Skip to content

Glossary of Terms

A

  • Action - The unique combination of API, permission, and log.
  • Action type - An action can be “core” or “other”. Core actions are actions that can be denied to restrict the usage of a feature class.

B

  • Boundary - A barrier in a Data Flow Diagram (DFD) that could block a flow if not satisfied.

C

  • Controls - The actions that can be taken to mitigate potential threats.
  • Control Objectives - A set of controls that can be implemented together to achieve an objective.
  • CRUD - Create, Read, Update, and Delete
  • CVSS (Common Vulnerability Scoring System) – A framework for rating the severity of security vulnerabilities in software.

D

  • Data Flow Diagram (DFD) – A visual representation of how data moves through a system.

E

  • Entra ID (formerly Azure AD) – Microsoft's cloud-based identity and access management service.

F

  • Feature Class - A selection of actions that can be activated to be useful for a customer.

G

I

  • IAM (Identity and Access Management) – A framework of policies and technologies that ensures only authorized users have access to certain resources.
  • IAM entity - Any identity that can be authenticated and authorized to perform actions in a system that uses Identity and Access Management (IAM).
  • IAM permissions – Specific access rights granted to users or services in an IAM framework.

J

K

L

M

  • Managed Identity – A feature in Azure that provides an automatically managed identity for applications to authenticate against Azure AD without credentials.
  • MITRE ATT&CK – A framework of tactics and techniques used by adversaries in cybersecurity attacks.

N

O

P

  • Private Endpoint – A network interface that connects an Azure resource privately and securely to a virtual network (VNet).

Q

R

  • RBAC (Role-Based Access Control) – An identity management system that restricts network access based on user roles.

S

  • Scorecard - This contains general security and configuration information about the service, which includes support for some common security features.
  • Service Accounts - A special kind of account typically used by an application or compute workload, rather than a person; although, it can be impersonated by another authenticated principal (e.g., user or another service account). There are 3 types of service accounts: user-managed, Google-managed, and service agents.
  • Service Agent - Service accounts that are created and managed by Google Cloud, and that allow services to access resources on your behalf.

T

  • Threats - Something that an attacker could perform on a given target
  • Threat ID (e.g., Web.T24) – Unique identifiers assigned to specific security threats in the threat model.
  • Threat Objectives - The goal of the threat.

U

V

  • VPC Service Controls - Enable you to define security policies that prevent access to Google-managed services outside of a trusted perimeter, block access to data from untrusted locations, and mitigate data exfiltration risks.

W

X

Y

Z