Knowledge base

Security glossary

Plain-English definitions for the acronyms and jargon small and mid-sized businesses run into — email authentication, web security, identity, compliance, and the threats behind them. 47 terms, each linked to the tools that act on it.

Type at least 2 characters to filter. Searches terms, definitions, and synonyms.

Email authentication

BIMIShows your verified logo next to your name in inboxes.
DKIMCryptographic signature proving an email wasn't tampered with.
DMARCTells mailbox providers what to do with mail that fails authentication.
MTA-STSForces TLS encryption for incoming mail to your domain.
SPFLists which servers are allowed to send mail from your domain.
TLS-RPTAsks sending servers to report TLS-delivery failures to you.
VMCCertificate that lets your trademarked logo appear via BIMI.

Web security

CAA recordDNS record naming which CAs may issue certs for your domain.
ClickjackingHiding your site in an invisible frame to hijack clicks.
CORSBrowser rules for which sites may read another site's responses.
CSPHeader that controls what a page is allowed to load and run.
CSRFTricking a logged-in user's browser into a state-changing request.
DNSSECSigns your DNS records so they can't be forged in transit.
HSTSHeader that forces browsers to use HTTPS for your site.
SameSite cookieCookie flag limiting when cookies ride cross-site requests.
Security headersHTTP response headers that tell browsers how to defend your site.
XSSInjecting attacker script into a page other users will load.

Identity & access

Least privilegeGive each account only the access it actually needs.
MFASecond factor (code, key, or biometric) on top of a password.
PasskeyPhishing-resistant credential bound to your device (Touch ID, etc.).
Phishing-resistant MFAMFA that can't be relayed by a fake login page.
SSOOne login that grants access to many connected apps.
TOTPTime-based one-time password from an authenticator app.

Threats & general security

Backup (3-2-1)Recoverable copies of your data, kept where ransomware can't reach.
BECEmail fraud impersonating an executive or vendor to steal money.
CVEA public catalog ID for one specific known vulnerability.
CVSSA 0–10 score rating how severe a vulnerability is.
Patch managementKeeping software current so known holes get closed.
PhishingFraudulent messages that trick people into handing over access.
RansomwareMalware that encrypts your data and demands payment to release it.
RTO / RPOHow fast you must recover, and how much data you can lose.
Spear phishingA phishing attack tailored to one specific person.
Vulnerability scanningAutomated checks that surface known weaknesses in your systems.
Zero-dayA vulnerability exploited before a patch exists.

Compliance & privacy

CMMCDoD cybersecurity standard for defense-industrial-base companies.
GDPREU law governing how personal data is collected and used.
NIST CSFCybersecurity framework: Govern · Identify · Protect · Detect · Respond · Recover.
PCI DSSCard-industry security standard for anyone handling card data.
PIIData that identifies a specific person.
SOC 2Audit report customers ask for to prove you handle their data safely.

Encryption & transport

Encryption at rest / in transitScrambling data on disk and on the wire so theft yields gibberish.
SSLThe deprecated predecessor to TLS — the term still sticks around.
TLSEncryption that protects data in transit between browsers and servers.

Resolute platform

FindingA specific gap or risk we detected and need to track to closure.
SLATime you've committed to fix a finding based on its severity.
Trust pagePublic page where prospects self-serve your security artifacts.
Verified domainA domain you've proven you own by adding a DNS TXT record.

Looking for product FAQs instead? The help center covers pricing, integrations, and troubleshooting. To run a free check on your own domain, start with the email scan.