IT Glossary — Law 25, Cybersecurity, M365

Azure Cloud: Microsoft's cloud platform offering on-demand compute, storage, databases, AI and networking.
Conditional Access Security: A Microsoft security policy that controls access based on conditions (location, device, identity risk). A component of Zero Trust.
Security Audit Security: A systematic assessment of security controls : policies, procedures, infrastructure, configurations.

Backup backup Infrastructure: A copy of data that allows restoration after a disaster, ransomware attack or human error. The 3-2-1 rule : 3 copies, 2 media, 1 offsite.
Break-fix IT Services: The traditional model where the client contacts the technician only when a problem arises. The opposite of an MSP (proactive and preventive).

CAI Commission d'accès à l'information Law 25: The Quebec body that oversees Law 25 and access to information. Confidentiality incidents must be reported to it.
Cloud cloud computing Cloud: A model for accessing computing resources over the Internet on demand, without local infrastructure. Variants : public (Azure, AWS), private, hybrid.
Compliance compliance Law 25: Adherence to applicable laws, regulations and standards. In Quebec : Law 25, PIPEDA, ISO 27001, NIST.

Defender Microsoft Defender Security: Microsoft's security suite integrated into M365/Azure. Includes EDR, identity threat detection, cloud app protection and SIEM (Sentinel).
DPO Data Protection Officer Law 25: The English equivalent of the Privacy Officer (RPRP). Ensures compliance with data protection laws.
DRP Disaster Recovery Plan Infrastructure: A document describing the procedures for restoring IT systems after a major incident. Defines RTO/RPO objectives.

EDR Endpoint Detection and Response Security: A real-time monitoring solution for workstations and servers. Detects advanced threats and enables rapid incident response. Replaces the traditional antivirus.
PIA Privacy Impact Assessment (EFVP) Law 25: An assessment of privacy risks for projects involving personal data. Mandatory under Law 25 for higher-risk projects. Known in French as the EFVP (Évaluation des facteurs relatifs à la vie privée).
Entra ID formerly Azure AD Security: Microsoft's identity and access management service. Authenticates users, manages access rights and enforces security policies for M365 and cloud apps.

Intune Microsoft Intune Security: Microsoft's MDM/MAM solution. Configures, secures and monitors Windows, Mac, iOS and Android devices.
IaaS Infrastructure as a Service Cloud: A cloud model where the provider supplies the infrastructure (virtual servers, storage, networking). The client manages the OS, apps and data. E.g. : Azure virtual machines.
IAM Identity and Access Management Security: Policies and technologies for managing digital identities and controlling access to resources. Includes authentication, authorization and account lifecycle.

M365 Microsoft 365 Cloud: A cloud productivity and security suite : Office 365, Entra ID, Intune, Defender, SharePoint. The primary solution deployed by Synéra.
MDR Managed Detection and Response Security: A managed service combining EDR/SIEM and 24/7 analysts to detect, investigate and respond to cyberthreats. SOC capabilities without an in-house team.
MFA Multi-Factor Authentication Security: Authentication requiring 2+ proofs of identity (something you know/have/are). Reduces the risk of account compromise by 99%.
MSP Managed Service Provider IT Services: A company that proactively manages other organisations' IT infrastructure, security and support through a monthly subscription. Synéra is an MSP specialised for Quebec SMEs.

Phishing hameçonnage Security: A cyberattack using fraudulent email or SMS that impersonates a legitimate organisation to steal credentials or install malware. The leading attack vector against Canadian SMEs.
PIA Privacy Impact Assessment Law 25: See PIA / EFVP.
SME Small and medium-sized enterprise (PME) General: In Quebec, generally fewer than 500 employees. The majority of Quebec businesses, all subject to the obligations of Law 25.

Ransomware rançongiciel Security: Malicious software that encrypts data and demands a ransom to decrypt it. SMEs are prime targets. Protection : EDR + immutable backups + training + MFA.
RPD Personal health information Law 25: A category of sensitive personal information with enhanced protections under Law 25. Information about a person's physical or mental health.
Privacy Officer Person in charge of the protection of personal information (RPRP) Law 25: The person designated by an organisation for Law 25 compliance. By default, the senior executive. Can be outsourced to Synéra.
RTO / RPO Infrastructure: RTO (Recovery Time Objective) = the maximum service downtime tolerated after a disaster. RPO (Recovery Point Objective) = the maximum data loss tolerated (in time). E.g. : RTO 4h + RPO 1h = systems are back up within 4h, with data no older than 1h.

SaaS Software as a Service Cloud: A model for delivering software over the Internet. The app is hosted by the provider and accessed by subscription (M365, Salesforce, HubSpot). No local installation.
Sentinel Microsoft Sentinel Security: Microsoft's Azure-native SIEM/SOAR solution. Collects and analyzes security logs to detect threats and automate incident response.
SIEM Security Information and Event Management Security: A platform that centralizes and analyzes security event logs. Detects attack patterns that are impossible to spot on isolated systems. E.g. : Sentinel.
SOC Security Operations Center Security: A cybersecurity operations centre that continuously monitors, detects, analyzes and responds to incidents. Can be in-house or a managed service (SOC as a Service) from a provider such as Synéra.
SSO Single Sign-On Security: A mechanism whereby the user authenticates once to access multiple applications. Improves UX, centralizes access control and reduces the attack surface.

VPN Virtual Private Network Security: An encrypted tunnel between a device and the corporate network over the Internet. Lets remote employees access internal resources securely. Zero Trust architecture often replaces the traditional VPN with more granular ZTNA solutions.
Vulnerability Security: A flaw in a system, app or process that an attacker can exploit. Vulnerability management : identification (scan), prioritization, remediation (patch management).

Zero Trust zero trust Security: A security architecture based on the principle "never trust, always verify." Every access to a resource is verified regardless of the user's location. Components : MFA, conditional access, EDR, network microsegmentation.
ZTNA Zero Trust Network Access Security: A modern alternative to the traditional VPN. Grants access to the specific applications a user needs based on their identity and context, rather than general access to the network.

IT acronyms and terms explained
simply.