Skip to content

Directory

 

Ultimate Governance, Risk &
Compliance  (GRC) Glossary

 

 

 

AI-powered. Integrated content.
Unique Hub & Spoke architecture.

Topics

Show All
ISO 27001
Enterprise Risk Management
Regulatory Compliance
Vulnerability Management
Vendor Risk Management
SOC 2
Information Security Management System (ISMS)
FedRamp
ISO 27000
PCI-DSS
Cybersecurity Risk Management
ASD IRAP
NIST Cybersecurity Framework (CSF)
NIST SP 800-53
NIST SP 800-171
APRA CPS 234
ASD Essential 8

Personal Information Management System (PIMS)

A Personal Information Management System (PIMS) is a software system that enables individuals to store, manage, and organize their personal information. It.. More

Access Control

Access control is the process of granting or denying specific requests to obtain information or resources from a particular system. It is a security measure.. More

Access Control Policies

Access Control Policies are a set of rules and regulations that are designed to govern who has access to an organization's physical or digital resources. The.. More

Access Control System

An access control system is a security system that manages and monitors access to a physical facility, building, or area, or to a logical resource, such as a.. More

ACSC Annual Cyber Threat Report

The Acsc Annual Cyber Threat Report is an annual report produced by the Australian Cyber Security Centre (ACSC) that provides a comprehensive overview of the.. More

ACSC Cyber Threat Report

The ACSC Cyber Threat Report is an annual publication produced by the Australian Cyber Security Centre (ACSC), an agency of the Australian Government.. More

Active Attack

An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availability of a computer system or its data. This type of attack.. More

Activity Monitors

Activity Monitors are wearable devices that track and monitor physical activity. They measure and record activities such as steps taken, distance traveled,.. More

AFSL Authorised Representative

An AFSL Authorised Representative is an individual or organisation that has been authorised by an Australian Financial Services Licence (AFSL) holder to.. More

APRA CPS 234

APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security.. More

Asset Inventory

An asset inventory is a comprehensive list of all the physical and intangible assets owned by a business or individual. It includes all tangible assets such.. More

Asset Labeling

Asset Labeling is the process of attaching labels or tags to physical assets in order to identify, track, and manage them. This process can involve the use of.. More

Asset Security

Asset security is the protection of physical and digital assets from unauthorized access, use, disclosure, disruption, modification, or destruction. It.. More

Association of International Certified Professional Accountants (AICPA)

The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the.. More

Attack Surface

Attack Surface is the total sum of potential points of attack in a system, network, or application. It is the combination of hardware, software, and network.. More

Attack Vector

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious.. More

Attestation of Compliance (AOC)

Attestation of Compliance (AOC) is a formal declaration from an organization or individual that confirms that the organization or individual has met all of.. More

Attribute

Attribute: A characteristic or quality of a person, place, or thing that is used to describe or identify it. Attributes can be physical (such as height,.. More

Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to determine the access privileges of a user. It is a.. More

Audit Management Software

Audit Management Software is a computer program used to manage the process of auditing and compliance. It is designed to help organizations streamline and.. More

Australian Cyber Security Centre (ACSC)

The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s national security interests in cyberspace. It is a joint.. More

Australian Prudential Regulation Authority (APRA)

The Australian Prudential Regulation Authority (APRA) is an independent statutory authority of the Australian Government that was established in 1998 to.. More

Australian Securities and Investments Commission (ASIC)

The Australian Securities and Investments Commission (ASIC) is an independent Australian government body that acts as Australia's corporate regulator. ASIC's.. More

BS 10012

BS 10012 is a British Standard that provides a framework for organizations to manage and protect personal data. It outlines the requirements for a personal.. More

Buffer Overflow

Buffer overflow is a type of software vulnerability that occurs when a program attempts to write more data to a buffer than it can hold, resulting in some of.. More

Business Continuity

Business Continuity is a comprehensive approach to ensuring that an organization is able to maintain its essential operations and services in the face of any.. More

Business Continuity Management (BCM)

Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business.. More

Business Continuity Plan (BCP)

A Business Continuity Plan (BCP) is a comprehensive plan that outlines how an organization will respond to, and recover from, a disruption in its operations... More

Business Impact Analysis (Bia)

Business Impact Analysis (BIA) is a systematic process used to identify and evaluate the potential effects of an interruption to critical business operations.. More

Business Resilience

Business resilience is the ability of an organization to anticipate, prepare for, respond to, and recover from disruptions while maintaining continuous.. More

Ciphertext

Ciphertext is the scrambled form of plaintext, or readable text, after it has been encrypted using a cipher, or an algorithm for encryption and decryption. It.. More

Cloud Control Matrix (CCm)

A Cloud Control Matrix (CCm) is an organizational tool used to monitor and maintain the security, availability, and reliability of cloud-based services. It is.. More

Cloud Controls Matrix (CCM) Domains

A Cloud Controls Matrix (CCM) Domains is a set of security controls and associated security requirements that are used to ensure the security of cloud-based.. More

Cloud Infrastructure

Cloud Infrastructure is a type of computing infrastructure that provides shared computer processing resources and data to computers and other devices on.. More

Cloud Security

Cloud Security is the process of protecting data, applications, and infrastructure that are stored in the cloud from unauthorized access, misuse, and data.. More

COBIT Framework

COBIT (Control Objectives for Information and Related Technology) is an IT governance framework that provides a comprehensive set of best practices,.. More

COBIT Framework Goals

The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are.. More

COBIT Framework Principles

The COBIT Framework Principles are a set of seven guiding principles for the effective governance and management of enterprise IT. The COBIT framework is a.. More

Common Vulnerabilities And Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit.. More

Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a standard for measuring and rating the severity of computer system security vulnerabilities. It is a.. More

Communication and consultation

Communication and consultation is the process of exchanging information and ideas between two or more people or groups. It involves actively listening to the.. More

Communication Security

Communication Security is the practice of protecting communications (messages, data, voice, video) from unauthorized access, alteration, theft, or.. More

Compliance Automation

Compliance Automation is the process of automating the management of regulatory compliance requirements. It involves the use of software and other technology.. More

