ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can be used to help organizations protect their information..
Explore...
Attestation of Compliance (AOC) is a formal declaration from an organization or individual that confirms that the organization or individual has met all of..
Explore...
The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the..
Explore...
Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United States Department of Defense (DoD) to ensure that all..
Explore...
Compliance risk management is the process of identifying, assessing, monitoring, and mitigating compliance risks associated with an organization’s operations..
Explore...
Compliance Automation Software is a type of software designed to automate the process of ensuring compliance with regulations and standards. It typically..
Explore...
Governance, Risk & Compliance (GRC) Software is a type of software that provides organizations with a comprehensive set of tools to effectively manage their..
Explore...
The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for..
Explore...
Vulnerability Management is the process of identifying, assessing, and prioritizing vulnerabilities in an organization’s systems and networks to ensure that..
Explore...
A Vendor Management Policy is a set of guidelines and procedures designed to ensure that vendors providing goods and services to an organization are properly..
Explore...
Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ability to meet the needs of an organization. This process..
Explore...
Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants..
Explore...
Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued by the Auditing Standards Board (ASB) of the American..
Explore...
SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that provide assurance about the security, availability, and..
Explore...
SOC 3 is an internationally recognized standard that is used to assess and report on the security and privacy of a service organization’s systems, processes,..
Explore...
SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service..
Explore...
The Australian Securities and Investments Commission (ASIC) is an independent Australian government body that acts as Australia's corporate regulator. ASIC's..
Explore...
An AFSL Authorised Representative is an individual or organisation that has been authorised by an Australian Financial Services Licence (AFSL) holder to..
Explore...
Vulnerability is a state of being open to potential harm, either physically, emotionally, or psychologically. It can refer to a person's susceptibility to..
Explore...
An Information Security Management System (ISMS) is a comprehensive set of policies, procedures, controls, and technologies used to protect sensitive..
Explore...
FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment,..
Explore...
The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency created under the Australian Privacy Act 1988. It is..
Explore...
The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting..
Explore...
Third-party risk management is the process of identifying, assessing, and mitigating risks associated with relationships with external entities, such as..
Explore...
A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of personal information, or a reasonable belief exists that such..
Explore...
Policy management is the process of developing, implementing, and maintaining organizational policies, procedures, and guidelines. It is a comprehensive..
Explore...
Incident management is the process of managing the lifecycle of all incidents that occur within an organization. This process includes the identification,..
Explore...
Communication and consultation is the process of exchanging information and ideas between two or more people or groups. It involves actively listening to the..
Explore...
Consequence is the result or effect of an action, decision, or set of circumstances. It is the outcome of a particular course of action and can either be..
Explore...
Risk Source is a term used to describe the origin of a potential risk that could affect an organization, project, or process. It is typically used to identify..
Explore...
Risk Profile is a term used to describe an individual's or organization's risk tolerance, which is the amount of risk they are willing to take in order to..
Explore...
Risk Owner is an individual or organization responsible for the identification, assessment, and management of risks associated with a given activity, project,..
Explore...
Risk Management Process is a systematic approach to identifying, analyzing, and responding to risks associated with an organization's operations, projects,..
Explore...
A Risk Management Policy is a document that outlines steps and procedures to be taken by an organization to identify, assess, and manage risks associated with..
Explore...
Risk Management Framework is a set of processes, policies, and tools used to identify, assess, monitor, and control risks associated with an organization’s..
Explore...
Risk identification is the process of recognizing and assessing the potential risks associated with a particular situation, event, or activity. It involves..
Explore...
Risk is the potential for loss or harm that can be caused by making a decision or taking an action. It is the uncertainty of an outcome or the potential of..
Explore...
Likelihood is the probability of an event occurring, based on past events and/or current conditions. It is a measure of the probability that something will..
Explore...
ISO/IEC 27001 Certified is an internationally recognized certification that demonstrates an organization's commitment to information security and data..
Explore...
ISO/IEC 27000 is a family of international standards developed by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC 27004 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical..
Explore...
ISO/IEC 27005 is an international standard for information security risk management. It provides a framework for organizations to assess, monitor, and manage..
Explore...
ISO/IEC is an international standardization organization that develops and publishes standards for a wide range of technologies and industries. It is a joint..
Explore...
ISO/IEC Standard is an international standard created by the International Organization for Standardization (ISO) and the International Electrotechnical..
Explore...
ISO/IEC compliance is the adherence to international standards and guidelines set forth by the International Organization for Standardization (ISO) and the..
Explore...
ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of..
Explore...
ISO/IEC certifications are a set of international standards for quality assurance and assurance of conformity. These certifications are designed to help..
Explore...
ISO/IEC Standards List is an international standard-setting body composed of representatives from various national standards organizations. It develops and..
