This glossary explains the key concepts, terminology, and interface language used across the the Cye Exposure Management Platform platform. If you’re reading a report, configuring a mitigation plan, or exploring a dashboard and run into an unfamiliar term — this is the place to check. Think of it as your go-to reference for translating the Cye Exposure Management Platform’s insights into clear, actionable understanding.

This section covers the foundational language used across the Cye platform’s platform and documentation — from risk modeling to remediation logic. These terms appear everywhere, so it helps to get familiar.

(Each term includes a plain-language definition and how it’s used specifically in the Cye platform.)

What it is: A monetary estimate of the potential damage caused by a cyberattack. Includes direct losses (e.g., regulatory fines, containment costs) and indirect impacts (e.g., brand damage, stock drops, customer churn).
​In the Cye platform: Used throughout dashboards and reports to translate cyber risk into business terms. A core input in exposure calculations and mitigation prioritization.

What it is: A visual map of all possible attack paths to your critical business assets. Nodes = assets; edges = findings.
​In the Cye platform: Core to risk analysis. the Cye platform calculates breach likelihood and builds mitigation strategies based on the graph.

What it is: The essential components of your organization — customer data, intellectual property, operational systems, etc.
​In the Cye platform: Treated as “targets” in the Org. Attack Graph. All risk is measured in terms of potential impact to business assets.

What it is: A verified vulnerability or security issue tied to a specific asset. Includes probability of exploitation, severity, and mitigation steps.
​In the Cye platform: The building blocks of risk. Findings drive exposure, show up in dashboards, and feed directly into mitigation logic.

What it is: The combined likelihood and potential business impact of a breach.
​In the Cye platform: Always tied to a business asset and one or more findings. Visualized throughout reports and used to prioritize actions.

What it is: A method for converting cybersecurity risk into measurable financial impact.
​In the Cye platform: Combines graph-based likelihood with CoB data to create dollar-based risk metrics. Bridges technical and executive insights.

What it is: A prioritized list of actions to reduce cyber risk.
​In the Cye platform: Generated automatically using optimization logic. Includes findings to fix, order of operations, and expected impact.

What it is: How much risk your organization currently faces — expressed in potential financial loss.
​In the Cye platform: A top-level dashboard metric. You can break it down by asset, industry, mitigation status, or over time.

What it is: A score for your cybersecurity program’s strength across tools, processes, and policies.
​In the Cye platform: Based on the NIST framework. Appears in Executive and Maturity Reports to reflect overall readiness.

What it is: Probability that a specific attack path will succeed.
​In the Cye platform: Based on statistical models derived from the Org. Attack Graph. Affects risk scores for each business asset.

What it is: Five cybersecurity pillars: Identify, Protect, Detect, Respond, Recover.
​In the Cye platform: Used to score maturity, classify findings, and structure mitigation strategies.

What it is: Potential paths from an entry point to your assets, composed of findings and intermediate footholds.
​In the Cye platform: Displayed in the Org. Attack Graph, with associated risk scores and priority indicators.

What it is: Risk that remains even after you’ve mitigated everything possible.
​In the Cye platform: Reflected in exposure trends and reports. A reminder that no system is ever 100% risk-free.

What it is: Long-term brand or trust damage following a breach.
​In the Cye platform: Modeled as part of the Cost of Breach. Based on industry benchmarks and past incidents.

What it is: The drop in total risk after applying a mitigation plan.
​In the Cye platform: Displayed as the difference between original and current exposure. Key for showing ROI.

What it is: A finding or path that must be mitigated to stop high-risk attacks.
​In the Cye platform: Automatically flagged. Represents high-impact, low-effort remediation.

What it is: A suspected — but not yet validated — issue.
​In the Cye platform: Tracked separately from confirmed findings. Doesn’t affect core risk scores unless verified.

What it is: The attacker’s practical ability to exploit a vulnerability.
​In the Cye platform: Affects probability scores and mitigation priorities, based on red team data and threat intel.

What it is: Permission management based on roles, not individuals.
​In the Cye platform: Governs access to findings, reports, user actions — essential for large teams.

What it is: Verifying identity with multiple factors (e.g., password + device).
​In the Cye platform: Recommended during onboarding to prevent unauthorized logins.

What it is: Security Information and Event Management — collects and correlates security data.
​In the Cye platform: the Cye platform findings often feed into SIEM tools for broader monitoring.