Compliance Automation Software

Compliance Automation Software is a type of software designed to automate the process of ensuring compliance with regulations and standards. It typically.. More

Compliance Due Diligence

Compliance Due Diligence is a process of assessing the compliance of an organization or individual with applicable laws, regulations, and industry standards... More

Compliance Issue

Compliance Issue: A compliance issue is a situation in which a company or individual fails to comply with laws, regulations, industry standards, or internal.. More

Compliance Management

Compliance Management is the practice of ensuring that an organization is adhering to all applicable laws, regulations, standards, and ethical practices. It.. More

Compliance Manager/Officer

A Compliance Manager/Officer is a person who is responsible for ensuring that an organization is adhering to all applicable laws and regulations, as well as.. More

Compliance Risk

Compliance risk is the risk of legal or regulatory sanctions, financial loss, or loss of reputation a business may face as a result of its failure to comply.. More

Compliance Risk Management

Compliance risk management is the process of identifying, assessing, monitoring, and mitigating compliance risks associated with an organization’s operations.. More

Computer Security Threats

Computer security threats are malicious attempts by individuals or organizations to gain unauthorized access to a computer system, network, or data. These.. More

Configuration Management Database (CMDB)

A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT.. More

Consequence

Consequence is the result or effect of an action, decision, or set of circumstances. It is the outcome of a particular course of action and can either be.. More

Crimeware

Crimeware is malicious software (malware) designed to facilitate cybercrime. It is typically used by cybercriminals to gain unauthorized access to computer.. More

Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website.. More

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It is used to protect confidential information.. More

CSIO Cybersecurity

Csio Cybersecurity is a comprehensive approach to protecting digital assets and information from unauthorized access, use, disclosure, disruption,.. More

Cyber Resiliency

Cyber Resiliency is the ability of an organization or individual to maintain or quickly recover from a cyber attack or other cyber incident. It is the process.. More

Cyber Risk Consultant

A Cyber Risk Consultant is a specialist in the field of cyber security and risk management. They provide advice and guidance to organizations, businesses, and.. More

Cyber Risk Management Frameworks

Cyber Risk Management Frameworks are comprehensive sets of policies, processes, and procedures that organizations use to identify, assess, monitor, and.. More

Cyber Safety

Cyber safety is the practice of protecting oneself and one’s personal information from malicious online threats such as cyberbullying, identity theft, and.. More

Cyber Terrorism

Cyber Terrorism is the use of digital technology to engage in hostile and destructive activities against individuals, organizations, or governments. This.. More

Cyber-Risk Quantification

Cyber-Risk Quantification is a process of assessing the potential risks associated with a company’s digital assets, networks, and data. This process involves.. More

Cybersecurity Asset Management

Cybersecurity Asset Management is the process of identifying, organizing, and managing an organization's information technology assets, including hardware,.. More

Cybersecurity Asset Management (CSAM)

Cybersecurity Asset Management (CSAM) is a process of managing the security of digital assets and information systems. It involves the identification,.. More

Cybersecurity Awareness

Cybersecurity Awareness is the practice of recognizing potential security threats and taking proactive steps to protect an individual or organization’s.. More

Cybersecurity Credentials

Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in.. More

Cybersecurity Framework NIST

Cybersecurity Framework NIST (National Institute of Standards and Technology) is a set of guidelines and best practices developed by the US government to help.. More

Cybersecurity Frameworks

Cybersecurity frameworks are sets of best practices and guidelines designed to help organizations of all sizes protect their networks, systems, and data from.. More

Cybersecurity Gamification

Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It.. More

Cybersecurity Incident

Cybersecurity Incident: A cybersecurity incident is an event or series of events that occur when malicious actors attempt to compromise or gain unauthorized.. More

Cybersecurity Incident Report

A Cybersecurity Incident Report is an official document that is used to document the details of a cybersecurity incident. It typically includes an overview of.. More

Cybersecurity Incidents

Cybersecurity incidents are any events that involve the unauthorized access, disruption, or destruction of computer systems, networks, or data. These.. More

Cybersecurity Insurance

Cybersecurity Insurance is a type of insurance that provides coverage for losses resulting from cyber-attacks, data breaches, and other cyber-related risks... More

Cybersecurity Management

Cybersecurity Management is the practice of protecting networks, systems, and programs from digital attacks. These attacks may come in the form of malware,.. More

Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United States Department of Defense (DoD) to ensure that all.. More

Cybersecurity Mesh

Cybersecurity Mesh is a comprehensive system of tools and strategies designed to protect networks, systems, and data from malicious cyber threats, such as.. More

Cybersecurity Mesh Architecture

Cybersecurity Mesh Architecture is a system of distributed security solutions that provide layered protection for digital assets. It is designed to protect.. More

Cybersecurity Report

A Cybersecurity Report is a document that outlines the security measures taken to protect a company's digital assets. It typically includes an assessment of.. More

Cybersecurity Reports

Cybersecurity Reports are documents that provide detailed information about the security status of an organization's digital assets and infrastructure. They.. More

Cybersecurity Risk Appetite

Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to achieve its objectives. It is determined by the.. More

Dark Data

Dark Data is information that is collected, stored, and processed but never used to make decisions or generate insights. It is data that is not actively.. More

Data Access Management

Data Access Management is the practice of controlling and monitoring the access of users to an organization’s data and systems. It is a critical component of.. More

Data Asset

Data Asset: A data asset is any structured or unstructured data that has value to an organization. Data assets are typically used to inform decisions, build.. More

Data Breach

A data breach is an incident in which sensitive, confidential, or protected data is accessed, viewed, stolen, or used by an individual or organization without.. More

Data Controller

A data controller is a person or organization who is responsible for determining the purposes for which and the manner in which any personal data is.. More

Data Democratization

Data Democratization is the process of making data and data-related resources available to a broad range of users and stakeholders, regardless of their.. More

Data Exfiltration

Data exfiltration is the unauthorized transfer of data from a secure system or network to an external location or device. It is a malicious activity typically.. More

Data Integrity

Data Integrity is the assurance that data is complete, accurate, and reliable throughout its lifecycle. It is the process of ensuring that data is not.. More