Explore...
ISO/IEC Rules are a set of international standards for the development, implementation, and maintenance of information technology (IT) products and services...
Explore...
ISO/IEC Cloud Security Standard is an international standard developed by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and..
Explore...
ISO/IEC Information Security is a set of international standards designed to protect information from unauthorized access, disclosure, modification, or..
Explore...
ISO/IEC 27001 Activities are the processes, procedures, and controls that organizations use to protect their information assets. These activities are based on..
Explore...
ISO/IEC certification is a formal recognition that a product, process or service meets a set of standards and criteria as established by the International..
Explore...
ISO/IEC Directives are a set of standards and guidelines issued by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development, approval, publication, and maintenance of International..
Explore...
ISO/IEC Directives Part 2 is a set of rules and procedures developed by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC 27001 Controls is a set of security controls and best practices established by the International Organization for Standardization (ISO) and the..
Explore...
An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the..
Explore...
ISO/IEC Internal Audit is a systematic and independent assessment of an organization's quality management system, processes, and activities, to determine..
Explore...
ISO/IEC External Audits are independent assessments of an organization's quality management system (QMS) conducted by a third-party auditor. The purpose of..
Explore...
ISO/IEC 27001 Benefits are the advantages that organizations can gain from implementing the ISO/IEC 27001 Information Security Management System (ISMS). This..
Explore...
ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical..
Explore...
The ISO/IEC Framework is a set of standards and guidelines developed by the International Organization for Standardization (ISO) and the International..
Explore...
Access Control Policies are a set of rules and regulations that are designed to govern who has access to an organization's physical or digital resources. The..
Explore...
ISO/IEC 27001:2005 is an international standard for information security management systems (ISMS). It provides a framework for organizations to identify,..
Explore...
ISO/IEC 27001 Annex A is a set of information security controls developed by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an..
Explore...
ISO/IEC 27001 is an international standard for information security management that provides a framework for organizations to establish and maintain an..
Explore...
ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the..
Explore...
ISO/IEC Cybersecurity is a set of principles and practices designed to protect networks, systems, programs, and data from unauthorized access, use,..
Explore...
ISO/IEC Data Center is a facility that houses computer systems and associated components, such as telecommunications and storage systems. It generally..
Explore...
ISO/IEC 27001 Data Retention Policy is a set of guidelines that outlines the procedures and standards for how data should be stored, managed, and retained to..
Explore...
ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001..
Explore...
ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It is a framework of policies and procedures that..
Explore...
ISO/IEC 27001 Foundation is an international standard for Information Security Management Systems (ISMS) which provides the framework for organizations to..
Explore...
ISO/IEC 27001 Gap Analysis is an assessment of a company’s information security management system (ISMS) in relation to the requirements of the ISO/IEC 27001..
Explore...
ISO/IEC 27001 Lead Implementer is an individual with the knowledge and experience to plan, manage, and implement an Information Security Management System..
Explore...
ISO/IEC 27001 Lead Auditor is an individual who has been trained and certified to audit and evaluate an organization’s Information Security Management System..
Explore...
ISO/IEC 27001 Mandatory Clauses are the minimum requirements for an Information Security Management System (ISMS) that must be met in order for an..
Explore...
ISO/IEC 27001 Password Policy is a set of guidelines and requirements for the creation and maintenance of user passwords in order to protect the..
Explore...
ISO/IEC 27001 Penetration Testing is a type of security testing that is used to evaluate the security of an organization’s information systems and networks...
Explore...
ISO/IEC 27001 Requirement Checklist is a document that outlines the requirements for an organization to implement an information security management system..
Explore...
ISO/IEC 27001 Risk Assessment is a systematic process of identifying, evaluating, and responding to risks associated with the use, processing, storage, and..
Explore...
ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organization’s information security system. It is a comprehensive..
Explore...
ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Management System (ISMS) that defines the boundaries of the..
Explore...
ISO/IEC 27001 Secure Development Policy is a set of guidelines and standards that organizations must adhere to in order to ensure the security of their..
Explore...
ISO/IEC 27001 Security Awareness is a framework of standards and best practices that organizations can use to develop and implement a comprehensive..
Explore...
ISO/IEC 27001 Security Policy is a set of rules, processes, and procedures that define how an organization will manage its information security. It is a..
Explore...
An ISO/IEC 27001 Surveillance Audit is a periodic review of an organization's information security management system (ISMS) to ensure it is operating..
Explore...
ISO/IEC 27001 Toolkit is a collection of resources and documents designed to help organizations implement an Information Security Management System (ISMS) in..
Explore...
ISO/IEC 27001 Vulnerability Management is a set of processes and procedures used to identify, classify, prioritize, and address potential vulnerabilities in..
Explore...
