Multi-Factor Authentication (MFA) is a security process requiring users to provide two or more methods of verification before gaining access to a system, application, or data. This typically includes something you know (password), something you have (token), or something you are (biometric data). MFA significantly reduces the risk of unauthorised access and strengthens security beyond passwords alone.

Example: “We implemented MFA on our remote access systems to ensure compromised credentials alone cannot be used to breach our network.”

Sector/Category: Authentication, Access Security

Security Operations Centre (SOC) is a dedicated facility or team that monitors, detects, and responds to cybersecurity threats in real-time. A SOC centralises an organisation’s security operations, using security information and event management (SIEM) tools to maintain awareness and coordinate incident response.

Example: “Our SOC identified a suspicious login attempt and neutralised the threat before any critical data was exposed.”

Sector/Category: Security Operations, Incident Response

Security Information and Event Management (SIEM) refers to platforms or tools that aggregate and analyse activity from different resources across an IT infrastructure, identifying security threats, compliance issues, and behavioural anomalies.

Example: “The SIEM alerted us to an abnormal pattern of failed login attempts across multiple user accounts.”

Sector/Category: Security Monitoring, Compliance

Intrusion Detection System (IDS) is a technology designed to monitor network or system activities for malicious actions or policy violations. The IDS raises alerts for suspicious activity but generally does not actively block threats on its own.

Example: “Our IDS identified an attempted SQL injection, enabling rapid investigation by our security team.”

Sector/Category: Network Security, Threat Detection

Data Loss Prevention (DLP) refers to strategies and tools to prevent the unauthorised transmission or access of sensitive data outside an organisation’s network, ensuring compliance with regulations such as the UK GDPR.

Example: “DLP solutions blocked an email containing client financial details from being sent to an unauthorised external address.”

Sector/Category: Data Protection, Privacy Compliance

Virtual Private Network (VPN) establishes a secure, encrypted connection over the internet between a device and a network, often used for remote work and protecting sensitive communication from interception.

Example: “Employees use a VPN client to securely access the corporate intranet when working from home.”

Sector/Category: Secure Connectivity, Remote Access

Acceptable Use Policy (AUP) defines how an organisation’s IT assets and network may be used, outlining permitted and prohibited actions for employees. AUPs are essential for ensuring user behaviour aligns with security and regulatory expectations.

Example: “Staff are required to review the AUP annually to understand acceptable use of company systems and data.”

Sector/Category: Compliance, Policy Management

The General Data Protection Regulation (GDPR) is a regulation in UK and EU law that covers data protection and privacy in relation to personal data. Compliance with GDPR is mandatory for organisations handling personal data of UK and EU residents.

Example: “Our processes were updated to ensure GDPR compliance regarding client information storage and processing.”

Sector/Category: Data Privacy, Legal Compliance

System and Organisation Controls 2 (SOC 2) is an audit framework that focuses on controls relevant to the security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 certification is often requested by clients as part of due diligence.

Example: “Our cloud services division maintained SOC 2 compliance to reassure clients of our data protection controls.”

Sector/Category: Assurance, Compliance Certification

Identity and Access Management (IAM) encompasses policies, tools, and processes to ensure that only authorised users can access the right resources at the right times for the right reasons.

Example: “Our IAM policy enforces role-based access controls for all critical applications.”

Sector/Category: Identity Management, Access Control