Hybrid cloud. BYOD. Big Data. Internet of Things. These are terms that have become part of the daily lexicon, not only within the IT world but also in the mainstream. Jargon is integral to IT. They make complicated terms more accessible to the non-technical person, even if they aren\u2019t easier to understand.\nBuzzwords are commonplace in IT security, as well, but are they truly understood? As Frank Ohlhorst writes in Tech Republic, \u201cit seems that IT security managers are giving too much power to terms and buzzwords, letting them dictate security best practices.\u201d Ohlhorst goes on to point out that while BYOD is just an acronym that means, simply, Bring Your Own Device (such as when a company allows its employees to use their personally-owned phones, laptops, and other devices to access the network for work purposes), security professionals see it as Bring Your Own Disaster and the beginning of a security nightmare.\nSome security buzzwords and jargon are to the point, like ransomware or phishing, while others, like cloud security or compliance, are a little more ambiguous. Here are a few popular terms and what they really mean for security.\nCloud security. It\u2019s easy to lump all security within cloud computing under one term, but it differs between public clouds and private clouds. Private cloud security is approached in the same manner as any other in-house network security, while public cloud security will involve a third-party vendor. In basic terms, Ari Zoldan CEO, Quantum Networks, breaks down \u201ccloud security\u201d as a component of computer security which deals with the policies, technologies, and controls put into place to protect data, applications, and the associated infrastructure of cloud computing, but for IT security professionals, it really needs to be disseminated based on the type of cloud.\nCompliance. It seems like everyone wants to have their company become compliant with all types of rules and regulations meant to keep data secure. That\u2019s a good thing. But for many companies, \u201ccompliant\u201d is doing the bare minimum toward data security while claiming the company meets regulatory standards. Real compliance is an on-going process to do everything possible to prevent breaches and other threats.\nCyber espionage. This is the act of stealing secrets from one company or individual via the Internet with the intent on using them for personal, or more often, political or military, gain. Often this term is used when individuals or groups representing a country or organization infiltrate an \u201cenemy\u2019s\u201d network. Countries like China and Russia and groups like the Syrian Electronic Army are often accused of cyber espionage. This buzzword shouldn\u2019t be confused with cyberwarfare, which consists of different types of threats, including cyber espionage, conducted specifically by nation states.\nData Loss Prevention. Data Loss Prevention (DLP) is often the term used to describe the last point of defense against a cyberattack, but it is actually the strategy and software the security team develops to protect data.\nEndpoint Protection Platforms. Gartner explains endpoint protection platforms (EPP) as \u201ca solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single and cohesive solution.\u201d It\u2019s an essential need for information security, as every device we use \u2013 from our computers to smartphones \u2013 is considered an endpoint and needs to be secured. The problem it helps to solve is protecting the overwhelming number and types of devices now being connected to networks.\nPrivacy. When it comes to data security, privacy is tricky because what it means to one person (say the employee using BYOD) isn\u2019t what it means to another (say the NSA). For the IT security professional, however, data privacy is ensuring that sensitive information, such as personally identifiable information of customers and others, remains hidden and inaccessible to network intruders.\nRansomware. This is malware, but a very specific type of malware that requires some sort of ransom payment to either remove the malware or to retrieve files that had been encrypted by the malware. Ransomware has been around for a long time, but it made news this year when Cryptolocker encrypted files and then demanded payment in Bitcoin.\nRisk management. This is jargon that gets thrown around a lot, as in \u201cwe must develop a risk management program.\u201d But what exactly is risk management? The\u00a0Information Systems Audit and Control Association\u00a0describes it this way: \u201cInformation risk management defines the areas of an organization\u2019s information infrastructure and identifies what information to protect and the degree of protection needed to align with the organization\u2019s tolerance for risk. It identifies the business value, business impact, compliance requirements and overall alignment to the organization\u2019s business strategy. Once this information has been identified, it can be presented to the business leadership to make decisions about the level of investment (both financial and resource) that should be utilized to create appropriate information protection and risk management capabilities.\u201d\nPhishing. Phishing is one of the oldest forms of malicious social engineering, but it remains one of the most effective because spammers do a good job at luring users to click on malicious links or open malware-laden attachments. It is a specific form of social engineering used to gather personally identifiable information. Phishing emails appear to come from a trusted source, such as a friend or a well-known business. Over time, phishing has evolved to include spear phishing (targeted attempts highly personalized for a specific target) and whaling (phishing scams that target high-profile users and decision makers).\nThe buzzwords and jargon discussed here are just the tip of the security iceberg, but theyrepresent the terms that are used and often misunderstood within IT security.\nThis article was previously published on Forbes.com and Sungard AS.