CYBERARK 詞彙表

Access Certification facilitates the review of a user’s access privileges and requires a third-party to certify that the access should continue to be granted for a designated period of time.

Access discovery provides administrators with a clear picture of who has access to what applications, resources or privileges across the organization.

Access management solutions are used by businesses to authenticate, authorize and audit access to on-premises and cloud-based applications and IT systems.

Active Directory (AD) is Microsoft’s directory and identity management service for Windows domain networks. AD is used for user authentication and authorization by a variety of Microsoft solutions like Exchange Server and SharePoint Server, as well as third-party applications and services.

Adaptive MFA is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use Adaptive Authentication to balance security requirements with the user experience.

An app gateway is an enterprise security solution that lets users access traditional web applications hosted in corporate data centers using the same logon credentials and methods they use to access mobile apps and cloud services.

Authentication and Authorization solutions positively validate a user’s identify and grant permission to access applications and IT systems once verified.

Bots automate and supplement human workflows helping organizations improve business agility, reduce costs and risks, and free up staff for higher value tasks.

A CI/CD pipeline is a collection of tools used by developers and test engineers throughout the continuous software development, delivery and deployment lifecycle.

Cloud identity and access management (IAM) permissions let IT and security organizations control access to the resources in their cloud environments.

Sometimes referred to as Cloud Entitlements Management solutions or Cloud Permissions Management solutions, CIEM solutions apply the Principle of Least Privilege access to cloud infrastructure and services, helping organizations defend against data breaches, malicious attacks and other risks posed by excessive cloud permissions.

雲端安全是指保護以雲端為基礎的應用程式、資料及虛擬基礎設施之完整性的做法。雲端安全包括所有雲端部署模型（公共雲、私有雲、混合雲、多雲）以及各類以雲端為基礎的服務及隨選解決方案（IaaS、PaaS、SaaS）。

CIAM solutions control access to public websites and digital properties, making it easy for customers to sign up and log on to online applications and services.

Businesses purchase cyber insurance (also known as cybersecurity insurance) to mitigate financial loss due to cyber attacks and data breaches.

資料外洩是一種安全事件，因惡意內部人員或外部攻擊者未經授權擅自存取機密資料或敏感資訊（例如病歷、財務資訊或個人識別資訊（PII））而引起。資料外洩是最常見且代價最高的網路資安事件之一。

Data sovereignty is the ability of enterprises to safeguard and have full control over the personally identifiable information (PII) of any citizen or permanent resident of the country in which it operates.

A defense-in-depth strategy, aka a security-in-depth strategy, refers to a cybersecurity approach that uses multiple layers of security for holistic protection.

開發維運（DevOps）一詞形容將軟體開發（Dev）與IT營運（Ops）結合起來並提高組織快速交付應用程式與服務之能力的一系列文化概念、實踐做法及工具。開發維運會帶來新的風險及文化變化，進而產生傳統安全管理解決方案與實踐做法通常無法解決的安全挑戰。

A directory service is a common data repository for maintaining information about network users and resources as part of their Identity Security strategy.

終端安全是指保護企業網路免受來自本地端或遠端裝置之威脅的實踐做法。終端是可藉以進入公司資產及應用程式的裝置，這些裝置是潛在的網路資安漏洞。

Healthcare cybersecurity protects organizations from cyber attacks and ensures availability of medical services, integrity of patient data, and compliance.

Identity and Access Management (IAM) solutions enable administration of user identities and control of access to enterprise resources. IAM solutions ensure the right individuals have access to the right IT resources, for the right reasons, at the right time.

Identity as a Service (IDaaS) is an Identity and Access Management solution delivered in the form of a cloud-based service hosted and managed by a trusted third party. An IDaaS offering combines all the functions and benefits of an enterprise-class IAM solution with all the economic and operational advantages of a cloud-based service.

Identity Governance and Administration (IGA) solutions efficiently manage digital identities and access rights across diverse systems and are used by corporate information security, risk management, compliance teams and IT organizations.

Identity lifecycle management refers to the process of managing the user identities and evolving access privileges of employees and contractors throughout their tenure—from day one through separation.

Learn everything you need to know identity orchestration and how it automates identity management workflows without writing custom codes or scripts.

Identity Security is a comprehensive solution for securing all identities– human or machine – throughout the cycle of accessing critical assets.

Identity Threat Detection and Response (ITDR) is a security discipline consisting of cyber threat intelligence, behavior analysis, tools and structured processes to enhance identity infrastructure security and accelerate the remediation of identity-centric attacks.

