Acronym | Phrase | Definition |
SAML | Security Assertion Markup Language | Works by exchanging user information, such as logins, authentication state, identifiers, and other relevant attributes between the identity and service provider. As a result, it simplifies and secures the authentication process as the user only needs to log in once with a single set of authentication credentials. |
SDLC | Software Development Life Cycle | A structured process that enables the production of high-quality, low-cost software, in the shortest possible production time. The goal of the SDLC is to produce superior software that meets and exceeds all customer expectations and demands. |
SIEM | Security Information and Event Management | Technology that supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources. |
SIG | Standardized Information Gathering (Questionnaire) | A repository of third-party information security and privacy questions, indexed to multiple regulations and control frameworks. |
SLA | Service-Level Agreement | Sets the expectations between the service provider and the customer and describes the products or services to be delivered, the single point of contact for end-user problems, and the metrics by which the effectiveness of the process is monitored and approved. |
SOC 1 | Systems and Organization Controls | A SOC 1 report is for organizations whose internal security controls can impact a customer’s financial statements such as payroll, claims, or payment processing companies. SOC 1 reports can assure customers that their financial information is being handled securely. |
SOC 2 | Systems and Organization Controls | A SOC 2 report is a security framework that specifies how organizations should safeguard customer data. The American Institute of CPAs (AICPA) developed SOC 2 around five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. |
SOC 3 | Systems and Organization Controls | A SOC 3 report is a public report of internal controls over security, availability, processing integrity, and confidentiality. This report is less detailed than SOC 2. |
SQL | Structured Query Language | A standardized programming language that is used to manage relational databases and perform various operations on the data in them. |
SSO | Single Sign-On | An authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. |
TISAX | Trusted Information Security Asset Exchange | An information exchange that was founded by the German Association of the Automotive Industry. Vendors who wish to work with TISAX members are usually required to share their existing assessment or complete a new assessment as part of the due diligence process. |
TLS | Transport Layer Security | TLS is the successor to Secure Sockets Layer (SSL) and is a cryptographic protocol used to encrypt data in-transit over a computer network. |
VPN | Virtual Private Network | A service that establishes a secure, encrypted connection while using a public network. |
VSA | The Vendor Security Alliance | A coalition of companies committed to improving Internet security. |
VSA Core | The Vendor Security Alliance Core | This questionnaire, first available on October 24th, 2019, comprises the most critical questions on vendor security in addition to privacy. The privacy section covers both US Privacy (data breach notification requirements plus the new California data privacy law (CCPA)), plus EU Privacy (General Data Protection Regulation (GDPR)). |
WAF | Web Application Firewall | Protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. |
XXS | Cross-Site Scripting | An attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it. |