Technical Definitions
Simplified explanations of complex technologies and industry concepts.
Methodology
10 itemsAI/MLOps
A set of practices that combines machine learning, DevOps, and data engineering to automate and streamline the process of developing, testing, deploying, and monitoring machine learning models in production.
BCP
Business Continuity Plan - a comprehensive plan that outlines how an organization will continue operating during an unplanned disruption to business operations.
BIA
Business Impact Analysis - a systematic process to evaluate and document the potential effects of disruption to critical business operations and processes.
CI/CD
Continuous Integration and Continuous Delivery/Deployment - a set of practices that automate the process of integrating code changes, testing them, and delivering/deploying them to production.
DevOps
A set of practices that combines software development and IT operations to shorten the development life cycle and provide continuous delivery with high software quality.
DevSecOps
An approach that integrates security practices into the DevOps process, emphasizing security as a shared responsibility throughout the application lifecycle.
SDLC
Software Development Life Cycle - a systematic process for planning, creating, testing, and deploying software applications that defines phases and activities for developing high-quality software.
Shift Left
A software development practice that emphasizes moving quality assurance, security, and testing activities earlier in the development lifecycle to identify and address issues sooner.
Simulation
A more realistic exercise than a tabletop exercise that tests specific functions or capabilities of an emergency response plan using simulated conditions without disrupting actual operations.
Tabletop Exercise
A discussion-based exercise that involves team members reviewing and discussing their roles, responsibilities, and procedures during emergency situations in an informal setting.
Cloud Provider
5 itemsAliyun
Alibaba Cloud - the cloud computing arm of Alibaba Group, providing a comprehensive suite of cloud services including computing, storage, networking, security, and big data solutions.
AWS
Amazon Web Services - a comprehensive, evolving cloud computing platform provided by Amazon that offers a mix of infrastructure as a service (IaaS), platform as a service (PaaS), and packaged software as a service (SaaS) offerings.
Azure
Microsoft Azure - a comprehensive cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through Microsoft-managed data centers.
DigitalOcean
A cloud infrastructure provider that focuses on simplifying cloud computing for developers and businesses with a developer-centric approach.
GCP
Google Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products.
Security
35 itemsAnti-malware
A security solution designed to detect, prevent, and remove malicious software including viruses, worms, trojans, spyware, adware, and other harmful programs.
Antivirus (AV)
A security software designed to prevent, detect, and remove viruses and other malicious software from computer systems.
Attack Surface
The total sum of all possible entry points, interfaces, and pathways that an attacker could use to gain unauthorized access to a system or application.
Cloud Access Security Broker (CASB)
A security policy enforcement point that sits between cloud service consumers and providers to monitor and control access to cloud applications and services.
Compliance as Code
An approach that treats compliance policies and controls as code, enabling automated enforcement, testing, and management of compliance requirements.
Container Security
The practice of securing containerized applications throughout their lifecycle, including image creation, orchestration, runtime, and monitoring.
Continuous Security
An approach that integrates security practices throughout the entire software development lifecycle, ensuring security is considered at every stage rather than as an afterthought.
CSPM
Cloud Security Posture Management - a technology that continuously monitors cloud infrastructure to identify and remediate security issues and compliance violations.
DAST
Dynamic Application Security Testing - a security testing methodology that examines running applications for vulnerabilities by simulating real-world attacks without access to the source code.
DLP (Data Loss Prevention / Data Leakage Prevention)
A security solution that detects potential data breaches and prevents unauthorized access to, or sharing of, sensitive data.
EDR (Endpoint Detection and Response)
A security solution that continuously monitors endpoints to detect and investigate suspicious activities and security threats.
Endpoint Security
A comprehensive approach to securing endpoints such as laptops, desktops, mobile devices, and servers from cyber threats and unauthorized access.
IAST
Interactive Application Security Testing - a security testing methodology that combines elements of static and dynamic application security testing by running in the application runtime environment.
