Plain-English definitions for common security terms, certifications, and tooling. Each card explains what it is and why it matters.
What it is: A UK baseline security certification focused on five core controls.
What it certifies: You have practical baseline protections against common internet threats.
In practice: It is often the first step for small businesses that need to show clients they take security seriously.
What it is: The audited version of Cyber Essentials with independent technical testing.
What it certifies: Your controls are not just documented, they are technically verified.
In practice: CE+ gives stronger assurance for contracts and supplier checks because an external assessor validates your setup.
What it is: An information security management standard based on risk and governance.
What it certifies: You run a formal, repeatable security management system.
In practice: It helps prove security is managed continuously, not treated as a one-off project.
What it is: Security Information and Event Management - log ingestion, correlation, and alerting.
Why it matters: Helps detect suspicious activity across systems from one monitoring point.
In practice: It centralises signals from Microsoft 365, endpoints, firewalls, servers, and cloud services for investigation.
What it is: Security Operations Center - people, process, and tooling for ongoing monitoring and response.
Why it matters: Turns alerts into real operational security actions.
In practice: A SOC is the team and workflow behind the tooling, including triage, escalation, and containment decisions.
What it is: Endpoint Detection and Response focused on device-level telemetry and containment.
Why it matters: Detects and isolates endpoint threats quickly.
In practice: It monitors laptops and servers for suspicious behaviour and can isolate compromised devices fast.
What it is: Extended Detection and Response that correlates endpoint, identity, email, and network signals.
Why it matters: Better context and faster investigation than siloed tools.
In practice: XDR connects related alerts into one incident so teams can respond with less manual stitching.
What it is: Managed Detection and Response - outsourced threat monitoring and response support.
Why it matters: Gives smaller teams enterprise-style monitoring capability.
In practice: It is useful when you need 24/7 eyes on alerts but do not have an internal security operations team.
What it is: Secure/Multipurpose Internet Mail Extensions for email signing and encryption.
Why it matters: Proves sender authenticity and helps protect sensitive email content.
In practice: It reduces impersonation risk and lets recipients verify that sensitive messages are genuine.
What they are: Email authentication controls to reduce spoofing and domain abuse.
Why they matter: Core protection against impersonation and business email compromise.
In practice: Together they improve mail trust, lower fake-domain abuse, and give reporting visibility into spoof attempts.
What it is: Multi-Factor Authentication requiring extra verification beyond passwords.
Why it matters: Major reduction in account takeover risk.
In practice: Even if a password is stolen, attackers are blocked without the second factor.
What it is: Policy-based access control using identity risk, device trust, and location.
Why it matters: Blocks risky logins before they become incidents.
In practice: You can require stronger checks for high-risk sign-ins while keeping normal user access smooth.
We can map these terms into a practical, staged roadmap for your team and budget.
Registered office address
Brookfield Court Selby Road, Garforth, Leeds, West Yorkshire, United Kingdom, LS25 1NB
Company number 16967890