ISO/IEC 27002 is an internationally recognized standard for information security management. It provides a comprehensive set of controls that organizations..
Explore...
ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International..
Explore...
ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) developed by the International Organization for..
Explore...
An information asset is any data, document, or other information-based resource that is owned, managed, or maintained by an organization. This includes..
Explore...
An Information Classification Policy is a set of guidelines and procedures that are designed to ensure that an organization’s data and information is..
Explore...
ISO/IEC 27014 is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical..
Explore...
ISO/IEC 27004 is an international standard that provides guidance for the effective and efficient implementation of a measurement program for the management..
Explore...
ISO/IEC 27002 is an international standard that provides guidelines for the implementation of an information security management system (ISMS). It is part of..
Explore...
ISO/IEC 27002 Security Policy is a set of guidelines, procedures, and best practices that organizations use to protect their information assets. It is based..
Explore...
ISO/IEC 27002 Standard Focus is an internationally accepted standard for information security management which provides best practices and guidelines for..
Explore...
ISO/IEC 27002 is an international standard for information security management, which provides best practice recommendations for organizations to implement..
Explore...
ISO/IEC 27002 Benefits is a set of information security management best practices that provide organizations with a framework for developing, implementing,..
Explore...
ISO/IEC 27002 Scope is the scope of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27002..
Explore...
ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the..
Explore...
Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It is used to protect confidential information..
Explore...
ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best..
Explore...
Implementation ISO/IEC 27003 is a standard for information security management systems (ISMS) that provides guidelines and best practices for establishing,..
Explore...
for an Information Security Management System ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation,..
Explore...
ISO/IEC 27004:2016 Advantages is a standard that provides guidance on the use of a range of quantitative methods to measure, analyze, and interpret the..
Explore...
ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information..
Explore...
ISO/IEC 27005 is an international standard for security risk management. It provides a framework for organizations to identify, assess, and manage information..
Explore...
Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It..
Explore...
ISO/IEC 27005 is an international standard that provides guidance on information security risk management (ISRM). It is designed to help organizations..
Explore...
Information Security Risk Acceptance is the process of identifying, assessing, and deciding to accept or reject a security risk. It involves a comprehensive..
Explore...
Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It..
Explore...
Information Security Risk Communication is the process of exchanging information about cyber security threats and the potential risks associated with them. It..
Explore...
Information Security Risk Treatment is the process of identifying, assessing, and responding to security risks in order to minimize the likelihood and impact..
Explore...
ISO/IEC 27005 is an international standard for information security risk management. It provides guidance on the implementation of an information security..
Explore...
ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management..
Explore...
Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection,..
Explore...
Information security controls are measures used to protect data and information systems from unauthorized access, use, disclosure, disruption, modification,..
Explore...
The Australian Prudential Regulation Authority (APRA) is an independent statutory authority of the Australian Government that was established in 1998 to..
Explore...
A Risk Register is a document used to record and track all identified risks associated with a project, process, or activity. It is a tool used to identify,..
Explore...
An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It..
Explore...
A DOS attack (denial of service attack) is a malicious attempt to make a computer or network resource unavailable to its intended users. It typically involves..
Explore...
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. Established in 1901, NIST..
Explore...
A Risk Management System and Process is a system of structured procedures and processes used to identify, assess, monitor, manage, and mitigate risks..
Explore...
Cloud Security is the process of protecting data, applications, and infrastructure that are stored in the cloud from unauthorized access, misuse, and data..
Explore...
Segregation of Duties (SOD) is a security control that is used to ensure that no single individual has complete control over a business process. This is..
Explore...
Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture..
Explore...
An access control system is a security system that manages and monitors access to a physical facility, building, or area, or to a logical resource, such as a..
Explore...
An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a..
Explore...
An Information Management System is a system of organized procedures and processes used to collect, store, organize, analyze, retrieve, and distribute data..
Explore...
Business resilience is the ability of an organization to anticipate, prepare for, respond to, and recover from disruptions while maintaining continuous..
Explore...
Incident response is a set of procedures and processes for responding to and managing the aftermath of a security breach or cyber attack. It includes..
Explore...
ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide..
Explore...
IT Security is a broad term that encompasses the processes, technologies, and practices designed to protect networks, devices, programs, and data from..
Explore...
Cybersecurity Awareness is the practice of recognizing potential security threats and taking proactive steps to protect an individual or organization’s..
Explore...
A Cybersecurity Report is a document that outlines the security measures taken to protect a company's digital assets. It typically includes an assessment of..
Explore...
Cybersecurity incidents are any events that involve the unauthorized access, disruption, or destruction of computer systems, networks, or data. These..
Explore...
Cybersecurity Management is the practice of protecting networks, systems, and programs from digital attacks. These attacks may come in the form of malware,..
