Glossary

Cybersecurity Glossary for Nonprofits

Plain-language definitions of the terms that appear in incident response plans, cyber insurance policies, and cybersecurity frameworks — written for nonprofit administrators, not security professionals.

Business Continuity Plan (BCP): A business continuity plan is a documented set of procedures for how an organization maintains essential operations during and after a disruptive event — not just a cyberattack, but any significant disruption including natural disasters or infrastructure failure. A BCP is broader than an incident response plan, which focuses specifically on cyber incidents.
CIS Controls: The CIS Controls (Center for Internet Security Controls) are a prioritized set of cybersecurity best practices maintained by the Center for Internet Security. CIS Controls v8 organizes 18 control categories by implementation priority. IRPForge uses CIS Controls v8 as one of two foundational frameworks for the incident response plans it generates. CIS does not endorse or certify IRPForge.
Containment: Containment is the incident response phase immediately following detection, where the goal is to stop a threat from spreading further. Containment actions include isolating affected systems, revoking compromised credentials, and suspending suspicious accounts — without destroying evidence needed for investigation.
Data Breach: A data breach is an incident in which unauthorized individuals access, copy, transmit, or expose sensitive data. In most U.S. states, a data breach involving personal information triggers legal notification obligations — requirements to notify affected individuals and, in many cases, state regulators within a defined timeframe.
Eradication: Eradication is the incident response phase following containment, where the threat is removed from your environment. This includes cleaning malware, closing vulnerabilities, resetting compromised credentials, and blocking attacker infrastructure — before any affected systems are brought back online.
Incident Response Plan (IRP): An incident response plan is a documented set of procedures that defines how an organization detects, responds to, and recovers from a cyber incident. It specifies roles, response steps, notification procedures, and documentation requirements. A written IRP is required by many cyber insurance carriers and increasingly referenced in nonprofit board governance and funder requirements.
Mean Time to Recover (MTTR): Mean Time to Recover (MTTR) is a metric that measures the average time between the detection of a cyber incident and the full restoration of normal operations. Organizations with documented incident response plans are better positioned to reduce MTTR by having response steps and decision authority defined before an incident occurs.
NIST Cybersecurity Framework (NIST CSF): The NIST Cybersecurity Framework is a voluntary set of cybersecurity best practices developed by the National Institute of Standards and Technology. It organizes cybersecurity activities into five functions: Identify, Protect, Detect, Respond, and Recover. IRPForge uses the NIST CSF as one of two foundational frameworks for the plans it generates. NIST does not endorse or certify IRPForge.
Phishing: Phishing is a form of social engineering in which an attacker sends a deceptive communication — typically an email — designed to appear as a trusted contact or institution. The goal is to trick the recipient into revealing credentials, clicking a malicious link, or authorizing a fraudulent action. Phishing is the most common initial entry point for nonprofit data breaches.
Ransomware: Ransomware is malicious software that encrypts files on an infected system and demands payment in exchange for the decryption key. Nonprofits are frequent ransomware targets because they often hold sensitive data, lack offline backups, and cannot sustain extended operational downtime — making payment feel like the fastest path to recovery.
Recovery: Recovery is the incident response phase in which affected systems and operations are restored to normal function after a threat has been contained and eradicated. Recovery includes restoring from clean backups, verifying system integrity, and returning to normal operations in a controlled sequence — not all at once.
Tabletop Exercise: A tabletop exercise is a facilitated discussion in which an organization's leadership walks through a simulated cyber incident scenario to test their response procedures. Tabletop exercises are typically led by outside security consultants and cost $5,000-$35,000. They test the plan — not replace it. IRPForge generates the written plan that a tabletop exercise would evaluate.

Generate your organization's complete incident response plan.

Get Free Sample →