Acronym

Phrase

Definition

ACL

Access Control List

A list of rules that dictates which users or systems have access to a resource.

API

Application Programming Interface

A software interface that allows 2 applications to talk to each other. An API sits between an application and a web server, acting as an intermediary layer that processes data transfer between systems.

BC/DR

Business Continuity and Disaster Recovery

Represents a set of approaches or processes that helps an organization recover from a disaster and resume its routine business operations.

CAIQ (pronounced cake)

Consensus Assessments Initiative Questionnaire

A survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider.

CCPA

California Consumer Privacy Act

California State Statute passed in 2020 that allows for consumers to have more control over data shared with websites, such as the ability to request for their personal data such as names and website history to be exported or deleted.

CSA

Cloud Security Alliance

An organization of thousands of cloud service providers that provides thought leadership and maintains the popular CAIQ.

CMS

Credential Management System

An established form of software that is used for issuing and managing credentials as part of public key infrastructure (PKI).

DDoS

Distributed Denial of Service

An attack designed to disrupt a website or network by bombarding it with traffic. Hackers and others use these attacks for a variety of reasons including revenge, extortion, and financial and political gain.

DLP

Data Loss Prevention

DLP tools are used by organizations to block attempts to exfiltrate sensitive information outside of the organization’s network. For example, many organizations employ DLP to ensure that emails with personal information such as social security numbers or credit card numbers are blocked.

EDR

Endpoint Detection & Response

EDR solutions are used to secure end users devices such as laptops by detecting potential malware or other attempts to exploit the device. They are typically considered to be the successor to traditional signature-based antivirus software and use a combination of signatures and machine learning to detect advanced threats.

Did this answer your question?