Explore...
Cybersecurity frameworks are sets of best practices and guidelines designed to help organizations of all sizes protect their networks, systems, and data from..
Explore...
Cybersecurity Reports are documents that provide detailed information about the security status of an organization's digital assets and infrastructure. They..
Explore...
Triage is the process of quickly assessing and categorizing patients based on the severity of their medical condition and the resources available for..
Explore...
The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s national security interests in cyberspace. It is a joint..
Explore...
Cybersecurity Asset Management is the process of identifying, organizing, and managing an organization's information technology assets, including hardware,..
Explore...
Cybersecurity Asset Management (CSAM) is a process of managing the security of digital assets and information systems. It involves the identification,..
Explore...
Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in..
Explore...
Cybersecurity Framework NIST (National Institute of Standards and Technology) is a set of guidelines and best practices developed by the US government to help..
Explore...
Cybersecurity Incident: A cybersecurity incident is an event or series of events that occur when malicious actors attempt to compromise or gain unauthorized..
Explore...
A Cybersecurity Incident Report is an official document that is used to document the details of a cybersecurity incident. It typically includes an overview of..
Explore...
Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to achieve its objectives. It is determined by the..
Explore...
Cyber safety is the practice of protecting oneself and one’s personal information from malicious online threats such as cyberbullying, identity theft, and..
Explore...
A Cyber Risk Consultant is a specialist in the field of cyber security and risk management. They provide advice and guidance to organizations, businesses, and..
Explore...
Cyber Risk Management Frameworks are comprehensive sets of policies, processes, and procedures that organizations use to identify, assess, monitor, and..
Explore...
Defence In Depth is a military strategy which seeks to protect an area from attack by creating multiple layers of defence. It involves a series of mutually..
Explore...
Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, servers, mobile devices, and other network-connected..
Explore...
Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It..
Explore...
NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a..
Explore...
NIST 800 171 is a set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for the protection of Controlled..
Explore...
NIST 800-53 Risk Assessment is a comprehensive process used to identify, assess, and manage the security risks associated with the use, processing, storage,..
Explore...
NIST Compliance is the process of verifying that an organization is adhering to the security standards and guidelines set forth by the National Institute of..
Explore...
NIST Controls are a set of security guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations protect their..
Explore...
NIST Cybersecurity Standards are a set of standards and guidelines developed by the National Institute of Standards and Technology (NIST) to help..
Explore...
NIST Guidelines are a set of recommendations developed by the National Institute of Standards and Technology (NIST) to help organizations protect their..
Explore...
Csio Cybersecurity is a comprehensive approach to protecting digital assets and information from unauthorized access, use, disclosure, disruption,..
Explore...
End Point Security is a form of cyber security that focuses on protecting the individual devices, such as computers, laptops, and mobile devices, that are..
Explore...
Asset security is the protection of physical and digital assets from unauthorized access, use, disclosure, disruption, modification, or destruction. It..
Explore...
Email security is the practice of protecting email messages and accounts from unauthorized access, malicious software, and harmful content. It involves a..
Explore...
Security Management is the process of identifying, assessing, and managing the risks to an organization’s assets, personnel, and operations. It involves the..
Explore...
Security and Integrity are two important concepts in the field of information technology. Security refers to the measures taken to protect data and systems..
Explore...
Access control is the process of granting or denying specific requests to obtain information or resources from a particular system. It is a security measure..
Explore...
Communication Security is the practice of protecting communications (messages, data, voice, video) from unauthorized access, alteration, theft, or..
Explore...
Security Governance is the practice of establishing and maintaining policies, processes, and procedures to ensure the security of an organization's..
Explore...
Network Security is the practice of protecting networks, systems, and data from unauthorized access, misuse, modification, or destruction. It includes both..
Explore...
APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security..
Explore...
Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic..
Explore...
Dmarc Security is a set of standards that helps protect email senders and recipients from malicious email activity. It stands for Domain-based Message..
Explore...
Dynamic Security Management is a comprehensive approach to managing security that incorporates the active monitoring, response, and prevention of threats. It..
Explore...
Email Security Solutions are a set of tools, technologies, and processes used to protect email accounts and messages from malicious actors, cyber-attacks, and..
Explore...
Gartner And The Magic Quadrant is an analytical tool used by businesses and organizations to evaluate the competitive landscape of a particular industry or..
Explore...
An information security assessment is a comprehensive evaluation of an organization's ability to protect its information assets and systems from unauthorized..
Explore...
Information Security Awareness is a process of educating and informing individuals and organizations about the importance of information security and the..
Explore...
A security audit is a comprehensive assessment of an organization’s security posture, policies, and procedures. It is conducted by an independent third party..
Explore...
A security incident is any event that compromises the confidentiality, integrity, or availability of an information system or the data it contains. This..
