Security & Compliance Glossary

Scrambling data so only authorized people can read it. Like writing in a secret code that only you and your friend know.

A secret word or phrase that proves your identity to access accounts or systems. Like a key to your digital house.

Security software that blocks unauthorized access to your computer or network. Like a security guard for your digital data.

AWS service that records all API calls made in your account for security and compliance. Like a detailed security log that tracks who did what and when.

Identity and Access Management - AWS service that controls who can access what resources. Like a bouncer at a club who checks IDs and decides who can enter which areas.

Microsoft's identity and access management service. Like a master key system for all your digital doors - one login for everything.

Azure service for securely storing and managing sensitive information like passwords, certificates, and encryption keys. Like a bank safety deposit box for your digital secrets.

Secure Sockets Layer - security protocol that encrypts data between web browsers and servers. Like sending mail in a locked box that only the recipient can open.

Transport Layer Security - the newer, more secure version of SSL for encrypting internet communications. Like an upgraded lock system that's harder to break.

Hypertext Transfer Protocol Secure - the secure version of HTTP that uses SSL/TLS encryption. Like regular mail vs. certified mail - HTTPS ensures your data can't be read by others.

Virtual Private Network - creates a secure connection over the internet between your device and a private network. Like having a private tunnel through a public highway.

Secure File Transfer Protocol - encrypted version of FTP for secure file transfers. Like FTP but with all packages sent in locked boxes.

Open Authorization - standard for secure API access without sharing passwords. Like giving a valet key that only works for parking, not accessing your glove compartment.

JSON Web Token - secure way to transmit information between parties as digitally signed tokens. Like having a tamper-proof ID card that proves who you are.

Single Sign-On - authentication system that allows users to log in once and access multiple applications. Like having a master key for all doors in a building.

Security Assertion Markup Language - standard for exchanging authentication data between systems. Like having a standardized passport format recognized by all countries.

Multi-Factor Authentication - security method requiring two or more verification methods. Like needing both a key and fingerprint to open a safe.

Two-Factor Authentication - security process requiring two different authentication methods. Like needing both an ID and a secret handshake to enter a club.

Web Application Firewall - security system that filters HTTP traffic to web applications. Like having a security guard that checks everyone entering a building and blocks suspicious visitors.

Distributed Denial of Service - attack that overwhelms a service with traffic from many sources. Like having thousands of people simultaneously calling a restaurant to prevent real customers from getting through.

General Data Protection Regulation - European law governing data protection and privacy. Like having strict rules about how companies can collect, store, and use personal information.

Health Insurance Portability and Accountability Act - US law protecting medical information privacy. Like having special locks on medical records to ensure patient privacy.

Service Organization Control 2 - auditing standard for security, availability, and confidentiality of customer data. Like having a security inspection certificate for cloud services.

Authorized simulated attack on a system to find security vulnerabilities. Like hiring friendly burglars to test your security system and find weaknesses.

Cross-Origin Resource Sharing - mechanism that allows web pages to access resources from other domains. Like having permission slips that allow websites to share resources safely.

Cross-Site Request Forgery - attack that tricks users into performing unwanted actions on websites. Like someone forging your signature on documents without your knowledge.

Cross-Site Scripting - vulnerability where malicious scripts are injected into trusted websites. Like someone putting fake signs in a store to mislead customers.

AWS service for securely storing and managing configuration data and secrets. Like a secure vault specifically designed for application settings and passwords.

AWS service for managing, retrieving, and rotating database credentials, API keys, and other secrets. Like having an automated security system that changes locks regularly.

Google Cloud security service that provides DDoS protection and web application firewall. Like having a digital security guard that protects your applications from attacks.

Protecting stored data by encrypting it while it sits on storage devices. Like keeping sensitive documents in a locked safe when they're not being used.

Protecting data while it's being transmitted between systems or locations. Like sending sensitive mail in armored vehicles instead of regular postal trucks.

AWS intelligent threat detection service that continuously monitors for malicious activity. Like having a 24/7 security guard that never sleeps and recognizes suspicious behavior.

AWS unified security dashboard that aggregates security alerts from multiple services. Like having a central command center that shows all security issues in one place.

Security service that protects web applications from common attacks like SQL injection, cross-site scripting, and other web-based threats.

Secure service for creating, storing, and managing cryptographic keys used to encrypt and decrypt data in cloud applications.

Secure storage and automatic rotation of sensitive information like passwords, API keys, certificates, and tokens used by applications.

Protection measures and technologies used to keep data and applications safe when stored or processed in the cloud. Like having professional security guards for your digital belongings.

Secure Sockets Layer/Transport Layer Security - encryption protocols that secure data transmitted over the internet. Like putting your messages in a locked box before sending them through the mail.

Role-Based Access Control - security approach that assigns permissions based on job roles rather than individual users. Like giving all managers the same key instead of customizing access for each person.

Meeting regulatory and industry standards for data security, privacy, and business practices. Like following building codes and safety regulations when constructing a building.

Security model that requires verification for every access request, regardless of location. Like requiring ID checks every time someone enters a building, even if they work there.