{tableName=glossary, name=Web Security Threats, description=
Web Security Threats are malicious attacks, exploits, or incidents that target or compromise the security of websites, web applications, networks, or computer systems. These threats can come in a variety of forms, including malware, phishing, SQL injection, cross-site scripting, and denial of service attacks. Malware is malicious software designed to infiltrate a computer system and gain access to sensitive information. Phishing is the practice of sending emails or other messages that appear to come from a legitimate source in order to gain access to confidential information. SQL injection is an attack that inserts malicious code into a web application in order to gain access to a database. Cross-site scripting is an attack that injects malicious code into a web page in order to gain access to a user’s browser. Denial of service attacks are attempts to make a website or computer system unavailable to users by flooding it with requests. Web Security Threats can have serious consequences and can lead to data loss, identity theft, and financial losses., topic=null, hs_path=web-security-threats}--
{tableName=glossary, name=ISO/IEC Accreditation, description=
ISO/IEC accreditation is an internationally recognized standard for the evaluation of organizations that provide certification services. It is a process of assessing the competence of an organization to provide certification services, including the processes and procedures used to ensure that certification is conducted in accordance with the relevant international standards. In order to be accredited, an organization must demonstrate that it has the necessary technical and organizational infrastructure, personnel, and resources to perform certification activities in accordance with the requirements of the relevant international standards. ISO/IEC accreditation is issued by a recognized accreditation body, such as the International Accreditation Forum (IAF). Accreditation is an important part of the certification process, as it ensures that certified products and services meet the required standards and are of the highest quality., topic=null, hs_path=iso-iec-accreditation}--
{tableName=glossary, name=ISO/IEC Data Security Standard, description=
ISO/IEC Data Security Standard (ISO/IEC 27001) is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a globally recognized standard for information security management systems (ISMS) and provides a framework of requirements and guidance for organizations looking to protect their data, systems, and processes. The standard is based on the Plan-Do-Check-Act (PDCA) cycle and requires organizations to identify their information security risks and develop an ISMS to manage these risks, as well as to continually review and improve their security. The standard outlines a set of best practices for information security, including risk assessment, policies and procedures, user access control, encryption, and security incident management. The standard also includes a number of technical controls, such as physical security, network security, application security, and data security. The ISO/IEC 27001 standard is a comprehensive and rigorous approach to information security, and organizations that implement it can demonstrate their commitment to data protection and security., topic=null, hs_path=iso-iec-data-security-standard}--
{tableName=glossary, name=Reputational Risk, description=
Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and can be difficult to quantify, but can have a significant impact on a company's ability to attract customers, raise capital, and maintain relationships with employees, suppliers, and other stakeholders. Reputational risk is often caused by a company's failure to meet customer expectations, unethical behavior, or a lack of transparency. It can also be caused by events outside of the company's control, such as a natural disaster or a scandal involving another company in the same industry. Companies can manage reputational risk by monitoring their public image, engaging in corporate social responsibility initiatives, and having strong internal controls in place., topic=null, hs_path=reputational-risk}--
{tableName=glossary, name=Passive Attack, description=
A passive attack is a type of cyber attack that does not involve the direct manipulation of an information system or its data, but instead uses existing vulnerabilities to gain access to resources, such as user accounts, confidential information, or networks. Passive attacks are typically used to gain access to a system or network, or to gain intelligence about the system or network, such as what kind of data is stored, who has access to it, and what services are running. Examples of passive attacks include eavesdropping on unencrypted communications, exploiting weak passwords, and analyzing network traffic for sensitive information. In contrast to active attacks, passive attacks are difficult to detect because the attacker does not leave any evidence of their activity., topic=[{id=97620570512, createdAt=1673040885353, updatedAt=1715624422147, path='vulnerability-management', name='Vulnerability Management Guide: Learn to Protect Your Business', 1='{type=string, value=Vulnerability Management}', 2='{type=string, value=
Learn how to identify, assess, and manage security vulnerabilities in your organization with this comprehensive guide to Vulnerability Management. Get started now!}', 5='{type=string, value=This Vulnerability Management Guide provides an authoritative overview of the processes, strategies, and best practices for effectively managing vulnerabilities in an organization's IT systems. It explains the importance of vulnerability management and outlines the steps needed to build an effective vulnerability management program. It also covers the various tools and techniques used to identify, assess, and remediate vulnerabilities, as well as the importance of monitoring and reporting on the program's progress. Finally, the guide provides guidance on how to select the appropriate security solutions for an organization's needs. By following the advice in this guide, organizations can ensure that their systems are secure and their data is protected.}', 15='{type=list, value=[{id=97620570512, name='Vulnerability Management'}]}'}], hs_path=passive-attack}--
{tableName=glossary, name=Information Security Assessment, description=
An information security assessment is a comprehensive evaluation of an organization's ability to protect its information assets and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It involves analyzing the organization's current security controls, policies, and procedures to identify any weaknesses or gaps in security that could potentially lead to a security breach. The assessment also includes an evaluation of the organization's ability to respond to and recover from a security incident. The goal of an information security assessment is to provide organizations with an accurate picture of their security posture and to identify areas of improvement that can be addressed to better protect their information assets and systems., topic=[{id=97620570504, createdAt=1673040885302, updatedAt=1715750255339, path='information-security-management-system', name='
ISMS Guide: Info Security Mgmt System Overview', 1='{type=string, value=Information Security Management System (ISMS)}', 2='{type=string, value=
This authoritative guide provides a comprehensive overview of Information Security Management Systems (ISMS). It covers the fundamentals of ISMS, as well as best practices for implementing an effective ISMS. It also}', 5='{type=string, value=This guide provides a comprehensive overview of Information Security Management Systems (ISMS), which are designed to protect organizations from the risks for which information security, cybersecurity and privacy protection are required. It covers the fundamentals of ISMS, including the components of an ISMS, the process of implementing an ISMS, and the various requirements and standards associated with ISMS. It also covers the different types of security threats, the best practices for mitigating them, and the importance of having a robust ISMS in place. Finally, this guide provides practical advice on how to design and implement an effective ISMS, as well as how to maintain it over time. With this guide, readers will gain a deeper understanding of how to protect their organizations from cyber threats and ensure their data is secure.}', 15='{type=list, value=[{id=97620570504, name='Information Security Management System (ISMS)'}]}'}], hs_path=information-security-assessment}--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77