Strac's glossary

As a healthcare provider, insurer, or professional handling patient data, you know the stakes are high. With over 130 million patient records breached in 2023, the need to protect personal health (PHI) data has never been more urgent. Strac's HIPAA-compliant DLP solution guarantees patient data remains protected, avoiding costly violations and penalties, allowing you to focus on delivering quality care with peace of mind.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
A

Access Control

A security mechanism that manages who or what can view, access, or use resources in a computing environment. It involves authentication and authorization processes to ensure only authorized users can access specific resources.

Access Control List (ACL)

A set of rules used for filtering network traffic and controlling access to system objects such as directories or files. ACLs determine which users or system processes are given access to objects & what operations are allowed.

Active Directory

A directory service designed by Microsoft for Windows Server environments that manages and organizes network resources, including users, computers, and other devices in a network hierarchy.

Adequate Level of Protection:

A standard defined by GDPR that specifies the required level of data protection for cross-border data transfers to third countries or international organizations.

Adversary-in-the-Middle Attack

A sophisticated cyber attack where malicious actors position themselves between two communicating parties to intercept, manipulate, or redirect traffic passing between them.

B

Backdoor Attack

A cyber attack where hackers gain unauthorized access to systems, networks, or applications by exploiting vulnerabilities or hidden entry points.

Bring Your Own Device (BYOD)

A policy that permits employees to use their personal devices for work purposes while maintaining security standards and protecting company data.

Brute Force Attack

A cyber attack method that attempts to gain unauthorized access by methodically trying all possible mixtures of passwords or encryption keys.

Business Email Compromise (BEC)

A sophisticated email scam targeting businesses, where attackers impersonate executives or trusted partners to conduct unauthorized fund transfers.

Brazil General Data Protection Law

Brazil's comprehensive data protection legislation (LGPD) that regulates the collection, processing, and storage of personal data, similar to the EU's GDPR.

C

CASB DLP

A combination of Cloud Access Security Broker and Data Loss Prevention capabilities that protect sensitive data across cloud services & applications.

CASB Tool

Software solutions that implement Cloud Access Security Broker functionality to protect cloud applications and data.

ChatGPT

An AI language model created by OpenAI that can engage in conversational interactions and generate human-like text responses.

CASB Vendor

Companies that develop and sell Cloud Access Security Broker solutions to organizations.

CASB Pricing

The cost structure for Cloud Access Security Broker services, typically based on factors like number of users, cloud applications protected, and features included.

D

Data Loss

The unintended deletion, corruption, or unavailability of data, whether through human error, system failure, or malicious activity.

Data Store

A repository for persistently storing & managing collections of data which includes databases, data lakes, and file systems.

Data Theft

The unauthorized copying, transfer, or retrieval of sensitive data by malicious actors.

DLP Policy

Rules and configurations that define how Data Loss Prevention solutions identify and protect sensitive information.

Data Mining

The procedure of discovering patterns, correlations, & insights from big datasets using statistical methods & machine learning.

E

Encryption

The process of converting information into a code to stop unauthorized access.

Exfiltration

The unauthorized transmission of data from a computer or network to an external location.

Email Security

Comprehensive measures to protect email systems from unauthorized access, loss, or compromise.

Email Spoofing

The generation of email messages with a fake sender address to deceive recipients.

Encrypted Data

Information that has been transformed into a scrambled format that can only be read with the right decryption key.

F

Fine Tuning

The process of adjusting AI models to boost their performance for specific tasks or domains.

False Positive

An incorrect identification of a threat or violation when none actually exists.

G

GDPR

The General Data Protection Regulation - EU's comprehensive data protection and privacy regulation.

Generative AI

AI systems capable of creating new content, including text, images, code, or other data types.

Google Bard Security

Security measures and considerations specific to Google's Bard AI language model.

H

HIPAA

Health Insurance Portability & Accountability Act - U.S. legislation that protects medical information privacy.

HITECH

Health Information Technology for Economic & Clinical Health Act - legislation that strengthens HIPAA enforcement.

