Glossary
IT terms in plain language.
Most of the IT industry runs on acronyms most business owners never had a reason to learn. This page translates the ones that show up in proposals, insurance questionnaires, and regulatory paperwork — in language a non-technical owner can actually use.
Cybersecurity & threats
These are the terms that show up in cyber-insurance questionnaires, ransomware coverage, and conversations about layered defense. Most of them describe specific tools or attack patterns, not abstract concepts.
- MFA (Multi-Factor Authentication)
- A login process that requires more than just a password — typically a code from an app or a hardware key. Required by most cyber-insurance carriers and a foundational control under almost every cybersecurity framework.
- EDR (Endpoint Detection and Response)
- Software installed on laptops and servers that watches for suspicious behavior, blocks known threats, and produces a forensic trail when something gets through. The modern replacement for traditional antivirus.
- Ransomware
- Malicious software that encrypts a business's files and demands payment for the decryption key. The current operating model adds a second extortion: stolen data is published publicly if the ransom is not paid.
- Phishing
- An email or text designed to trick someone into entering credentials, downloading malware, or wiring money. The most common entry point for serious incidents.
- BEC (Business Email Compromise)
- An attack where a criminal takes control of a real email mailbox (often through stolen credentials) and uses it to redirect wire transfers, change vendor banking details, or impersonate executives. Insurance carriers track BEC losses separately because they are so common and so expensive.
- Security Awareness Training
- Recurring training that teaches staff to recognize phishing, BEC, and social-engineering attempts. Most cyber-insurance underwriters now expect ongoing training, not one-time onboarding.
- Layered Defense (Defense in Depth)
- The principle that no single security control is sufficient; protection should come from multiple overlapping layers (email filtering, MFA, EDR, backups, training) so a failure in one is caught by another.
- BCDR (Backup and Disaster Recovery)
- The combination of backups, so data can be restored, and recovery procedures, so the business can resume operations. Modern BCDR includes ransomware-resistant backups that cannot be encrypted by the attacker.
- Incident Response
- The structured process for handling a security event — detection, containment, investigation, remediation, and notification. A documented incident-response plan is required by most insurance policies and most compliance frameworks.
- SOC (Security Operations Center)
- A team, in-house or outsourced, that monitors security alerts around the clock, investigates incidents, and coordinates response. A "managed SOC" is the same thing delivered as a service.
- Cyber Insurance
- An insurance policy that covers some costs of a cyber incident — incident response, ransom payments, business interruption, regulatory fines. Carriers now require specific controls (MFA, EDR, backups, training) before they will issue or renew a policy.
- Zero Trust
- A security model that assumes no user or device should be trusted by default, even if it's already inside the corporate network. Every access request is verified against identity, device health, and context. The replacement for the legacy trusted-internal-network model.
Compliance & frameworks
If your business has federal contracts, processes payment cards, or handles healthcare data, you'll see these names in the requirements. Most are specific government or industry standards, not vague best practices.
- NIST 800-171
- A federal cybersecurity framework defining 110 controls for protecting Controlled Unclassified Information (CUI) in non-federal systems. Required for most defense contractors and many federal subcontractors under DFARS 252.204-7012.
- CMMC 2.0 (Cybersecurity Maturity Model Certification)
- The Department of Defense program for verifying that defense contractors have implemented the cybersecurity controls required by their contracts. Level 1 covers Federal Contract Information (FCI), Level 2 covers CUI, and Level 3 covers the most sensitive contracts. Levels 2 and 3 require third-party assessment by a C3PAO.
- SPRS (Supplier Performance Risk System)
- The Department of Defense system where contractors report their NIST 800-171 self-assessment scores. A current SPRS score is required for most DoD contracts that involve CUI. Scores range from -203 to 110.
- CUI (Controlled Unclassified Information)
- Sensitive but unclassified information that the federal government requires to be protected — engineering drawings, technical data, contract information, and similar. Defense contractors handling CUI must implement NIST 800-171.
- FCI (Federal Contract Information)
- Information provided by or generated for the government under a contract that is not intended for public release. A lower bar than CUI; protected under FAR 52.204-21 and CMMC Level 1.