Data Leak

Data leak is the intentional or unintentional release of sensitive data to an unauthorized recipient. It can occur through a variety of methods, including.. More

Data Mining

Data Mining is the process of extracting meaningful information from large amounts of data. It is a type of analysis that uses sophisticated algorithms and.. More

Data Owner

Data Owner is a term used to refer to the person or entity responsible for the creation, maintenance, and control of a set of data. This includes the right to.. More

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important.. More

Database Audit And Protection (DAP)

Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use.. More

Defence In Depth

Defence In Depth is a military strategy which seeks to protect an area from attack by creating multiple layers of defence. It involves a series of mutually.. More

Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is a type of access control in which a user's access to a system or resource is based upon the user's individual identity... More

Discretionary Access Control (DAC) Attributes

Discretionary Access Control (DAC) attributes are security measures used to control and manage access to computer systems and data. DAC is a type of access.. More

DMAC Security

Dmarc Security is a set of standards that helps protect email senders and recipients from malicious email activity. It stands for Domain-based Message.. More

Domain Name System (DNS)

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private.. More

DOS Attack

A DOS attack (denial of service attack) is a malicious attempt to make a computer or network resource unavailable to its intended users. It typically involves.. More

DPIS Stages

DPIS Stages: A DPIS (Data Processing and Information System) Stage is a set of activities that are used to acquire, process, store and analyze data in order.. More

Dread Model

Dread Model: a risk assessment model developed by the security expert Bruce Schneier to help organizations identify and prioritize security threats. The model.. More

Dynamic Security Management

Dynamic Security Management is a comprehensive approach to managing security that incorporates the active monitoring, response, and prevention of threats. It.. More

Email Encryption

Email Encryption is a security measure used to protect the privacy of email messages. It is a process of using encryption algorithms to scramble the contents.. More

Email Security

Email security is the practice of protecting email messages and accounts from unauthorized access, malicious software, and harmful content. It involves a.. More

Email Security Solutions

Email Security Solutions are a set of tools, technologies, and processes used to protect email accounts and messages from malicious actors, cyber-attacks, and.. More

End Point Security

End Point Security is a form of cyber security that focuses on protecting the individual devices, such as computers, laptops, and mobile devices, that are.. More

Endpoint Cybersecurity

Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, servers, mobile devices, and other network-connected.. More

Enterprise Architecture

Enterprise Architecture (EA) is an integrated framework that defines the structure, processes, and systems of an organization, along with the relationships.. More

Enterprise Risk Management (ERM) Software

Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manage their risks by providing them with an integrated.. More

Essential 8 Maturity Model

The Essential 8 Maturity Model is a framework for organizations to use to assess and measure their cybersecurity maturity. It is based on eight key areas of.. More

Executive Order

An executive order is a directive issued by the President of the United States with the force of law. It is issued in order to direct members of the executive.. More

Exploit

An exploit is a piece of software, a command, or a methodology that takes advantage of a vulnerability or bug in a computer system, web application, network,.. More

FedRAMP

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment,.. More

Financial Risk

Financial risk is the potential for financial loss or other adverse outcomes resulting from decisions made by an individual, organization, or government.. More

Financial Risk Management

Financial risk management is the practice of creating and protecting value by managing exposure to risk. It involves the identification, assessment, and.. More

Focused Risk Assessment

Focused Risk Assessment is a process used to identify, analyze, and prioritize risks associated with a particular activity, project, or business venture. It.. More

Forensics

Forensics is the application of scientific methods and techniques to the investigation and analysis of evidence from a crime scene or other source of.. More

Framework

Framework is a set of concepts, practices, and tools that provide a structure for developing, organizing, and using information. It is a set of rules,.. More

Fraud Management

Fraud Management is the process of identifying, preventing, and responding to fraudulent activities. It involves creating and implementing policies and.. More

Gartner And The Magic Quadrant

Gartner And The Magic Quadrant is an analytical tool used by businesses and organizations to evaluate the competitive landscape of a particular industry or.. More

GDPR

The General Data Protection Regulation (GDPR) is an EU regulation that came into effect on May 25th, 2018. It is a comprehensive data protection law that.. More

GDPR Compliance

GDPR Compliance is the process of adhering to the European Union’s General Data Protection Regulation (GDPR) which was passed on May 25, 2018. This regulation.. More

GDPR Data Governance

GDPR Data Governance is the set of policies, procedures, and processes that organizations use to ensure that their data is collected, stored, used, and shared.. More

GDPR Requirements

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was adopted by the European Union (EU) in April 2016. It is designed.. More

GDPR Risk Assessment

GDPR Risk Assessment is a comprehensive, systematic and documented process of evaluating the potential risks associated with the collection, storage, and.. More

Global Regulatory Management

Global Regulatory Management is the process of managing and coordinating the various regulations, policies, and procedures that govern the business activities.. More

Governance Risk & Compliance (GRC) Software

Governance, Risk & Compliance (GRC) Software is a type of software that provides organizations with a comprehensive set of tools to effectively manage their.. More

GRC Software Features

GRC Software Features are a set of tools and capabilities that enable organizations to better manage their governance, risk, and compliance (GRC) activities... More

GRC Tools

GRC (Governance, Risk, and Compliance) Tools are software solutions that help organizations assess, manage, and monitor their risk, compliance, and governance.. More

Hacker

A hacker is an individual who uses their technical knowledge to gain unauthorized access to computer systems, networks, or other digital resources. They may.. More

Health Information Trust Alliance (HITRUST)

The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting.. More

Hybrid Data Center

A hybrid data center is a combination of a physical and virtual data center that uses both on-premises and cloud-based computing resources. It combines the.. More

Immediate Response Strategies

Immediate Response Strategies are techniques and measures that are employed in a short time frame to address an urgent situation or event. These strategies.. More

Implementation ISO/IEC 27003

Implementation ISO/IEC 27003 is a standard for information security management systems (ISMS) that provides guidelines and best practices for establishing,.. More

Importance Of ISO/IEC 27005

ISO/IEC 27005 is an international standard for information security risk management. It provides guidance on the implementation of an information security.. More

Incident

An incident is an event or occurrence that is not part of the normal operation of a system or organization. Incidents may be caused by human error, system.. More

