Guide to DevSecOps

Appearance

DevSecOps Glossary

A comprehensive index of key terms, acronyms, and concepts in DevSecOps, security, cloud, and modern software delivery. Use this as a quick reference for understanding the language of DevSecOps.

A

  • ACL (Access Control List): A list defining permissions attached to an object, specifying which users or systems can access it and what actions they can perform.
  • Agentless/Agent-based: Refers to whether a security or monitoring tool requires software to be installed on the target system (agent-based) or not (agentless).
  • API Gateway: A server that acts as an API front-end, handling requests, authentication, rate limiting, and routing.
  • Artifact: A file or bundle (e.g., binary, container image) produced by a build process and used for deployment.
  • Attack Surface: The sum of all points where an unauthorized user can try to enter or extract data from a system.
  • Attack Surface Reduction: Minimizing the number of ways an attacker can enter or extract data from a system.
  • Attack Vector: The path or means by which an attacker gains access to a system.
  • Audit Trail: A record of all changes made to a system, including who made the changes and when.
  • Authentication: The process of verifying the identity of a user or system.
  • Authorization: The process of determining whether a user or system has permission to perform a specific action.
  • Automated Testing: The use of software tools to run tests on code automatically, ensuring functionality and security.
  • Availability: The degree to which a system is operational and accessible when required for use.
  • A/B Testing: A method of comparing two versions of a webpage or app against each other to determine which one performs better.
  • Agile: A software development methodology that emphasizes iterative development, collaboration, and flexibility.
  • Anomaly Detection: The identification of unusual patterns or behaviors in data that may indicate a security threat.
  • API (Application Programming Interface): A set of rules and protocols for building and interacting with software applications.
  • API Security: The practice of protecting APIs from threats and vulnerabilities.
  • Application Security: The practice of protecting applications from threats and vulnerabilities throughout their lifecycle.
  • Application Performance Monitoring (APM): Tools and processes for monitoring and managing the performance of software applications.
  • Application Programming Interface (API): A set of protocols and tools for building software applications.
  • Application Security Testing (AST): The process of testing applications for security vulnerabilities.
  • Asynchronous Processing: A method of processing tasks in which the main program continues to run while the task is being completed in the background.
  • Asset Management: The process of tracking and managing an organization's assets, including hardware, software, and data.

B

  • BCDR (Business Continuity and Disaster Recovery): Strategies and processes to ensure critical business functions continue and data is recoverable after a disruption.
  • Backup: The process of making copies of data to enable recovery in case of loss or corruption.
  • Bicep: A domain-specific language (DSL) for deploying Azure resources declaratively.
  • Blue/Green Deployment: A release management strategy that reduces downtime and risk by running two identical production environments.
  • Branch Protection: Git feature to enforce rules (e.g., reviews, status checks) before merging code.
  • Business Impact Analysis (BIA): The process of determining the effects of an interruption to critical business operations.

C

  • CD (Continuous Delivery/Deployment): Automating the release of software changes to production or staging environments.
  • CI (Continuous Integration): The practice of merging all developers' working copies to a shared mainline several times a day.
  • CICD Pipeline: Automated workflow for building, testing, and deploying code.
  • CloudFormation: AWS service for defining and provisioning infrastructure as code.
  • CSPM (Cloud Security Posture Management): Tools/services that continuously monitor cloud environments for misconfigurations and compliance risks.
  • Cold Site: A backup facility with power and connectivity but no pre-installed systems, used for disaster recovery.
  • Compliance as Code: Managing and enforcing compliance requirements using code and automation.
  • Credential Stuffing: Automated injection of breached username/password pairs to gain unauthorized access.
  • Containerization: The practice of packaging an application and its dependencies into a container for consistent deployment.
  • Container Orchestration: The automated management of containerized applications, including deployment, scaling, and networking.
  • Container Security: The practice of securing containerized applications and their environments.
  • Continuous Monitoring: The practice of continuously observing and analyzing systems for security threats and vulnerabilities.
  • Continuous Testing: The practice of executing automated tests as part of the software delivery pipeline.
  • CORS (Cross-Origin Resource Sharing): A security feature that allows or restricts resources requested from another domain outside the domain from which the resource originated.
  • CSP (Content Security Policy): A security feature that helps prevent cross-site scripting (XSS) and other code injection attacks.
  • CVE (Common Vulnerabilities and Exposures): A list of publicly disclosed cybersecurity vulnerabilities and exposures.
  • CVSS (Common Vulnerability Scoring System): A standardized method for rating the severity of security vulnerabilities.
  • CWE (Common Weakness Enumeration): A community-developed list of software and hardware weakness types.

