{tableName=glossary, name=SSAE 18, description=
Statement on Standards for Attestation Engagements (SSAE) No. 18 is an attestation standard issued by the American Institute of Certified Public Accountants (AICPA). It defines the requirements for attestation engagements performed by a service auditor, and is applicable to service organizations that provide services to user entities. The standard provides guidance for service auditors on how to plan and perform an attestation engagement, and how to report on the results of the engagement. It is intended to replace the Statement on Auditing Standards (SAS) No. 70, which is the previous standard for service organization attestation engagements. SSAE 18 requires a service auditor to obtain an understanding of the service organization's system and its controls, assess the risks associated with the system, determine the nature, timing and extent of the tests to be performed, and evaluate the design and operating effectiveness of the controls. The service auditor must also issue an opinion on the fairness of the description of the service organization's system and the suitability of the design and operating effectiveness of the controls. The opinion must include a description of the tests performed and the results of the tests., topic=null, hs_path=ssae-18}--
{tableName=glossary, name=SOC Reports, description=
SOC Reports, or Service Organization Control Reports, are independent third-party audit reports that provide assurance about the security, availability, and processing integrity of a service organization's system and the confidentiality and privacy of the information that is processed by the service organization. These reports are typically used by organizations that outsource their IT services or process customer data. SOC Reports are conducted by auditors who assess the service organization's internal controls, policies, procedures, and processes. They evaluate the effectiveness of the service organization's information security, privacy, and data protection programs, as well as the service organization's compliance with applicable laws and regulations. The reports are typically issued in three forms: SOC 1, SOC 2, and SOC 3. SOC 1 reports focus on the service organization's internal controls related to financial reporting, while SOC 2 and SOC 3 reports focus on the service organization's security, availability, and processing integrity., topic=null, hs_path=soc-reports}--
{tableName=guides, name=ENISA National Capabilities Assessment Framework, description=
This guide provides an authoritative overview of the ENISA National Capabilities Assessment Framework. The guide is designed to help organizations assess their national cybersecurity capabilities, identify gaps, and develop strategies for addressing them, topic=[{id=97620570521, createdAt=1673040885410, updatedAt=1715624532253, path='enisa-national-capabilities-assessment-framework', name='
ENISA Nat'l Capabilities Assessment Framework Guide', 1='{type=string, value=ENISA National Capabilities Assessment Framework}', 2='{type=string, value=
This guide provides an authoritative overview of the ENISA National Capabilities Assessment Framework. The guide is designed to help organizations assess their national cybersecurity capabilities, identify gaps, and develop strategies for addressing them}', 5='{type=string, value=This guide provides an overview of the European Union Agency for Network and Information Security (ENISA) National Capabilities Assessment Framework. It outlines the purpose, scope, and methodology of the Framework, including the methodology used to assess national cyber security capabilities. It also provides an overview of the key elements of the Framework, including the criteria used to assess national cyber security capabilities, the indicators used to measure performance, and the process for assessing national cyber security capabilities. The guide is intended to serve as an authoritative reference for governments and other stakeholders in the cyber security domain.}', 15='{type=list, value=[{id=97620570521, name='ENISA National Capabilities Assessment Framework'}]}'}], hs_path=enisa-national-capabilities-assessment-framework}--
{tableName=glossary, name=Incident Response Plan, description=
An Incident Response Plan is a set of written instructions that outlines the steps an organization should take when responding to a security incident. It is a comprehensive document that covers all aspects of incident response, from initial detection and analysis to containment, eradication, and recovery. The plan should also include post-incident activities such as reporting, analysis, and follow-up. The plan should be tailored to the organization’s specific needs, and should include policies and procedures for responding to incidents, such as a communications plan, a notification plan, and a process for gathering evidence. The plan should also include roles and responsibilities for staff and resources, both internal and external, that will be involved in the incident response process., topic=null, hs_path=incident-response-plan}--
{tableName=glossary, name=UK Cyber Essentials, description=
UK Cyber Essentials is a government-backed scheme designed to help organisations protect themselves against common cyber threats. It provides a set of simple, but effective, safeguards to help organisations protect their data, systems and networks from the most common cyber threats. It is the minimum standard for cyber security in the UK and is a mandatory requirement for organisations that handle sensitive information or provide certain types of services. The scheme consists of five key controls, which are: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and patch management. These five controls are designed to protect organisations from the most common cyber threats, such as phishing attacks, malware infections, and unauthorised access to systems and networks. The scheme also provides guidance on how organisations can protect themselves from more sophisticated cyber threats. It is designed to be simple to implement and maintain, and is suitable for organisations of all sizes., topic=null, hs_path=uk-cyber-essentials}--
{tableName=glossary, name=Jailbreak, description=
Jailbreak: A jailbreak is a process that allows a user to gain access to the root of their device's operating system, allowing them to bypass restrictions imposed by the manufacturer or carrier. This process can be used to install unauthorized software, modify system settings, and gain access to features and functions that are otherwise unavailable. Jailbreaking is usually done on mobile devices such as iPhones and iPads, but it can also be done on other devices such as gaming consoles and set-top boxes. Jailbreaking is usually done with the help of third-party software or hardware, and is often done to gain access to features that are otherwise unavailable or restricted., topic=null, hs_path=jailbreak}--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77