利用即時（JIT）存取方法，組織可即時升級人類及非人類用戶的權限，針對某個應用程式或系統提供級別更高且分層分級的特權存取，以便執行必要的任務。資安產業分析師建議使用JIT存取，透過儘可能減少常規存取來提供安全的特權存取。

最小特權原則（PoLP）是一種資訊安全概念，即僅提供用戶執行工作職能所需之最低級別存取權限（或許可）。最小特權原則被公認為網路安全的最佳實踐做法，也是保護特權存取高價值資料與資產的基本必要措施。

惡意軟體是所有類型惡意軟體的統稱，這類軟體企圖蒙蔽最終用戶而損害和破壞電腦、伺服器、客戶端或電腦網路及基礎設施。網路攻擊者出於多種目的設計、使用及出售惡意軟體，但最常用於竊取個人、財務或商業資訊。

Mitre Att&ck is an open framework for implementing cybersecurity detection and response programs that includes a global knowledge base of adversarial TTPs.

Multi-Factor Authentication is a method for using contextual information and business rules to determine which authentication factors to apply to a particular user in a particular situation. Businesses use MFA to balance security requirements with the user experience.

Operational Technology (OT) cybersecurity is a key component of protecting the uptime, security and safety of industrial environments and critical infrastructure.

Passwordless Authentication is an authentication method that allows a user to gain access to an application or IT system without entering a password or answering security questions.

A phishing attack is a social engineering tactic commonly used to steal confidential data or deliver ransomware or some other form of malware.

特權存取管理是一個結合人員、流程與技術的全方位網路安全策略，以控制、監測、保護及審核整個企業 IT 環境內的所有人類與非人類特權身份及活動。企業組織實施特權存取管理來預防憑證竊盜及特權濫用造成的威脅。

勒索軟體是專為勒索受害者牟取經濟利益而設計的惡意軟體。勒索軟體一旦啟動，用戶即無法存取其檔案、應用程式或系統，直到支付贖金為止。通常要求以比特幣之類的貨幣交付贖金，以防追蹤。

Remote access security solutions authenticate users who are accessing business applications and IT systems from outside the private enterprise network.

Remote work security safely extends business applications and services to teleworkers and nomadic users without impairing user experience or satisfaction.

機器人流程自動化（RPA）技術，可協助組織將標準化的作業全部或部分自動化。機器人流程自動化軟體機器人或「網路機器人」可模仿人類執行工作的行為動作。

軟體即服務（SaaS）是一種軟體授權及分發模型，服務供應商利用該模型託管應用程式，並透過網際網路提供給客戶。SaaS也被稱為「隨選軟體」、「託管軟體」及「Web軟體」，是雲端運算三個主要組成部分之一，也是數位化轉型的基本元素之一。

金鑰管理可讓組織對非人類身份實施一致的安全政策。金鑰管理可確保跨越工具堆疊、平台與雲端環境的資源僅可由經過身份驗證及授權的實體存取。

Security Assertion Markup Language (SAML) provides a standard way for businesses and application providers to share user authentication and authorization data and federate identity management functionality.

A security framework (also known as a cybersecurity framework) is a collection of well-documented standards, policies, procedures and best practices intended to strengthen an organization’s security posture and reduce risk.

Security Operations (SecOps) is the practice of combining internal information security and IT operations practices to improve collaboration and reduce risks.

Single Sign-On (SSO) is an authentication method that lets users access multiple applications and services using a single set of login credentials. SSO can help businesses improve user satisfaction and productivity, strengthen access security, and reduce IT operations expense and complexity.

Synthetic identity refers to a counterfeit identity formed by combining a mix of genuine and false information, blurring the line between physical and digital characteristics that identify a human being.

Temporary elevated access management (TEAM) access methodology helps organizations elevate privileges for human and non-human users in real time to provide granular access to an application or system in order to perform a necessary task.

Third-party access is the process of granting external vendors and service providers secure access to IT assets for maintenance, administration and management.

User behavior analytics use AI and machine learning to analyze large datasets to identify security breaches, data exfiltration and other malicious activities.

A virtual directory is an Identity and Access Management architectural component that gives identity consumers a consolidated and unified view of identity management information stored in multiple disparate data repositories.

Zero Standing Privileges (ZSP) is a security principle that advocates for the removal of persistent access privileges for users within an enterprise network, the next logical progression from just-in-time access.

零信任是用於保護現代數位業務環境的策略性網路安全模型。零信任理念認為，組織不應自動信任任何人事物，不計其位於網路邊界內或外。零信任模型要求，試圖連接至組織系統的人員及個體均須先經驗證，方可取得存取權。