Incident Lifecycle

The incident lifecycle is the process of managing and responding to incidents in an organized and systematic way. It includes identification, containment,.. More

Incident management

Incident management is the process of managing the lifecycle of all incidents that occur within an organization. This process includes the identification,.. More

Incident Management Framework

Incident Management Framework is a set of processes, procedures, and systems that organizations use to manage and respond to incidents. It is an organized.. More

Incident Response

Incident response is a set of procedures and processes for responding to and managing the aftermath of a security breach or cyber attack. It includes.. More

Incident Response Plan

An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a.. More

Incident Response Tools

Incident Response Tools are software programs and applications that are designed to help organizations detect, investigate, analyze, and respond to cyber.. More

Information Asset

An information asset is a resource that has value to an individual, organization, or government. It can be tangible or intangible, and may include physical.. More

Information Asset Definition

An information asset is any data, document, or other information-based resource that is owned, managed, or maintained by an organization. This includes.. More

Information Classification Policy

An Information Classification Policy is a set of guidelines and procedures that are designed to ensure that an organization’s data and information is.. More

Information Governance

Information Governance is the practice of managing, organizing, and protecting the data and information assets of an organization. It involves the development.. More

Information Management System

An Information Management System is a system of organized procedures and processes used to collect, store, organize, analyze, retrieve, and distribute data.. More

Information Security

Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection,.. More

Information Security Assessment

An information security assessment is a comprehensive evaluation of an organization's ability to protect its information assets and systems from unauthorized.. More

Information Security Awaness

Information Security Awareness is a process of educating and informing individuals and organizations about the importance of information security and the.. More

Information Security Controls

Information security controls are measures used to protect data and information systems from unauthorized access, use, disclosure, disruption, modification,.. More

Information Security Governance

Information Security Governance is the overall management of an organization's information security policies, processes, and procedures. It is the.. More

Information Security Governance Benefits

Information security governance benefits refer to the advantages that organizations gain from implementing a comprehensive information security governance.. More

Information Security Management System (ISMS)

An Information Security Management System (ISMS) is a comprehensive set of policies, procedures, controls, and technologies used to protect sensitive.. More

Information Security Risk Acceptance

Information Security Risk Acceptance is the process of identifying, assessing, and deciding to accept or reject a security risk. It involves a comprehensive.. More

Information Security Risk Communication

Information Security Risk Communication is the process of exchanging information about cyber security threats and the potential risks associated with them. It.. More

Information Security Risk Management

Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It.. More

Information Security Risk Monitoring And Review

Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It.. More

Information Security Risk Treatment

Information Security Risk Treatment is the process of identifying, assessing, and responding to security risks in order to minimize the likelihood and impact.. More

Inherent Risk

Inherent risk is the risk that is naturally present in a situation or activity, and is not necessarily caused by external factors. It is the risk that is.. More

Insider Threat Actors

The Insider Threat Actors are individuals within an organization that have access to sensitive information or systems that could be used to cause harm to the.. More

Instant Communications Security And Compliance

Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such.. More

Integrated Management System

An Integrated Management System (IMS) is an organizational system that combines the management of multiple processes, activities, and functions into a single,.. More

Integrated Risk Management (IRM)

Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization. It is a structured process for identifying, assessing,.. More

Internal Environment

The internal environment of an organization refers to the conditions, structures, and factors that exist within the organization and affect its ability to.. More

Internet Of Things (IOT)

The Internet of Things (IOT) is a network of physical objects, or things, embedded with electronics, software, sensors, and network connectivity that enables.. More

Intrusion Detection and Prevention System (IDPS)

An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It.. More

Intrusion Detection Systems (IDS)

An Intrusion Detection System (IDS) is a type of security software that monitors a network or system for malicious activity or policy violations. It gathers.. More

Intrusion Prevention Systems (IPS)

Intrusion Prevention Systems (IPS) are a type of network security technology that are designed to detect and prevent malicious activity on a network. IPS.. More

IRAP Assessors

IRAP Assessors are individuals who are certified by the Canadian government to assess the security of organizations’ information systems and applications... More

IRAP Certification

IRAP Certification stands for Information Risk Assessment Process Certification. It is an internationally recognized certification program that provides.. More

ISO/IEC

ISO/IEC is an international standardization organization that develops and publishes standards for a wide range of technologies and industries. It is a joint.. More

ISO/IEC / IEC 27004:2016 Advantages

ISO/IEC 27004:2016 Advantages is a standard that provides guidance on the use of a range of quantitative methods to measure, analyze, and interpret the.. More

ISO/IEC /IEC 27000

ISO/IEC 27000 is a family of international standards developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC /IEC 27001 Foundation

ISO/IEC 27001 Foundation is an international standard for Information Security Management Systems (ISMS) which provides the framework for organizations to.. More

ISO/IEC /IEC 27001:2017

ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an.. More

ISO/IEC /IEC 27003:2017 Requirements

for an Information Security Management System ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation,.. More

ISO/IEC /IEC 27004

ISO/IEC 27004 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical.. More

ISO/IEC /IEC 27004:2016 Clauses

ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information.. More

ISO/IEC /IEC 27005

ISO/IEC 27005 is an international standard for information security risk management. It provides a framework for organizations to assess, monitor, and manage.. More

ISO/IEC 27001 2005

ISO/IEC 27001:2005 is an international standard for information security management systems (ISMS). It provides a framework for organizations to identify,.. More

ISO/IEC 27001 Activities

ISO/IEC 27001 Activities are the processes, procedures, and controls that organizations use to protect their information assets. These activities are based on.. More

ISO/IEC 27001 And ISO/IEC 27002

ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC 27001 Annex A

ISO/IEC 27001 Annex A is a set of information security controls developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC 27001 Annex A Controls

ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can be used to help organizations protect their information.. More

ISO/IEC 27001 As An Individual

ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It is a framework of policies and procedures that.. More

ISO/IEC 27001 Audit

An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the.. More

ISO/IEC 27001 Back Up Policy

ISO/IEC 27001 is an international standard for information security management that provides a framework for organizations to establish and maintain an.. More