Identity and Access Management (IAM)
A framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources at the right times and for the right reasons.
Multi-Factor Authentication (MFA)
A security system that requires users to provide two or more verification factors to gain access to an application, online account, or VPN.
NGAV (Next-Generation Antivirus)
An advanced antivirus solution that uses machine learning, behavioral analysis, and cloud-based intelligence to detect and prevent sophisticated threats.
NGFW
Next-Generation Firewall - a security appliance that provides traditional firewall capabilities along with advanced features like application awareness, intrusion prevention, and threat intelligence.
OWASP
Open Web Application Security Project - an open-source community that provides tools, documentation, and education to improve software security.
Sandbox
A security mechanism for isolating and analyzing potentially malicious code in a secure, contained environment.
SAST
Static Application Security Testing - a security testing methodology that analyzes source code, bytecode, or binaries for security vulnerabilities without executing the application.
SCA
Software Composition Analysis - a security testing methodology that identifies and manages open-source and third-party components in applications to detect vulnerabilities, licensing issues, and compliance risks.
Secrets Management
The practice of securely storing, managing, and accessing sensitive information such as passwords, API keys, certificates, and other authentication credentials.
Secure Access Service Edge (SASE)
A cloud-delivered security model that combines network and security functions into a single service delivered from the cloud.
Secure Web Gateway (SWG)
A security solution that filters traffic between users and the internet to prevent threats and enforce acceptable use policies.
Security as Code (SaC)
An approach that treats security controls and policies as code, enabling version control, automated testing, and continuous deployment of security measures.
Security Service Edge (SSE)
A framework that delivers network security capabilities as a cloud service, providing secure access to applications and services from any location.
Single Sign-On (SSO)
An authentication process that allows users to access multiple applications and services with one set of login credentials.
Software-Defined Perimeter (SDP)
A security framework that uses software to dynamically define network perimeters around protected resources, creating encrypted connections based on identity and context.
Threat Modeling
A structured approach for identifying, understanding, and addressing potential security threats to a system, application, or organization.
Vulnerability Management
A comprehensive approach to identifying, classifying, prioritizing, remediating, and mitigating security vulnerabilities in systems, applications, and networks.
XDR (Extended Detection and Response)
A security solution that integrates data from multiple security products to provide comprehensive detection, investigation, and response capabilities across endpoints, networks, cloud, and other security layers.
Zero Trust
A security model that assumes no implicit trust and continuously validates every transaction and access request, regardless of location or network.
Zero Trust Architecture (ZTA)
A security framework that implements the Zero Trust model by requiring continuous verification of all users, devices, and applications before granting access to resources.
Zero Trust Network Access (ZTNA)
A security solution that provides secure remote access to applications and services based on identity and context, without extending network access.
Zero Trust Network Access 2.0 (ZTNA 2.0)
An evolved version of ZTNA that provides enhanced security capabilities with improved user experience and broader integration capabilities.
Technology
12 itemsAutomation
The use of technology to perform tasks with minimal human intervention, improving efficiency, reliability, and consistency in various processes.
Commvault
A data protection and information management software company that provides backup, recovery, and data management solutions for virtual, physical, and cloud environments.
Containerization
A lightweight virtualization technology that packages applications and their dependencies into standardized, executable containers that can run consistently across different computing environments.
Infrastructure as Code (IaC)
The process of managing and provisioning computing infrastructure through machine-readable configuration files rather than physical hardware configuration or interactive configuration tools.
Orchestration
The automated arrangement, coordination, and management of complex computer systems, middleware, and services to ensure they work together efficiently.
Proxmox
An open-source server virtualization management platform that provides a complete solution for virtualization and containerization with a web-based management interface.
SD-WAN
Software-Defined Wide Area Network - a technology that uses software-defined networking to manage and control WAN connections, providing improved performance and simplified management.
