The FREE Cybersecurity Glossary by Thor Pedersen!

Export Administration Regulations (EAR): United States regulatory laws that govern the export and re-export of most commercial items, including "dual-use" items that can serve both commercial and military or proliferation applications. EAR is administered by the Bureau of Industry and Security under the US Department of Commerce and covers technologies such as computers, software, and certain types of data. Companies must comply with EAR when exporting goods and services that could have implications on national security, foreign policy, and anti-terrorism.

Exposure: In the context of finance and investments, exposure refers to the degree to which an investor or business is open to risk from market fluctuations, which could potentially lead to loss. In cybersecurity, exposure denotes the vulnerability of an organization or individual to potential threats that could lead to unauthorized access or damage to information systems and data. It is often used to measure the risk associated with network interfaces, code, or practices that make a system susceptible to cyberattacks. Reducing exposure is key to strengthening the security posture.

Exposure Factor (EF): A metric that represents the magnitude of loss or impact that a threat could have on a system or data. It's quantified as a percentage of loss that a realized threat would have on a specific asset. For example, an EF of 0.2 (or 20%) for a specific threat would indicate that a realization of that threat would result in a loss of 20% of the asset's value.

Extended Enterprise: A network of associated entities that a central organization interacts with directly or indirectly, including suppliers, vendors, partners, contractors, and customers. These entities have access to certain data or systems of the central organization, thereby extending the risk landscape and necessitating the use of additional controls to safeguard assets and data.

eXtensible Access Control Markup Language (XACML): A declarative access control policy language implemented in XML and a processing model that defines how access control decisions are evaluated from the policy. It enables fine-grained control of authorized activities, providing the ability to manage more detailed restrictions than traditional access control lists (ACLs).

eXtensible Markup Language (XML): A flexible text-based format derived from SGML (Standard Generalized Markup Language) that is used to store and transport data. XML provides a way to structure data so that it can be both human and machine-readable. It is widely used for the representation of arbitrary data structures, such as those used in web services. XML is extensible because it allows users to define their own elements. Its purposes include but are not limited to, describing data, encoding documents, and serializing complex data structures across network connections.