ISO/IEC 27001 Benefits

ISO/IEC 27001 Benefits are the advantages that organizations can gain from implementing the ISO/IEC 27001 Information Security Management System (ISMS). This.. More

ISO/IEC 27001 Certification Requirements

ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the.. More

ISO/IEC 27001 Certified

ISO/IEC 27001 Certified is an internationally recognized certification that demonstrates an organization's commitment to information security and data.. More

ISO/IEC 27001 Controls

ISO/IEC 27001 Controls is a set of security controls and best practices established by the International Organization for Standardization (ISO) and the.. More

ISO/IEC 27001 Data Retention Policy

ISO/IEC 27001 Data Retention Policy is a set of guidelines that outlines the procedures and standards for how data should be stored, managed, and retained to.. More

ISO/IEC 27001 Domains

ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001.. More

ISO/IEC 27001 Gap Analysis

ISO/IEC 27001 Gap Analysis is an assessment of a company’s information security management system (ISMS) in relation to the requirements of the ISO/IEC 27001.. More

ISO/IEC 27001 Lead Auditor

ISO/IEC 27001 Lead Auditor is an individual who has been trained and certified to audit and evaluate an organization’s Information Security Management System.. More

ISO/IEC 27001 Lead Implementer

ISO/IEC 27001 Lead Implementer is an individual with the knowledge and experience to plan, manage, and implement an Information Security Management System.. More

ISO/IEC 27001 Mandatory Clauses

ISO/IEC 27001 Mandatory Clauses are the minimum requirements for an Information Security Management System (ISMS) that must be met in order for an.. More

ISO/IEC 27001 Or ISO/IEC 27018

ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical.. More

ISO/IEC 27001 Password Policy

ISO/IEC 27001 Password Policy is a set of guidelines and requirements for the creation and maintenance of user passwords in order to protect the.. More

ISO/IEC 27001 Penetration Testing

ISO/IEC 27001 Penetration Testing is a type of security testing that is used to evaluate the security of an organization’s information systems and networks... More

ISO/IEC 27001 Requirement Checklist

ISO/IEC 27001 Requirement Checklist is a document that outlines the requirements for an organization to implement an information security management system.. More

ISO/IEC 27001 Risk Assessment

ISO/IEC 27001 Risk Assessment is a systematic process of identifying, evaluating, and responding to risks associated with the use, processing, storage, and.. More

ISO/IEC 27001 Risk Register

ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organization’s information security system. It is a comprehensive.. More

ISO/IEC 27001 Scope

ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Management System (ISMS) that defines the boundaries of the.. More

ISO/IEC 27001 Secure Development Policy

ISO/IEC 27001 Secure Development Policy is a set of guidelines and standards that organizations must adhere to in order to ensure the security of their.. More

ISO/IEC 27001 Security Awarrness

ISO/IEC 27001 Security Awareness is a framework of standards and best practices that organizations can use to develop and implement a comprehensive.. More

ISO/IEC 27001 Security Policy

ISO/IEC 27001 Security Policy is a set of rules, processes, and procedures that define how an organization will manage its information security. It is a.. More

ISO/IEC 27001 Surveillance Audit

An ISO/IEC 27001 Surveillance Audit is a periodic review of an organization's information security management system (ISMS) to ensure it is operating.. More

ISO/IEC 27001 Toolkit

ISO/IEC 27001 Toolkit is a collection of resources and documents designed to help organizations implement an Information Security Management System (ISMS) in.. More

ISO/IEC 27001 Vulnerability Management

ISO/IEC 27001 Vulnerability Management is a set of processes and procedures used to identify, classify, prioritize, and address potential vulnerabilities in.. More

ISO/IEC 27002

ISO/IEC 27002 is an internationally recognized standard for information security management. It provides a comprehensive set of controls that organizations.. More

ISO/IEC 27002 Benefits

ISO/IEC 27002 Benefits is a set of information security management best practices that provide organizations with a framework for developing, implementing,.. More

ISO/IEC 27002 Framework

ISO/IEC 27002 is an international standard that provides guidelines for the implementation of an information security management system (ISMS). It is part of.. More

ISO/IEC 27002 Importance

ISO/IEC 27002 is an international standard for information security management, which provides best practice recommendations for organizations to implement.. More

ISO/IEC 27002 Scope

ISO/IEC 27002 Scope is the scope of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27002.. More

ISO/IEC 27002 Security Policy

ISO/IEC 27002 Security Policy is a set of guidelines, procedures, and best practices that organizations use to protect their information assets. It is based.. More

ISO/IEC 27002 Standard Focus

ISO/IEC 27002 Standard Focus is an internationally accepted standard for information security management which provides best practices and guidelines for.. More

ISO/IEC 27002:2022

ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) developed by the International Organization for.. More

ISO/IEC 27002:2022 Controls

ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the.. More

ISO/IEC 27003

ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best.. More

ISO/IEC 27004

ISO/IEC 27004 is an international standard that provides guidance for the effective and efficient implementation of a measurement program for the management.. More

ISO/IEC 27005

ISO/IEC 27005 is an international standard for security risk management. It provides a framework for organizations to identify, assess, and manage information.. More

ISO/IEC 27005 And ISRM

ISO/IEC 27005 is an international standard that provides guidance on information security risk management (ISRM). It is designed to help organizations.. More

ISO/IEC 27008

ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management.. More

ISO/IEC 27014

ISO/IEC 27014 is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical.. More

ISO/IEC 27102

ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) developed by the International Organization for Standardization.. More

ISO/IEC Accreditation

ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of.. More

ISO/IEC Audit

ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide.. More

ISO/IEC Certification Meaning

ISO/IEC certification is a formal recognition that a product, process or service meets a set of standards and criteria as established by the International.. More

ISO/IEC Certifications

ISO/IEC certifications are a set of international standards for quality assurance and assurance of conformity. These certifications are designed to help.. More

ISO/IEC Cloud Security Standard

ISO/IEC Cloud Security Standard is an international standard developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC Compliance

ISO/IEC compliance is the adherence to international standards and guidelines set forth by the International Organization for Standardization (ISO) and the.. More