Serverless
A cloud computing execution model where the cloud provider dynamically manages the allocation and provisioning of servers, allowing developers to focus on writing code without worrying about infrastructure management.
Veeam
A data protection and availability software provider that offers backup, recovery, and replication solutions for virtual, physical, and cloud environments.
Virtualization
The process of creating virtual versions of physical resources, such as servers, storage devices, networks, or operating systems, allowing multiple virtual machines to run on a single physical machine.
VMware
A virtualization and cloud computing software provider that offers a range of products for virtualizing computing environments and managing virtual machines.
Zerto
A disaster recovery and business continuity software provider that offers continuous data protection and replication solutions for virtual, physical, and cloud environments.
Infrastructure
17 itemsCold Site
A backup facility that provides only basic infrastructure such as space, power, and cooling, requiring significant setup time and equipment installation to become operational after a primary site failure.
DC-DR
Data Center Disaster Recovery - the processes, procedures, and technologies used to recover data center operations after a significant disruption or disaster.
Disaster Recovery
A comprehensive plan and process to recover IT infrastructure and systems following a natural or human-induced disaster, ensuring business continuity and minimizing downtime.
DRaaS
Disaster Recovery as a Service - a cloud-based service model that provides disaster recovery capabilities to organizations without requiring them to build and maintain their own disaster recovery infrastructure.
Failback
The process of returning operations from a backup or standby system to the original primary system after the primary system has been restored or fixed.
Failover
The automatic or manual process of switching to a redundant or standby system, server, or network upon the failure or abnormal termination of the previously active system.
High Availability
A system design approach that ensures applications and services remain operational with minimal downtime, typically achieved through redundancy and failover mechanisms.
Hot Site
A fully equipped backup facility that is always ready to take over operations immediately in case of a primary site failure, with all necessary equipment, systems, and data available.
NAS
Network Attached Storage - a file-level storage device connected to a network that provides data access to multiple clients, enabling centralized file sharing and storage management.
Offsite Backup
A backup strategy that involves storing copies of data at a location separate from the primary data center, providing protection against site-specific disasters.
Replication
The process of copying and maintaining data across multiple locations or systems to ensure availability, improve performance, and provide disaster recovery capabilities.
RPO
Recovery Point Objective - the maximum acceptable amount of data loss measured in time that an organization can tolerate during a disaster or system failure.
RTO
Recovery Time Objective - the maximum acceptable time an organization can tolerate for systems to be unavailable after a disaster or system failure.
SAN
Storage Area Network - a dedicated high-speed network that connects servers to storage devices, providing block-level access to shared storage resources.
Snapshot
A point-in-time copy of data that captures the state of a system, file, or storage volume at a specific moment, allowing for quick recovery and backup.
Warm Site
A partially equipped backup facility that contains some infrastructure and systems, requiring some setup time to become fully operational after a primary site failure.
WRT
Work Recovery Time - the time required to verify that the system is fully functional and all business processes are operating normally after a disaster recovery event.
Containerization
1 itemsDevelopment Tool
1 itemsDevelopment Platform
2 itemsGitHub
A web-based hosting service for version control using Git, providing collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
GitLab
A web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking, and CI/CD pipeline features, using an open-source license.
Cloud Model
3 itemsIaaS
Infrastructure as a Service - a cloud computing model that provides virtualized computing resources over the internet.
PaaS
Platform as a Service - a cloud computing model that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining infrastructure.
SaaS
Software as a Service - a software distribution model in which applications are hosted by a cloud provider and made available to customers over the internet.
Company
3 itemsIBM
International Business Machines Corporation - a multinational technology company that provides hardware, software, and consulting services, with a focus on artificial intelligence, cloud computing, and enterprise solutions.
Oracle
Oracle Corporation - a multinational computer technology corporation that specializes in developing and marketing database software and technology, cloud-engineered systems, and enterprise software products.
Sangfor
A Chinese technology company that specializes in internet solutions, including application delivery, information security, and cloud computing services.