Glossary definition:
Directory
Topics
Access Control
Access control is the process of granting or denying specific requests to obtain information or resources from a particular system. It is a security measure..
MoreAccess Control Policies
Access Control Policies are a set of rules and regulations that are designed to govern who has access to an organization's physical or digital resources. The..
MoreAccess Control System
An access control system is a security system that manages and monitors access to a physical facility, building, or area, or to a logical resource, such as a..
MoreActive Attack
An active attack is a type of cyber attack that attempts to alter, delete, or disrupt the availability of a computer system or its data. This type of attack is..
MoreActivity Monitors
Activity Monitors are wearable devices that track and monitor physical activity. They measure and record activities such as steps taken, distance traveled,..
MoreAFSL Authorised Representative
An AFSL Authorised Representative is an individual or organisation that has been authorised by an Australian Financial Services Licence (AFSL) holder to..
MoreAPRA CPS 234
APRA CPS 234 is an information security standard developed by the Australian Prudential Regulation Authority (APRA) to provide guidance on the security..
MoreAsset Inventory
An asset inventory is a comprehensive list of all the physical and intangible assets owned by a business or individual. It includes all tangible assets such as..
MoreAsset Labeling
Asset Labeling is the process of attaching labels or tags to physical assets in order to identify, track, and manage them. This process can involve the use of..
MoreAsset Security
Asset security is the protection of physical and digital assets from unauthorized access, use, disclosure, disruption, modification, or destruction. It..
MoreAssociation of International Certified Professional Accountants (AICPA)
The Association of International Certified Professional Accountants (AICPA) is an organization that represents the global accounting profession. It is the..
MoreAttack Surface
Attack Surface is the total sum of potential points of attack in a system, network, or application. It is the combination of hardware, software, and network..
MoreAttack Vector
An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious..
MoreAttestation of Compliance (AOC)
Attestation of Compliance (AOC) is a formal declaration from an organization or individual that confirms that the organization or individual has met all of the..
MoreAttribute
Attribute: A characteristic or quality of a person, place, or thing that is used to describe or identify it. Attributes can be physical (such as height,..
MoreAttribute-Based Access Control (ABAC)
Attribute-Based Access Control (ABAC) is an access control system that uses a set of attributes to determine the access privileges of a user. It is a..
MoreAustralian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) is a government agency that works to protect Australia’s national security interests in cyberspace. It is a joint..
MoreAustralian Prudential Regulation Authority (APRA)
The Australian Prudential Regulation Authority (APRA) is an independent statutory authority of the Australian Government that was established in 1998 to..
MoreAustralian Securities and Investments Commission (ASIC)
The Australian Securities and Investments Commission (ASIC) is an independent Australian government body that acts as Australia's corporate regulator. ASIC's..
MoreBS 10012
BS 10012 is a British Standard that provides a framework for organizations to manage and protect personal data. It outlines the requirements for a personal..
MoreBuffer Overflow
Buffer overflow is a type of software vulnerability that occurs when a program attempts to write more data to a buffer than it can hold, resulting in some of..
MoreBusiness Continuity
Business Continuity is a comprehensive approach to ensuring that an organization is able to maintain its essential operations and services in the face of any..
MoreBusiness Continuity Management (BCM)
Business Continuity Management (BCM) is a holistic management process that identifies potential threats to an organization and the impacts to business..
MoreBusiness Continuity Plan (BCP)
A Business Continuity Plan (BCP) is a comprehensive plan that outlines how an organization will respond to, and recover from, a disruption in its operations...
MoreBusiness Impact Analysis (Bia)
Business Impact Analysis (BIA) is a systematic process used to identify and evaluate the potential effects of an interruption to critical business operations..
MoreBusiness Resilience
Business resilience is the ability of an organization to anticipate, prepare for, respond to, and recover from disruptions while maintaining continuous..
MoreCiphertext
Ciphertext is the scrambled form of plaintext, or readable text, after it has been encrypted using a cipher, or an algorithm for encryption and decryption. It..
MoreCloud Control Matrix (CCm)
A Cloud Control Matrix (CCm) is an organizational tool used to monitor and maintain the security, availability, and reliability of cloud-based services. It is..
MoreCloud Controls Matrix (CCM) Domains
A Cloud Controls Matrix (CCM) Domains is a set of security controls and associated security requirements that are used to ensure the security of cloud-based..
MoreCloud Infrastructure
Cloud Infrastructure is a type of computing infrastructure that provides shared computer processing resources and data to computers and other devices on demand..
MoreCloud Security
Cloud Security is the process of protecting data, applications, and infrastructure that are stored in the cloud from unauthorized access, misuse, and data..
MoreCOBIT Framework
COBIT (Control Objectives for Information and Related Technology) is an IT governance framework that provides a comprehensive set of best practices, processes,..
MoreCOBIT Framework Goals
The COBIT Framework Goals are a set of high-level objectives that provide guidance on the desired outcomes of IT governance and management processes. They are..
MoreCOBIT Framework Principles
The COBIT Framework Principles are a set of seven guiding principles for the effective governance and management of enterprise IT. The COBIT framework is a..
MoreCommon Vulnerabilities And Exposures (CVE)
Common Vulnerabilities and Exposures (CVE) is a list of publicly known cyber security vulnerabilities and exposures. It is maintained by the non-profit..
MoreCommon Vulnerability Scoring System (CVSS)
The Common Vulnerability Scoring System (CVSS) is a standard for measuring and rating the severity of computer system security vulnerabilities. It is a..
MoreCommunication and consultation
Communication and consultation is the process of exchanging information and ideas between two or more people or groups. It involves actively listening to the..
MoreCommunication Security
Communication Security is the practice of protecting communications (messages, data, voice, video) from unauthorized access, alteration, theft, or destruction...
MoreCompliance Automation
Compliance Automation is the process of automating the management of regulatory compliance requirements. It involves the use of software and other technology..
MoreCompliance Automation Software
Compliance Automation Software is a type of software designed to automate the process of ensuring compliance with regulations and standards. It typically..
MoreCompliance Due Diligence
Compliance Due Diligence is a process of assessing the compliance of an organization or individual with applicable laws, regulations, and industry standards...
MoreCompliance Issue
Compliance Issue: A compliance issue is a situation in which a company or individual fails to comply with laws, regulations, industry standards, or internal..
MoreCompliance Management
Compliance Management is the practice of ensuring that an organization is adhering to all applicable laws, regulations, standards, and ethical practices. It..