ISO/IEC Cybersecurity

ISO/IEC Cybersecurity is a set of principles and practices designed to protect networks, systems, programs, and data from unauthorized access, use,.. More

ISO/IEC Data Center

ISO/IEC Data Center is a facility that houses computer systems and associated components, such as telecommunications and storage systems. It generally.. More

ISO/IEC Data Security Standard

ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and.. More

ISO/IEC Directives

ISO/IEC Directives are a set of standards and guidelines issued by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC Directives Part 1

ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development, approval, publication, and maintenance of International.. More

ISO/IEC Directives Part 2

ISO/IEC Directives Part 2 is a set of rules and procedures developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC External Audits

ISO/IEC External Audits are independent assessments of an organization's quality management system (QMS) conducted by a third-party auditor. The purpose of.. More

ISO/IEC Framework

The ISO/IEC Framework is a set of standards and guidelines developed by the International Organization for Standardization (ISO) and the International.. More

ISO/IEC Health

Informatics ISO/IEC Health Informatics is the application of information technology and information systems to the healthcare industry. It involves the use of.. More

ISO/IEC Information Security

ISO/IEC Information Security is a set of international standards designed to protect information from unauthorized access, disclosure, modification, or.. More

ISO/IEC Internal Audit

ISO/IEC Internal Audit is a systematic and independent assessment of an organization's quality management system, processes, and activities, to determine.. More

ISO/IEC Rules

ISO/IEC Rules are a set of international standards for the development, implementation, and maintenance of information technology (IT) products and services... More

ISO/IEC Standard

ISO/IEC Standard is an international standard created by the International Organization for Standardization (ISO) and the International Electrotechnical.. More

ISO/IEC Standards List

ISO/IEC Standards List is an international standard-setting body composed of representatives from various national standards organizations. It develops and.. More

IT Audit

An IT Audit is an independent review of the information systems and related operations of an organization. It is designed to evaluate the effectiveness of.. More

IT Security

IT Security is a broad term that encompasses the processes, technologies, and practices designed to protect networks, devices, programs, and data from.. More

Jailbreak

Jailbreak: A jailbreak is a process that allows a user to gain access to the root of their device's operating system, allowing them to bypass restrictions.. More

Keystroke Logging

Keystroke logging is a process of tracking and recording the keys that are pressed on a computer keyboard. It is a form of surveillance technology used to.. More

Likelihood

Likelihood is the probability of an event occurring, based on past events and/or current conditions. It is a measure of the probability that something will.. More

Logic Bomb

A logic bomb is a malicious piece of code that is designed to cause damage to a computer system or disrupt its normal operations. It is usually triggered by a.. More

Malware Vs. Viruses Vs. Worm

s Malware: Malware is a type of software designed to harm or exploit computer systems without the user’s knowledge or consent. It can be used to gain access to.. More

Mandatory Access Control (MAC)

Mandatory Access Control (MAC) is an access control system that requires users to be explicitly identified and authorized before they can access any resources.. More

Mitigating Controls For Risk Management

Mitigating controls for risk management are the actions or measures taken to reduce the likelihood of a risk occurring or its potential impact. These controls.. More

Money Laundering

Money Laundering is the process of disguising illegally obtained funds so they appear to have been obtained from a legitimate source. It is typically done by.. More

Monitoring

Monitoring is the process of regularly observing, measuring, and evaluating a specific activity or system in order to identify any changes or trends that may.. More

National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. Established in 1901, NIST.. More

Network

A network is a system of interconnected components, such as computers, servers, and other peripherals, that are capable of exchanging data and sharing.. More

Network Access Control

Network Access Control (NAC) is a security system that helps organizations control who is allowed to access their networks. It is designed to protect networks.. More

Network Security

Network Security is the practice of protecting networks, systems, and data from unauthorized access, misuse, modification, or destruction. It includes both.. More

Network Segmentation

Network segmentation is the process of dividing a computer network into smaller segments or sub-networks in order to improve network performance, reduce.. More

Network Segregation

Network Segregation is the process of separating different types of traffic on a network. It is used to ensure that sensitive information is kept secure by.. More

Nis Directive

NIS Directive is a directive issued by the European Union (EU) in 2018 which aims to improve the security of network and information systems across the EU. It.. More

NIST 800 171

NIST 800 171 is a set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for the protection of Controlled.. More

NIST 800-171 Compliance Checklist

NIST 800-171 Compliance Checklist is a comprehensive list of requirements for organizations to meet the security standards of the National Institute of.. More

NIST 800-171 Controls

NIST 800-171 Controls are a set of security requirements established by the National Institute of Standards and Technology (NIST) that organizations must.. More

NIST 800-171 Purpose

The NIST 800-171 purpose is to provide a set of security requirements for the protection of Controlled Unclassified Information (CUI) in Nonfederal.. More

NIST 800-53 Control Families

NIST 800-53 Control Families are a set of security controls developed by the National Institute of Standards and Technology (NIST) to provide a standardized.. More

NIST 800-53 Risk Assessment

NIST 800-53 Risk Assessment is a comprehensive process used to identify, assess, and manage the security risks associated with the use, processing, storage,.. More

NIST Compliance

NIST Compliance is the process of verifying that an organization is adhering to the security standards and guidelines set forth by the National Institute of.. More

NIST Controls

NIST Controls are a set of security guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations protect their.. More

NIST Cybersecurity Standards

NIST Cybersecurity Standards are a set of standards and guidelines developed by the National Institute of Standards and Technology (NIST) to help.. More

NIST Guidelines

NIST Guidelines are a set of recommendations developed by the National Institute of Standards and Technology (NIST) to help organizations protect their.. More

NIST SP 800-53

NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a.. More

NIST SP 800-53 Benefits

NIST SP 800-53 Benefits is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations identify, assess,.. More

NIST SP 800-53 Enhanced Controls

NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement the baseline security controls outlined in the NIST SP.. More

NIST SP 800-53 Minimum/Base Controls

NIST SP 800-53 Minimum/Base Controls are a set of security controls established by the National Institute of Standards and Technology (NIST) to help.. More

Non-Repudiation

Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a.. More

Notifiable data breach

A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of personal information, or a reasonable belief exists that such.. More

