Cybersecurity, AI, governance, software development, GDPR, product, ESG: the key terms and acronyms behind Kaliteq's diagnostics, explained simply.
50 terms
Agile methodologies (notably Scrum and Kanban) organize work in short, iterative cycles, with frequent deliveries and continuous adjustments based on feedback.
Project managementAn AI agent is a system able to plan and execute a sequence of actions autonomously to reach a goal, relying on an LLM and external tools, rather than simply answering a single question.
Artificial IntelligenceAn API is a set of rules that lets two pieces of software communicate, exposing functionality or data without either one needing to know the other's internal workings.
Software developmentCMMI is a maturity model that describes five progression levels (initial, defined, managed, quantitatively managed, optimizing) to assess how well an organization's processes are under control, originally for software development and later extended to other domains.
GovernanceThe CISO drives the organization's cybersecurity strategy: defining the security policy, coordinating risk and incident management, and reporting the company's exposure to leadership.
CybersecurityThe CIS Controls are a prioritized list of concrete security measures, published by the Center for Internet Security, designed to be implemented progressively starting with the highest-impact controls.
CybersecurityCOBIT (Control Objectives for Information and Related Technologies) is an IT governance framework that connects business goals to IT goals and provides management and control practices for each domain.
GovernanceA CVE is a unique public identifier assigned to a known software vulnerability, letting every security actor refer unambiguously to the same flaw.
CybersecurityCVSS is a standardized 0-to-10 scale that scores a vulnerability's severity using objective criteria (ease of exploitation, impact on confidentiality, integrity and availability).
CybersecurityUnder GDPR, consent is a freely given, specific, informed and unambiguous indication by which a person agrees to the processing of their data, and it must be as easy to withdraw as it was to give.
GDPRCI/CD refers to the automation of build, test and deployment steps, enabling changes to be shipped to production frequently and reliably.
Software developmentA DPIA is a formal assessment, required for data processing likely to result in a high risk to individuals, evaluating necessity, proportionality and the measures needed to reduce that risk.
GDPRThe DPO is the person responsible for ensuring GDPR compliance within the organization: advising, monitoring, training teams and acting as the point of contact with the data protection authority.
GDPRA Data Room is a secure space, usually digital, where the documents needed for a due diligence, fundraising round or audit are centralized, with fine-grained access control and consultation tracking.
Technology Due DiligenceDesign Thinking is a user-centered problem-solving method structured around empathy, problem definition, ideation, prototyping and testing.
ProductDevOps refers to a set of cultural and technical practices that bring development and operations teams closer together to deliver software faster and more reliably.
Software developmentDORA metrics (from the DevOps Research and Assessment program) measure a software team's performance across four indicators: deployment frequency, lead time for changes, change failure rate and time to restore service.
Software developmentAn EDR agent runs on endpoints and servers, continuously watching for suspicious behavior, raising alerts and automatically isolating a compromised machine.
CybersecurityESG refers to the three families of non-financial criteria used to assess an organization's responsibility and sustainability: its environmental impact, its social practices and the quality of its governance.
ESGThe AI Act is the EU regulation that classifies AI systems by risk level (unacceptable, high, limited, minimal) and imposes proportionate obligations, notably on transparency and risk management, for the most sensitive uses.
Artificial IntelligenceFine-tuning consists of partially retraining an existing AI model on a company-specific dataset, specializing its behavior without starting from scratch.
Artificial IntelligenceANSSI is France's reference cybersecurity authority: it publishes recommendations, qualifies service providers and supports organizations hit by major attacks.
CybersecurityGenerative AI refers to systems capable of producing original content (text, images, code, audio) rather than merely classifying or predicting existing data.
Artificial IntelligenceGitOps is a practice that uses a Git repository as the single source of truth for the desired state of infrastructure and deployments, with every change going through a review (pull request) before automatic application.
Software developmentIAM covers the processes and tools that manage the full lifecycle of digital identities: account creation, rights assignment, periodic access review and revocation upon departure.
CybersecurityThe Information Security Policy is the reference document that formalizes an organization's security rules, principles and responsibilities. It is the foundation on which every technical and organizational control is later built.
CybersecurityITIL (Information Technology Infrastructure Library) is a set of best practices for IT service management: incident, change, problem and request management.
GovernanceAn LLM is an AI model trained on massive amounts of text, able to understand and generate natural language to answer questions, summarize or draft content.
Artificial IntelligenceThe legal basis is the legal ground, among the six provided by GDPR (consent, contract, legal obligation, vital interest, public interest task, legitimate interest), that justifies a personal data processing activity.
GDPRAn MVP is the simplest version of a product that lets a team test a hypothesis with real users at minimal cost, before deciding whether to invest further.
ProductMCP is an open protocol that standardizes how an AI model connects to external tools, databases and services, rather than building a proprietary integration for each source.
Artificial IntelligenceMFA requires at least two independent proofs of identity to access an account: a password combined with a one-time code, a physical key or a biometric factor.
CybersecurityThe NIST Cybersecurity Framework is a widely adopted reference model that structures cybersecurity management around five functions: identify, protect, detect, respond and recover.
CybersecurityThe North Star Metric is the single indicator that best captures the value a product delivers to its users, used as a shared compass to prioritize product decisions.
ProductProduct Discovery covers the research activities carried out before building a feature, to check that it is desirable for users, viable for the business and technically feasible.
ProductPrompt engineering is the practice of formulating and structuring the instructions given to a generative AI model to obtain more relevant, reliable and usable responses.
Artificial IntelligenceA POC is a limited demonstration, built quickly and cheaply, meant to verify that an idea or technology is technically feasible before investing further.
InnovationA RACI matrix clarifies, for each task or decision in a project, who is Responsible for doing it (R), who is Accountable for the result (A), who must be Consulted (C) and who must be Informed (I).
GovernanceThe record of processing activities lists, for each activity involving personal data, its purpose, the data concerned, recipients, retention period and associated security measures.
GDPRRAG combines a document retrieval engine with an LLM: before answering, the system fetches the most relevant passages from a company's own knowledge base, then feeds them into the model's context.
Artificial IntelligenceA roadmap presents, over time, the major priorities and milestones of an IT, product or security strategy, aligning stakeholders on what will be done and in what order.
GovernanceA SIEM centralizes and correlates event logs across the entire information system to detect attack patterns invisible when looking at any single source alone.
CybersecurityThe SOC is the team (in-house or outsourced) and tooling dedicated to continuous monitoring, detection and first response to security incidents, around the clock or during business hours depending on the organization's maturity.
CybersecurityTechnical debt refers to the future cost created by quick or imperfect technical choices made to move faster in the short term, which will eventually need to be fixed.
Software developmentTechnology due diligence is the in-depth examination of a company's information system, software architecture, security and technical teams, carried out ahead of a fundraising round, acquisition or investment.
Technology Due DiligenceChoose your framework, define your scope, and get started in minutes.
Try free for 7 days