Reference

Security Glossary

Clear definitions of key terms in vulnerability prioritization, cyber asset management, attack surface management, and security operations.

Jump to: A C E G R S U V

Attack Surface Management

The ongoing process of discovering, cataloging, and reducing the total set of assets and entry points exposed to potential attackers.

Asset Attack Surface

The total collection of assets (endpoints, servers, cloud instances, and services) that could be targeted by an attacker.

CAASM

Cyber Asset Attack Surface Management (CAASM), a category of security tools that aggregate asset data from multiple sources into a unified inventory.

CMDB

Configuration Management Database (CMDB), a repository that stores information about IT infrastructure components and their relationships.

CAASM vs CSAM

Two related but distinct security categories: CAASM focuses on asset aggregation and visibility, while CSAM emphasizes asset lifecycle and governance.

Cyber Asset Inventory

A complete, continuously updated catalog of all hardware, software, cloud resources, and services in an organization.

Compliance Drift

The gradual deviation from established compliance baselines as systems change, configurations evolve, and new assets appear.

CISA KEV

The CISA Known Exploited Vulnerabilities catalog, an authoritative list of CVEs with confirmed in-the-wild exploitation.

Compensating Control

A mitigating safeguard such as a WAF, network segmentation, EDR, disk encryption, or IPS signature that reduces the effective risk of a vulnerability without patching it.

EPSS

Exploit Prediction Scoring System, a FIRST.org probability that a given CVE will be exploited in the wild within the next 30 days.

Golden Record

A single, authoritative representation of an entity created by merging and deduplicating data from multiple sources.

Row-Level Security

A database feature that restricts which rows a user or application can access, enforcing data isolation at the storage layer.

RBAC

Role-Based Access Control (RBAC), a method of restricting system access based on roles assigned to users rather than individual permissions.

Shadow IT

Hardware, software, or cloud services used within an organization without IT or security team knowledge or approval.

SOC 2 Asset Management

The asset management requirements within SOC 2 compliance: maintaining a complete inventory and demonstrating controls over every system in audit scope.

Unified Vulnerability Management

Merging vulnerability findings from every scanner and EDR onto unified golden-record assets, deduplicated per asset and CVE, then risk-ranked in one place.

Vulnerability Prioritization

Ranking vulnerabilities by real-world risk, exploit activity, exposure, criticality, and compensating controls, instead of triaging by CVSS severity alone.

17 terms defined

See these concepts on your data

Work with us as a design partner - we'll show you how Koopic scores your actual vulnerabilities against your controls.

See it on your data Explore the Platform