MoreCompliance Manager/Officer
A Compliance Manager/Officer is a person who is responsible for ensuring that an organization is adhering to all applicable laws and regulations, as well as..
MoreCompliance Risk
Compliance risk is the risk of legal or regulatory sanctions, financial loss, or loss of reputation a business may face as a result of its failure to comply..
MoreCompliance Risk Management
Compliance risk management is the process of identifying, assessing, monitoring, and mitigating compliance risks associated with an organization’s operations..
MoreComputer Security Threats
Computer security threats are malicious attempts by individuals or organizations to gain unauthorized access to a computer system, network, or data. These..
MoreConfiguration Management Database (CMDB)
A Configuration Management Database (CMDB) is a database that stores and organizes detailed information about the components of an organization's IT..
MoreConsequence
Consequence is the result or effect of an action, decision, or set of circumstances. It is the outcome of a particular course of action and can either be..
MoreCrimeware
Crimeware is malicious software (malware) designed to facilitate cybercrime. It is typically used by cybercriminals to gain unauthorized access to computer..
MoreCross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website..
MoreCryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It is used to protect confidential information..
MoreCSIO Cybersecurity
Csio Cybersecurity is a comprehensive approach to protecting digital assets and information from unauthorized access, use, disclosure, disruption,..
MoreCyber Resiliency
Cyber Resiliency is the ability of an organization or individual to maintain or quickly recover from a cyber attack or other cyber incident. It is the process..
MoreCyber Risk Consultant
A Cyber Risk Consultant is a specialist in the field of cyber security and risk management. They provide advice and guidance to organizations, businesses, and..
MoreCyber Risk Management Frameworks
Cyber Risk Management Frameworks are comprehensive sets of policies, processes, and procedures that organizations use to identify, assess, monitor, and..
MoreCyber Safety
Cyber safety is the practice of protecting oneself and one’s personal information from malicious online threats such as cyberbullying, identity theft, and..
MoreCyber-Risk Quantification
Cyber-Risk Quantification is a process of assessing the potential risks associated with a company’s digital assets, networks, and data. This process involves..
MoreCybersecurity Asset Management
Cybersecurity Asset Management is the process of identifying, organizing, and managing an organization's information technology assets, including hardware,..
MoreCybersecurity Asset Management (CSAM)
Cybersecurity Asset Management (CSAM) is a process of managing the security of digital assets and information systems. It involves the identification,..
MoreCybersecurity Awareness
Cybersecurity Awareness is the practice of recognizing potential security threats and taking proactive steps to protect an individual or organization’s digital..
MoreCybersecurity Credentials
Cybersecurity credentials are a set of qualifications and certifications that a person or organization holds to demonstrate their knowledge and proficiency in..
MoreCybersecurity Framework NIST
Cybersecurity Framework NIST (National Institute of Standards and Technology) is a set of guidelines and best practices developed by the US government to help..
MoreCybersecurity Frameworks
Cybersecurity frameworks are sets of best practices and guidelines designed to help organizations of all sizes protect their networks, systems, and data from..
MoreCybersecurity Gamification
Cybersecurity Gamification is the process of using game-like elements and techniques to enhance the effectiveness of cybersecurity awareness and training. It..
MoreCybersecurity Incident
Cybersecurity Incident: A cybersecurity incident is an event or series of events that occur when malicious actors attempt to compromise or gain unauthorized..
MoreCybersecurity Incident Report
A Cybersecurity Incident Report is an official document that is used to document the details of a cybersecurity incident. It typically includes an overview of..
MoreCybersecurity Incidents
Cybersecurity incidents are any events that involve the unauthorized access, disruption, or destruction of computer systems, networks, or data. These incidents..
MoreCybersecurity Insurance
Cybersecurity Insurance is a type of insurance that provides coverage for losses resulting from cyber-attacks, data breaches, and other cyber-related risks. It..
MoreCybersecurity Management
Cybersecurity Management is the practice of protecting networks, systems, and programs from digital attacks. These attacks may come in the form of malware,..
MoreCybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC) is a certification program created by the United States Department of Defense (DoD) to ensure that all..
MoreCybersecurity Mesh
Cybersecurity Mesh is a comprehensive system of tools and strategies designed to protect networks, systems, and data from malicious cyber threats, such as..
MoreCybersecurity Mesh Architecture
Cybersecurity Mesh Architecture is a system of distributed security solutions that provide layered protection for digital assets. It is designed to protect..
MoreCybersecurity Report
A Cybersecurity Report is a document that outlines the security measures taken to protect a company's digital assets. It typically includes an assessment of..
MoreCybersecurity Reports
Cybersecurity Reports are documents that provide detailed information about the security status of an organization's digital assets and infrastructure. They..
MoreCybersecurity Risk Appetite
Cybersecurity Risk Appetite is the level of risk an organization is willing to accept in order to achieve its objectives. It is determined by the..
MoreDark Data
Dark Data is information that is collected, stored, and processed but never used to make decisions or generate insights. It is data that is not actively..
MoreData Access Management
Data Access Management is the practice of controlling and monitoring the access of users to an organization’s data and systems. It is a critical component of..
MoreData Asset
Data Asset: A data asset is any structured or unstructured data that has value to an organization. Data assets are typically used to inform decisions, build..
MoreData Breach
A data breach is an incident in which sensitive, confidential, or protected data is accessed, viewed, stolen, or used by an individual or organization without..
MoreData Controller
A data controller is a person or organization who is responsible for determining the purposes for which and the manner in which any personal data is processed...
MoreData Democratization
Data Democratization is the process of making data and data-related resources available to a broad range of users and stakeholders, regardless of their..
MoreData Exfiltration
Data exfiltration is the unauthorized transfer of data from a secure system or network to an external location or device. It is a malicious activity typically..
MoreData Integrity
Data Integrity is the assurance that data is complete, accurate, and reliable throughout its lifecycle. It is the process of ensuring that data is not..
MoreData Leak
Data leak is the intentional or unintentional release of sensitive data to an unauthorized recipient. It can occur through a variety of methods, including..
MoreData Mining
Data Mining is the process of extracting meaningful information from large amounts of data. It is a type of analysis that uses sophisticated algorithms and..
MoreData Owner
Data Owner is a term used to refer to the person or entity responsible for the creation, maintenance, and control of a set of data. This includes the right to..