- DFARS 252.204-7012
- The Department of Defense Federal Acquisition Regulation Supplement clause that requires defense contractors to safeguard CUI per NIST 800-171 and to report cyber incidents within 72 hours.
- FAR 52.204-21
- The Federal Acquisition Regulation clause requiring 15 basic cybersecurity controls for any contractor handling Federal Contract Information. The minimum federal cybersecurity baseline.
- C3PAO (CMMC Third-Party Assessment Organization)
- An organization authorized by the Cyber AB to perform CMMC Level 2 assessments on defense contractors. Listed on the Cyber AB Marketplace.
- HIPAA
- The Health Insurance Portability and Accountability Act, the federal law that governs the security and privacy of protected health information (PHI). Applies to healthcare providers, insurers, and the businesses that serve them ("business associates").
- PCI-DSS (Payment Card Industry Data Security Standard)
- A set of security requirements imposed by the major credit card brands on any business that accepts, processes, stores, or transmits payment card data.
Cloud & Microsoft 365
Microsoft 365 is what most of our clients run. The terms here cover the apps inside it, the underlying Azure services that power it, and the broader cloud-vs-on-prem vocabulary you will see in quotes and proposals.
- M365 (Microsoft 365)
- Microsoft's bundled subscription that includes Office apps (Word, Excel, Outlook), email (Exchange Online), file storage (OneDrive, SharePoint), collaboration (Teams), and depending on the license tier, security and device-management tools.
- Copilot (Microsoft 365 Copilot)
- Microsoft's generative AI assistant integrated into the Microsoft 365 apps. Drafts emails, summarizes documents, generates Excel formulas, and answers questions about your own organizational content.
- Teams
- Microsoft's chat, meetings, and collaboration platform. Most M365 customers use Teams as their primary communication tool, replacing standalone chat apps and most internal email.
- SharePoint
- Microsoft's content management and team-site platform inside M365. The underlying storage and permissions layer for Teams files, internal sites, and document libraries.
- OneDrive
- Microsoft's per-user file storage inside M365. Like a personal Dropbox attached to each user's Microsoft account, with automatic sync to Windows and Mac.
- Exchange Online
- Microsoft's cloud-hosted email service inside M365. The successor to on-premises Microsoft Exchange Server, which most small businesses have already retired.
- Entra ID (formerly Azure AD)
- Microsoft's cloud identity service. Manages user accounts, passwords, MFA, single sign-on, and access to Microsoft 365 and most third-party SaaS applications. Renamed from Azure AD in 2023.
- Intune
- Microsoft's cloud device-management platform inside M365. Deploys software, enforces security policies, and manages laptops, phones, and tablets across an organization.
- Azure
- Microsoft's general-purpose cloud computing platform — virtual machines, databases, storage, and the underlying infrastructure that powers M365 itself. Different from M365; many businesses use both.
- SaaS / IaaS / PaaS
- Three layers of cloud services. SaaS (Software as a Service) is a finished application like Microsoft 365 or QuickBooks Online. IaaS (Infrastructure as a Service) is raw computing — virtual machines and storage like Azure or AWS. PaaS (Platform as a Service) sits between, providing managed runtimes for applications.
- RDS (Remote Desktop Services)
- Microsoft technology for serving Windows desktops and applications to users over the network. The foundation of most "hosted desktop" deployments and a common way to deliver line-of-business applications to remote staff.
- FSLogix
- A Microsoft technology that solves user-profile portability in RDS and Azure Virtual Desktop environments. If you have remote desktops, you almost certainly need FSLogix.
Infrastructure & networking
The plumbing — what actually carries traffic between your devices, your sites, and the internet. Most of these are familiar to IT teams; many show up as line items on quotes without much explanation.
- VPN (Virtual Private Network)
- A secured connection that lets a remote device — a laptop at home, an office in another city — act as if it were on the local network. Two main flavors: client VPN (a user connects to the office) and site-to-site VPN (two offices connect to each other).
- SD-WAN (Software-Defined Wide Area Network)
- A modern way to connect multiple business sites over the internet that intelligently routes traffic across multiple connection types (fiber, cable, LTE) for performance and resilience.
