JaySplains It™
Welcome to JaySplains It —where Jay explains security in plain, human language.
This isn’t just a dictionary of security terms. JaySplains It™ breaks down words and concepts used within posts on this site, so you can read, understand, and apply what you learn without confusion.
No jargon. No fluff. Just clear, relatable explanations you can actually use.
Explore each section below. Lightbulb on. Confusion off. JaySplains It™. If you come across a word in any post that isn’t explained here, don’t worry — you can request a JaySplain™ anytime. Just send a quick email with the term you want broken down, the JaySecures™ way.
Access & Identity
Access Controls
Industry Definition:
Access control is the process of granting or denying specific requests to obtain and use information and related information processing services, and to enter specific physical facilities. It includes authentication, authorization, and policies that define access privileges.
Source: NIST SP 800-53 Rev. 5
JaySplain™
Access controls are like airport security checks. First, your passport is verified — that’s authentication (proving who you are). Then your boarding pass is checked to confirm what flight or area you’re allowed to enter — that’s authorization. Access control is the full process that enforces both.
Authentication
Industry Definition:
Authentication verifies the identity of a user, process, or device before granting access.
Source: NIST SP 800-53 Rev. 5
JaySplain™
Like showing your passport at airport security so they know who you are before letting you through.
OAuth
Industry Definition:
OAuth is a token-based authorization framework allowing third-party services to exchange information without exposing passwords.
Source: oauth.net
JaySplain™
Like showing your library card to enter a partner building – you didn’t sign up there, but they trust your card.
MFA (Multi-Factor Authentication)
Industry Definition:
MFA requires more than one method of authentication from independent categories of credentials.
Source: NIST SP 800-63B
JaySplain™
Like needing both a key and a fingerprint to open your front door. One factor isn’t enough – that double lock keeps you safer.
Private Browsing (Incognito Mode)
Industry Definition:
A browser setting that prevents your activity (like history, form inputs, and cookies) from being saved on your own device. It does not hide your browsing from websites, your employer, or your internet provider.
Source: Mozilla, Google
JaySplain™
Private browsing is like staying in a hotel room and cleaning up before you check out. The room doesn’t keep a record of what you did — no saved towels, no forgotten socks. But the front desk? Still knows when you were there and what room you used. Incognito clears your trail locally, but it doesn’t make you invisible online.
Cloud & Data
Data
Industry Definition:
Facts or details collected and stored for reference, analysis, or decision-making. This includes everything from names and addresses to clicks, sales numbers, and sensor readings.
Source: ISO/IEC 2382, NIST Glossary
JaySplain™
Data is just details — like what you bought, clicked, searched, or said. On its own, it might not say much. But when it’s added up, it can paint a pretty clear picture of your habits, your business, or even your secrets.
Virtualization
Industry Definition:
Virtualization creates virtual versions of physical resources like servers, desktops, or storage devices.
Source: VMware Glossary
JaySplain™
Like turning one house into several Airbnb units. Each guest gets their own space, but it’s still the same physical building underneath.
Threats & Attacks
Attack Surface
Industry Definition:
An attack surface is the total set of points in a system where an unauthorized user (attacker) can try to enter, extract data, or compromise functions.
Source: NIST SP 800-160 Vol. 1
JaySplain™
Think of it like all the doors, windows, and hidden entrances into a building. The more openings there are, the easier it is for someone to break in. Reducing your attack surface means closing or securing those points to prevent anyone who shouldn’t be getting in.
Malware
Industry Definition:
Malware is software designed to harm, exploit, or otherwise compromise a device, network, or service.
Source: CISA.gov
JaySplain™
It’s like pests infesting your device – bugs (viruses, spyware, ransomware) that sneak in to steal, damage, or mess with your stuff until you clean them out.
Phishing
Industry Definition:
Phishing tricks individuals into revealing sensitive information via deceptive emails or websites.
Source: CISA.gov
JaySplain™
Like getting an email that looks like it’s from your bank, linking to a fake login page set up to steal your details.
Smishing
Industry Definition:
Smishing uses SMS text messages to trick individuals into revealing sensitive information or downloading malicious content.
Source: CISA.gov
JaySplain™
Like phishing, but via text instead of email. Imagine getting a text that looks like it’s from your bank asking for your PIN – it’s bait to steal it.
Threat Modeling
Industry Definition:
Threat modeling is the process of identifying, assessing, and addressing potential threats to an application, system, or business process before development or implementation.
Source: OWASP Foundation
JaySplain™
Threat modeling is like inspecting your whole property — not just the doors and windows, but the side gate, the spare keys, the broken sensor, and even the overgrown hedges where someone could hide. It’s how you spot weak spots and fix them before they’re used against you.
Controls & Tools
Coding Standards
Industry Definition:
Coding standards are a set of guidelines that govern how code should be written, organized, and maintained to improve readability, reliability, security, and maintainability.
Source: OWASP Secure Coding Practices
JaySplain™
Just like every language has grammar rules, coding has standards. They help everyone write code in a clear, consistent way — so others can read it, improve it, and build on it without confusion. When the rules are followed, everything runs smoother and more securely.