Explore...
Security Event: A security event is an occurrence or incident that affects the security of a system, network, or application. It can be anything from a..
Explore...
A Security Incident Report is a document created by a security team or individual to document any security-related event or incident that occurs within an..
Explore...
The incident lifecycle is the process of managing and responding to incidents in an organized and systematic way. It includes identification, containment,..
Explore...
Incident Management Framework is a set of processes, procedures, and systems that organizations use to manage and respond to incidents. It is an organized..
Explore...
SOC 2 is a set of auditing standards developed by the American Institute of Certified Public Accountants (AICPA) to evaluate and validate the security,..
Explore...
SOC 2 Compliance is a set of standards and requirements designed to ensure that organizations providing services to customers maintain the security,..
Explore...
A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and practices. It is based on the Trust Services Principles..
Explore...
SOC 2 Controls are a set of security and privacy standards and procedures designed to protect the confidentiality, integrity, and availability of customer..
Explore...
The SOC 2 Standards are a set of trust principles developed by the American Institute of Certified Public Accountants (AICPA) to provide organizations with a..
Explore...
The General Data Protection Regulation (GDPR) is an EU regulation that came into effect on May 25th, 2018. It is a comprehensive data protection law that..
Explore...
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that all companies that process, store, or transmit credit..
Explore...
A data breach is an incident in which sensitive, confidential, or protected data is accessed, viewed, stolen, or used by an individual or organization without..
Explore...
Ransomware is a type of malicious software (malware) designed to block access to a computer system or data until a ransom is paid. It typically spreads..
Explore...
Ransomware protection is the process of safeguarding computer systems and networks from malicious software, or ransomware, that is designed to encrypt or..
Explore...
Data leak is the intentional or unintentional release of sensitive data to an unauthorized recipient. It can occur through a variety of methods, including..
Explore...
An Intrusion Detection System (IDS) is a type of security software that monitors a network or system for malicious activity or policy violations. It gathers..
Explore...
Intrusion Prevention Systems (IPS) are a type of network security technology that are designed to detect and prevent malicious activity on a network. IPS..
Explore...
Data Asset: A data asset is any structured or unstructured data that has value to an organization. Data assets are typically used to inform decisions, build..
Explore...
Asset Labeling is the process of attaching labels or tags to physical assets in order to identify, track, and manage them. This process can involve the use of..
Explore...
BS 10012 is a British Standard that provides a framework for organizations to manage and protect personal data. It outlines the requirements for a personal..
Explore...
Business Continuity is a comprehensive approach to ensuring that an organization is able to maintain its essential operations and services in the face of any..
Explore...
A Business Continuity Plan (BCP) is a comprehensive plan that outlines how an organization will respond to, and recover from, a disruption in its operations...
Explore...
Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business..
Explore...
A data controller is a person or organization who is responsible for determining the purposes for which and the manner in which any personal data is..
Explore...
An information asset is a resource that has value to an individual, organization, or government. It can be tangible or intangible, and may include physical..
Explore...
Ciphertext is the scrambled form of plaintext, or readable text, after it has been encrypted using a cipher, or an algorithm for encryption and decryption. It..
Explore...
Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not..
Explore...
ReDACtion (noun): The process of reducing a piece of writing, such as a book, article, or essay, in order to make it more concise and easier to read. This..
Explore...
Network Segregation is the process of separating different types of traffic on a network. It is used to ensure that sensitive information is kept secure by..
Explore...
The Essential 8 Maturity Model is a framework for organizations to use to assess and measure their cybersecurity maturity. It is based on eight key areas of..
Explore...
GRC (Governance, Risk, and Compliance) Tools are software solutions that help organizations assess, manage, and monitor their risk, compliance, and governance..
Explore...
GRC Software Features are a set of tools and capabilities that enable organizations to better manage their governance, risk, and compliance (GRC) activities...
Explore...
ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) developed by the International Organization for Standardization..
Explore...
An IT Audit is an independent review of the information systems and related operations of an organization. It is designed to evaluate the effectiveness of..
Explore...
Risk Management Standards are a set of guidelines that provide organizations with a framework to identify, assess, and manage potential risks to their..
Explore...
Network Access Control (NAC) is a security system that helps organizations control who is allowed to access their networks. It is designed to protect networks..
Explore...
A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships with vendors that provide goods and services to an..
Explore...
GDPR Compliance is the process of adhering to the European Union’s General Data Protection Regulation (GDPR) which was passed on May 25, 2018. This regulation..
Explore...
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was adopted by the European Union (EU) in April 2016. It is designed..
Explore...
GDPR Data Governance is the set of policies, procedures, and processes that organizations use to ensure that their data is collected, stored, used, and shared..
Explore...