D

  • DAST (Dynamic Application Security Testing): Security testing that analyzes running applications for vulnerabilities.
  • Defense in Depth: A layered approach to security, using multiple controls to protect assets.
  • DevOps: A set of practices that combines software development (Dev) and IT operations (Ops).
  • DevSecOps: The philosophy of integrating security practices within the DevOps process.
  • Drift Detection: Identifying when deployed infrastructure diverges from its source code or desired state.
  • DLP (Data Loss Prevention): Tools and processes to prevent unauthorized data exfiltration.
  • DDoS (Distributed Denial of Service): An attack that attempts to make a service unavailable by overwhelming it with traffic.
  • DNS (Domain Name System): The system that translates human-readable domain names into IP addresses.
  • DNSSEC (Domain Name System Security Extensions): A suite of extensions to DNS that adds security to prevent certain types of attacks.
  • Docker: A platform for developing, shipping, and running applications in containers.
  • Dockerfile: A text file that contains instructions for building a Docker image.
  • Domain Controller: A server that responds to security authentication requests within a Windows domain.
  • Domain Name System (DNS): The system that translates human-readable domain names into IP addresses.
  • Domain Spoofing: A technique used by attackers to impersonate a legitimate domain to deceive users.
  • DR (Disaster Recovery): The process of restoring IT systems and operations after a disaster.
  • DRP (Disaster Recovery Plan): A documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
  • Dynamic Analysis: The process of analyzing software by executing it in a controlled environment.
  • Dynamic Application Security Testing (DAST): A security testing method that analyzes running applications for vulnerabilities.
  • Dynamic Data Masking: A security feature that obscures sensitive data in real-time without altering the underlying data.
  • Dynamic Inventory: A real-time list of resources in a system or environment, often used in configuration management.
  • Dynamic Link Library (DLL): A file that contains code and data that can be used by multiple programs simultaneously.
  • Data Breach: An incident where unauthorized access to sensitive data occurs.
  • Data Encryption: The process of converting data into a code to prevent unauthorized access.
  • Data Loss Prevention (DLP): Tools and processes to prevent unauthorized data exfiltration.
  • Data Masking: The process of obscuring specific data within a database to protect it from unauthorized access.
  • Data Retention Policy: A policy that defines how long data should be retained and when it should be deleted.
  • Data Sovereignty: The concept that data is subject to the laws and governance structures within the nation it is collected.
  • Data Warehouse: A centralized repository for storing and analyzing large volumes of data from multiple sources.
  • Database Security: The practice of protecting databases from unauthorized access, misuse, or corruption.
  • Decentralized Identity: A digital identity that is not controlled by a central authority, allowing users to manage their own identities.
  • Dependency Management: The process of managing libraries and packages that a software project depends on.
  • DevSecOps: The philosophy of integrating security practices within the DevOps process.
  • Disaster Recovery (DR): The process of restoring IT systems and operations after a disaster.

E

  • EDR (Endpoint Detection and Response): Security solutions that monitor endpoint and network events and record the information in a central database.
  • Encryption (at rest/in transit): Protecting data by encoding it while stored or transmitted.
  • Ephemeral Environment: Temporary environments spun up for testing or review, then destroyed.
  • Escalation: The process of increasing the severity or priority of an incident or issue.
  • Exfiltration: Unauthorized transfer of data from a system.
  • Exploit: A piece of software or code that takes advantage of a vulnerability to perform unauthorized actions.
  • External Attack Surface Management (EASM): The process of identifying and managing the attack surface exposed to the internet.
  • External Threat: A threat originating from outside the organization, such as hackers or malware.
  • Extranet: A controlled private network allowing access to outsiders, such as partners or customers.
  • Egress Filtering: The process of controlling the flow of data leaving a network.
  • Environment Variables: Dynamic values that can affect the way running processes behave on a computer.
  • Event Correlation: The process of analyzing and correlating security events to identify patterns or anomalies.
  • Exploit Kit: A toolkit used by attackers to exploit vulnerabilities in software applications.

