IT, Cybersecurity & Compliance Glossary for Investment & Professional Firms

Plain-language definitions of the IT, cybersecurity, and compliance terms that matter to investment firms, registered investment advisers, wealth managers, family offices, law firms, and accounting firms across Dallas-Fort Worth. Search a term, or browse by category below.

Compliance & Regulatory →24 terms Cybersecurity →16 terms Managed IT & MSP →8 terms Cloud & Secure AI →6 terms

Compliance & Regulatory

ABA Formal Opinion 477R — ABA Formal Opinion 477R is an American Bar Association ethics opinion stating that lawyers must use reasonable efforts to protect the confidentiality of client information when…
FINRA Cybersecurity Requirements — FINRA cybersecurity requirements are the expectations the Financial Industry Regulatory Authority sets and examines for member firms' protection of customer data and systems, drawing on existing…
FINRA Rule 4530 — FINRA Rule 4530 requires FINRA member firms to report specified events to FINRA — including certain regulatory actions, customer complaints, and findings of securities-law violations —…
Form ADV — Form ADV is the uniform application and disclosure document that investment advisers use to register with the SEC and state securities authorities. It includes regulatory data,…
FTC Safeguards Rule — The FTC Safeguards Rule requires financial institutions under the Federal Trade Commission's jurisdiction to develop, implement, and maintain a written information security program to protect customer…
GLBA (Gramm-Leach-Bliley Act) — The Gramm-Leach-Bliley Act (GLBA) is the U.S. federal law that requires financial institutions to explain how they share and protect customers' nonpublic personal information, implemented through…
HIPAA Breach Notification Rule — The HIPAA Breach Notification Rule requires covered entities and business associates to notify affected individuals, the U.S. Department of Health and Human Services, and in some…
HIPAA Business Associate Agreement (BAA) — A HIPAA Business Associate Agreement (BAA) is the contract required between a HIPAA covered entity and a business associate that handles protected health information on its…
HIPAA Security Rule — The HIPAA Security Rule is the federal regulation that requires covered entities and their business associates to protect electronic protected health information through administrative, physical, and…
Investment Advisers Act Recordkeeping Rule — The Investment Advisers Act Recordkeeping Rule (Rule 204-2) requires registered investment advisers to make and preserve specified books and records, including business communications, for a defined…
IRS Publication 4557 — IRS Publication 4557, "Safeguarding Taxpayer Data," is IRS guidance that directs tax professionals to protect taxpayer information and to create, maintain, and follow a written data…
Legal Hold and E-Discovery — A legal hold is the obligation to preserve potentially relevant information once litigation is reasonably anticipated. E-discovery is the process of identifying, collecting, and producing electronically…
NIST Cybersecurity Framework — The NIST Cybersecurity Framework (NIST CSF) is a voluntary framework from the U.S. National Institute of Standards and Technology that organizes cybersecurity risk management into a…
PCI DSS 4.0 — PCI DSS 4.0 is the current major version of the Payment Card Industry Data Security Standard — the set of security requirements that organizations storing, processing,…
SEC Custody Rule — The SEC Custody Rule is the Investment Advisers Act rule governing registered investment advisers who have custody of client funds or securities. It requires client assets…
SEC Division of Examinations — The SEC Division of Examinations is the division of the U.S. Securities and Exchange Commission that conducts examinations of registered entities — including investment advisers and…
SEC Marketing Rule — The SEC Marketing Rule is the U.S. Securities and Exchange Commission rule governing how registered investment advisers advertise. It sets standards for advertisements and testimonials and…
SEC Reg S-P Incident Response Plan — A SEC Reg S-P incident response plan is the written program a covered firm must maintain to detect, respond to, and recover from unauthorized access to…
SEC Regulation S-P — SEC Regulation S-P is the U.S. Securities and Exchange Commission rule that requires registered investment advisers, broker-dealers, and investment companies to adopt written policies and procedures…
SOC 2 (Type 1 vs Type 2) — SOC 2 is an AICPA reporting framework that evaluates how well a service organization protects customer data against Trust Services Criteria. A Type 1 report assesses…
SOC for Cybersecurity — SOC for Cybersecurity is an AICPA reporting framework through which an organization can communicate, and have independently examined, information about its enterprise-wide cybersecurity risk management program.
Texas Data Breach Notification Law — The Texas data breach notification law requires businesses that own or license computerized data containing sensitive personal information to notify affected individuals — and, for larger…
Texas SB 2610 — Texas SB 2610 is a Texas law that provides a cybersecurity safe harbor — limiting certain liability in data-breach litigation — for businesses that implement and…
Written Information Security Program (WISP) — A written information security program (WISP) is a formal, documented plan describing the administrative, technical, and physical safeguards an organization uses to protect sensitive information —…

