Cybersecurity Glossary

To implement effective cybersecurity solutions built for the digital world, it’s important to understand common industry concepts and definitions. This glossary provides you with cybersecurity terms to be aware of as you look to protect your organization against cyber threats.

General Data Protection Regulation (GDPR)

GDPR, short for General Data Protection Regulation, is a collection of data privacy laws that establishes guidelines for the handling of personal information of people who live in the European Union. Approved in 2016, GDPR aims to ensure individuals have control over their personal data, and holds organizations accountable for how they collect and process personal information.

For companies that collect, process, or store personal data, adhering to GDPR standards is vitally important and should be kept top of mind. Penalties for companies that do not adhere to GDPR guidelines include being fined up to €20 million or 4% of worldwide annual revenue for the preceding financial year, whichever is higher.


Graymail refers to email content that an individual opted in to receive at one point, but no longer wants. These emails come from legitimate sources and usually promote newsletter, promotions, or educational content to keep the subscriber up to date on their business. While graymail doesn’t inflict the same harm as a cyberattack, they can begin to clutter your inbox over time and make it more difficult to spot emails that are actually nefarious.

Heuristic analysis

A heuristic analysis of email uses algorithms to recognize malicious patterns in emails, email attachments, or webpages. Heuristic analysis applies both practical and problem-solving methods to cybersecurity, using a set of guidelines that’s continually optimized. While signature-based protection relies on the characteristics of known threats, heuristic analysis can detect threats based on behavior. In order to be most effective, new heuristic rules need to be created regularly in an effort to thwart the latest threats. 


A honeypot is a cybersecurity tool used to trick cybercriminals into believing that they’ve gained access to an organization’s actual IT infrastructure. A honeypot is a recreation of an organization’s actual systems or networks that acts as a decoy for cybercriminals and is used to attract cyberattacks.

Honeypots can be helpful in keeping cybercriminals’ attention away from your actual assets, in addition to providing insightful information into the effectiveness and security of your legitimate IT infrastructure. Setting up a honeypot can help you glean information on the way cybercriminals operate, as well as provide you with details on where there might be gaps in your current cybersecurity measures.

Identity and Access Management (IAM)

Identity and Access Management (IAM) is a system of processes and technologies that enables organizations to securely manage the digital identities of their users. This includes controlling their access to systems, applications, and data. IAM solutions provide organizations with the ability to authorize and authenticate users and to audit and control user activities.

Incident response

Incident response is how an organization responds to a successful cyberattack or breach. This includes minimizing the negative impact, addressing the root causes, and preventing further damage and cyberattacks in the future. Incident response works to limit both the tangible repercussions of a cyberattack, such as costs and time, as well as minimize damage to elements like brand reputation and consumer trust.

Insider threat

An insider threat is typically a current or former employee of an organization that has the means to cause damage to the organization’s internal systems or leak sensitive information. Insider threats can also be former contractors, vendors, or partners who are able to access the organization’s sensitive data. An effective way to avoid insider threats is to ensure people who no longer require login credentials have their access to internal systems and data platforms revoked.


Keylogger, also referred to as keystroke logging, is a tool used by cybercriminals to track and record a user’s computer activity in order to gain access to sensitive information. A form of spyware, keyloggers record every keystroke made by a user. Cybercriminals use keyloggers to steal user credentials, record sensitive information such as credit card numbers, track online browsing activity, and more. Keyloggers are often used to carry out malicious activities and can be difficult to detect, but with effective user awareness training and sophisticated cybersecurity solutions in place, your organization can minimize the likelihood of keyloggers exploiting your users.

Machine Learning

Machine Learning is a subset of Artificial Intelligence (AI) to enable machines to simulate intelligent human behavior as it relates to learning and decision making. Machine Learning algorithms learn to make observations, classify information, and uncover patterns. Over time, the insights gleaned from this process help algorithms become incredibly proficient at their respective tasks. Many email security programs rely on Machine Learning to perform real-time analysis of emails and protect against phishing attempts.

Mail-focused security orchestration, automation, and response (M-SOAR)

Mail-focused security orchestration, automation, and response (M-SOAR) is a subset of SOAR specifically for email. M-SOAR technology enables organizations to automate their incident response and streamline the workflow for triaging and remediating threats. M-SOAR relies on a combination of AI and human input to identify email threat intelligence and respond quickly to phishing, spear phishing, and malware attacks.

Ready to choose Vade for M365?