GDPR Risk Assessment is a comprehensive, systematic and documented process of evaluating the potential risks associated with the collection, storage, and..
Explore...
Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important..
Explore...
DPIS Stages: A DPIS (Data Processing and Information System) Stage is a set of activities that are used to acquire, process, store and analyze data in order..
Explore...
Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It..
Explore...
Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a..
Explore...
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of..
Explore...
Computer security threats are malicious attempts by individuals or organizations to gain unauthorized access to a computer system, network, or data. These..
Explore...
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated..
Explore...
Compliance Management is the practice of ensuring that an organization is adhering to all applicable laws, regulations, standards, and ethical practices. It..
Explore...
Risk Control Self Assessment (RCSA) is a systematic process used to identify, assess, monitor, and control risks within an organization. It is a tool used to..
Explore...
NIST 800-171 Controls are a set of security requirements established by the National Institute of Standards and Technology (NIST) that organizations must..
Explore...
NIST 800-171 Compliance Checklist is a comprehensive list of requirements for organizations to meet the security standards of the National Institute of..
Explore...
Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks that can arise from the operations of an organization. It is..
Explore...
Mandatory Access Control (MAC) is an access control system that requires users to be explicitly identified and authorized before they can access any resources..
Explore...
Data Democratization is the process of making data and data-related resources available to a broad range of users and stakeholders, regardless of their..
Explore...
NIST SP 800-53 Benefits is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations identify, assess,..
Explore...
NIST 800-53 Control Families are a set of security controls developed by the National Institute of Standards and Technology (NIST) to provide a standardized..
Explore...
NIST SP 800-53 Minimum/Base Controls are a set of security controls established by the National Institute of Standards and Technology (NIST) to help..
Explore...
NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement the baseline security controls outlined in the NIST SP..
Explore...
Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manage their risks by providing them with an integrated..
Explore...
An asset inventory is a comprehensive list of all the physical and intangible assets owned by a business or individual. It includes all tangible assets such..
Explore...
Discretionary Access Control (DAC) is a type of access control in which a user's access to a system or resource is based upon the user's individual identity...
Explore...
Discretionary Access Control (DAC) attributes are security measures used to control and manage access to computer systems and data. DAC is a type of access..
Explore...
Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is..
Explore...
UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple,..
Explore...
An executive order is a directive issued by the President of the United States with the force of law. It is issued in order to direct members of the executive..
Explore...
Incident Response Tools are software programs and applications that are designed to help organizations detect, investigate, analyze, and respond to cyber..
Explore...
Compliance Issue: A compliance issue is a situation in which a company or individual fails to comply with laws, regulations, industry standards, or internal..
Explore...
A Cloud Control Matrix (CCm) is an organizational tool used to monitor and maintain the security, availability, and reliability of cloud-based services. It is..
Explore...
A Cloud Controls Matrix (CCM) Domains is a set of security controls and associated security requirements that are used to ensure the security of cloud-based..
Explore...
A Statement of Applicability (SOA) is a document that outlines the security controls and measures that an organization has implemented to protect its..
Explore...
SOC 2 Trust Principles are a set of criteria used to evaluate and assess the security, availability, processing integrity, confidentiality, and privacy of a..
Explore...
The Insider Threat Actors are individuals within an organization that have access to sensitive information or systems that could be used to cause harm to the..
Explore...
Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an organization’s resources, networks, and systems, but who..
Explore...
Business Impact Analysis (BIA) is a systematic process used to identify and evaluate the potential effects of an interruption to critical business operations..
Explore...
Cyber Resiliency is the ability of an organization or individual to maintain or quickly recover from a cyber attack or other cyber incident. It is the process..
Explore...
Information Security Governance is the overall management of an organization's information security policies, processes, and procedures. It is the..
Explore...
Information security governance benefits refer to the advantages that organizations gain from implementing a comprehensive information security governance..
Explore...
Mitigating controls for risk management are the actions or measures taken to reduce the likelihood of a risk occurring or its potential impact. These controls..
Explore...
Data Access Management is the practice of controlling and monitoring the access of users to an organization’s data and systems. It is a critical component of..
Explore...
Dread Model: a risk assessment model developed by the security expert Bruce Schneier to help organizations identify and prioritize security threats. The model..
Explore...
Vulnerability scanning is a process of identifying, quantifying, and prioritizing (ranking) the vulnerabilities in a computer system, network, or application...
Explore...
Security Testing Requirements refer to the specific criteria that must be met in order to ensure that a system is secure. This includes both technical and..
Explore...
Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to determine the access privileges of a user. It is a..
Explore...
Cybersecurity Mesh is a comprehensive system of tools and strategies designed to protect networks, systems, and data from malicious cyber threats, such as..
Explore...
