Having a hard time keeping up with InfoSec jargon? We’ve got you covered. Solutions Review’s A to Z SIEM and Security Analytics glossary has definitions for over 60 of the most popular terms and acronyms. Be sure to bookmark this page and check back on a regular basis as this page will see ongoing updates.

And don’t forget to check out our 2016 SIEM and Security Analytics Buyer’s Guide for a complete market overview of the top 24 SIEM vendors, available here.


Active Response – Active Response is a mechanism that provides a system with the capability to respond to an attack when it has been detected.

Advanced Persistent Threat (APT) – An advanced persistent threat (APT) is a type of network attack in which an unauthorized entity gains access to a network and stays there, undetected, for an extended amount of time. Usually, the perpetrator of an APT wants to escalate their own privileges in order to steal data, rather than damaging the network, which would likely blow their cover.

Analytics – The discovery of meaningful patterns in data, usually revealed by an analytics software solution.


Big Data – Extremely large data sets that may be analyzed to reveal patterns and trends and that are typically too complex to be dealt with using traditional processing techniques.

Big Data Analytics – The analysis of large volumes of data, or big data, pulled from a wide range of sources. In a security context, Big Data Analytics tools are used to discover patterns and connections within a network to discover discrepancies that could reveal intruders.


Certified Information Systems Security Professional (CISSP) – The Information System Security Professional Certification is a vendor-neutral independent certification, offered by the International Information System Security Certification Consortium (ISC2). A CISSP is a security professional who has attained that certification.

Chief Information Officer (CIO) – A senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

Chief Information Security Officer (CISO) – A senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure that information assets and technology are protected.

Compliance –  In IT and data storage terminology, compliance refers to organizational compliance with government regulations regarding data storage and management and other IT processes.

Configuration Management Database (CmDb)– A database containing all necessary information about an organization’s IT systems, the components of those systems, and their relationships. In the context of a CmDb, all components of an IT system (software, hardware, personnel, etc.) are referred to as configuration items (CI), and are tracked by a configuration management process.

Cybersecurity – The practice of using preventative and reactive methods to protect networks and information from being attacked and compromised.



Dashboard – A tool that is used to create, deploy and analyze information. Typically, a dashboard will consist of a single screen and show various reports and other metrics that the organization is studying.

Database– A collection of data that is purposefully arranged for fast and convenient search and retrieval by business applications and Business Intelligence software.

Data Aggregation – Data aggregation is a process by which information (data) from disparate sources is gathered and expressed in one group for purposes of statistical analysis.

Data Loss Prevention (DLP) – DLP products are tools that help network administrators prevent data loss (duh) by controlling which data end users may transfer.

Data Migration – Data Migration is the process of moving data between two or more storage systems, data formats, warehouses or servers.

Data Visualization – Transforming numerical data into a visual or pictorial context in order to assist users in better understanding what the data is telling them.

Deep Packet Inspection (DPI) – A network packet filtering process that examines data contained in a packet for non-compliance, viruses, malware, or other unwanted components.


Encryption – The process of transforming data into an unintelligible form so the original data either cannot be obtained or can be obtained only by using a decryption process.

Event – An action or the result of an action. Events are often logged and monitored for security purposes.

Event Correlation – Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. In a security context, correlation is the act of linking multiple events together to detect strange behaviors.

Exploit – A term for any method used by hackers to gain unauthorized access to a network.


FERPA – FERPA is an acronym for the Family Educational Rights and Privacy Act (also referred to as the Buckley Amendment, a federal law designed to protect the privacy of student education records. FERPA compliance is a necessity for schools and other educational institutions.

File Integrity Monitoring (FIM) – A process that validates the integrity of operating system and application software files using a verification method between the current file state and a known baseline state.

FISMA – The Federal Information Security Management Act (FISMA) is a United States Law, signed into law in 2002, that defines a framework to protect US government digital information, operations, and assets against threats.

Flow – A single transmission of data passing over a link during a conversation.

Flow Log – A collection of flow records.

Flow sources – The origins from which flow is captured. A flow source is classified as internal when flow comes from hardware installed on a managed host or it is classified as external when the flow is sent to a flow collector.


Gateway – A device or program used to connect networks or systems with different network architectures.