MoreData Protection Impact Assessment (DPIA)
Data Protection Impact Assessment (DPIA) is a process used to identify, assess, and manage data protection risks within an organization. It is an important..
MoreDatabase Audit And Protection (DAP)
Database Audit and Protection (DAP) is a set of processes and procedures used to monitor, audit, and protect data stored in a database. DAP involves the use of..
MoreDefence In Depth
Defence In Depth is a military strategy which seeks to protect an area from attack by creating multiple layers of defence. It involves a series of mutually..
MoreDiscretionary Access Control (DAC)
Discretionary Access Control (DAC) is a type of access control in which a user's access to a system or resource is based upon the user's individual identity...
MoreDiscretionary Access Control (DAC) Attributes
Discretionary Access Control (DAC) attributes are security measures used to control and manage access to computer systems and data. DAC is a type of access..
MoreDMAC Security
Dmarc Security is a set of standards that helps protect email senders and recipients from malicious email activity. It stands for Domain-based Message..
MoreDomain Name System (DNS)
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or other resources connected to the Internet or a private..
MoreDOS Attack
A DOS attack (denial of service attack) is a malicious attempt to make a computer or network resource unavailable to its intended users. It typically involves..
MoreDPIS Stages
DPIS Stages: A DPIS (Data Processing and Information System) Stage is a set of activities that are used to acquire, process, store and analyze data in order to..
MoreDread Model
Dread Model: a risk assessment model developed by the security expert Bruce Schneier to help organizations identify and prioritize security threats. The model..
MoreDynamic Security Management
Dynamic Security Management is a comprehensive approach to managing security that incorporates the active monitoring, response, and prevention of threats. It..
MoreEmail Encryption
Email Encryption is a security measure used to protect the privacy of email messages. It is a process of using encryption algorithms to scramble the contents..
MoreEmail Security
Email security is the practice of protecting email messages and accounts from unauthorized access, malicious software, and harmful content. It involves a..
MoreEmail Security Solutions
Email Security Solutions are a set of tools, technologies, and processes used to protect email accounts and messages from malicious actors, cyber-attacks, and..
MoreEnd Point Security
End Point Security is a form of cyber security that focuses on protecting the individual devices, such as computers, laptops, and mobile devices, that are..
MoreEndpoint Cybersecurity
Endpoint cybersecurity is a type of security measure taken to protect endpoints, such as computers, servers, mobile devices, and other network-connected..
MoreEnterprise Architecture
Enterprise Architecture (EA) is an integrated framework that defines the structure, processes, and systems of an organization, along with the relationships..
MoreEnterprise Risk Management (ERM) Software
Enterprise Risk Management (ERM) Software is a type of software designed to help organizations manage their risks by providing them with an integrated platform..
MoreEssential 8 Maturity Model
The Essential 8 Maturity Model is a framework for organizations to use to assess and measure their cybersecurity maturity. It is based on eight key areas of..
MoreExecutive Order
An executive order is a directive issued by the President of the United States with the force of law. It is issued in order to direct members of the executive..
MoreExploit
An exploit is a piece of software, a command, or a methodology that takes advantage of a vulnerability or bug in a computer system, web application, network,..
MoreFedRAMP
FedRAMP (Federal Risk and Authorization Management Program) is a government-wide program that provides a standardized approach to security assessment,..
MoreFinancial Risk
Financial risk is the potential for financial loss or other adverse outcomes resulting from decisions made by an individual, organization, or government entity..
MoreFinancial Risk Management
Financial risk management is the practice of creating and protecting value by managing exposure to risk. It involves the identification, assessment, and..
MoreFocused Risk Assessment
Focused Risk Assessment is a process used to identify, analyze, and prioritize risks associated with a particular activity, project, or business venture. It..
MoreForensics
Forensics is the application of scientific methods and techniques to the investigation and analysis of evidence from a crime scene or other source of..
MoreFraud Management
Fraud Management is the process of identifying, preventing, and responding to fraudulent activities. It involves creating and implementing policies and..
MoreGartner And The Magic Quadrant
Gartner And The Magic Quadrant is an analytical tool used by businesses and organizations to evaluate the competitive landscape of a particular industry or..
MoreGDPR
The General Data Protection Regulation (GDPR) is an EU regulation that came into effect on May 25th, 2018. It is a comprehensive data protection law that..
MoreGDPR Compliance
GDPR Compliance is the process of adhering to the European Union’s General Data Protection Regulation (GDPR) which was passed on May 25, 2018. This regulation..
MoreGDPR Data Governance
GDPR Data Governance is the set of policies, procedures, and processes that organizations use to ensure that their data is collected, stored, used, and shared..
MoreGDPR Requirements
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that was adopted by the European Union (EU) in April 2016. It is designed..
MoreGDPR Risk Assessment
GDPR Risk Assessment is a comprehensive, systematic and documented process of evaluating the potential risks associated with the collection, storage, and..
MoreGlobal Regulatory Management
Global Regulatory Management is the process of managing and coordinating the various regulations, policies, and procedures that govern the business activities..
MoreGovernance Risk & Compliance (GRC) Software
Governance, Risk & Compliance (GRC) Software is a type of software that provides organizations with a comprehensive set of tools to effectively manage their..
MoreGRC Software Features
GRC Software Features are a set of tools and capabilities that enable organizations to better manage their governance, risk, and compliance (GRC) activities...
MoreGRC Tools
GRC (Governance, Risk, and Compliance) Tools are software solutions that help organizations assess, manage, and monitor their risk, compliance, and governance..
MoreHacker
A hacker is an individual who uses their technical knowledge to gain unauthorized access to computer systems, networks, or other digital resources. They may..
MoreHealth Information Trust Alliance (HITRUST)
The Health Information Trust Alliance (HITRUST) is a non-profit organization that was created to provide a unified framework for managing and protecting..
MoreHybrid Data Center
A hybrid data center is a combination of a physical and virtual data center that uses both on-premises and cloud-based computing resources. It combines the..
MoreImplementation ISO/IEC 27003
Implementation ISO/IEC 27003 is a standard for information security management systems (ISMS) that provides guidelines and best practices for establishing,..
MoreImportance Of ISO/IEC 27005
ISO/IEC 27005 is an international standard for information security risk management. It provides guidance on the implementation of an information security risk..
MoreIncident
An incident is an event or occurrence that is not part of the normal operation of a system or organization. Incidents may be caused by human error, system..