Human Firewall

The human element of cybersecurity where employees act as a defense against security threats.

HIPAA Compliance

Meeting the requirements set forth by HIPAA for protecting healthcare information.

Homomorphic Encryption

A form of encryption allowing computations on encrypted data without decrypting it.

I

IT Compliance

Adherence to requirements set by laws, regulations, and industry standards for IT systems.

Insider Threat

Security risks posed by individuals with legitimate access to an organization's systems.

Information Security Policy

Documented guidelines for protecting an organization's information assets.

Identity Threat Detection & Response (ITDR)

Security solutions focused on detecting and responding to identity-based threats.

Identity and Access Management (IAM)

Framework of policies and technologies managing digital identities and access rights.

K

Keyloggers

Malicious software that records keystrokes to capture sensitive information.

L

Least Privilege

Security principle of giving users only the minimum access rights needed for their work.

Large Language Models (LLMs)

Advanced AI models trained on broad amounts of text data to understand & generate human like language.

M

Malware

Malicious software created to damage, disrupt, or gain unauthorized access to computer systems.

Masked Data

Information that has been modified to hide sensitive elements while maintaining a similar structure.

Model Theft

The unauthorized extraction or copying of machine learning models.

Machine Learning

Technology enabling systems to learn and improve from experience without explicit programming.

Misconfiguration

Security vulnerabilities resulting from incorrect system or application settings.

N

Network DLP

Data Loss Prevention solutions that monitor and protect data moving through network traffic.

Network Security

Measures taken to protect the usability and integrity of computer networks and data.

NYDFS Cybersecurity Regulation

New York's requirements for financial institutions' cybersecurity programs.

NPI (Non-Public Information) - Finance

National Institute of Standards & Technology (NIST)

National Institute of Standards & Technology - organization that develops cybersecurity standards.

O

Obfuscated Data

Information that has been deliberately made difficult to understand.

P

PCI DSS

Payment Card Industry Data Security Standard - security standards for organizations handling credit cards.

PCI Compliance

Abidance to the Payment Card Industry Data Security Standard requirements.

Prompt Injection

A type of attack targeting AI systems through manipulated input prompts.

Penetration Testing

Authorized simulated cyberattack to evaluate system security.

Prompt Jailbreaking

Techniques used to bypass AI systems' built-in restrictions and safeguards.

R

Red Team

A group that helps organizations improve security by simulating real-world attacks.

Retrieval-Augmented Generation (RAG)

A technique that combines language models with external knowledge retrieval to generate more accurate and contextual responses.

S

Smishing

Phishing attacks conducted through SMS text messages.

Shadow IT

Hardware or software used within an organization without IT department approval.

Shadow Data

Sensitive information that exists outside of an organization's managed systems and security controls.

Shadow SaaS

Cloud services used by employees without formal IT department approval or oversight.

Sensitive Data

Data that must be protected from unauthorized access to safeguard privacy or security.

U

Unstructured Data

Information that doesn't follow a predefined data model or organization.

Unmanaged Data Stores

Data repositories that exist outside of an organization's formal management and security controls.

V

Vishing

Voice phishing attacks conducted through phone calls.

Vulnerability

A weakness or fault in a system, application, or process that could be exploited by malicious actors to attain unauthorized access, steal data, or disrupt operations. This can include software bugs, misconfigurations, weak passwords, or design flaws that compromise security.

Vulnerabilities

Weaknesses in a system that could be exploited by threats.

Virtual Private Cloud (VPC)

An isolated section of a public cloud where organizations can run resources in a virtual network.

Virtual Private Network (VPN)

Virtual Private Network - encrypted connection over the internet from a device to a network.

W

Web Security

Measures protecting websites and web applications from security threats and vulnerabilities.

Web Content Filtering

Technology that screens and excludes harmful or inappropriate web content.

Data Security Glossary

Learn all the security and compliance terms you need to secure your customer data

Strac Logomark in the Center surrounded by Company Logos

Data Discovery, DSPM, DLP, AI-SPM Glossary