Cybersecurity Mesh Architecture is a system of distributed security solutions that provide layered protection for digital assets. It is designed to protect..
Explore...
Threat Modeling is a structured approach to identifying, analyzing, and responding to potential security threats in a system, network, or application. It is..
Explore...
Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used to identify, analyze, and respond to potential threats to..
Explore...
COBIT (Control Objectives for Information and Related Technology) is an IT governance framework that provides a comprehensive set of best practices,..
Explore...
The COBIT Framework Principles are a set of seven guiding principles for the effective governance and management of enterprise IT. The COBIT framework is a..
Explore...
The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are..
Explore...
Cross Site Request Forgery (CSRF) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website..
Explore...
Email Encryption is a security measure used to protect the privacy of email messages. It is a process of using encryption algorithms to scramble the contents..
Explore...
Compliance Automation is the process of automating the management of regulatory compliance requirements. It involves the use of software and other technology..
Explore...
Enterprise Architecture (EA) is an integrated framework that defines the structure, processes, and systems of an organization, along with the relationships..
Explore...
Operational Technology (OT) is a term used to refer to the hardware and software used to monitor and control physical devices and processes in an industrial..
Explore...
s Malware: Malware is a type of software designed to harm or exploit computer systems without the user’s knowledge or consent. It can be used to gain access to..
Explore...
Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer..
Explore...
A hybrid data center is a combination of a physical and virtual data center that uses both on-premises and cloud-based computing resources. It combines the..
Explore...
Secure Access Service Edge (SASE) is a cloud-based networking and security model that provides secure access to applications, services, and data from any..
Explore...
Cloud Infrastructure is a type of computing infrastructure that provides shared computer processing resources and data to computers and other devices on..
Explore...
Buffer overflow is a type of software vulnerability that occurs when a program attempts to write more data to a buffer than it can hold, resulting in some of..
Explore...
Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization. It is a structured process for identifying, assessing,..
Explore...
Risk Identification (Ri) is the process of identifying and understanding potential risks that may affect an organization, project, or process. This process..
Explore...
Security Indicators are signals or patterns that indicate the presence of malicious activity or a security breach. They are used to detect and respond to..
Explore...
Security Metrics are measurements used to assess the effectiveness of an organization's security posture. They enable organizations to track and monitor the..
Explore...
Vendor Risk Management (VRM) is an enterprise-wide approach to managing risks associated with third-party vendors. It involves an organization’s proactive..
Explore...
Data Integrity is the assurance that data is complete, accurate, and reliable throughout its lifecycle. It is the process of ensuring that data is not..
Explore...
A thin client is a computer or device that relies on a server to perform its computing tasks. It is typically used in an environment where the user accesses..
Explore...
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious..
Explore...
Attack Surface is the total sum of potential points of attack in a system, network, or application. It is the combination of hardware, software, and network..
Explore...
A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing..
Explore...
An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availability of a computer system or its data. This type of attack..
Explore...
Wardriving is a type of hacking that involves using a vehicle to search for and map wireless networks. It involves driving around with a laptop or other..
Explore...
Keystroke logging is a process of tracking and recording the keys that are pressed on a computer keyboard. It is a form of surveillance technology used to..
Explore...
Attribute: A characteristic or quality of a person, place, or thing that is used to describe or identify it. Attributes can be physical (such as height,..
Explore...
Dark Data is information that is collected, stored, and processed but never used to make decisions or generate insights. It is data that is not actively..
Explore...
Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing..
Explore...
Compliance risk is the risk of legal or regulatory sanctions, financial loss, or loss of reputation a business may face as a result of its failure to comply..
Explore...
Financial risk is the potential for financial loss or other adverse outcomes resulting from decisions made by an individual, organization, or government..
Explore...
Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and..
Explore...
Cyber-Risk Quantification is a process of assessing the potential risks associated with a company’s digital assets, networks, and data. This process involves..
Explore...
Financial risk management is the practice of creating and protecting value by managing exposure to risk. It involves the identification, assessment, and..
Explore...
Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associated with working with suppliers and other third parties. It..
Explore...
Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such..
Explore...
Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws, regulations, standards, and ethical practices set by..
Explore...
Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit..
Explore...
A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT..
Explore...
The Common Vulnerability Scoring System (CVSS) is a standard for measuring and rating the severity of computer system security vulnerabilities. It is a..
Explore...
An exploit is a piece of software, a command, or a methodology that takes advantage of a vulnerability or bug in a computer system, web application, network,..
Explore...
Data exfiltration is the unauthorized transfer of data from a secure system or network to an external location or device. It is a malicious activity typically..
Explore...
An incident is an event or occurrence that is not part of the normal operation of a system or organization. Incidents may be caused by human error, system..
Explore...