MoreIncident Lifecycle
The incident lifecycle is the process of managing and responding to incidents in an organized and systematic way. It includes identification, containment,..
MoreIncident management
Incident management is the process of managing the lifecycle of all incidents that occur within an organization. This process includes the identification,..
MoreIncident Management Framework
Incident Management Framework is a set of processes, procedures, and systems that organizations use to manage and respond to incidents. It is an organized..
MoreIncident Response
Incident response is a set of procedures and processes for responding to and managing the aftermath of a security breach or cyber attack. It includes..
MoreIncident Response Plan
An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a..
MoreIncident Response Tools
Incident Response Tools are software programs and applications that are designed to help organizations detect, investigate, analyze, and respond to cyber..
MoreInformation Asset
An information asset is a resource that has value to an individual, organization, or government. It can be tangible or intangible, and may include physical..
MoreInformation Asset Definition
An information asset is any data, document, or other information-based resource that is owned, managed, or maintained by an organization. This includes..
MoreInformation Classification Policy
An Information Classification Policy is a set of guidelines and procedures that are designed to ensure that an organization’s data and information is..
MoreInformation Governance
Information Governance is the practice of managing, organizing, and protecting the data and information assets of an organization. It involves the development..
MoreInformation Management System
An Information Management System is a system of organized procedures and processes used to collect, store, organize, analyze, retrieve, and distribute data and..
MoreInformation Security
Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection,..
MoreInformation Security Assessment
An information security assessment is a comprehensive evaluation of an organization's ability to protect its information assets and systems from unauthorized..
MoreInformation Security Awaness
Information Security Awareness is a process of educating and informing individuals and organizations about the importance of information security and the risks..
MoreInformation Security Controls
Information security controls are measures used to protect data and information systems from unauthorized access, use, disclosure, disruption, modification, or..
MoreInformation Security Governance
Information Security Governance is the overall management of an organization's information security policies, processes, and procedures. It is the..
MoreInformation Security Governance Benefits
Information security governance benefits refer to the advantages that organizations gain from implementing a comprehensive information security governance..
MoreInformation Security Management System (ISMS)
An Information Security Management System (ISMS) is a comprehensive set of policies, procedures, controls, and technologies used to protect sensitive..
MoreInformation Security Risk Acceptance
Information Security Risk Acceptance is the process of identifying, assessing, and deciding to accept or reject a security risk. It involves a comprehensive..
MoreInformation Security Risk Communication
Information Security Risk Communication is the process of exchanging information about cyber security threats and the potential risks associated with them. It..
MoreInformation Security Risk Management
Information Security Risk Management is the process of identifying, assessing, and controlling risks associated with the use of information systems. It..
MoreInformation Security Risk Monitoring And Review
Information Security Risk Monitoring and Review is the process of continually assessing and managing the risks associated with information systems. It involves..
MoreInformation Security Risk Treatment
Information Security Risk Treatment is the process of identifying, assessing, and responding to security risks in order to minimize the likelihood and impact..
MoreInherent Risk
Inherent risk is the risk that is naturally present in a situation or activity, and is not necessarily caused by external factors. It is the risk that is..
MoreInsider Threat Actors
The Insider Threat Actors are individuals within an organization that have access to sensitive information or systems that could be used to cause harm to the..
MoreInstant Communications Security And Compliance
Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such..
MoreIntegrated Risk Management (IRM)
Integrated Risk Management (IRM) is a comprehensive approach to managing risk across an organization. It is a structured process for identifying, assessing,..
MoreInternal Environment
The internal environment of an organization refers to the conditions, structures, and factors that exist within the organization and affect its ability to..
MoreInternet Of Things (IOT)
The Internet of Things (IOT) is a network of physical objects, or things, embedded with electronics, software, sensors, and network connectivity that enables..
MoreIntrusion Detection and Prevention System (IDPS)
An Intrusion Detection and Prevention System (IDPS) is a security system used to detect and prevent unauthorized access to a computer network or system. It..
MoreIntrusion Detection Systems (IDS)
An Intrusion Detection System (IDS) is a type of security software that monitors a network or system for malicious activity or policy violations. It gathers..
MoreIntrusion Prevention Systems (IPS)
Intrusion Prevention Systems (IPS) are a type of network security technology that are designed to detect and prevent malicious activity on a network. IPS..
MoreISO/IEC
ISO/IEC is an international standardization organization that develops and publishes standards for a wide range of technologies and industries. It is a joint..
MoreISO/IEC / IEC 27004:2016 Advantages
ISO/IEC 27004:2016 Advantages is a standard that provides guidance on the use of a range of quantitative methods to measure, analyze, and interpret the..
MoreISO/IEC /IEC 27000
ISO/IEC 27000 is a family of international standards developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC /IEC 27001 Foundation
ISO/IEC 27001 Foundation is an international standard for Information Security Management Systems (ISMS) which provides the framework for organizations to..
MoreISO/IEC /IEC 27001:2017
ISO/IEC 27001:2017 is an international standard that provides specifications and guidance for organizations to establish, maintain, and continually improve an..
MoreISO/IEC /IEC 27003:2017 Requirements
for an Information Security Management System ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation,..
MoreISO/IEC /IEC 27004
ISO/IEC 27004 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical..
MoreISO/IEC /IEC 27004:2016 Clauses
ISO/IEC 27004:2016 Clauses is an international standard that provides guidance and best practices for measuring and managing the performance of Information..
MoreISO/IEC /IEC 27005
ISO/IEC 27005 is an international standard for information security risk management. It provides a framework for organizations to assess, monitor, and manage..
MoreISO/IEC 27001 2005
ISO/IEC 27001:2005 is an international standard for information security management systems (ISMS). It provides a framework for organizations to identify,..
MoreISO/IEC 27001 Activities
ISO/IEC 27001 Activities are the processes, procedures, and controls that organizations use to protect their information assets. These activities are based on..
MoreISO/IEC 27001 And ISO/IEC 27002
ISO/IEC 27001 and ISO/IEC 27002 are international standards developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC 27001 Annex A
ISO/IEC 27001 Annex A is a set of information security controls developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC 27001 Annex A Controls
ISO/IEC 27001 Annex A Controls are a set of 114 security controls and associated guidance that can be used to help organizations protect their information..
MoreISO/IEC 27001 As An Individual
ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It is a framework of policies and procedures that..