Office of the Australian Information Commissioner (OAIC)

The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency created under the Australian Privacy Act 1988. It is.. More

Operational Risk

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of.. More

Operational Risk Management (ORM)

Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks that can arise from the operations of an organization. It is.. More

Operational Security

Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic.. More

Operational Technology (OT)

Operational Technology (OT) is a term used to refer to the hardware and software used to monitor and control physical devices and processes in an industrial.. More

Passive Attack

A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing.. More

Passive Scanning

Passive scanning is a type of network security scanning technique used to detect potential security threats on a computer network without sending any packets.. More

Patch Management

Patch management is the process of identifying, downloading, testing, and applying patches to software applications and operating systems. It is an essential.. More

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card.. More

PCI DSS Standards

PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that all companies that process, store, or transmit credit.. More

Personally Identifiable Information (PII)

Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not.. More

Policy management

Policy management is the process of developing, implementing, and maintaining organizational policies, procedures, and guidelines. It is a comprehensive.. More

Prioritisation

Prioritisation is the process of determining the order of importance or urgency of activities, tasks, and decisions. It involves assessing the relative worth.. More

Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated.. More

Quadrant

A quadrant is a quarter-circle shape divided into four equal parts. It is typically used in mathematics, astronomy, and navigation to measure angles and.. More

Ransomware

Ransomware is a type of malicious software (malware) designed to block access to a computer system or data until a ransom is paid. It typically spreads.. More

Ransomware Protection

Ransomware protection is the process of safeguarding computer systems and networks from malicious software, or ransomware, that is designed to encrypt or.. More

ReDACtion

ReDACtion (noun): The process of reducing a piece of writing, such as a book, article, or essay, in order to make it more concise and easier to read. This.. More

Regulatory Compliance

Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws, regulations, standards, and ethical practices set by.. More

Remediation

Remediation is the process of addressing a problem, issue, or deficiency in order to restore a system, process, or environment to an acceptable level of.. More

Reputational Risk

Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and.. More

Risk

Risk is the potential for loss or harm that can be caused by making a decision or taking an action. It is the uncertainty of an outcome or the potential of.. More

Risk Center

Risk Center is a term used to refer to a centralized location for managing, analyzing, and mitigating risk. It is the focal point for risk management.. More

Risk Control Self Assessment (RCSA)

Risk Control Self Assessment (RCSA) is a systematic process used to identify, assess, monitor, and control risks within an organization. It is a tool used to.. More

Risk Financing

Risk financing is a type of financial management strategy used to protect an organization from the financial impact of losses due to risks. It involves a.. More

Risk Identification

Risk identification is the process of recognizing and assessing the potential risks associated with a particular situation, event, or activity. It involves.. More

Risk Identification (Ri)

Risk Identification (Ri) is the process of identifying and understanding potential risks that may affect an organization, project, or process. This process.. More

Risk Management Framework

Risk Management Framework is a set of processes, policies, and tools used to identify, assess, monitor, and control risks associated with an organization’s.. More

Risk Management Policy

A Risk Management Policy is a document that outlines steps and procedures to be taken by an organization to identify, assess, and manage risks associated with.. More

Risk Management Process

Risk Management Process is a systematic approach to identifying, analyzing, and responding to risks associated with an organization's operations, projects,.. More

Risk Management Standards

Risk Management Standards are a set of guidelines that provide organizations with a framework to identify, assess, and manage potential risks to their.. More

Risk Management System And Process

A Risk Management System and Process is a system of structured procedures and processes used to identify, assess, monitor, manage, and mitigate risks.. More

Risk Management Tool

Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture.. More

Risk Mitigation

Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It.. More

Risk Mitigation Controls

Risk Mitigation Controls are measures taken to reduce the potential for a negative event to occur, or to reduce the severity of the consequences if an event.. More

Risk Owner

Risk Owner is an individual or organization responsible for the identification, assessment, and management of risks associated with a given activity, project,.. More

Risk Profile

Risk Profile is a term used to describe an individual's or organization's risk tolerance, which is the amount of risk they are willing to take in order to.. More

Risk Reduction

Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking.. More

Risk Register

A Risk Register is a document used to record and track all identified risks associated with a project, process, or activity. It is a tool used to identify,.. More

Risk Source

Risk Source is a term used to describe the origin of a potential risk that could affect an organization, project, or process. It is typically used to identify.. More

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is.. More

Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) is a cloud-based networking and security model that provides secure access to applications, services, and data from any.. More

Security And Integrity

Security and Integrity are two important concepts in the field of information technology. Security refers to the measures taken to protect data and systems.. More

Security Audit

A security audit is a comprehensive assessment of an organization’s security posture, policies, and procedures. It is conducted by an independent third party.. More

Security Event

Security Event: A security event is an occurrence or incident that affects the security of a system, network, or application. It can be anything from a.. More

Security Governance

Security Governance is the practice of establishing and maintaining policies, processes, and procedures to ensure the security of an organization's.. More

Security Incident

A security incident is any event that compromises the confidentiality, integrity, or availability of an information system or the data it contains. This.. More

Security Incident Report

A Security Incident Report is a document created by a security team or individual to document any security-related event or incident that occurs within an.. More

Security Indicators

Security Indicators are signals or patterns that indicate the presence of malicious activity or a security breach. They are used to detect and respond to.. More

Security Management

Security Management is the process of identifying, assessing, and managing the risks to an organization’s assets, personnel, and operations. It involves the.. More

Security Metrics

Security Metrics are measurements used to assess the effectiveness of an organization's security posture. They enable organizations to track and monitor the.. More

Security Perimeter

Security Perimeter: A security perimeter is an arrangement of security measures designed to protect an asset or group of assets from unauthorized access. It.. More

Security Testing Requirements

Security Testing Requirements refer to the specific criteria that must be met in order to ensure that a system is secure. This includes both technical and.. More

Segregation Of Duties (SOD)

Segregation of Duties (SOD) is a security control that is used to ensure that no single individual has complete control over a business process. This is.. More

SOC 1

SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service.. More

SOC 2

SOC 2 is a set of auditing standards developed by the American Institute of Certified Public Accountants (AICPA) to evaluate and validate the security,.. More