Encryption
Industry Definition:
Encryption converts data into coded form unreadable without a specific key or password.
Source: NIST Glossary
JaySplain™
Like turning your message into secret code. Only the right person with the key can read it.
Encryption Standards
Industry Definition:
Encryption standards are widely accepted specifications that define how data should be securely encrypted and decrypted to protect its confidentiality and integrity during storage or transmission.
Source: NIST Special Publication 800-175B Rev. 1
JaySplain™
Encryption standards are like universal secret codes — everyone agrees on how the message is scrambled, but only people with the right key can unlock it. Strong standards make sure your data stays private and unreadable to anyone snooping.
Firewall
Industry Definition:
A firewall monitors and controls network traffic based on security rules.
Source: NIST Glossary
JaySplain™
Like a digital doorman for your devices, only letting through what’s allowed and blocking sketchy stuff before it gets in.
Intrusion Detection System (IDS)
Industry Definition:
An IDS monitors network or system activity for signs of malicious behavior or policy violations and alerts administrators when suspicious activity is detected.
Source: NIST SP 800-94
JaySplain™
Like a digital watchdog for your Wi-Fi or network. It doesn’t block threats itself, but it barks (alerts) when something suspicious happens so you can act fast.
Risk Assessment
Industry Definition:
Risk Assessment is the process of identifying, evaluating, and prioritizing potential threats to an organization’s assets, operations, or data.
Source: NIST SP 800-30
JaySplain™
Risk assessment is like checking your house for weak spots (Vulnerabilities) before a storm hits (Threat). You figure out what could go wrong, how bad it would be (Impact), and how likely it is to happen (Likelihood) — so you can plan the right protections. It doesn’t fix the risks itself, it simply shows you where to act first to protect what matters most.
Risk = Likelihood × Impact
Where Likelihood = Threat × Vulnerability
Security by Design
Industry Definition:
Security by Design is the practice of integrating security measures into a system or process from the outset, rather than adding them after deployment.
Source: OWASP Foundation
JaySplain™
Think of it like building safety into a house blueprint — not waiting until the house is finished to add locks, alarms, or fire exits. Security by Design means thinking about risks, controls, and protections from day one, so nothing gets missed or patched in too late.
Security Protocols
Industry Definition:
Security protocols are standardized rules and procedures that dictate how data is securely transmitted, processed, and protected in networks and systems.
Source: NIST Glossary
JaySplain™
Security protocols are like recipes for keeping data safe. They spell out exactly what ingredients (steps) to use, when, and how, so your security always turns out right — no guesswork.
Validation Rules
Industry Definition:
Validation rules are automated checks used in systems and applications to ensure that input data meets specific criteria before it is accepted or processed.
Source: OWASP Secure Coding Practices Guide
JaySplain™
Validation rules are like double-checks in a form — they make sure the right information is filled in before anything moves forward. It’s how systems say, “Hold on — that’s missing” or “That doesn’t look right,” so only clean, complete inputs get through.
VPN
Industry Definition:
A Virtual Private Network (VPN) creates a secure, encrypted connection between your device and the internet, protecting data from interception.
Source: NIST Glossary
JaySplain™
Using a VPN is like driving through a private tunnel instead of public roads. Outsiders can’t see where you’re going, keeping your online activity hidden and secure.
Compliance & Terms
GDPR
Industry Definition:
The General Data Protection Regulation (GDPR) is a European Union law focused on data protection and privacy for individuals.
Source: gdpr.eu
JaySplain™
Think of GDPR as a privacy shield — it gives people control over how their data is used and forces companies to ask before using it.
ISO 27001
Industry Definition:
ISO/IEC 27001 is an international standard that outlines best practices for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Source: ISO.org
JaySplain™
ISO 27001 is like a blueprint for building a secure house. It doesn’t just tell you to lock the doors — it guides how to design the whole structure, check it regularly, and keep improving it. It’s one of the trusted security standards organizations follow to show they take security seriously.
NIST CSF
Industry Definition:
The NIST Cybersecurity Framework (CSF) is a set of guidelines, standards, and best practices developed by the U.S. National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risks across five core functions: Identify, Protect, Detect, Respond, and Recover.
Source: NIST.gov
JaySplain™
NIST CSF is like a **fitness program for your security posture**. It doesn’t just tell you to be secure; it lays out a balanced workout plan: first know what you have (Identify), protect it (Protect), keep an eye out for threats (Detect), have a response plan (Respond), and build back stronger if things go wrong (Recover).
Culture & Behaviour
Security Culture
Industry Definition:
Security culture is the set of values, shared by everyone in an organization, that determine how people are expected to think about and approach security.
Source: ENISA (European Union Agency for Cybersecurity)
JaySplain™
Security culture is like the tone you set in a workplace. It's not just rules on paper — it's how people act when no one’s watching. Do they report mistakes? Do they take shortcuts? Do they know why security matters, or are they just ticking boxes? A strong security culture means secure behavior becomes second nature — not just something you do when told.