Access Control List
A list of rules that dictates which users or systems have access to a resource.
Application Programming Interface
A software interface that allows 2 applications to talk to each other. An API sits between an application and a web server, acting as an intermediary layer that processes data transfer between systems.
Business Continuity and Disaster Recovery
Represents a set of approaches or processes that helps an organization recover from a disaster and resume its routine business operations.
CAIQ (pronounced cake)
Consensus Assessments Initiative Questionnaire
A survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider.
California Consumer Privacy Act
California State Statute passed in 2020 that allows for consumers to have more control over data shared with websites, such as the ability to request for their personal data such as names and website history to be exported or deleted.
Cloud Security Alliance
An organization of thousands of cloud service providers that provides thought leadership and maintains the popular CAIQ.
Credential Management System
An established form of software that is used for issuing and managing credentials as part of public key infrastructure (PKI).
Distributed Denial of Service
An attack designed to disrupt a website or network by bombarding it with traffic. Hackers and others use these attacks for a variety of reasons including revenge, extortion, and financial and political gain.
Data Loss Prevention
DLP tools are used by organizations to block attempts to exfiltrate sensitive information outside of the organization’s network. For example, many organizations employ DLP to ensure that emails with personal information such as social security numbers or credit card numbers are blocked.
Endpoint Detection & Response
EDR solutions are used to secure end users devices such as laptops by detecting potential malware or other attempts to exploit the device. They are typically considered to be the successor to traditional signature-based antivirus software and use a combination of signatures and machine learning to detect advanced threats.