Your glossary for risk and compliance
Helpful definitions of all of the terms you need to know to better manage risk and compliance.
TermsAFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Communication and consultation Compliance Automation Software Compliance Risk Management Consequence Context control Cybersecurity Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST How many controls are there in ISO 27001? Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 ISO 27001 certified ISO/IEC 27000 ISO/IEC 27004 ISO/IEC 27005 ISO/IEC 27017 ISO/IEC 27018 Level of risk Likelihood Notifiable Data Breach OAIC Policy Management Risk Risk analysis Risk identification Risk management Risk management framework Risk management plan Risk management policy Risk management process Risk owner Risk profile Risk review Risk source Risk treatment SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Stakeholder Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management What are the ISO 27001 controls? What is an ISO 27001 internal audit? What is an ISO 27001 risk treatment plan? What is an IT security policy? What is Hacking? What is ISO 27002? What is PaaS (Platform-as-a-Service)? What is the ASD Essential 8? What is the ISO 27001 management review? What is the ISO 27001 Stage 1 Audit? What is the ISO 27001 stage 2 audit?
What is cybersecurity?
A significant portion of business depends on cloud storage, communications, or infrastructure. Therefore, protecting your systems and assets in the cloud should be a primary priority. Cloud security measures keep infiltrators from impacting or hacking into your infrastructure. They also secure data you have stored in the cloud, whether its proprietary information or that of your clients. A complete cloud security solution regulates who has access to your cloud-based traffic. You can limit the access of outsiders as well as those within the organization. Because each business is unique, there are cloud security options for a wide variety of needs. Many of them can be custom-tweaked to create a 100% unique solution.
Cybersecurity is the work of protecting data, information, programs, systems, networks, and devices from unauthorized or malicious access and use by external sources on the internet.
Cybersecurity programs and policies must consider the interplay of people, processes, and technology in order to support education and compliance with established practices regarding the shared responsibility of protecting data and information. An appropriate cybersecurity approach will implement layers of protection that account for the various devices, networks, programs, and data that an organization aims to protect. The challenge and importance of effective cybersecurity only continues to grow as individuals utilize more devices and organizations engage wider and more complex networks to deliver services.
Organizations should have plans in place for the proactive protection of systems from external access, as well as for managing what steps to take in the event of a data breach. Companies of all types, and companies that gather or store customer data at any scale, may be susceptible to breaches. Data breaches can be very costly, both financially and reputationally.
Cybersecurity is particularly important for organizations that work within and serve regulated industries like finance, insurance, and healthcare. In addition to meeting regulatory requirements, solid cybersecurity policies and practices serve as important evidence for clients, prospects, partners, employees, and other key audiences that an organization is serious about the security of sensitive data and information.
Back to glossary search