HomeResourcesGlossary
Glossary

LogicalNet Cybersecurity & IT Glossary

Clear, plain-English definitions of the terms we use across our cybersecurity and managed IT services. Every term includes types, common mistakes, and an FAQ.

All Terms

Every term, one place

Written for business leaders, not security experts.

BCDR

BCDR is the combined discipline of Business Continuity (BC) and Disaster Recovery (DR). BC ensures the business keeps operating during…

BEC

Business Email Compromise (BEC) is a targeted email fraud technique where attackers impersonate executives, vendors, or trusted partners…

Co-Managed IT

Co-Managed IT is a hybrid engagement model where an external MSP supplements an internal IT team rather than replacing it. The internal…

Conditional Access

Conditional Access is a policy-driven access control approach that evaluates signals such as user identity, device health, location, and…

Cyber Insurance

Cyber insurance is a policy that covers financial losses from cybersecurity incidents — ransomware payments, data breach response,…

DLP

Data Loss Prevention (DLP) is a category of security technology that identifies, monitors, and protects sensitive data as it moves…

EDR

Endpoint Detection and Response (EDR) is security technology that continuously monitors endpoints — laptops, desktops, and servers — for…

Fractional CIO

A Fractional CIO (also called a virtual CIO or vCIO) is a senior technology advisor engaged on a part-time basis to build IT strategy,…

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for protecting…

IAM

Identity and Access Management (IAM) is the framework of policies, processes, and technologies that ensure the right people have the…

Immutable Backup

An immutable backup is a backup copy that cannot be modified or deleted for a defined retention period, even by an administrator or an…

Incident Response

Incident Response (IR) is the structured process for detecting, containing, eradicating, and recovering from cybersecurity incidents. A…

Least Privilege

Least privilege is the security principle of giving every user, account, and system only the minimum access required to do its job.…

M365 Tenant Hardening

M365 tenant hardening is the process of systematically configuring Microsoft 365 settings — MFA, conditional access, safe links, audit…

MDR

Managed Detection and Response (MDR) is a service where external security analysts use EDR or XDR tools to monitor your environment…

MSP

A Managed Service Provider (MSP) is a company that remotely manages a client’s IT infrastructure, end-user systems, and technology…

MSSP

A Managed Security Service Provider (MSSP) is a specialized managed service provider focused on cybersecurity — monitoring, detecting,…

NIST CSF

The NIST Cybersecurity Framework (NIST CSF) is a voluntary, risk-based framework developed by the National Institute of Standards and…

NOC

A Network Operations Center (NOC) is the team — internal or outsourced — responsible for monitoring and managing IT infrastructure…

PAM

Privileged Access Management (PAM) is a specialized identity discipline focused on accounts with elevated permissions — IT admins,…

Patch Management

Patch management is the disciplined process of identifying, acquiring, testing, and deploying software updates that fix security…

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is the required security standard for any business that stores, processes, or…

Phishing

Phishing is a social engineering attack that uses fraudulent messages — usually email, sometimes text or voice — to trick users into…

Phishing-Resistant MFA

Phishing-resistant MFA is a category of multi-factor authentication where the second factor cannot be intercepted, replayed, or tricked…

Ransomware

Ransomware is a category of malware that encrypts files and demands payment in exchange for decryption. Modern ransomware operations…

RTO vs RPO

RTO (Recovery Time Objective) is the maximum acceptable downtime for a system or business process before the impact becomes…

SOC

A Security Operations Center (SOC) is the team — internal or outsourced — responsible for monitoring, detecting, investigating, and…

SOC 2

SOC 2 is an auditing framework developed by the AICPA that evaluates a service organization’s controls against five Trust Services…

SOC as a Service

SOC as a Service (SOCaaS) is an outsourced model where a specialized provider delivers 24/7 security monitoring, detection, and response…

Spear Phishing

Spear phishing is a highly targeted form of phishing aimed at specific individuals or small groups. Attackers research their targets,…

SSO

Single Sign-On (SSO) is an authentication method that lets users access multiple applications with a single set of credentials. Instead…

XDR

Extended Detection and Response (XDR) is a security approach that correlates signals across multiple layers — endpoints, email,…

Zero Trust

Zero Trust is a security model that assumes no user, device, or network request is trustworthy by default. Every access attempt is…
Need Help?

Have a question that isn’t in the glossary?

LogicalNet engineers are happy to explain how any of this applies to your business. Schedule a no-pressure consult.

Schedule a Consult Free Assessment