What it is: A simpler version of MFA (usually password + SMS/email code).
​In the Cye platform: Functions the same as MFA and is enforced for added login protection.

What it is: Filters traffic between a web app and the internet.
​In the Cye platform: Frequently mentioned in remediation steps. Not part of the platform, but often used alongside it.

What it is: Operational security — protecting sensitive info from leaking due to carelessness.
​In the Cye platform: Findings related to behavior, config errors, or human error often fall under OpSec.

What it is: A timestamped record of all user actions.
​In the Cye platform: Tracks logins, settings, mitigation steps — useful for compliance and investigation.

What it is: Industrial systems that control infrastructure (e.g., water plants, power grids).
​In the Cye platform: Rare but high-priority. SCADA-related findings are treated with heightened sensitivity.

What it is: Personally Identifiable Information — names, IDs, emails, etc.
​In the Cye platform: Treated as business-critical assets. Breaches involving PII greatly increase the Cost of Breach.

What it is: A nonprofit that maintains a list of top web app vulnerabilities.
​In the Cye platform: Findings are categorized against OWASP benchmarks to flag serious weaknesses.

These terms are sourced from the Cye platform’s dashboards, views, and reports — including Risk, Findings, Org. Attack Graph, Maturity, Cost of Breach, and more.

Definition: An emerging sixth pillar (alongside Identify, Protect, etc.) focused on cybersecurity oversight, policies, and risk governance.
​Usage in the Cye platform: Appears in assessments and dashboards to frame policy ownership and oversight.
​Use it when: Referring to high-level governance activities or reporting structures.

Definition: A ranked view of business assets based on Likelihood, Exposure, and Cost of Breach.
​Usage in the Cye platform: Helps identify which assets require urgent attention.
​Use it when: Describing prioritization methods for asset protection.

Definition: A graphical breakdown of threats by actor type (e.g., insider, external).
​Usage in the Cye platform: Helps visualize risk origins and threat vectors.
​Use it when: Showing directional threats or threat categories.

Definition: A timeline of mitigation impact — including efficiency, exposure drop, and breach cost savings.
​Usage in the Cye platform: Tracks long-term performance of mitigation efforts.
​Use it when: Communicating effectiveness over time.

Definition: A visual summary of findings by status (Open, Fixed, In Progress, etc.) and severity.
​Usage in the Cye platform: Appears as bar charts and dashboards.
​Use it when: Reviewing remediation progress or bottlenecks.

Definition: The % improvement achieved through optimization efforts.
​Usage in the Cye platform: Highlights progress made in exposure/risk via mitigation.
​Use it when: Quantifying ROI or progress.

Definition: A measure of how effective a mitigation is relative to its effort and cost.
​Usage in the Cye platform: Prioritizes high-impact, low-effort fixes.
​Use it when: Comparing tradeoffs across remediation plans.

Definition: A breakdown of findings by severity and status.
​Usage in the Cye platform: Displayed as visualizations and tables.
​Use it when: Summarizing overall risk posture or workload.

Definition: A chart showing how fast new findings are created vs. fixed.
​Usage in the Cye platform: Indicates remediation velocity and backlog trends.
​Use it when: Evaluating team performance or capacity.

Definition: Maps findings to MITRE attack stages (e.g., Persistence, Lateral Movement).
​Usage in the Cye platform: Aligns findings with real-world attacker tactics.
​Use it when: Planning defenses or explaining exploit chains.

Definition: The most urgent findings based on risk, cost, and likelihood.
​Usage in the Cye platform: Displayed in dashboards to highlight priorities.
​Use it when: Triage or remediation prioritization.

Definition: The area of security a finding affects (e.g., Network, Identity).
​Usage in the Cye platform: Used for grouping, filtering, and dashboards.
​Use it when: Reviewing domain-specific issues.

Definition: A visual snapshot of all discovered assets and their relevance.
​Usage in the Cye platform: Helps scope engagements and track asset coverage.
​Use it when: Explaining digital footprint or attack surface.

Definition: Findings that are common or increasing across organizations.
​Usage in the Cye platform: Benchmarking and threat awareness.
​Use it when: Comparing internal risk to industry patterns.

Definition: An estimate of how expensive it is to fix a finding (symbolized as $, $$, etc.).
​Usage in the Cye platform: Helps with budgeting and planning.
​Use it when: Scoping cost-effort tradeoffs.

