Glossary of Cybersecurity Terms in Higher Education

In the ever-evolving landscape of digital threats, Cybersecurity in Higher Education stands as a critical area of focus, demanding attention and understanding from educators, administrators, and IT professionals alike. This glossary serves as a foundational guide, demystifying key terms and concepts essential to safeguarding the academic environment. From the complexities of Managed Extended Detection and Response (MXDR) to the intricacies of phishing and ransomware, each term is unpacked with clarity and precision. Whether you’re deepening your existing knowledge or stepping into the realm of cybersecurity in higher education for the first time, this resource offers valuable insights into the terminology that underpins the security of educational institutions in our digitally interconnected world.

1. MXDR (Managed Extended Detection and Response): A service that provides comprehensive threat detection, response, and monitoring across an institution’s network, endpoints, and cloud services.
2. Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks aimed at accessing, changing, or destroying sensitive information.
3. Managed Services: Third-party services that manage and assume responsibility for providing a defined set of services to their clients proactively or as determined by the service level agreement.
4. Business Email Compromise (BEC): A type of cyber attack that uses email fraud to deceive organizations into sending money or sensitive information to attackers.
5. Phishing: A cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need and then click a link or download an attachment.
6. Ransomware: Malicious software that encrypts the victim’s files and demands a ransom payment to restore access.
7. Multifactor Authentication (MFA): A security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
8. Endpoint Protection: Security solutions that are specifically designed to address threats at the endpoint level (devices like computers, phones, and tablets).
9. SIEM (Security Information and Event Management): A set of tools and services offering a holistic view of an organization’s information security.
10. Cloud Security: A set of policies, controls, procedures, and technologies that work together to protect cloud-based systems, data, and infrastructure.
11. Vulnerability Management: The process of identifying, evaluating, treating, and reporting on security vulnerabilities in systems and the software that runs on them.
12. Asset Management: The process of ensuring that an institution’s assets (including information assets) are accounted for, deployed, maintained, upgraded, and disposed of when the time comes.
13. SOC (Security Operations Center): A centralized unit that deals with security issues on an organizational and technical level.
14. Microsoft Intune: A cloud-based service focused on mobile device management (MDM) and mobile application management (MAM).
15. Azure Active Directory (Azure AD): Microsoft’s cloud-based identity and access management service, which helps employees sign in and access resources.
16. Identity Monitoring: The process of continuously monitoring the internet and dark web for signs that the identities of organization members may have been exposed.
17. Operational Readiness: The state of being prepared for cybersecurity incidents, ensuring that all systems, processes, and personnel are ready for any threats.
18. RFP (Request for Proposal): A document that an organization posts to elicit bids from potential vendors for a desired IT solution or service, in this context, related to cybersecurity.