Drive safe AI adoption across your workforce: Build AI literacy that protects your 
organisation’s data, compliance and reputation. See how.

Contact
Languages

Cyber Lexicon

Breaking down cyber terms for a safer, shared digital experience.

A

A Compact Guide to ISO 27001:2022: Requirements, Changes, and Implementation Strategies

ISO 27001:2022 defines the global gold standard for information security. Find out how you can implement the framework efficiently. Contents Overview: ISO 27001:2022 What is ISO 27001? ISO 27001 simply explained: It is the internationally leading standard for information security in private and public organisations. It not only describes technical measures but also requires the […]

Adware

Adware operates behind the scenes, discreetly displaying or downloading ads, often without a user’s direct approval. Its primary mission is to boost its developer’s revenue by placing those ads front and centre for the user.

C

CEO Fraud

CEO fraud is a cyberattack method where cybercriminals impersonate CEOs or other business executives to trick employees into disclosing sensitive information or completing fraudulent transactions.

CIS Controls: Prioritisation and defence strategies for modern security architectures

The CIS Controls rank 18 measures according to their proven effectiveness against real-world attacks, providing clear answers to the question: What really protects you? Contents Overview: CIS Controls What are CIS Controls and why are they the industry standard? Originally known as the SANS Top 20, today’s CIS Controls have evolved far beyond their beginnings. […]

Cyber Resilience Act explained: requirements, timeline and scope

The Cyber Resilience Act introduces EU-wide cybersecurity requirements for products with digital elements. This article explains what changes, when key obligations apply, and which organisations across the EU need to act. Contents Summary: what the Cyber Resilience Act regulates The Cyber Resilience Act (CRA) is an EU regulation. It sets common cybersecurity requirements for products […]

D

Data Leak Protection for IT Decision-Makers: Strategies, Solutions and Best Practices

Data leak protection, data leak prevention and data loss prevention sound similar, but mean different things. We clarify the terms and present strategies for CISOs.

DDoS Attacks

Distributed Denial-of-Service attacks (DDoS) are a potent weapon in a hacker’s arsenal designed to disrupt normal business activity by flooding systems with unnecessary traffic, overwhelming servers and websites.

DORA

The Digital Operational Resilience Act is legislation introduced by the European Union whose purpose is to improve the cyber defences of the financial sector. DORA sets clear operational standards to help businesses reduce digital disruptions and better protect themselves from cyberthreats.

Doxxing

Doxxing is a malicious online scheme that involves exposing private information about individuals or organisations in the digital arena, setting the stage for security breaches and relentless harassment.

H

Human Firewall: the Key to Cyber Resilience

Technology alone is not enough to protect you. Instead, people are the first line of defence against cyberattacks. A strong Human Firewall detects attacks early and can therefore prevent damage.

Human Risk Management

HRM is a holistic approach to security that focuses on identifying, quantifying, actively managing, and ultimately reducing your human risk. An approach that prioritises outcomes and behavioural drivers to foster a security culture where safe behaviour becomes second nature.

M

Malware

Malware is a blanket term for any type of malicious software designed by cybercriminals to infiltrate a system. From viruses and worms to ransomware and trojans, malware can take many forms and have very diverse consequences on your devices.

Man-in-the-Middle Attack

In man-in-the-middle (MitM) attacks, a malicious actor intercepts communication between two parties without their knowledge or consent, which allows the attacker to eavesdrop on the conversation, altering or stealing information exchanged between the two parties.

MFA Fatigue Attack

An MFA fatigue attack is a tactic where attackers flood a user with repeated multi-factor authentication requests, exploiting the user’s decreasing alertness due to exhaustion. This vulnerability is then used to breach an account or system.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a security method in which users have to provide two or more forms of verification to access a system or account. It can rely on three different types of identifiers: something the user knows, something the user has, and something the user is.

N

NIS2

The Network and Information Security Directive is a piece of legislation that aims to set a common level of cyber security within Member States of the European Union. Its goal is to protect critical sectors by setting stricter cyber security standards, but it also focuses on rapid incident reporting and greater cooperation between EU members on cyber security.

NIS2 checklist: Implementing obligations and managing compliance in a structured way

This NIS2 checklist shows you how to implement NIS2 obligations in Germany in a practical way – from governance and awareness to technology, including the implementation act and evidence.

NIS2: Who is affected? A clear overview for companies

NIS2 has applied since 2025: Check in minutes if your company is affected – and find out what counts for security and compliance now.

NIST Cybersecurity Framework 2.0: Governance, Maturity and Practical Implementation

The NIST Cybersecurity Framework 2.0 expands its scope to all organisations and introduces Governance as the sixth core function – your practical guide. Contents Overview: NIST 2.0 What is NIST? The National Institute of Standards and Technology (NIST) is a non-regulatory research agency of the U.S. Department of Commerce. What NIST develops – from atomic […]

P

Phishing

Phishing is a type of cybercrime in which attackers use different channels – often fraudulent emails – to deceive individuals into revealing sensitive information.

Phishing simulation

Phishing simulations are simulated phishing attacks that educate employees on recognizing and defending against email-based threats. They help improve employee awareness, identify vulnerabilities, and cultivate a resilient cyber security culture.

Pretexting

Pretexting is a social engineering technique where an attacker fabricates a scenario and assumes a false identity to manipulate individuals into divulging confidential information or performing actions that compromise security.

S

Shadow IT

Shadow IT represents the hidden side of cyber security where employees use software, hardware, or cloud services behind the scenes, without IT’s approval, inadvertently paving the way for cybercriminals.

