performance indicator that measures the average time it takes for a SOC team to discover a security incident or breach from the moment it occurs. MTTD is critical for assessing the effectiveness of security monitoring capabilities and detection controls, with lower values indicating more mature security operations.

A Zero Trust security technique that divides networks into small, isolated segments to contain breaches and limit lateral movement. Each segment has its own access controls and security policies, allowing organizations to define granular security perimeters around critical assets and enforce strict traffic inspection between segments.

Any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, or destruction, whether automated or manual.

A systematic process to identify and evaluate potential privacy risks associated with data processing activities, particularly when implementing new technologies, systems, or processes that handle personal data. Under PDPL and SAMA CSF requirements, organizations must conduct PIAs before processing high-risk personal data to ensure compliance and implement appropriate safeguards.

A subset of IAM that focuses on managing and monitoring accounts with elevated privileges, such as system administrators and database administrators. PAM solutions control, monitor, and secure privileged credentials to prevent unauthorized access to critical systems and sensitive data.

A framework of policies, procedures, hardware, software, and people used to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. PKI enables secure electronic communications and is required by NCA ECC for government entities and SAMA CSF for financial institutions to authenticate users, encrypt data, and ensure non-repudiation of digital transactions.

The maximum acceptable length of time that a business process, application, or system can be down after a disaster or disruption before the organization experiences unacceptable consequences, used to prioritize recovery efforts and allocate resources.

A comprehensive structure of policies, procedures, and controls that establishes accountability and oversight for cybersecurity activities across an organization. It defines roles, responsibilities, and decision-making processes to ensure security objectives align with business goals and regulatory requirements.

An event or series of events that indicates a potential or actual breach of information security policies, unauthorized access to systems or data, disruption of services, or any occurrence that threatens the confidentiality, integrity, or availability of information assets.

A comprehensive security solution that provides real-time analysis of security alerts and events generated by network hardware and applications. It collects, aggregates, correlates, and analyzes log data to detect threats, support compliance reporting, and enable rapid incident response.

A comprehensive solution that provides real-time analysis of security alerts generated by applications and network hardware. SIEM systems collect, aggregate, and analyze log data from across an organization's IT infrastructure to identify security threats, ensure compliance, and support incident investigation and forensics.

A centralized unit that deals with security issues on an organizational and technical level, responsible for continuous monitoring, detection, analysis, and response to cybersecurity incidents using a combination of technology solutions and human expertise.

An individual, group, or entity that conducts or has the intent to conduct malicious cyber activities against an organization's information systems or data. Threat actors are categorized by motivation (financial, political, espionage), capability (nation-state, organized crime, hacktivists), and targeting patterns.

A security framework that eliminates implicit trust and requires continuous verification of every user and device attempting to access network resources, regardless of their location. ZTNA operates on the principle of 'never trust, always verify' and implements least-privilege access controls with micro-segmentation.