F

  • Fail Fast: A principle where systems are designed to immediately report any condition that is likely to indicate a failure.
  • Failover: The process of switching to a standby system or component upon failure of the primary system.
  • False Positive/Negative: Incorrect identification of a security issue (false positive) or failure to identify a real issue (false negative).
  • Firewall: A network security device that monitors and filters incoming and outgoing network traffic.
  • Forensics: The process of collecting, preserving, and analyzing data to investigate security incidents.
  • Function as a Service (FaaS): A cloud computing model that allows developers to run code in response to events without managing servers.
  • Fuzz Testing: A testing technique that provides invalid, unexpected, or random data to the inputs of a program to find vulnerabilities.
  • FIM (File Integrity Monitoring): The process of monitoring and detecting changes to files and directories.
  • Flaw Hypothesis Methodology: A structured approach to identifying and analyzing potential security flaws in a system.
  • Fortify: A software security solution that provides static and dynamic analysis for identifying vulnerabilities in applications.
  • Framework: A structured approach to building and deploying software, often including best practices and guidelines.
  • Functionality Testing: Testing to ensure that a system performs its intended functions correctly.
  • FIPS (Federal Information Processing Standards): U.S. government standards for computer security and cryptography.

G

  • GitOps: Managing infrastructure and application configurations using Git as the source of truth.
  • Gitleaks: An open-source tool for detecting hardcoded secrets in git repos.
  • Golden Image: A pre-configured, secure, and tested machine image used as a baseline for deployments.
  • GRC (Governance, Risk, and Compliance): A strategy for managing an organization's overall governance, enterprise risk management, and compliance with regulations.
  • Gray Hat: A hacker who may violate laws or ethical standards but does not have malicious intent.
  • Greenfield: A project or environment that is built from scratch without any constraints imposed by prior work.
  • Grey Box Testing: A testing approach that combines both white box and black box testing techniques.
  • Group Policy: A feature of Windows Server that allows administrators to manage user and computer settings in an Active Directory environment.
  • GPO (Group Policy Object): A collection of settings that control the working environment of user accounts and computer accounts in Active Directory.
  • GRC (Governance, Risk, and Compliance): A strategy for managing an organization's overall governance, enterprise risk management, and compliance with regulations.
  • GPG (GNU Privacy Guard): A free software implementation of the OpenPGP standard for data encryption and signing.

H

  • HIDS (Host Intrusion Detection System): A system that monitors and analyzes the internals of a computing system for signs of intrusions.
  • HIPS (Host Intrusion Prevention System): A system that monitors and controls the activities of a host to prevent intrusions.
  • Helm: A package manager for Kubernetes.
  • Hardening: The process of securing a system by reducing its surface of vulnerability.
  • HashiCorp Vault: A tool for securely accessing secrets, such as API keys and passwords.
  • Honeynet: A network of honeypots designed to simulate a real network and gather information about attackers.
  • Honeypot: A decoy system designed to attract and trap attackers.
  • Hot Site: A fully operational offsite data center ready to take over operations immediately after a disaster.
  • HTTP Security Headers: HTTP response headers that help protect web applications from various attacks.
  • Hybrid Cloud: A computing environment that combines public and private clouds, allowing data and applications to be shared between them.
  • Hypervisor: A software layer that enables multiple operating systems to run on a single physical machine.
  • Hypervisor Type 1: A hypervisor that runs directly on the host's hardware (bare metal).
  • Hypervisor Type 2: A hypervisor that runs on top of a host operating system.