Smishing

Smishing is a form of phishing where cybercriminals use text messages to lure recipients into disclosing sensitive information or downloading malware to their devices.

Social Engineering

Cybercriminals use social engineering techniques to manipulate their victims into disclosing sensitive information.

Spoofing

Spoofing is a deceptive practice where hackers mask their identity to emulate a trusted source as part of a fraudulent scheme. It can play out across different channels, from GPS and text messages to email, and relies on three pivotal elements: the appearance of a familiar user, the imitation of a trusted device, and the simulation of a safe location.

Successfully implement NIS2 compliance

Building resilient NIS2 compliance in companies requires clear processes. Learn how organisations can minimise liability risks.

T

The COBIT framework in detail: Strategically aligning IT governance

If you want to seamlessly combine IT security and business objectives, you need clear structures. The COBIT framework minimises risks and creates measurable added value.

TOGAF framework: structuring enterprise architecture

The TOGAF framework gives IT architects a common language. This article looks at what the TOGAF framework is for, where it tends to be useful, and whether certification is worth considering. Contents What is TOGAF? A practical introduction The TOGAF framework, short for The Open Group Architecture Framework, is a widely used method for planning, […]

V

Virtual CISO (CISO-as-a-Service): Is the model worth it?

A Virtual CISO can professionalise security management or become an expensive subscription. This overview shows when CISO-as-a-Service makes sense and what role human risk management plays. Contents Overview: CISO-as-a-Service Tasks of a (virtual) CISO: What’s behind CISO-as-a-Service CISO-as-a-Service does not describe an additional operational role, but a leadership function. The focus is on management, prioritisation, […]

Vishing

With vishing, cybercriminals attempt to trick users into divulging sensitive information via a telephone call.

Voice cloning

Voice cloning is a deepfake deception where a cybercriminal uses AI to replicate, with high accuracy, the voice of someone the victim knows.

VPN

A VPN, or Virtual Private Network, acts as a digital cloak for your online presence. By encrypting your internet connection, it shields your data from potential snoopers and secures your online activities.

No results!

Most popular terms

Spoofing

Spoofing

Spoofing is a deceptive practice where hackers mask their identity to emulate a trusted source as part of a fraudulent scheme. It can play out across different channels, from GPS and text messages to email, and relies on three pivotal elements: the appearance of a familiar user, the imitation of a trusted device, and the simulation of a safe location.

 Voice cloning

Voice cloning

Voice cloning is a deepfake deception where a cybercriminal uses AI to replicate, with high accuracy, the voice of someone the victim knows.

 VPN

VPN

A VPN, or Virtual Private Network, acts as a digital cloak for your online presence. By encrypting your internet connection, it shields your data from potential snoopers and secures your online activities.

Scale your security
culture with ease

See how SoSafe supports CISOs, administrators, and end-users in building continuous resilience.

Get started

Frau arbeitet an einem Tablet
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

The human risk platform that deploys in days, not months

Already a customer?

Implement enterprise-grade security awareness in just 2 days with only 20 minutes of management time required.

See how our gamified, micro-learning approach gets 70% active reporting in 6 months.

See how organisations like yours reduced phishing click rates from 20% to 3.5% in just 18 months.

Compliance & security

ISO 27001
TISAX
GDPR
The Forrester Wave™ Strong Performer 2024: Human Risk Management Solutions

Experience our products first-hand

Use our online test environment to see how our platform can help you empower your team to continuously avert cyber threats and keep your organization secure.

The Forrester Wave™ Strong Performer 2024: Human Risk Management Solutions
Products

Security awareness training

Create safer habits through personalized, gamified, and story-based cybersecurity awareness training.

Smart phishing simulations

Improve your employees’ threat reporting skills and accelerate threat detection.

Always-on human security copilot

Transform your workforce into a proactive defence line with our AI-powered conversational chatbot Sofie.

Human risk management tool

Continuously monitor, measure, and mitigate human risk in real time with the Human Risk OS platform.

Discover our solutions
with our product tours

Human Risk OS Start virtual tour
Solutions

Become security compliant

Security compliance

Automate and accelerate time to compliance

Build a security culture

Security culture

Integrate secure behaviour into your organisation’s DNA

For the manufacturing sector

Train your entire workforce and stay compliant

Discover our customer success stories

Customer stories Read now
Pricing
Resources

Read

Reports Guides Blog Glossary Perks Customer stories

Watch

Webinars Replays Stories of digital self-defence

Listen

Podcast

Attend

All events Human Firewall Conference

Test

Danger Lab Phishing game Test your cyber resilience NIS2 readiness assessment

Featured

Drive safe AI adoption across your workforce

Build AI literacy that protects your 
organisation’s data, compliance and reputation.

Explore resources
Company

Join our hero squad

Looking for a mission that matters? Become a cyber hero with us and make the digital world a safer place.

Become a cyber hero with us and make the digital world a safer place.

Apply now
Partners
Become a partner Become an MSP partner
Contact Login
Languages

This page is not available in English yet.

Diese Seite ist noch nicht in Ihrer Sprache verfügbar. Sie können auf Englisch fortfahren oder zur deutschen Startseite zurückkehren.

Cette page n’est pas encore disponible dans votre langue. Vous pouvez continuer en anglais ou revenir à la page d’accueil en français.

Deze pagina is nog niet beschikbaar in uw taal. U kunt doorgaan in het Engels of terugkeren naar de Nederlandse startpagina.

Esta página aún no está disponible en español. Puedes continuar en inglés o volver a la página de inicio en español.

Questa pagina non è ancora disponibile nella tua lingua. Puoi continuare in inglese oppure tornare alla home page in italiano.