Below are definitions of cybersecurity terms featured in this guide:

Phishing – Phishing is a technique for attempting to acquire sensitive data,
such as bank account numbers, through a fraudulent solicitation in email or on
a website, in which the perpetrator masquerades as a legitimate business or
reputable person.
Spear Phishing – Spear phishing is a colloquial term that can be used to describe
any highly targeted phishing attack.
Vishing – Short for “voice phishing,” vishing is when someone uses the phone to
try to steal information. The attacker may pretend to be a trusted friend or relative.
Email Phishing – Email phishing is a scam wherein the attacker sends an email
that looks legitimate and is designed to trick the recipient into entering information
in reply or on a site the hacker can use to steal or sell their data.
HTTPs Phishing – This type of attack is carried out by sending the victim an email
with a link to a fake website (see spoofing). The site may then be used to fool the
victim into entering their private information.
Pharming – With pharming, malicious code is installed on the victim’s computer
that sends the victim to a fake website designed to gather their login credentials.
Whaling – Whaling is a phishing attack that targets a senior executive who has
deep access to sensitive areas of the network, so a successful attack can result in
access to valuable info.
Social Engineering – Social engineering uses psychological manipulation in an
attempt to trick someone into revealing information (e.g., a password) that can be
used to attack systems or networks.
Smishing – Smishing is phishing through some form of text message or SMS.
Spoofing – Spoofing is faking the sending address of transmission to gain illegal
entry into a secure system or to induce a user or resource to take incorrect action.
Simulated Phishing – Simulated phishing is a campaign comprised of deceptive
emails, similar to malicious or legitimate phishing emails, that are sent by
an organization to their internal staff to gauge their response to email-based
cybersecurity attacks. These emails are used to reinforce best security practices
instilled through security awareness training.
Security Awareness Training – Security awareness training explains the proper
rules of behavior for the use of information systems and information. The program
communicates information technology (IT) security policies and procedures that
need to be followed.
NIST – NIST is the National Institute of Standards and Technology at the U.S.
Department of Commerce. The NIST Cybersecurity Framework helps businesses
of all sizes better understand, manage and reduce their cybersecurity risk in an
effort to protect their networks and data

ISO/IEC 27001 – This is an international standard for information security management. It provides a large set of controls for companies to protect their digital assets.

CIS Controls – Formally known as the SANS TOP 20, these are now officially called the CIS Controls (Critical Security Controls). They have been decreased to 18 controls, but are very widely used.

SOC 2 – A SOC 2 audit is typically designed to audit the security posture of an organization. These types of audits must happen via a CPA firm. 

PCI DSS – These are security standards that are built around protecting credit card data. Businesses and organizations that process, store, or transmit credit cards must abide by these standards. The current version of PCI DSS is 4.0.

HIPAA – his is how we protect our healthcare information. Learn what HIPAA compliance means and how it affects data.

GLBA – This set of regulations is designed to protect the privacy and security of financial information. If you come from or are working in the banking industry, you may already be familiar with this.

SOX – This is a set of regulations that are built to protect investors from fraud. Any publicly traded company must abide by SOX compliance.

FISMA – This compliance is necessary by all federal agencies.

CMMC – All companies that do business with the Department of Defense are required to be CMMC compliant.