Prioritisation is the process of determining the order of importance or urgency of activities, tasks, and decisions. It involves assessing the relative worth..
Explore...
PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card..
Explore...
Passive scanning is a type of network security scanning technique used to detect potential security threats on a computer network without sending any packets..
Explore...
Patch management is the process of identifying, downloading, testing, and applying patches to software applications and operating systems. It is an essential..
Explore...
Remediation is the process of addressing a problem, issue, or deficiency in order to restore a system, process, or environment to an acceptable level of..
Explore...
Zero Day: A zero-day (also known as a zero-hour or zero-minute) vulnerability is a computer security vulnerability that is unknown to those who would be..
Explore...
Compliance Due Diligence is a process of assessing the compliance of an organization or individual with applicable laws, regulations, and industry standards...
Explore...
A Compliance Manager/Officer is a person who is responsible for ensuring that an organization is adhering to all applicable laws and regulations, as well as..
Explore...
Fraud Management is the process of identifying, preventing, and responding to fraudulent activities. It involves creating and implementing policies and..
Explore...
Money Laundering is the process of disguising illegally obtained funds so they appear to have been obtained from a legitimate source. It is typically done by..
Explore...
A logic bomb is a malicious piece of code that is designed to cause damage to a computer system or disrupt its normal operations. It is usually triggered by a..
Explore...
NIS Directive is a directive issued by the European Union (EU) in 2018 which aims to improve the security of network and information systems across the EU. It..
Explore...
Security Perimeter: A security perimeter is an arrangement of security measures designed to protect an asset or group of assets from unauthorized access. It..
Explore...
Forensics is the application of scientific methods and techniques to the investigation and analysis of evidence from a crime scene or other source of..
Explore...
A hacker is an individual who uses their technical knowledge to gain unauthorized access to computer systems, networks, or other digital resources. They may..
Explore...
Jailbreak: A jailbreak is a process that allows a user to gain access to the root of their device's operating system, allowing them to bypass restrictions..
Explore...
A quadrant is a quarter-circle shape divided into four equal parts. It is typically used in mathematics, astronomy, and navigation to measure angles and..
Explore...
Inherent risk is the risk that is naturally present in a situation or activity, and is not necessarily caused by external factors. It is the risk that is..
Explore...
Vendor: A vendor is an individual or company that provides goods or services to another individual or company in exchange for payment. Vendors may provide..
Explore...
Focused Risk Assessment is a process used to identify, analyze, and prioritize risks associated with a particular activity, project, or business venture. It..
Explore...
The internal environment of an organization refers to the conditions, structures, and factors that exist within the organization and affect its ability to..
Explore...
Monitoring is the process of regularly observing, measuring, and evaluating a specific activity or system in order to identify any changes or trends that may..
Explore...
Risk Center is a term used to refer to a centralized location for managing, analyzing, and mitigating risk. It is the focal point for risk management..
Explore...
Risk financing is a type of financial management strategy used to protect an organization from the financial impact of losses due to risks. It involves a..
Explore...
Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking..
Explore...
Cybersecurity Insurance is a type of insurance that provides coverage for losses resulting from cyber-attacks, data breaches, and other cyber-related risks...
Explore...
The Internet of Things (IOT) is a network of physical objects, or things, embedded with electronics, software, sensors, and network connectivity that enables..
Explore...
A network is a system of interconnected components, such as computers, servers, and other peripherals, that are capable of exchanging data and sharing..
Explore...
Network segmentation is the process of dividing a computer network into smaller segments or sub-networks in order to improve network performance, reduce..
Explore...
Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access..
Explore...
Spyware threat is a type of malicious computer software that is installed on a user's computer without their knowledge or permission. Spyware is designed to..
Explore...
A Virtual Private Network (VPN) is a secure connection between two or more computers, devices, or networks over the internet. It uses encryption technology to..
Explore...
A watering hole attack is a type of cyber attack that targets a specific group of users by compromising a website that they are known to visit. The attacker..
Explore...
Activity Monitors are wearable devices that track and monitor physical activity. They measure and record activities such as steps taken, distance traveled,..
Explore...
Global Regulatory Management is the process of managing and coordinating the various regulations, policies, and procedures that govern the business activities..
Explore...
Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use..
Explore...
Crimeware is malicious software (malware) designed to facilitate cybercrime. It is typically used by cybercriminals to gain unauthorized access to computer..
Explore...
Data Mining is the process of extracting meaningful information from large amounts of data. It is a type of analysis that uses sophisticated algorithms and..
Explore...
Data Owner is a term used to refer to the person or entity responsible for the creation, maintenance, and control of a set of data. This includes the right to..
Explore...
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private..
Explore...
Information Governance is the practice of managing, organizing, and protecting the data and information assets of an organization. It involves the development..
Explore...