I

  • IaC (Infrastructure as Code): Managing and provisioning infrastructure through machine-readable definition files.

  • Identity Provider (IdP): A system that creates, maintains, and manages identity information.

  • Immutable Infrastructure: Infrastructure that is never modified after deployment; changes result in new instances. Also refers to infrastructure that is replaced rather than changed, reducing configuration drift and improving recovery.

  • Incident Response: The process of detecting, investigating, and responding to security incidents.

  • Incident Response Plan: A documented, structured approach for handling security incidents.

  • Ingress Controller: Manages external access to services in a Kubernetes cluster.

  • IAM (Identity and Access Management): Framework for managing digital identities and access to resources.

  • Incident: An event that may indicate a breach of security or a failure of a system.

  • Incident Management: The process of identifying, analyzing, and responding to incidents to minimize impact.

  • Incident Response Team (IRT): A group of professionals responsible for managing and responding to security incidents.

  • Incident Response Time: The time taken to respond to an incident after it has been detected.

  • Insecure Deserialization: A vulnerability that occurs when untrusted data is deserialized without proper validation, leading to remote code execution or other attacks.

  • Infrastructure as Code (IaC): Managing and provisioning infrastructure through machine-readable definition files.

  • Infrastructure as a Service (IaaS): A cloud computing model that provides virtualized computing resources over the internet.

  • Insider Threat: A security risk that originates from within the organization, often involving employees or contractors.

  • Intellectual Property (IP): Creations of the mind, such as inventions, literary and artistic works, designs, symbols, names, and images used in commerce.

  • Intrusion Detection System (IDS): A system that monitors network traffic for suspicious activity and alerts administrators.

  • Intrusion Prevention System (IPS): A system that monitors network traffic for suspicious activity and takes action to prevent it.

  • IP Whitelisting: Allowing only specific IP addresses to access a system or resource.

  • IPSec (Internet Protocol Security): A suite of protocols for securing internet protocol (IP) communications by authenticating and encrypting each IP packet.

  • ISO (International Organization for Standardization): An independent, non-governmental international organization that develops and publishes standards.

  • ISP (Internet Service Provider): A company that provides internet access to individuals and organizations.

  • ITIL (Information Technology Infrastructure Library): A set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business.

  • IVR (Interactive Voice Response): A technology that allows a computer to interact with humans through the use of voice and DTMF tones input via keypad.

  • IaaS (Infrastructure as a Service): A cloud computing model that provides virtualized computing resources over the internet.

  • IP Address: A unique identifier for a device on a network.

  • IP Addressing: The process of assigning unique identifiers to devices on a network.

  • IP Spoofing: The creation of Internet Protocol (IP) packets with a false source address to impersonate another computing system.

  • IPSec (Internet Protocol Security): A suite of protocols for securing internet protocol (IP) communications by authenticating and encrypting each IP packet.

  • Incident Response Plan (IRP): A documented, structured approach for responding to security incidents.

  • Incident Response Team (IRT): A group of professionals responsible for managing and responding to security incidents.

  • Intranet: A private network accessible only to an organization's staff, often used for internal communication and collaboration.

J

  • JWT (JSON Web Token): A compact, URL-safe means of representing claims to be transferred between two parties.
  • JIT (Just-In-Time) Access: A security model that provides temporary access to resources only when needed.
  • JIRA: A popular issue and project tracking software developed by Atlassian, often used for Agile project management.
  • Jenkins: An open-source automation server used for continuous integration and continuous delivery (CI/CD).
  • Jupyter Notebook: An open-source web application that allows you to create and share documents containing live code, equations, visualizations, and narrative text.
  • JupyterLab: An open-source web-based interactive development environment for Jupyter notebooks, code, and data.