Cybersecurity

Business Email Compromise (BEC) — Business email compromise (BEC) is a financial fraud in which an attacker uses a compromised or spoofed email account to impersonate a trusted party — an…
Conditional Access — Conditional access is a security capability that evaluates each sign-in against defined conditions — such as user identity, device compliance, location, and risk level — and…
Dark Web Monitoring — Dark web monitoring is a security service that continuously scans criminal marketplaces, breach dumps, and underground forums for an organization's exposed credentials and data, alerting the…
Endpoint Detection and Response (EDR) — Endpoint detection and response (EDR) is a cybersecurity technology that continuously monitors laptops, desktops, and servers for malicious activity, records endpoint behavior, and enables rapid investigation…
Incident Response Plan — An incident response plan is a written, pre-approved set of procedures defining how an organization will detect, contain, investigate, recover from, and communicate about a cybersecurity…
Managed Detection and Response (MDR) — Managed detection and response (MDR) is a security service that combines technology and a human team to continuously detect, investigate, and respond to cyber threats on…
Multi-Factor Authentication (MFA) — Multi-factor authentication (MFA) is a security control that requires a user to present two or more independent forms of verification to access a system — typically…
Penetration Testing — Penetration testing is an authorized, simulated cyberattack against an organization's systems, performed by security professionals to identify and demonstrate exploitable vulnerabilities before a real attacker finds…
Phishing and Spear Phishing — Phishing is a cyberattack that uses fraudulent messages to trick recipients into revealing credentials, sending money, or installing malware. Spear phishing is a targeted version aimed…
Phishing-Resistant MFA — Phishing-resistant MFA is multi-factor authentication that cannot be defeated by phishing or social engineering — typically hardware security keys or passkeys based on the FIDO2 standard,…
Privileged Access Management (PAM) — Privileged access management (PAM) is the set of controls that secures, limits, and monitors accounts with elevated permissions — such as administrator accounts — which are…
Ransomware — Ransomware is malicious software that encrypts an organization's data or locks its systems, after which the attacker demands payment to restore access — often combined with…
Security Awareness Training — Security awareness training is an ongoing program that educates employees to recognize and respond correctly to cyber threats such as phishing, social engineering, and unsafe data…
Security Operations Center (SOC) — A security operations center (SOC) is a team and facility that continuously monitors an organization's systems for cyber threats, investigates security alerts, and responds to incidents…
Vulnerability Assessment — A vulnerability assessment is a systematic scan of an organization's systems, software, and configurations to identify, classify, and prioritize known security weaknesses so they can be…
Zero Trust Architecture — Zero trust architecture is a security model that assumes no user, device, or connection is trustworthy by default — every access request is verified continuously based…

Managed IT & MSP

Break-Fix IT — Break-fix IT is a reactive IT support model in which a business pays a provider to repair technology only when something fails, typically billed by the…
Co-Managed IT — Co-managed IT is a partnership model in which an organization's internal IT staff share responsibility for technology operations with an external managed services provider, with the…
Managed IT Services — Managed IT services is the practice of outsourcing an organization's IT operations to a third-party provider under an ongoing service agreement, typically for a predictable monthly…
Managed Service Provider (MSP) — A managed service provider (MSP) is a company that delivers IT and cybersecurity services to client organizations on an ongoing, proactive basis under a service agreement,…
Quarterly Business Review (QBR) — A quarterly business review (QBR) is a recurring strategic meeting between a managed services provider and a client to review IT performance, security posture, project progress,…
Service Level Agreement (SLA) — A service level agreement (SLA) is the documented commitment between a service provider and a client that defines the measurable standards of service — such as…
vCIO (Virtual Chief Information Officer) — A vCIO (virtual chief information officer) is an outsourced senior IT advisor who provides the strategic technology leadership of a CIO — roadmaps, budgeting, governance, and…
vCISO (Virtual Chief Information Security Officer) — A vCISO (virtual chief information security officer) is an outsourced senior security executive who provides the strategic security leadership of a CISO — written security programs,…

Cloud & Secure AI

Backup and Disaster Recovery — Backup and disaster recovery (BDR) is the combined practice of regularly copying data so it can be restored after loss, and maintaining the plans and infrastructure…
Managed AI / Secure AI — Managed AI — also called secure AI — is a governed approach to adopting artificial intelligence in which an organization deploys approved AI tools with data…
Microsoft Entra ID — Microsoft Entra ID is Microsoft's cloud-based identity and access management service, formerly known as Azure Active Directory. It authenticates users, enforces multi-factor authentication and conditional access,…
Microsoft Intune — Microsoft Intune is Microsoft's cloud-based endpoint management service. It enrolls and manages company and personal devices, enforces security and configuration policies, deploys applications, and protects corporate…
RTO and RPO (Recovery Objectives) — RTO (recovery time objective) and RPO (recovery point objective) are the two metrics that define a firm's disaster recovery requirements. RTO is the maximum acceptable time…
Shadow AI — Shadow AI is the use of artificial intelligence tools — such as public chatbots and generative AI assistants — by employees without the knowledge, approval, or…

Need help applying any of these to your firm?

DKBinnovative has been the managed IT and cybersecurity partner for DFW investment and professional firms since 2004. If a term on this page is shaping a decision at your firm, our team can walk through exactly how it applies to your environment. Book a 30-minute consultation, or call (888) 352-4832. We serve Plano, Frisco, Irving, Las Colinas, and the greater DFW metroplex. Contact us.