MoreISO/IEC 27001 Audit
An ISO/IEC 27001 Audit is a type of audit that evaluates an organization’s Information Security Management System (ISMS) to determine if it meets the..
MoreISO/IEC 27001 Back Up Policy
ISO/IEC 27001 is an international standard for information security management that provides a framework for organizations to establish and maintain an..
MoreISO/IEC 27001 Benefits
ISO/IEC 27001 Benefits are the advantages that organizations can gain from implementing the ISO/IEC 27001 Information Security Management System (ISMS). This..
MoreISO/IEC 27001 Certification Requirements
ISO/IEC 27001 Certification Requirements are a set of international standards developed by the International Organization for Standardization (ISO) and the..
MoreISO/IEC 27001 Certified
ISO/IEC 27001 Certified is an internationally recognized certification that demonstrates an organization's commitment to information security and data..
MoreISO/IEC 27001 Controls
ISO/IEC 27001 Controls is a set of security controls and best practices established by the International Organization for Standardization (ISO) and the..
MoreISO/IEC 27001 Data Retention Policy
ISO/IEC 27001 Data Retention Policy is a set of guidelines that outlines the procedures and standards for how data should be stored, managed, and retained to..
MoreISO/IEC 27001 Domains
ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001..
MoreISO/IEC 27001 Gap Analysis
ISO/IEC 27001 Gap Analysis is an assessment of a company’s information security management system (ISMS) in relation to the requirements of the ISO/IEC 27001..
MoreISO/IEC 27001 Lead Auditor
ISO/IEC 27001 Lead Auditor is an individual who has been trained and certified to audit and evaluate an organization’s Information Security Management System..
MoreISO/IEC 27001 Lead Implementer
ISO/IEC 27001 Lead Implementer is an individual with the knowledge and experience to plan, manage, and implement an Information Security Management System..
MoreISO/IEC 27001 Mandatory Clauses
ISO/IEC 27001 Mandatory Clauses are the minimum requirements for an Information Security Management System (ISMS) that must be met in order for an organization..
MoreISO/IEC 27001 Or ISO/IEC 27018
ISO/IEC 27001 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical..
MoreISO/IEC 27001 Password Policy
ISO/IEC 27001 Password Policy is a set of guidelines and requirements for the creation and maintenance of user passwords in order to protect the..
MoreISO/IEC 27001 Penetration Testing
ISO/IEC 27001 Penetration Testing is a type of security testing that is used to evaluate the security of an organization’s information systems and networks. It..
MoreISO/IEC 27001 Requirement Checklist
ISO/IEC 27001 Requirement Checklist is a document that outlines the requirements for an organization to implement an information security management system..
MoreISO/IEC 27001 Risk Assessment
ISO/IEC 27001 Risk Assessment is a systematic process of identifying, evaluating, and responding to risks associated with the use, processing, storage, and..
MoreISO/IEC 27001 Risk Register
ISO/IEC 27001 Risk Register is a document that identifies and records potential risks to an organization’s information security system. It is a comprehensive..
MoreISO/IEC 27001 Scope
ISO/IEC 27001 Scope is a set of requirements for the implementation of an Information Security Management System (ISMS) that defines the boundaries of the..
MoreISO/IEC 27001 Secure Development Policy
ISO/IEC 27001 Secure Development Policy is a set of guidelines and standards that organizations must adhere to in order to ensure the security of their..
MoreISO/IEC 27001 Security Awarrness
ISO/IEC 27001 Security Awareness is a framework of standards and best practices that organizations can use to develop and implement a comprehensive information..
MoreISO/IEC 27001 Security Policy
ISO/IEC 27001 Security Policy is a set of rules, processes, and procedures that define how an organization will manage its information security. It is a..
MoreISO/IEC 27001 Surveillance Audit
An ISO/IEC 27001 Surveillance Audit is a periodic review of an organization's information security management system (ISMS) to ensure it is operating..
MoreISO/IEC 27001 Toolkit
ISO/IEC 27001 Toolkit is a collection of resources and documents designed to help organizations implement an Information Security Management System (ISMS) in..
MoreISO/IEC 27001 Vulnerability Management
ISO/IEC 27001 Vulnerability Management is a set of processes and procedures used to identify, classify, prioritize, and address potential vulnerabilities in..
MoreISO/IEC 27002
ISO/IEC 27002 is an internationally recognized standard for information security management. It provides a comprehensive set of controls that organizations can..
MoreISO/IEC 27002 Benefits
ISO/IEC 27002 Benefits is a set of information security management best practices that provide organizations with a framework for developing, implementing,..
MoreISO/IEC 27002 Framework
ISO/IEC 27002 is an international standard that provides guidelines for the implementation of an information security management system (ISMS). It is part of a..
MoreISO/IEC 27002 Importance
ISO/IEC 27002 is an international standard for information security management, which provides best practice recommendations for organizations to implement..
MoreISO/IEC 27002 Scope
ISO/IEC 27002 Scope is the scope of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) 27002..
MoreISO/IEC 27002 Security Policy
ISO/IEC 27002 Security Policy is a set of guidelines, procedures, and best practices that organizations use to protect their information assets. It is based on..
MoreISO/IEC 27002 Standard Focus
ISO/IEC 27002 Standard Focus is an internationally accepted standard for information security management which provides best practices and guidelines for..
MoreISO/IEC 27002:2022
ISO/IEC 27002:2022 is an international standard for information security management systems (ISMS) developed by the International Organization for..
MoreISO/IEC 27002:2022 Controls
ISO/IEC 27002:2022 Controls, also known as the Code of Practice for Information Security Controls, is a framework of security controls developed by the..
MoreISO/IEC 27003
ISO/IEC 27003, also known as the Information Security Management System (ISMS) Standard, is an international standard that provides guidance and best practices..
MoreISO/IEC 27004
ISO/IEC 27004 is an international standard that provides guidance for the effective and efficient implementation of a measurement program for the management of..
MoreISO/IEC 27005
ISO/IEC 27005 is an international standard for security risk management. It provides a framework for organizations to identify, assess, and manage information..
MoreISO/IEC 27005 And ISRM
ISO/IEC 27005 is an international standard that provides guidance on information security risk management (ISRM). It is designed to help organizations..
MoreISO/IEC 27008
ISO/IEC 27008 is an international standard for information security management systems (ISMS) that provides guidelines for the implementation and management of..
MoreISO/IEC 27014
ISO/IEC 27014 is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical..