K

  • K8s (Kubernetes): An open-source system for automating deployment, scaling, and management of containerized applications.
  • KICS: Open-source tool for finding security vulnerabilities in infrastructure as code.
  • Key Vault: A cloud service for securely storing and accessing secrets.
  • KMS (Key Management Service): A managed service that makes it easy to create and control the encryption keys used to encrypt data.
  • KPI (Key Performance Indicator): A measurable value that demonstrates how effectively a company is achieving key business objectives.
  • Kubernetes: An open-source container orchestration platform for automating deployment, scaling, and management of containerized applications.
  • Kubernetes Operator: A method of packaging, deploying, and managing a Kubernetes application.
  • Kubernetes Pod: The smallest deployable unit in Kubernetes, representing a single instance of a running process in a cluster.
  • Kubernetes Service: An abstraction that defines a logical set of Pods and a policy by which to access them.
  • Kubernetes Namespace: A way to divide cluster resources between multiple users or teams.
  • Kubernetes Ingress: An API object that manages external access to services in a cluster, typically HTTP.
  • Kubernetes ConfigMap: An API object used to store non-confidential data in key-value pairs.
  • Kubernetes Secret: An object that contains a small amount of sensitive data, such as a password or token.
  • Kubernetes Volume: A directory that is accessible to containers in a Pod, used for data persistence.
  • Kubernetes StatefulSet: A workload API object that manages stateful applications.
  • Kubernetes DaemonSet: A workload API object that ensures that all (or some) Nodes run a copy of a Pod.
  • Kubernetes ReplicaSet: A workload API object that ensures a specified number of pod replicas are running at any given time.
  • Kubernetes Deployment: A declarative way to manage the deployment of applications in Kubernetes.
  • Kubernetes Job: A controller that creates one or more Pods and ensures that a specified number of them successfully terminate.
  • Kubernetes CronJob: A controller that creates Jobs on a time-based schedule.
  • Kubernetes RBAC (Role-Based Access Control): A method for regulating access to Kubernetes resources based on the roles of individual users within an organization.
  • Kubernetes Helm: A package manager for Kubernetes that helps manage Kubernetes applications.
  • Kubernetes Helm Chart: A collection of files that describe a related set of Kubernetes resources.
  • Kubernetes Operator: A method of packaging, deploying, and managing a Kubernetes application.
  • Kubernetes Custom Resource Definition (CRD): A way to extend Kubernetes capabilities by adding custom resources.
  • Kubernetes Custom Resource: A user-defined extension of the Kubernetes API that allows you to manage applications and resources in a Kubernetes cluster.
  • Kubernetes Custom Controller: A controller that manages custom resources in a Kubernetes cluster.

L

  • Least Privilege: The principle of granting only the minimum permissions necessary to perform a task.
  • Lateral Movement: The techniques attackers use to move through a network after gaining initial access.
  • Log Aggregation: Collecting and centralizing logs from multiple sources for analysis.
  • Log Management: The process of collecting, storing, and analyzing log data.
  • Log Monitoring: The process of continuously reviewing and analyzing log data for security events or anomalies.
  • Log Retention: The policy governing how long log data is stored before being deleted or archived.
  • Load Balancer: A device or software that distributes network or application traffic across multiple servers.
  • Load Testing: The process of testing a system's performance under expected load conditions.
  • Logging: The process of recording events, transactions, or changes in a system for future reference.
  • Logic Bomb: A piece of malicious code that is triggered by a specific event or condition.
  • Lumen: A micro-framework for building web applications in PHP, designed for speed and simplicity.
  • Lynis: An open-source security auditing tool for Unix-based systems.
  • LDAP (Lightweight Directory Access Protocol): A protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
  • LAMP Stack: A software stack consisting of Linux, Apache, MySQL, and PHP/Perl/Python, used for web development.
  • Linux: An open-source operating system kernel that is widely used in servers, desktops, and embedded systems.
  • Linux Kernel: The core component of the Linux operating system, responsible for managing hardware and system resources.
  • Linux Distribution: A complete operating system built around the Linux kernel, including system software and libraries.
  • Load Balancing: The process of distributing network traffic across multiple servers to ensure no single server becomes overwhelmed.