SOC 2 Audit

A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and practices. It is based on the Trust Services Principles.. More

SOC 2 Compliance

SOC 2 Compliance is a set of standards and requirements designed to ensure that organizations providing services to customers maintain the security,.. More

SOC 2 Controls

SOC 2 Controls are a set of security and privacy standards and procedures designed to protect the confidentiality, integrity, and availability of customer.. More

SOC 2 Standards

The SOC 2 Standards are a set of trust principles developed by the American Institute of Certified Public Accountants (AICPA) to provide organizations with a.. More

SOC 2 Trust Principles

SOC 2 Trust Principles are a set of criteria used to evaluate and assess the security, availability, processing integrity, confidentiality, and privacy of a.. More

SOC 3

SOC 3 is an internationally recognized standard that is used to assess and report on the security and privacy of a service organization’s systems, processes,.. More

SOC Reports

SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that provide assurance about the security, availability, and.. More

Spear Phishing

Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access.. More

Spyware Threat

Spyware threat is a type of malicious computer software that is installed on a user's computer without their knowledge or permission. Spyware is designed to.. More

SSAE 16

Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued by the Auditing Standards Board (ASB) of the American.. More

SSAE 18

Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants.. More

Statement Of Applicability (SOA)

A Statement of Applicability (SOA) is a document that outlines the security controls and measures that an organization has implemented to protect its.. More

Strategic Risk

Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing.. More

Supplier Risk Management

Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associated with working with suppliers and other third parties. It.. More

The Health Insurance Portability and Accountability (HIPAA)

The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for.. More

Thin Client

A thin client is a computer or device that relies on a server to perform its computing tasks. It is typically used in an environment where the user accesses.. More

Third-party risk management

Third-party risk management is the process of identifying, assessing, and mitigating risks associated with relationships with external entities, such as.. More

Threat

Threat: A threat is a statement of an intention to inflict pain, injury, damage, or other hostile action on someone in retribution for something done or not.. More

Threat Modeling

Threat Modeling is a structured approach to identifying, analyzing, and responding to potential security threats in a system, network, or application. It is.. More

Threat Modeling Frameworks And Methodologies

Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used to identify, analyze, and respond to potential threats to.. More

Triage

Triage is the process of quickly assessing and categorizing patients based on the severity of their medical condition and the resources available for.. More

Types Of Insider Threat Actors

Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an organization’s resources, networks, and systems, but who.. More

UK Cyber Essentials

UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple,.. More

Vendor

Vendor: A vendor is an individual or company that provides goods or services to another individual or company in exchange for payment. Vendors may provide.. More

Vendor Assessment

Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ability to meet the needs of an organization. This process.. More

Vendor Management Policy

A Vendor Management Policy is a set of guidelines and procedures designed to ensure that vendors providing goods and services to an organization are properly.. More

Vendor Management Policy (Vmp)

A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships with vendors that provide goods and services to an.. More

Vendor Risk Management (VRM)

Vendor Risk Management (VRM) is an enterprise-wide approach to managing risks associated with third-party vendors. It involves an organization’s proactive.. More

Virtual Private Network (VPN)

A Virtual Private Network (VPN) is a secure connection between two or more computers, devices, or networks over the internet. It uses encryption technology to.. More

Vulnerability

Vulnerability is a state of being open to potential harm, either physically, emotionally, or psychologically. It can refer to a person's susceptibility to.. More

Vulnerability Management

Vulnerability Management is the process of identifying, assessing, and prioritizing vulnerabilities in an organization’s systems and networks to ensure that.. More

Vulnerability Scanning

Vulnerability scanning is a process of identifying, quantifying, and prioritizing (ranking) the vulnerabilities in a computer system, network, or application... More

Wardriving

Wardriving is a type of hacking that involves using a vehicle to search for and map wireless networks. It involves driving around with a laptop or other.. More

Watering Hole Attack

A watering hole attack is a type of cyber attack that targets a specific group of users by compromising a website that they are known to visit. The attacker.. More

Web Security Threats

Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer.. More

Zero Day

Zero Day: A zero-day (also known as a zero-hour or zero-minute) vulnerability is a computer security vulnerability that is unknown to those who would be.. More

Trusted by 1,000's of business worldwide

KWM
GKN automotive industry 6clicks
Volaris private equity using 6clicks
NSW government using 6clicks
Canva using 6clicks
NTT telecommunications using 6clicks
Flybuys using 6clicks for risk and compliance
CyberCX using 6clicks cybersecurity MSP
TCS advisor using 6clicks for GRC
Clydo & Co using 6clicks for legal services
G+T using 6clicks for risk and compliance
BDO using 6clicks for risk and compliance
GET STARTED NOW

Our most recent thought leadership

Explore the 6clicks Marketplace now 

The 6clicks platform includes content from hundreds of standards, laws and regulations around the world, including and .

EXPLORE THE 6CLICKS MARKETPLACE

 

Hear from world-renowned GRC analyst Michael Rasmussen about 6clicks and why it's breakthrough approach is winning


Get up and running with 6clicks in just a matter of hours.
HubSpot Video

 

Hub & Spoke

'Push-down' standards to teams

'Push' your standard templates, controls, and risk libraries to your teams.

Analytics

'Roll up' analytics for reporting

Roll-up analytics for consolidated reporting across your teams. 

Our customers have spoken.

They genuinely love 6clicks.

"The best cyber GRC platform for businesses and advisors."


David Simpson | CyberCX

"We chose 6clicks not only for our clients, but also our internal use”

Chief Risk Officer | Publically Listed 

"We use Hub & Spoke globally for our cyber compliance program. Love it."

Head of Compliance | Fortune 500

Top 100 Innovators
customers-love-us-white
Capterra review badge
G2-Winter-Leader-ALL
RegTech Top 100
CRN Top 100
Michael Rasmussen | GRC 20/20 Research LLC

"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."

Michael Rasmussen
GRC 20/20 Research LLC

6clicks is powered by AI and includes all the content you need.
Our unique 6clicks Hub & Spoke architecture makes it simple to use and deploy.

logo
logo
logo
logo
logo
logo

GET STARTED TODAY