Business Assets
Critical entities that need protection — like customer data, intellectual property, or operational systems.

Cost of Breach (CoB)
A dollar estimate of the financial damage your organization could face from a successful breach, including direct and indirect losses.

Cyber Risk Quantification (CRQ)
Converts cyber threats into measurable financial impact to help you prioritize actions based on risk exposure.

Exposure
The current monetary risk tied to your assets. Calculated using likelihood of attack and impact severity.

Exposure Reduction Quantification
Shows how much your exposure will drop if a specific finding is mitigated.

Engagement
A project in the Cye platform that defines what will be assessed (e.g., asset discovery, cloud assessment).

Finding
A validated vulnerability or weakness that can be mitigated to reduce organizational risk.

Finding Templates
Predefined vulnerability types you can use to quickly create new findings in the Cye platform.

Mitigation Plan
A prioritized action plan designed to reduce risk by resolving specific findings.

Maturity Assessment
Measures how well your organization is aligned with cybersecurity best practices (like NIST CSF), and where it can improve.

Threats
Internal or external actors (e.g., attackers from the internet or rogue employees) that pose risk to your business assets.

Advanced Persistent Threats (APT)
Targeted, sustained attacks by determined threat actors trying multiple paths to breach your environment.

Residual Risk
The risk that remains after you’ve applied all planned mitigation actions.

Risk Assessment
The process of identifying potential risks and evaluating their possible impact.

Risk Tolerance
The amount of risk your organization is willing to accept, recognizing that risk can never be eliminated completely.

Security Posture
Your organization’s overall ability to identify, protect against, detect, and respond to cyber threats.

Reputation
The long-term brand and trust impact from a breach — often factored into breach cost calculations.

Business Continuity
Your ability to maintain essential operations during and after a cyber event.

Disaster Recovery Plan (DRP)
A technical plan for restoring systems and data following a serious incident or breach.

Black Box Testing
Security testing with no internal system knowledge — simulates an external attacker.

White Box Testing
Security testing with full internal knowledge — useful for in-depth assessments.

Audit Log
A record of who did what, when — used for compliance and forensic reviews.

Baselining
Defining what “normal” looks like on your systems to detect anomalies.

Configuration Management
Tracking and controlling system changes to avoid unintended security consequences.

Operations Security (OpSec)
Protecting sensitive information through secure operations and behavior.

Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA)
Requiring more than one method of identity verification (e.g., password + mobile code).

Role-Based Access Control (RBAC)
Permissions tied to roles, not individual users — helps manage who can access or modify specific content.

OWASP
The Open Web Application Security Project — a leading authority on web app vulnerabilities.

NIST
The National Institute of Standards and Technology — the origin of the NIST Cybersecurity Framework used in the Cye platform.

SIEM
Security Information and Event Management — collects and analyzes security-related data from across your infrastructure.

SCADA
Supervisory Control and Data Acquisition — industrial systems used in power plants, factories, etc., often highly sensitive.

Web Application Firewall (WAF)
A firewall that monitors and filters traffic between your web apps and the internet.

Zero-Day Attack
An exploit that targets a vulnerability before the vendor or defender even knows it exists.

Many of these terms appear in the Cye platform dashboards, reports, or graph views.

Some (like CoB or Maturity) are tied directly to platform features and calculations.

For full definitions used in the Cye platform's logic and visualizations, refer to the Glossary when needed.