Glossary
This glossary contains key words that appear frequently on the DekkoSecure website and in the realm of secure communications.
2FA
Two-Factor Authentication is a security process that requires two different forms of identification before granting access to a system or application.
AES-256
AES-256 is a standardised encryption method with a key size of 256 bits, widely used for securing sensitive data.
Audit Capability
The ability to track and record actions or events within a system for compliance, analysis, or review purposes.
Chain of Custody
The chronological documentation of the handling, custody, and control of evidence or documents, ensuring their integrity and admissibility.
CIA Triad
A model designed to guide policies for information security within an organization, consisting of three core principles: confidentiality, integrity, and availability.
CJIS
Criminal Justice Information Services, a division of the FBI that provides criminal justice information to law enforcement agencies, or, a description of a system or systems that handle such data.
Claims Testing
Testing conducted to verify the accuracy of claims made by a product or service regarding its features or capabilities.
CSA
Cloud Security Alliance, a nonprofit organization that promotes best practices for securing cloud computing environments.
Data Ownership
The legal right and control over data, determining who can access, use, or distribute it.
Data Sovereignty
The legal concept that data is subject to the laws and regulations of the country or jurisdiction in which it is located (stored) or processed.
Document Validator (Gov-AU)
DekkoSecure's tool for validating documents that are signed on the DekkoSecure AU platform (us.dekko.io).
Document Validator (Gov-CA)
DekkoSecure's tool for validating documents that are signed on the DekkoSecure US platform (us.dekko.io).
Elliptic Curve Cryptography (EEC) -384
A public-key cryptography technique based on the algebraic structure of elliptic curves, using a 384-bit key size for encryption.
End-to-End Encryption (E2EE)
A method of secure communication that prevents third-parties from accessing data while it's transferred from one user, system or device to another.
FedRAMP
Federal Risk and Authorization Management Program, a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
FIPS
Federal Information Processing Standards, a set of standards published by the US government for use in computer systems by non-military government agencies and government contractors.
GDPR
General Data Protection Regulation, a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
Granular Visibility Controls
Fine-grained control over who can see specific information or data within a system or platform.
HIPAA
Health Insurance Portability and Accountability Act, a US law that provides data privacy and security provisions for safeguarding medical information.
Hosting Compliance
Compliance with regulations and standards related to the hosting and storage of data in cloud environments.
Immutable
Data or records that cannot be altered or deleted once they are created or stored.
IRAP
Information Security Registered Assessors Program - A program administered by the Australian Signals Directorate that assesses cloud services for use with Australian government classified data.
ISO - 27001, 27017, 27018
International Organization for Standardization standards related to information security management systems (27001), cloud security (27017), and protection of personal data in cloud services (27018).
Microsoft Azure Cloud
A cloud computing service provided by Microsoft, offering a wide range of services including computing, analytics, storage, and networking.
Military Grade Encryption
Encryption techniques and standards that meet or exceed the security requirements of military organizations.
NIST
National Institute of Standards and Technology - A non-regulatory agency of the United States Department of Commerce that develops standards and guidelines for various areas, including cybersecurity.
OAIC
Office of the Australian Information Commissioner, an independent Australian Government agency tasked with overseeing privacy protection and promoting transparency of information management practices in Australia.
Penetration Testing
Simulated cyberattacks against computer systems or networks to identify security vulnerabilities.
SHA384
Secure Hash Algorithm 384, a cryptographic hash function that produces a 384-bit (48-byte) hash value.
SOC 2
SOC 2, also known as Service Organization Control Type 2, is a cybersecurity compliance framework established by the American Institute of Certified Public Accountants (AICPA). Its main purpose is to ensure the security of client data handled by third-party service providers. It specifies how organizations should manage customer data based on the Trust Services Criteria (TSC) of Security, Availability, Confidentiality, Processing Integrity, and Privacy.
Sovereign Cloud
A cloud computing environment that complies with data sovereignty regulations, ensuring that data is subject to the laws and regulations of the country in which it is located.
SSL-4096
Secure Sockets Layer encryption with a key size of 4096 bits, providing secure communication over a computer network.
TOTP 2FA
Time-based One-Time Password Two-Factor Authentication, a method of authentication where a temporary password is generated based on the current time and a shared secret.
TLS1.3
Transport Layer Security Protocol Version 1.3 - The latest version of the TLS protocol, designed to provide improved security and performance compared to previous versions.
Triple-Redundant Cloud
A cloud infrastructure setup where data is replicated across three different physical locations or data centers to ensure high availability and data durability.
Workflow
The sequence of tasks, processes, or activities required to complete a specific job or project.
Zero Knowledge
A security model where service providers have no access to user data or encryption keys, ensuring maximum privacy and security.
Zero Trust
A security model based on the principle of "never trust, always verify," where no entity, whether inside or outside the network perimeter, is trusted by default.