Glossary of Terms

Your guide to the specialized language of alternative investments.

Session Sharing

The process of sharing active application sessions between team members without revealing passwords.

Zero-Knowledge

A security architecture where the service provider has no access to the user's unencrypted data or keys.

AES-256

Advanced Encryption Standard with a 256-bit key, one of the most secure encryption methods available.

RBAC

Role-Based Access Control: A method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

End-to-End Encryption

A system of communication where only the communicating users can read the messages.

SSO

Single Sign-On: An authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

OAuth 2.0

The industry-standard protocol for authorization, allowing limited access to user accounts on an HTTP service.

SAML

Security Assertion Markup Language: An open standard for exchanging authentication and authorization data between parties.

Multi-Factor Authentication

A security system that requires more than one method of authentication from independent categories of credentials.

Browser Isolation

A cybersecurity technique that segregates the web browsing activity from the local network and infrastructure.

Session Hijacking

The exploitation of a valid computer session to gain unauthorized access to information or services.

Cookie Token

A small piece of data stored on the user's computer by the web browser while browsing a website.

JWT

JSON Web Token: An open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

TLS

Transport Layer Security: A cryptographic protocol designed to provide communications security over a computer network.

Penetration Testing

The practice of testing a computer system, network or web application to find security vulnerabilities.

SOC 2

A voluntary compliance standard for service organizations, developed by the AICPA, which specifies how organizations should manage customer data.

GDPR

General Data Protection Regulation: A regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

API Key

A unique identifier used to authenticate a user, developer, or calling program to an API.

HTTPS

Hypertext Transfer Protocol Secure: An extension of the Hypertext Transfer Protocol (HTTP) used for secure communication.

Data Masking

The process of obscuring specific data within a database to protect sensitive information.

Brute Force Attack

A trial-and-error method used by application programs to decode encrypted data such as passwords or DES keys.