M

  • MFA (Multi-Factor Authentication): A security system that requires more than one method of authentication.
  • Microsegmentation: Dividing a network into isolated segments to improve security.
  • MitM (Man-in-the-Middle): An attack where the attacker secretly intercepts and relays messages between two parties.
  • Malware: Malicious software designed to harm or exploit any programmable device or network.
  • Malicious Code: Software designed to disrupt, damage, or gain unauthorized access to computer systems.
  • Malicious Insider: An employee or contractor who misuses their access to harm the organization.
  • Malware Analysis: The process of studying malware to understand its behavior and impact.
  • Malwarebytes: A cybersecurity company that provides anti-malware software and cyber threat intelligence.
  • Malware Sandbox: A secure environment for analyzing and executing potentially malicious software without risk to the host system.
  • Malware Signature: A unique identifier for a specific piece of malware, used for detection and analysis.
  • Malware Signature Database: A collection of known malware signatures used for detection and analysis.
  • Malware Threat Intelligence: Information about current and emerging malware threats, used to improve security posture.
  • Metrics: Quantitative measures used to assess the performance and effectiveness of a system or process.
  • Microservices: An architectural style that structures an application as a collection of loosely coupled services.
  • Monitoring: The process of continuously observing and analyzing system performance and security.
  • MTTR (Mean Time to Recovery): The average time taken to recover from a failure or incident.
  • MTTD (Mean Time to Detect): The average time taken to detect a security incident or failure.
  • MTTR (Mean Time to Repair): The average time taken to repair a failed component or system.
  • MVP (Minimum Viable Product): A product with the minimum features necessary to satisfy early adopters and gather feedback for future development.
  • MSSP (Managed Security Service Provider): A third-party company that provides security services to organizations.
  • Mitre ATT&CK: A knowledge base of adversary tactics and techniques based on real-world observations.

N

  • NAC (Network Access Control): Security policies to control device and user access to a network.
  • Namespace: A way to divide cluster resources between multiple users in Kubernetes.
  • NIST: National Institute of Standards and Technology, provides security frameworks and standards.

O

  • OPA (Open Policy Agent): A policy engine for cloud-native environments.
  • OWASP: Open Web Application Security Project, provides security guidelines and top 10 risks.
  • Orchestration: Automated configuration, coordination, and management of computer systems and software.

P

  • Patch Management: The process of managing updates for software applications and technologies.
  • Penetration Testing (Pentest): Simulated cyberattack to test system defenses. Also refers to simulated attacks to identify and fix vulnerabilities before real attackers exploit them.
  • Pipeline: Automated process for building, testing, and deploying code.
  • Playbook: A set of automation scripts (e.g., Ansible playbook) for configuration and deployment.
  • Policy as Code: Defining and managing policies using code.
  • Privileged Access Management (PAM): Tools and processes to control and monitor privileged accounts.
  • Phishing: A social engineering attack to trick users into revealing sensitive information.
  • Privilege Escalation: Exploiting a bug or configuration to gain elevated access to resources.

Q

  • Quarantine: Isolating a system or file suspected of being compromised or infected.

R

  • RBAC (Role-Based Access Control): Restricting system access to authorized users based on roles.
  • Red Team: Security professionals who simulate real-world attacks to test defenses.
  • Remediation: The process of correcting a security issue or vulnerability.
  • RASP (Runtime Application Self-Protection): Security technology that detects and blocks attacks in real time within an application.
  • Recovery: The process of restoring systems or data from backups after a disruption.
  • Recovery Point Objective (RPO): The maximum acceptable amount of data loss measured in time.
  • Recovery Time Objective (RTO): The maximum acceptable amount of time to restore a system after a disruption.
  • Redundancy: The duplication of critical components or functions to increase reliability and availability.