- VLAN (Virtual Local Area Network)
- A way to logically separate network traffic on the same physical network — keeping security cameras, guest Wi-Fi, and the office network on isolated paths even though they share the same switches.
- Site-to-Site VPN
- A persistent secured connection between two physical locations, typically office to office or office to a data center. Lets multi-site businesses share resources as if all sites were on the same network.
- Point-to-Point Wireless
- A directional wireless link between two specific locations (typically a few hundred yards to a few miles apart), used to extend a network across a property where running cable is impractical. Common in jobsite, warehouse, and multi-building campus settings.
- LTE/5G Failover
- A backup internet connection over the cellular network that automatically takes over if the primary internet line goes down. Standard equipment for businesses that cannot afford internet downtime.
- Access Point (AP)
- The wireless transmitter that broadcasts Wi-Fi. Real business networks use multiple APs designed to overlap correctly; consumer-grade routers stuffed in a closet are not the same thing.
- Firewall
- The device or service at the edge of a network that decides what traffic is allowed in or out. Modern business firewalls also do intrusion prevention, web filtering, VPN termination, and application control.
- DNS / DHCP
- Two foundational network services. DNS (Domain Name System) translates names like www.coresouth.net into the IP addresses computers use. DHCP (Dynamic Host Configuration Protocol) hands out IP addresses to devices joining the network.
- Site Survey
- A physical walkthrough of a building (warehouse, office, jobsite) that measures actual wireless coverage and identifies dead zones before installing access points. The difference between Wi-Fi that works and Wi-Fi that mostly works.
Business systems & IT operations
How IT services are delivered, and the business systems that run on top of them. Some of these are how you'd evaluate an MSP; others are the software categories your industry uses every day.
- MSP (Managed Services Provider)
- A company that delivers IT services for a fixed monthly fee on a recurring basis — managing some or all of a customer's IT environment. Distinct from break-fix providers, who charge per ticket.
- MSSP (Managed Security Services Provider)
- A specialized MSP focused exclusively on cybersecurity services — typically operating a SOC, monitoring security platforms, and managing security tools.
- RMM (Remote Monitoring and Management)
- The software platform an MSP uses to monitor, patch, and remotely access the laptops and servers it manages. Invisible to end users when working correctly.
- SLA (Service Level Agreement)
- A documented commitment to specific service metrics — typically response time and resolution time, sometimes uptime and availability. The contractual definition of what good looks like.
- RPO / RTO (Recovery Point Objective / Recovery Time Objective)
- Two numbers that define backup and recovery requirements. RPO is how much data you can afford to lose, measured in time (e.g., one hour of data loss is acceptable). RTO is how long it can take to be back up (e.g., systems must be restored within four hours).
- Ticketing
- The system of recording, tracking, and resolving support requests. Every legitimate IT operation runs on a ticketing system; if your IT vendor cannot show you ticket history, that is the answer.
- ERP (Enterprise Resource Planning)
- An integrated business software platform that ties accounting, inventory, purchasing, sales, and operations together into a single system. NetSuite, Sage, SAP, and Microsoft Dynamics are common examples.
- WMS (Warehouse Management System)
- Software that runs the operations of a warehouse — receiving, putaway, picking, packing, shipping, and inventory. Often integrated with an ERP.
- EDI (Electronic Data Interchange)
- A standardized format for exchanging business documents (purchase orders, invoices, advance shipping notices) between trading partners electronically. Widely used in distribution, manufacturing, and retail supply chains.
- CAD (Computer-Aided Design)
- Software for creating precision technical drawings — buildings, machinery, electrical schematics. AutoCAD is the most common example.
- BIM (Building Information Modeling)
- A 3D model-based design process for buildings that goes beyond CAD by including the data behind every building component (materials, dimensions, costs, schedule). Revit is the dominant BIM platform.
- MEP (Mechanical, Electrical, Plumbing)
- The three building systems that A&E firms typically design together — heating and cooling (M), power and lighting (E), and water and drainage (P). MEP engineers do this work as a specialty.
Still translating?
If a vendor sent you a proposal full of terms not in this glossary, bring it to the discovery call. Plain-language explanations are the whole point.
Talk With A Local IT Expert