JaySplains It™

Tech talk shouldn’t make your head spin — this page has your back.

Welcome to JaySplains It —where Jay explains security in plain, human language.

This isn’t just a dictionary of security terms. JaySplains It™ breaks down words and concepts used within posts on this site, so you can read, understand, and apply what you learn without confusion.

No jargon. No fluff. Just clear, relatable explanations you can actually use.

Explore each section below. Lightbulb on. Confusion off. JaySplains It™. If you come across a word in any post that isn’t explained here, don’t worry — you can request a JaySplain™ anytime. Just send a quick email with the term you want broken down, the JaySecures™ way.

Access & Identity

Authentication

Industry Definition:
Authentication verifies the identity of a user, process, or device before granting access.
Source: NIST SP 800-53 Rev. 5

JaySplain™
Like showing your passport at airport security so they know who you are before letting you through.

Authorization

Industry Definition:
Authorization grants or denies specific requests for access to resources based on permissions.
Source: NIST SP 800-53 Rev. 5

JaySplain™
Like airline staff checking your boarding pass to decide your gate or seat after your passport confirms who you are.

OAuth

Industry Definition:
OAuth is a token-based authorization framework allowing third-party services to exchange information without exposing passwords.
Source: oauth.net

JaySplain™
Like showing your library card to enter a partner building – you didn’t sign up there, but they trust your card.

MFA (Multi-Factor Authentication)

Industry Definition:
MFA requires more than one method of authentication from independent categories of credentials.
Source: NIST SP 800-63B

JaySplain™
Like needing both a key and a fingerprint to open your front door. One factor isn’t enough – that double lock keeps you safer.

Private Browsing (Incognito Mode)

Industry Definition:
A browser setting that prevents your activity (like history, form inputs, and cookies) from being saved on your own device. It does not hide your browsing from websites, your employer, or your internet provider.
Source: Mozilla, Google

JaySplain™
Private browsing is like staying in a hotel room and cleaning up before you check out. The room doesn’t keep a record of what you did — no saved towels, no forgotten socks. But the front desk? Still knows when you were there and what room you used. Incognito clears your trail locally, but it doesn’t make you invisible online.

Cloud & Data

Cookies

Industry Definition:
Small text files stored on your device by websites to remember your preferences, login status, or activity across visits.
Source: European Commission, Mozilla

JaySplain™
Cookies are like little notes a website leaves behind to remember you next time — like “They like dark mode” or “They left this item in the cart.” Sometimes helpful. Sometimes nosey. Either way, they stick around until you say otherwise.

Third-party Cookies

Industry Definition:
Cookies set by domains other than the one you’re currently visiting. They’re commonly used for online tracking and advertising.
Source: IAB Europe, Mozilla

JaySplain™
Third-party cookies aren’t from the website you’re on – they’re from other companies that want to watch what you do online. Imagine shopping in one store while someone from another store is secretly taking notes for their own ads later.

Virtualization

Industry Definition:
Virtualization creates virtual versions of physical resources like servers, desktops, or storage devices.
Source: VMware Glossary

JaySplain™
Like turning one house into several Airbnb units. Each guest gets their own space, but it’s still the same physical building underneath.

Threats & Attacks

Malware

Industry Definition:
Malware is software designed to harm, exploit, or otherwise compromise a device, network, or service.
Source: CISA.gov

JaySplain™
It’s like pests infesting your device – bugs (viruses, spyware, ransomware) that sneak in to steal, damage, or mess with your stuff until you clean them out.

Phishing

Industry Definition:
Phishing tricks individuals into revealing sensitive information via deceptive emails or websites.
Source: CISA.gov

JaySplain™
Like getting an email that looks like it’s from your bank, linking to a fake login page set up to steal your details.

Smishing

Industry Definition:
Smishing uses SMS text messages to trick individuals into revealing sensitive information or downloading malicious content.
Source: CISA.gov

JaySplain™
Like phishing, but via text instead of email. Imagine getting a text that looks like it’s from your bank asking for your PIN – it’s bait to steal it.

Controls & Tools

Encryption

Industry Definition:
Encryption converts data into coded form unreadable without a specific key or password.
Source: NIST Glossary

JaySplain™
Like turning your message into secret code. Only the right person with the key can read it.

Firewall

Industry Definition:
A firewall monitors and controls network traffic based on security rules.
Source: NIST Glossary

JaySplain™
Like a digital doorman for your devices, only letting through what’s allowed and blocking sketchy stuff before it gets in.

Intrusion Detection System (IDS)

Industry Definition:
An IDS monitors network or system activity for signs of malicious behavior or policy violations and alerts administrators when suspicious activity is detected.
Source: NIST SP 800-94

JaySplain™
Like a digital watchdog for your Wi-Fi or network. It doesn’t block threats itself, but it barks (alerts) when something suspicious happens so you can act fast.

Risk Assessment

Industry Definition:
Risk Assessment is the process of identifying, evaluating, and prioritizing potential threats to an organization’s assets, operations, or data.
Source: NIST SP 800-30

JaySplain™
Risk assessment is like checking your house for weak spots (Vulnerabilities) before a storm hits (Threat). You figure out what could go wrong, how bad it would be (Impact), and how likely it is to happen (Likelihood) — so you can plan the right protections. It doesn’t fix the risks itself, it simply shows you where to act first to protect what matters most.

Risk = Likelihood × Impact
Where Likelihood = Threat × Vulnerability

Security Protocols

Industry Definition:
Security protocols are standardized rules and procedures that dictate how data is securely transmitted, processed, and protected in networks and systems.
Source: NIST Glossary

JaySplain™
Security protocols are like recipes for keeping data safe. They spell out exactly what ingredients (steps) to use, when, and how, so your security always turns out right — no guesswork.

VPN

Industry Definition:
A Virtual Private Network (VPN) creates a secure, encrypted connection between your device and the internet, protecting data from interception.
Source: NIST Glossary

JaySplain™
Using a VPN is like driving through a private tunnel instead of public roads. Outsiders can’t see where you’re going, keeping your online activity hidden and secure.

Compliance & Terms

ISO 27001

Industry Definition:
ISO/IEC 27001 is an international standard that outlines best practices for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Source: ISO.org

JaySplain™
ISO 27001 is like a blueprint for building a secure house. It doesn’t just tell you to lock the doors — it guides how to design the whole structure, check it regularly, and keep improving it. It’s one of the trusted security standards organizations follow to show they take security seriously.

NIST CSF

Industry Definition:
The NIST Cybersecurity Framework (CSF) is a set of guidelines, standards, and best practices developed by the U.S. National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risks across five core functions: Identify, Protect, Detect, Respond, and Recover.
Source: NIST.gov

JaySplain™
NIST CSF is like a **fitness program for your security posture**. It doesn’t just tell you to be secure; it lays out a balanced workout plan: first know what you have (Identify), protect it (Protect), keep an eye out for threats (Detect), have a response plan (Respond), and build back stronger if things go wrong (Recover).