Term 451
OT
Operational Technology (OT) is hardware and software that monitors and controls physical devices, processes, and infrastructure in industrial environments.
Acronym study
Terms 451–480 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 451
Operational Technology (OT) is hardware and software that monitors and controls physical devices, processes, and infrastructure in industrial environments.
Term 452
An Outbound ACL is a set of rules applied to traffic leaving a network interface that decides which packets are allowed to exit and which are blocked.
Term 453
An Outside global address is the publicly routable IP address assigned to a device on the external network (usually the internet) as seen from the perspective of a network device performing Network Address Translation (NAT).
Term 454
Outside local is the IP address that a device on the inside of a private network appears to have from the perspective of hosts located outside the network, typically after Network Address Translation (NAT) has been applied.
Term 455
The OWASP Top 10 is a regularly updated list of the most critical security risks to web applications, published by the Open Web Application Security Project (OWASP) to help developers and security professionals prioritize and mitigate common vulnerabilities.
Term 456
The Owner role is an access control entity that holds full administrative rights over a resource, including the ability to grant or revoke permissions for other users.
Term 457
Packet capture is the process of intercepting and recording data packets traveling over a computer network for analysis.
Term 458
Privileged Access Management (PAM) is a security framework that controls, monitors, and audits access to critical systems and accounts with elevated permissions.
Term 459
A password manager is a software application that securely stores and manages login credentials, allowing users to generate, retrieve, and autofill complex passwords without needing to remember each one.
Term 460
A set of rules designed to enhance computer security by encouraging users to create strong, secure passwords and store them properly.
Term 461
Passwordless authentication is a method of verifying a user's identity without requiring them to enter a password, using alternative factors like biometrics, hardware tokens, or one-time codes.
Term 462
PAT (Port Address Translation) is a method of network address translation that maps multiple private IP addresses to a single public IP address by using different port numbers for each connection.
Term 463
Patch management is the process of identifying, acquiring, testing, and deploying software updates (patches) to fix vulnerabilities, bugs, or improve performance in IT systems.
Term 464
A Patch Manager is a tool or service that automates the process of finding, downloading, testing, and installing software updates across multiple computers to keep them secure and stable.
Term 465
A set of security rules that any company that handles credit card payments must follow to protect cardholder data from theft and fraud.
Term 466
The Payment Card Industry Data Security Standard is a set of security requirements designed to protect credit card data during storage, processing, and transmission.
Term 467
A penetration test is a simulated cyberattack against a computer system, network, or application to identify security weaknesses that an attacker could exploit.
Term 468
Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.
Term 469
A permission boundary is the defined limit that controls which users, processes, or systems can access specific resources in a computing environment.
Term 470
A Personal Identification Number (PIN) is a short numeric code used to verify a user's identity before granting access to a system, device, or account.
Term 471
Personal Identity Verification, or PIV, is a US federal government standard for using smart cards to securely verify a person's identity for access to physical and digital resources.
Term 472
Personally identifiable information (PII) is any data that can be used to identify, contact, or locate a specific individual, either alone or when combined with other information.
Term 473
PHI stands for Protected Health Information, which is any health data that can identify an individual and is protected by the Health Insurance Portability and Accountability Act (HIPAA).
Term 474
Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.
Term 475
Physical controls are tangible security measures like locks, fences, and biometric scanners used to protect buildings, hardware, and sensitive data from unauthorized physical access or harm.
Term 476
PII stands for Personally Identifiable Information, which is any data that can be used to identify a specific individual.
Term 477
Privileged Identity Management, a Microsoft Azure Active Directory tool that manages, monitors, and controls access to privileged roles on a just-in-time basis.
Term 478
A playbook is a documented set of predefined steps, scripts, and decision trees used by IT teams to automate, standardize, and respond consistently to common tasks or incidents.
Term 479
A policy is a set of rules or guidelines that defines how an organization manages, secures, and operates its IT systems and services.
Term 480
Policy as code is the practice of representing and managing security, compliance, and governance rules as executable code, enabling automated validation and enforcement across infrastructure and software development workflows.