MoreISO/IEC 27102
ISO/IEC 27102 is an international standard for privacy information management systems (PIMS) developed by the International Organization for Standardization..
MoreISO/IEC Accreditation
ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of..
MoreISO/IEC Audit
ISO/IEC Audit is an independent assessment of an organization’s compliance with the ISO/IEC standards, which are a set of international standards that provide..
MoreISO/IEC Certification Meaning
ISO/IEC certification is a formal recognition that a product, process or service meets a set of standards and criteria as established by the International..
MoreISO/IEC Certifications
ISO/IEC certifications are a set of international standards for quality assurance and assurance of conformity. These certifications are designed to help..
MoreISO/IEC Cloud Security Standard
ISO/IEC Cloud Security Standard is an international standard developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC Compliance
ISO/IEC compliance is the adherence to international standards and guidelines set forth by the International Organization for Standardization (ISO) and the..
MoreISO/IEC Cybersecurity
ISO/IEC Cybersecurity is a set of principles and practices designed to protect networks, systems, programs, and data from unauthorized access, use, disclosure,..
MoreISO/IEC Data Center
ISO/IEC Data Center is a facility that houses computer systems and associated components, such as telecommunications and storage systems. It generally includes..
MoreISO/IEC Data Security Standard
ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and..
MoreISO/IEC Directives
ISO/IEC Directives are a set of standards and guidelines issued by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC Directives Part 1
ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development, approval, publication, and maintenance of International..
MoreISO/IEC Directives Part 2
ISO/IEC Directives Part 2 is a set of rules and procedures developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC External Audits
ISO/IEC External Audits are independent assessments of an organization's quality management system (QMS) conducted by a third-party auditor. The purpose of..
MoreISO/IEC Framework
The ISO/IEC Framework is a set of standards and guidelines developed by the International Organization for Standardization (ISO) and the International..
MoreISO/IEC Information Security
ISO/IEC Information Security is a set of international standards designed to protect information from unauthorized access, disclosure, modification, or..
MoreISO/IEC Internal Audit
ISO/IEC Internal Audit is a systematic and independent assessment of an organization's quality management system, processes, and activities, to determine..
MoreISO/IEC Rules
ISO/IEC Rules are a set of international standards for the development, implementation, and maintenance of information technology (IT) products and services...
MoreISO/IEC Standard
ISO/IEC Standard is an international standard created by the International Organization for Standardization (ISO) and the International Electrotechnical..
MoreISO/IEC Standards List
ISO/IEC Standards List is an international standard-setting body composed of representatives from various national standards organizations. It develops and..
MoreIT Audit
An IT Audit is an independent review of the information systems and related operations of an organization. It is designed to evaluate the effectiveness of..
MoreIT Security
IT Security is a broad term that encompasses the processes, technologies, and practices designed to protect networks, devices, programs, and data from..
MoreJailbreak
Jailbreak: A jailbreak is a process that allows a user to gain access to the root of their device's operating system, allowing them to bypass restrictions..
MoreKeystroke Logging
Keystroke logging is a process of tracking and recording the keys that are pressed on a computer keyboard. It is a form of surveillance technology used to..
MoreLikelihood
Likelihood is the probability of an event occurring, based on past events and/or current conditions. It is a measure of the probability that something will..
MoreLogic Bomb
A logic bomb is a malicious piece of code that is designed to cause damage to a computer system or disrupt its normal operations. It is usually triggered by a..
MoreMalware Vs. Viruses Vs. Worm
s Malware: Malware is a type of software designed to harm or exploit computer systems without the user’s knowledge or consent. It can be used to gain access to..
MoreMandatory Access Control (MAC)
Mandatory Access Control (MAC) is an access control system that requires users to be explicitly identified and authorized before they can access any resources..
MoreMitigating Controls For Risk Management
Mitigating controls for risk management are the actions or measures taken to reduce the likelihood of a risk occurring or its potential impact. These controls..
MoreMoney Laundering
Money Laundering is the process of disguising illegally obtained funds so they appear to have been obtained from a legitimate source. It is typically done by..
MoreMonitoring
Monitoring is the process of regularly observing, measuring, and evaluating a specific activity or system in order to identify any changes or trends that may..
MoreNational Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. Established in 1901, NIST..
MoreNetwork
A network is a system of interconnected components, such as computers, servers, and other peripherals, that are capable of exchanging data and sharing..
MoreNetwork Access Control
Network Access Control (NAC) is a security system that helps organizations control who is allowed to access their networks. It is designed to protect networks..
MoreNetwork Security
Network Security is the practice of protecting networks, systems, and data from unauthorized access, misuse, modification, or destruction. It includes both..
MoreNetwork Segmentation
Network segmentation is the process of dividing a computer network into smaller segments or sub-networks in order to improve network performance, reduce..
MoreNetwork Segregation
Network Segregation is the process of separating different types of traffic on a network. It is used to ensure that sensitive information is kept secure by..
MoreNis Directive
NIS Directive is a directive issued by the European Union (EU) in 2018 which aims to improve the security of network and information systems across the EU. It..
MoreNIST 800 171
NIST 800 171 is a set of standards and guidelines issued by the National Institute of Standards and Technology (NIST) for the protection of Controlled..
MoreNIST 800-171 Compliance Checklist
NIST 800-171 Compliance Checklist is a comprehensive list of requirements for organizations to meet the security standards of the National Institute of..
MoreNIST 800-171 Controls
NIST 800-171 Controls are a set of security requirements established by the National Institute of Standards and Technology (NIST) that organizations must..
MoreNIST 800-53 Control Families
NIST 800-53 Control Families are a set of security controls developed by the National Institute of Standards and Technology (NIST) to provide a standardized..
MoreNIST 800-53 Risk Assessment
NIST 800-53 Risk Assessment is a comprehensive process used to identify, assess, and manage the security risks associated with the use, processing, storage,..
MoreNIST Compliance
NIST Compliance is the process of verifying that an organization is adhering to the security standards and guidelines set forth by the National Institute of..
MoreNIST Controls
NIST Controls are a set of security guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations protect their..
MoreNIST Cybersecurity Standards
NIST Cybersecurity Standards are a set of standards and guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations..
MoreNIST Guidelines
NIST Guidelines are a set of recommendations developed by the National Institute of Standards and Technology (NIST) to help organizations protect their..
MoreNIST SP 800-53
NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a comprehensive..