GLBA – The Gramm-Leach-Bliley Act (GLBA) is an act of US Congress that repealed part of the Glass-Steagall Act, and which regulates the collection and disclosure of private financial information.

GPG 13 – The Good Practices Guide 13 is a UK regulation that stipulates that HMG organizations must follow protective monitoring processes for their HMG ICT systems in order to gain access to the UK Government Connect Secure Extranet (GCSX).


Hacker – A hacker is an individual that uses illicit system access methods and exploits to gain access to computer systems and networks, often for the purpose of sabotage and theft.

HIPAA – HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.


Identification – Identification is the process by which an entity’s information is gathered and verified for accuracy.

Incident response – An organizational approach to addressing and managing the aftermath of a  breach or attack (AKA an incident). An Incident Response Plan aims to limit damages incurred by an incident and bring down recovery time and costs.

Infrastructure – Information technology (IT) infrastructure is a combined set of hardware and virtual resources that support an overall IT environment.




Legacy Solution – An old or outdated software tool.

Log files – Files that record either events that occur in an operating system or software, or messages occurring on communication software. For example, when a failed login to an E-mail system occurs, a log file is created to record that even.

Logging – The act of keeping a log for an extended period of time.

Log Aggregation –The practice of collecting log data in a centralized location where it can be analyzed more effectively.

Log management – The workflow, devices, procedures, policies and other systems in place governing the collection, aggregation, and analysis of network log data.

Log Source – Either the security equipment or the network equipment from which an event log originates.


Machine Learning – A type of artificial intelligence that provides computers with the ability to learn without being specifically programmed to do so, focusing on the development of computer applications that can teach themselves to change when exposed to new data.

Metadata – Describes other data within a database and is responsible for an organization while an end-user sifts through collected data.


NERC CIP – The North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) is a set of requirements designed to secure North America’s bulk electric system.

Network Security – A term that describes that the policies and procedures implemented to avoid the hacking and exploitation of a network and its resources.



PCI DSS – The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

Predictive Analytics – Solutions that help the user discover patterns in large data sets in order to predict future behavior.



Real-Time Analytics – The ability to use all available enterprise data as needed and usually involves streaming data that allows users to make decisions on the fly.

Reporting – The collection of data from various sources and software tools for presentation to end-users in a way that is understandable and easy to analyze.


Security Information and Event Management (SIEM) – Security Information and Event Management or SIEM (pronounced ‘sim’ as in SIMcard, or SimCity) is a term for software and services that combine security information management (SIM) tools, which are geared towards log collection and report generation, with security event management (SEM) tools, which focus on real-time event analytics, correlation, and alerting. SIEM solutions are complex systems that help organizations decrease the impact of advanced cyber attacks by proactively monitoring the network for irregular activity in real-time.

Security Event Management (SEM) – SEM solutions are software tools that centralize storage and interpretation of logs and events generated on a network. SEM is the real-time event monitoring, correlation, and notifications that most compliance regulations want you to have.

Security Information Management (SIM) – SIM solutions are tools that automate the collection, monitoring, and analysis of security-related data from computer logs.

Service Level Agreement (SLA) – A contract between a service provider or vendor and the customer that defines the level of service expected. SLAs are service-based and specifically define what the customer can expect to receive.

Security+ Certification – An international, vendor-neutral professional certification provided by CompTIA for IT professionals who want to become certified in IT security.

Security Incident – A security incident, or a security event, is any notable change in the normal operations of a network. This could be a breach, a failure of a security policy, or simply a warning that there may be a threat to information or computer security.

Security Manager – A person that takes on security management tasks.

Security Policy – A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur.

Software as a Service (SaaS) – A software delivery model in which software is licensed on a subscription basis and is centrally hosted and typically accessed by end-users using a client via web browser.

SOX – Sarbanes–Oxley, Sarbox or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms.SOX requires that all publicly held companies must establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud.



User Behavior Analytics (UBA) UBA is defined by Gartner, as a cyber security process aimed at the detection of insider threats, targeted attacks, and financial fraud via the analysis of patterns of human behavior. UBA solutions analysis large volumes of data about users on a network and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns, which could alert administrators to an imminent threat.


Vulnerability – A vulnerability, or vuln, is a term referring to a flaw in a system, program, or network that can leave it open to attack. A vulnerability may also refer to a weakness in security procedures or even personnel.