Definition: A rough estimate of how hard it is to fix a finding (e.g., Low, Medium, High).
​Usage in the Cye platform: Supports triage and capacity planning.
​Use it when: Prioritizing high-impact, low-effort fixes.

Definition: The highest likelihood a finding will be exploited.
​Usage in the Cye platform: A key factor in risk scoring and urgency.
​Use it when: Prioritizing what needs to be addressed first.

Definition: A dynamic visual showing how assets, findings, and attack routes are connected.
​Usage in the Cye platform: Central to planning which findings to fix and how to cut off attack paths.
​Use it when: Explaining threat flow or risk modeling.

Definition: Intermediate points in attack routes, often representing attacker footholds.
​Usage in the Cye platform: Help segment and analyze the attack chain.
​Use it when: Mapping progression or lateral movement.

Definition: The highest chance that a specific finding could be exploited.
​Usage in the Cye platform: Visual overlays highlight high-risk nodes in the graph.
​Use it when: Prioritizing critical issues.

Definition: The interface used to explore and interact with the Org. Attack Graph.
​Usage in the Cye platform: Enables filtering, zooming, and investigation.
​Use it when: Navigating threat scenarios or identifying risk chokepoints.

Definition: A feature for authorized users to manually adjust the Org. Attack Graph.
​Usage in the Cye platform: Reflects exceptions or real-world customizations.
​Use it when: Making manual adjustments to attack models.

Definition: Limits what users can see in the graph based on their roles.
​Usage in the Cye platform: Ensures proper access control.
​Use it when: Explaining UI behavior or access restrictions.

Definition: Assigns permissions based on user roles, not individuals.
​Usage in the Cye platform: Manages access to findings, reports, and graph editing.
​Use it when: Discussing security, roles, or admin setup.

Definition: A high-level score of your overall cybersecurity posture.
​Usage in the Cye platform: Visualized in dashboards and reports.
​Use it when: Communicating readiness or benchmarking.

Definition: The maturity level you aim to reach, based on business needs.
​Usage in the Cye platform: Shown alongside current scores to highlight gaps.
​Use it when: Planning improvement strategies.

Definition: Detailed categories under each core NIST function (e.g., Asset Management under Identify).
​Usage in the Cye platform: Scored individually to build up maturity ratings.
​Use it when: Drilling into capabilities or weaknesses.

Definition: A five-point scale measuring how well controls are implemented.
​Usage in the Cye platform: Used in dashboards and benchmarks.
​Use it when: Explaining progress or comparing teams.

Definition: Documentation explaining how maturity is calculated.
​Usage in the Cye platform: Linked directly from dashboards.
​Use it when: Providing scoring transparency.

Definition: The number of findings actively included in mitigation plans.
​Usage in the Cye platform: Helps tie maturity improvement to action.
​Use it when: Connecting plans to progress.

Definition: A tool that estimates the financial impact of a potential breach.
​Usage in the Cye platform: Supports budgeting and business decision-making.
​Use it when: Discussing risk in financial terms.

Definition: A view that shows breach cost per asset category (e.g., IP, Reputation).
​Usage in the Cye platform: Prioritizes risk based on business impact.
​Use it when: Aligning mitigation with business priorities.

Definition: Separates internal vs. external (third-party) breach costs.
​Usage in the Cye platform: Helps distinguish operational vs. vendor-related risk.
​Use it when: Managing vendor exposure or insurance needs.

Definition: Real-time recalculation of breach costs based on current data.
​Usage in the Cye platform: Keeps metrics accurate as assets evolve.
​Use it when: Explaining data refresh cycles.

Definition: Categories of business assets that drive breach cost estimates.
​Usage in the Cye platform: Central to CoB modeling and prioritization.
​Use it when: Discussing asset value and impact.

Definition: A formal plan to reduce risk by addressing specific findings.
​Usage in the Cye platform: Includes objectives, timelines, and affected assets.
​Use it when: Describing how remediation is structured.

Definition: The risk decrease if a mitigation plan is executed.
​Usage in the Cye platform: Shown in dollar value per plan.
​Use it when: Communicating plan ROI.

Definition: The specific asset a plan is meant to safeguard.
​Usage in the Cye platform: Helps filter and prioritize plans.
​Use it when: Linking actions to business outcomes.

Definition: The technical area a plan addresses (e.g., Network, Identity).
​Usage in the Cye platform: Used for classification and grouping.
​Use it when: Filtering or assigning tasks.