MoreNIST SP 800-53 Benefits
NIST SP 800-53 Benefits is a set of guidelines developed by the National Institute of Standards and Technology (NIST) to help organizations identify, assess,..
MoreNIST SP 800-53 Enhanced Controls
NIST SP 800-53 Enhanced Controls are additional security controls that are designed to supplement the baseline security controls outlined in the NIST SP 800-53..
MoreNIST SP 800-53 Minimum/Base Controls
NIST SP 800-53 Minimum/Base Controls are a set of security controls established by the National Institute of Standards and Technology (NIST) to help..
MoreNon-Repudiation
Non-repudiation is a concept in computer science and cryptography that ensures that a party to a transaction or communication cannot deny having performed a..
MoreNotifiable data breach
A notifiable data breach is an incident where there is unauthorized access to, or disclosure, of personal information, or a reasonable belief exists that such..
MoreOffice of the Australian Information Commissioner (OAIC)
The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency created under the Australian Privacy Act 1988. It is..
MoreOperational Risk
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is the risk of..
MoreOperational Risk Management (ORM)
Operational Risk Management (ORM) is the process of identifying, assessing, and mitigating risks that can arise from the operations of an organization. It is..
MoreOperational Security
Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic..
MoreOperational Technology (OT)
Operational Technology (OT) is a term used to refer to the hardware and software used to monitor and control physical devices and processes in an industrial..
MorePassive Attack
A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing..
MorePassive Scanning
Passive scanning is a type of network security scanning technique used to detect potential security threats on a computer network without sending any packets..
MorePatch Management
Patch management is the process of identifying, downloading, testing, and applying patches to software applications and operating systems. It is an essential..
MorePCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is an information security standard for organizations that handle credit card and debit card..
MorePCI DSS Standards
PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements designed to ensure that all companies that process, store, or transmit credit..
MorePersonally Identifiable Information (PII)
Personally Identifiable Information (PII) is any data that can be used to identify an individual, either directly or indirectly. This includes, but is not..
MorePolicy management
Policy management is the process of developing, implementing, and maintaining organizational policies, procedures, and guidelines. It is a comprehensive system..
MorePrioritisation
Prioritisation is the process of determining the order of importance or urgency of activities, tasks, and decisions. It involves assessing the relative worth..
MorePrivilege Escalation
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated..
MoreQuadrant
A quadrant is a quarter-circle shape divided into four equal parts. It is typically used in mathematics, astronomy, and navigation to measure angles and..
MoreRansomware
Ransomware is a type of malicious software (malware) designed to block access to a computer system or data until a ransom is paid. It typically spreads through..
MoreRansomware Protection
Ransomware protection is the process of safeguarding computer systems and networks from malicious software, or ransomware, that is designed to encrypt or..
MoreReDACtion
ReDACtion (noun): The process of reducing a piece of writing, such as a book, article, or essay, in order to make it more concise and easier to read. This..
MoreRegulatory Compliance
Regulatory Compliance is the process of ensuring that an organization adheres to all applicable laws, regulations, standards, and ethical practices set by..
MoreRemediation
Remediation is the process of addressing a problem, issue, or deficiency in order to restore a system, process, or environment to an acceptable level of..
MoreReputational Risk
Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and..
MoreRisk
Risk is the potential for loss or harm that can be caused by making a decision or taking an action. It is the uncertainty of an outcome or the potential of..
MoreRisk Center
Risk Center is a term used to refer to a centralized location for managing, analyzing, and mitigating risk. It is the focal point for risk management..
MoreRisk Control Self Assessment (RCSA)
Risk Control Self Assessment (RCSA) is a systematic process used to identify, assess, monitor, and control risks within an organization. It is a tool used to..
MoreRisk Financing
Risk financing is a type of financial management strategy used to protect an organization from the financial impact of losses due to risks. It involves a..
MoreRisk Identification
Risk identification is the process of recognizing and assessing the potential risks associated with a particular situation, event, or activity. It involves..
MoreRisk Identification (Ri)
Risk Identification (Ri) is the process of identifying and understanding potential risks that may affect an organization, project, or process. This process..
MoreRisk Management Framework
Risk Management Framework is a set of processes, policies, and tools used to identify, assess, monitor, and control risks associated with an organization’s..
MoreRisk Management Policy
A Risk Management Policy is a document that outlines steps and procedures to be taken by an organization to identify, assess, and manage risks associated with..
MoreRisk Management Process
Risk Management Process is a systematic approach to identifying, analyzing, and responding to risks associated with an organization's operations, projects, and..
MoreRisk Management Standards
Risk Management Standards are a set of guidelines that provide organizations with a framework to identify, assess, and manage potential risks to their..
MoreRisk Management System And Process
A Risk Management System and Process is a system of structured procedures and processes used to identify, assess, monitor, manage, and mitigate risks..
MoreRisk Management Tool
Risk Management Tool is a system or process used to identify, assess, and prioritize risks associated with a particular activity, project, or business venture..
MoreRisk Mitigation
Risk mitigation is the process of identifying, assessing, and reducing the potential for negative impacts of risks to an organization's objectives. It involves..
MoreRisk Owner
Risk Owner is an individual or organization responsible for the identification, assessment, and management of risks associated with a given activity, project,..
MoreRisk Profile
Risk Profile is a term used to describe an individual's or organization's risk tolerance, which is the amount of risk they are willing to take in order to..
MoreRisk Reduction
Risk Reduction is a process that seeks to reduce the probability and/or impact of an adverse event or outcome. It involves identifying risks and then taking..
MoreRisk Register
A Risk Register is a document used to record and track all identified risks associated with a project, process, or activity. It is a tool used to identify,..
MoreRisk Source
Risk Source is a term used to describe the origin of a potential risk that could affect an organization, project, or process. It is typically used to identify..
MoreRole-Based Access Control (RBAC)
Role-Based Access Control (RBAC) is an access control system that is used to regulate user access to computer systems, networks, and other resources. It is..
MoreSecure Access Service Edge (SASE)
Secure Access Service Edge (SASE) is a cloud-based networking and security model that provides secure access to applications, services, and data from any..
MoreSecurity And Integrity
Security and Integrity are two important concepts in the field of information technology. Security refers to the measures taken to protect data and systems..
MoreSecurity Audit
A security audit is a comprehensive assessment of an organization’s security posture, policies, and procedures. It is conducted by an independent third party..
MoreSecurity Event
Security Event: A security event is an occurrence or incident that affects the security of a system, network, or application. It can be anything from a..