S

  • SAST (Static Application Security Testing): Analyzing source code for vulnerabilities without executing it.
  • SCA (Software Composition Analysis): Identifying open-source components and their vulnerabilities in a codebase.
  • Secret Management: Securely storing, accessing, and managing sensitive information like API keys and passwords.
  • Service Mesh: A dedicated infrastructure layer for managing service-to-service communication.
  • Shift Left: The practice of integrating security earlier in the software development lifecycle.
  • SIEM (Security Information and Event Management): Aggregates and analyzes security data from across the organization.
  • SOC (Security Operations Center): A centralized unit that deals with security issues on an organizational and technical level.
  • Supply Chain Attack: Compromising a system through vulnerabilities in its dependencies or third-party services.
  • SRE (Site Reliability Engineering): A discipline that incorporates aspects of software engineering and applies them to infrastructure and operations problems.
  • SAML (Security Assertion Markup Language): An open standard for exchanging authentication and authorization data between parties.
  • Snyk: A developer-first security tool for finding and fixing vulnerabilities in open-source dependencies and container images.
  • SOAR (Security Orchestration, Automation, and Response): Tools that automate security operations and incident response.
  • SSO (Single Sign-On): An authentication process that allows a user to access multiple applications with one set of login credentials.
  • SSL/TLS (Secure Sockets Layer/Transport Layer Security): Protocols for establishing a secure connection over a computer network.
  • Systemic Risk: The risk of collapse of an entire system or market, as opposed to risk associated with any one individual entity.
  • Syslog: A standard for message logging in an IP network.
  • Sysdig: A tool for analyzing system logs and events.
  • System Development Life Cycle (SDLC): The process of planning, creating, testing, and deploying software.
  • System Design: The process of defining the architecture, components, modules, interfaces, and data for a system to satisfy specified requirements. See also System Design Guide.
  • System Hardening: The process of securing a system by reducing its surface of vulnerability.
  • System of Record: An authoritative data source for a given piece of information.
  • System of Engagement: A system that enables interaction between users and the organization.
  • System of Insight: A system that provides insights and analytics based on data from various sources.
  • System of Action: A system that enables actions based on insights derived from data.
  • System of Intelligence: A system that uses data and analytics to drive decision-making and actions.
  • Systems Thinking: An approach to problem-solving that views complex systems as interconnected wholes rather than isolated parts.

T

  • Tabletop Exercise: A discussion-based session where team members meet to discuss their roles during an emergency. Also, a discussion-based session to test the effectiveness of BCDR or incident response plans.
  • Threat Modeling: Systematically identifying and addressing potential threats to a system.
  • Tokenization: Replacing sensitive data with unique identification symbols.
  • Trivy: An open-source vulnerability scanner for containers and other artifacts.
  • Threat Intelligence: The collection and analysis of information about potential or current attacks that threaten an organization.
  • Tamper Detection: Mechanisms to detect unauthorized changes to systems or data.

U

  • UAT (User Acceptance Testing): The process of verifying that a solution works for the user.
  • User Story: A tool used in Agile software development to capture a description of a software feature from an end-user perspective.
  • User Provisioning: The process of creating, managing, and deleting user accounts and access rights.

V

  • Vulnerability Management: The process of identifying, evaluating, treating, and reporting security vulnerabilities.
  • VPC (Virtual Private Cloud): A private cloud computing environment within a public cloud.
  • Vulnerability Assessment: The process of defining, identifying, classifying, and prioritizing vulnerabilities in systems.
  • Version Control: A system for managing changes to source code or documents.

W

  • WAF (Web Application Firewall): Filters, monitors, and blocks HTTP traffic to and from a web application.
  • White Hat: An ethical hacker who uses their skills to improve security.
  • Whitelisting: Allowing only approved entities access to a system or resource.
  • Workload Identity: Assigning identities to workloads (e.g., containers, VMs) for secure access to resources.

X

  • XSS (Cross-Site Scripting): A vulnerability that allows attackers to inject malicious scripts into web pages.
  • XDR (Extended Detection and Response): A security solution that integrates multiple security products into a cohesive detection and response platform.

Y

  • YAML: A human-readable data serialization standard often used for configuration files.
  • Yield Management: In BCDR, the process of optimizing resource allocation during recovery.

Z

  • Zero Trust: A security model that assumes no implicit trust and verifies every access attempt.
  • Zero-Day: A vulnerability that is unknown to those who should be interested in its mitigation.
  • Zone of Trust: A network segment with a defined level of security and trust.

This glossary is a living document. As DevSecOps evolves, so will the language and concepts. Keep it handy for reference and learning!