Definition: Shows how much of a plan has been completed (e.g., 40%).
​Usage in the Cye platform: Tracks progress toward closure.
​Use it when: Monitoring operational execution.

Definition: Key findings that must be remediated for a plan to succeed.
​Usage in the Cye platform: Used as a threshold or validation checkpoint.
​Use it when: Prioritizing essential fixes.

Definition: Assets directly affected by a mitigation plan.
​Usage in the Cye platform: Helps scope the effort and assign work.
​Use it when: Planning resource use.

Definition: The current lifecycle state (In Progress, Completed, etc.).
​Usage in the Cye platform: Enables tracking and reporting.
​Use it when: Managing active work.

Definition: Metadata for who made a plan and when.
​Usage in the Cye platform: Helps with versioning and governance.
​Use it when: Auditing or reviewing history.

Definition: A system component relevant to security — host, service, permission, etc.
​Usage in the Cye platform: Central to findings, mitigation, and risk calculations.
​Use it when: Mapping the attack surface.

Definition: The category an asset falls under (e.g., AD Certificate Template).
​Usage in the Cye platform: Used for filtering and organizing.
​Use it when: Tailoring views or controls.

Definition: A visual score for how critical the asset is.
​Usage in the Cye platform: Impacts business risk and prioritization.
​Use it when: Making risk-based decisions.

Definition: Whether the asset has known public vulnerabilities.
​Usage in the Cye platform: Flags high-risk components.
​Use it when: Filtering or prioritizing patches.

Definition: Whether an asset is considered in-scope for risk.
​Usage in the Cye platform: Helps focus analysis.
​Use it when: Narrowing engagement scope.

Definition: Custom labels assigned to assets.
​Usage in the Cye platform: Used for sorting and grouping.
​Use it when: Creating custom filters or dashboards.

Definition: Metadata showing how an asset connects and behaves.
​Usage in the Cye platform: Helps validate attack paths and dependencies.
​Use it when: Investigating relationships or forensic context.

Definition: The projects an asset is part of.
​Usage in the Cye platform: Indicates scope and findings context.
​Use it when: Tracking which work involves which assets.

Definition: A defined project or assessment in the Cye platform.
​Usage in the Cye platform: Contains assets, findings, and plans.
​Use it when: Scoping or managing client work.

Definition: The engagement’s category (e.g., Application, VIP).
​Usage in the Cye platform: Routes engagements to appropriate flows.
​Use it when: Filtering or organizing work.

Definition: Current state of the engagement (e.g., Active, Waiting).
​Usage in the Cye platform: Tracks lifecycle and readiness.
​Use it when: Reviewing pipeline or assignment.

Definition: Whether the engagement is one-time or repeated.
​Usage in the Cye platform: Supports automation and planning.
​Use it when: Coordinating timelines.

Definition: When the engagement is active.
​Usage in the Cye platform: Used for audits, timelines, and baselines.
​Use it when: Reporting or reviewing history.

Definition: Number of findings associated with an engagement.
​Usage in the Cye platform: Indicates size and scope.
​Use it when: Tracking assessment coverage.

Definition: The foundational trio that defines each engagement.
​Usage in the Cye platform: Structures all risk analysis and reporting.
​Use it when: Explaining engagement workflows.

Definition: Predefined layouts for maturity, risk, and remediation reports.
​Usage in the Cye platform: Used to standardize communication.
​Use it when: Automating report generation.

Definition: A high-level summary of risk, exposure, and maturity.
​Usage in the Cye platform: Created for leadership and board use.
​Use it when: Summarizing top-line progress.

Definition: Lets you view a report’s structure before using it.
​Usage in the Cye platform: Prevents formatting mistakes.
​Use it when: Planning report edits or duplications.

Definition: Automates delivery of reports on a regular cadence.
​Usage in the Cye platform: Used for stakeholder updates and compliance.
​Use it when: Reducing manual tasks.

Definition: Key maturity scores shown in executive summaries.
​Usage in the Cye platform: Highlights cybersecurity posture at a glance.
​Use it when: Reporting trends or benchmarking.

Definition: Time-based views of exposure, findings, or maturity.
​Usage in the Cye platform: Shows before-and-after progress.
​Use it when: Justifying ongoing investments.

Feel free to explore the terms at your own pace — no need to read it all in one go.
Bookmark this glossary and come back anytime you need to decode something in the Cye platform.