MoreSecurity Governance
Security Governance is the practice of establishing and maintaining policies, processes, and procedures to ensure the security of an organization's information..
MoreSecurity Incident
A security incident is any event that compromises the confidentiality, integrity, or availability of an information system or the data it contains. This..
MoreSecurity Incident Report
A Security Incident Report is a document created by a security team or individual to document any security-related event or incident that occurs within an..
MoreSecurity Indicators
Security Indicators are signals or patterns that indicate the presence of malicious activity or a security breach. They are used to detect and respond to..
MoreSecurity Management
Security Management is the process of identifying, assessing, and managing the risks to an organization’s assets, personnel, and operations. It involves the..
MoreSecurity Metrics
Security Metrics are measurements used to assess the effectiveness of an organization's security posture. They enable organizations to track and monitor the..
MoreSecurity Perimeter
Security Perimeter: A security perimeter is an arrangement of security measures designed to protect an asset or group of assets from unauthorized access. It is..
MoreSecurity Testing Requirements
Security Testing Requirements refer to the specific criteria that must be met in order to ensure that a system is secure. This includes both technical and..
MoreSegregation Of Duties (SOD)
Segregation of Duties (SOD) is a security control that is used to ensure that no single individual has complete control over a business process. This is..
MoreSOC 1
SOC 1 is an abbreviation for Service Organization Controls 1 Report. It is a report issued by an independent auditor that provides assurance to a service..
MoreSOC 2
SOC 2 is a set of auditing standards developed by the American Institute of Certified Public Accountants (AICPA) to evaluate and validate the security,..
MoreSOC 2 Audit
A SOC 2 Audit is an independent evaluation of a service provider’s information security controls and practices. It is based on the Trust Services Principles..
MoreSOC 2 Compliance
SOC 2 Compliance is a set of standards and requirements designed to ensure that organizations providing services to customers maintain the security,..
MoreSOC 2 Controls
SOC 2 Controls are a set of security and privacy standards and procedures designed to protect the confidentiality, integrity, and availability of customer..
MoreSOC 2 Standards
The SOC 2 Standards are a set of trust principles developed by the American Institute of Certified Public Accountants (AICPA) to provide organizations with a..
MoreSOC 2 Trust Principles
SOC 2 Trust Principles are a set of criteria used to evaluate and assess the security, availability, processing integrity, confidentiality, and privacy of a..
MoreSOC 3
SOC 3 is an internationally recognized standard that is used to assess and report on the security and privacy of a service organization’s systems, processes,..
MoreSOC Reports
SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that provide assurance about the security, availability, and..
MoreSpear Phishing
Spear Phishing is a type of cyber attack that involves sending fraudulent emails or messages that appear to come from a trusted source in order to gain access..
MoreSpyware Threat
Spyware threat is a type of malicious computer software that is installed on a user's computer without their knowledge or permission. Spyware is designed to..
MoreSSAE 16
Statement on Standards for Attestation Engagements (SSAE) No. 16 is an attestation standard issued by the Auditing Standards Board (ASB) of the American..
MoreSSAE 18
Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants..
MoreStatement Of Applicability (SOA)
A Statement of Applicability (SOA) is a document that outlines the security controls and measures that an organization has implemented to protect its..
MoreStrategic Risk
Strategic risk is the risk that an organization takes when it makes strategic decisions, such as entering a new market, introducing a new product, or changing..
MoreSupplier Risk Management
Supplier Risk Management is the process of identifying, assessing, and mitigating the risks associated with working with suppliers and other third parties. It..
MoreThe Health Insurance Portability and Accountability (HIPAA)
The Health Insurance Portability and Accountability (HIPAA) is a federal law enacted in 1996 that provides data privacy and security provisions for..
MoreThin Client
A thin client is a computer or device that relies on a server to perform its computing tasks. It is typically used in an environment where the user accesses..
MoreThird-party risk management
Third-party risk management is the process of identifying, assessing, and mitigating risks associated with relationships with external entities, such as..
MoreThreat Modeling
Threat Modeling is a structured approach to identifying, analyzing, and responding to potential security threats in a system, network, or application. It is..
MoreThreat Modeling Frameworks And Methodologies
Threat Modeling Frameworks and Methodologies are a set of concepts, processes, and techniques used to identify, analyze, and respond to potential threats to an..
MoreTriage
Triage is the process of quickly assessing and categorizing patients based on the severity of their medical condition and the resources available for..
MoreTypes Of Insider Threat Actors
Types of Insider Threat Actors are individuals or groups of people who have legitimate access to an organization’s resources, networks, and systems, but who..
MoreUK Cyber Essentials
UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple,..
MoreVendor
Vendor: A vendor is an individual or company that provides goods or services to another individual or company in exchange for payment. Vendors may provide..
MoreVendor Assessment
Vendor Assessment is the process of evaluating potential suppliers and vendors to determine their ability to meet the needs of an organization. This process..
MoreVendor Management Policy
A Vendor Management Policy is a set of guidelines and procedures designed to ensure that vendors providing goods and services to an organization are properly..
MoreVendor Management Policy (Vmp)
A Vendor Management Policy (VMP) is a set of guidelines and procedures for managing relationships with vendors that provide goods and services to an..
MoreVendor Risk Management (VRM)
Vendor Risk Management (VRM) is an enterprise-wide approach to managing risks associated with third-party vendors. It involves an organization’s proactive..
MoreVirtual Private Network (VPN)
A Virtual Private Network (VPN) is a secure connection between two or more computers, devices, or networks over the internet. It uses encryption technology to..
MoreVulnerability
Vulnerability is a state of being open to potential harm, either physically, emotionally, or psychologically. It can refer to a person's susceptibility to..
MoreVulnerability Management: Securing Your System
Vulnerability Management is the process of identifying, assessing, and prioritizing vulnerabilities in an organization’s systems and networks to ensure that..
MoreVulnerability Scanning
Vulnerability scanning is a process of identifying, quantifying, and prioritizing (ranking) the vulnerabilities in a computer system, network, or application...
MoreWardriving
Wardriving is a type of hacking that involves using a vehicle to search for and map wireless networks. It involves driving around with a laptop or other device..
MoreWatering Hole Attack
A watering hole attack is a type of cyber attack that targets a specific group of users by compromising a website that they are known to visit. The attacker..
MoreWeb Security Threats
Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer..
More