{tableName=glossary, name=ISO/IEC /IEC 27003:2017 Requirements, description= for an Information Security Management System
ISO/IEC 27003:2017 is an international standard that provides guidance on the establishment, implementation, monitoring, maintenance, and improvement of an Information Security Management System (ISMS). It outlines the requirements for an organization to define, implement, and maintain an effective ISMS that meets the organization’s security objectives. The standard is based on the ISO/IEC 27002:2013 code of practice for information security management and the ISO/IEC 27001:2013 information security management system requirements. ISO/IEC 27003:2017 provides guidance on the planning, design, implementation, assessment, and improvement of an ISMS. It also provides guidance on how to develop and maintain an ISMS that meets the organization’s security objectives, including the implementation of information security controls and the management of information security risks. Additionally, the standard provides guidance on the management of information security incidents and the development of information security policies and procedures., topic=null, hs_path=iso-iec-iec-270032017-requirements}--
{tableName=glossary, name=ISO/IEC 27001 As An Individual, description=
ISO/IEC 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. It includes the requirements for the establishment, implementation, maintenance and continual improvement of an organization's ISMS. It provides a systematic and proactive approach to managing sensitive company information and assets, and helps organizations to protect their information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The standard is designed to ensure that organizations have appropriate and effective measures in place to protect their information assets, as well as to ensure compliance with applicable laws and regulations. ISO/IEC 27001 provides a comprehensive set of guidelines and requirements that organizations can use to manage, monitor and improve their information security posture., topic=[{id=97620570500, createdAt=1673040885276, updatedAt=1716010651854, path='iso-27001', name='
ISO 27001 Guide: A Comprehensive Guide', 1='{type=string, value=ISO 27001}', 2='{type=string, value=This guide provides a comprehensive overview of the ISO 27001 standard, including the requirements, implementation, and certification. Learn how to ensure your organization's information security is up to date and compliant.}', 5='{type=string, value=
This guide provides an authoritative and detailed overview of the ISO/IEC 27001 standard, which defines the requirements for an Information Security Management Systems (ISMS) associated with information security, cybersecurity and privacy protection.
Learn about the purpose and scope of the standard, the key requirements for an ISMS, how to implement and maintain an ISMS, how to establish an effective security risk management program, how to develop and implement security policies, how to implement controls to protect information and services and how to audit and review systems to ensure they meet the requirements of the standard.
This guide is an essential resource for anyone looking to understand and implement ISO 27001.
}', 15='{type=list, value=[{id=97620570500, name='ISO 27001'}]}'}], hs_path=iso-iec-27001-as-an-individual}--
{tableName=glossary, name=Cybersecurity Management, description=
Cybersecurity Management is the practice of protecting networks, systems, and programs from digital attacks. These attacks may come in the form of malware, phishing, viruses, ransomware, and other malicious activities. Cybersecurity Management includes the implementation of security measures to protect data, networks, and systems from unauthorized access, modification, or destruction. It involves the use of security policies, procedures, and technologies to protect data, networks, and systems from malicious attacks. It also includes the identification, assessment, and mitigation of risks posed by cyber threats. Cybersecurity Management also includes the development of incident response plans and the implementation of measures to ensure the continuity of operations and the availability of data and systems. Additionally, it involves the monitoring of systems and networks for potential malicious activities and the implementation of measures to prevent and respond to such activities., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name='
Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value=
This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=cybersecurity-management}--
{tableName=glossary, name=Instant Communications Security And Compliance, description=
Instant Communications Security and Compliance is the practice of implementing measures to ensure the security and compliance of digital communications, such as emails, text messages, and other forms of electronic communication. It involves using technologies, processes, and policies to protect data and communications from unauthorized access or alteration. It also involves ensuring that all communications comply with applicable laws and regulations. This includes ensuring that all data is stored securely, that all communications are encrypted, and that all communications are monitored and audited. Additionally, it involves establishing processes to ensure that all communications are compliant with applicable laws and regulations, and that any changes to the system are documented and approved. Finally, it involves providing training to users on how to properly use and protect digital communications., topic=null, hs_path=instant-communications-security-and-compliance}--
{tableName=glossary, name=Operational Security, description=
Operational Security (OPSEC) is a process that helps protect sensitive information from being compromised by unauthorized individuals. It is a systematic process of identifying, controlling, and protecting information that, if revealed, could be used by adversaries to harm an organization or individual. It is a continuous process of assessing threats and establishing countermeasures to protect information and operations. OPSEC includes physical security, personnel security, communications security, information security, and computer security. Physical security includes measures such as locks, fences, guards, and surveillance systems. Personnel security involves background checks, clearances, and security awareness training. Communications security involves encryption, authentication, and secure transmission protocols. Information security involves protecting data from unauthorized access, modification, or destruction. Computer security involves measures such as firewalls, antivirus software, and intrusion detection systems. OPSEC also involves developing and implementing policies and procedures to ensure the security of information, operations, and personnel., topic=[{id=97620570528, createdAt=1673040885452, updatedAt=1715624222504, path='cybersecurity-risk-management', name='
Cybersecurity Risk Management: A Guide for Businesses', 1='{type=string, value=Cybersecurity Risk Management}', 2='{type=string, value=
This guide provides essential information on cyber security risk management, including how to identify, assess, and mitigate risks to your organization's data and systems. Learn how to create a cyber security strategy that}', 5='{type=string, value=This Cybersecurity Risk Management Guide is designed to provide an authoritative overview of the key concepts and processes associated with effective cybersecurity risk management. It provides an introduction to the principles of risk management and the key steps involved in developing a successful risk management plan. It outlines the importance of understanding the threats and vulnerabilities that exist in the digital environment, as well as the steps that can be taken to mitigate these risks. It also discusses the need to develop a culture of security within an organization and the role of leadership in setting the tone for a secure environment. Finally, the guide provides guidance on the selection and implementation of security technologies, as well as the monitoring and review of risk management processes. This guide is an essential resource for anyone looking to understand and manage risks associated with cyber threats.}', 15='{type=list, value=[{id=97620570528, name='Cybersecurity Risk Management'}]}'}], hs_path=operational-security}--
{tableName=glossary, name=Compliance Risk, description=
Compliance risk is the risk of legal or regulatory sanctions, financial loss, or loss of reputation a business may face as a result of its failure to comply with laws, regulations, codes of conduct, or standards of practice. Compliance risk can arise from a variety of sources, including government regulations, industry standards, contractual obligations, and internal policies. It is important to note that compliance risk is not limited to legal and regulatory requirements, but also includes a company’s ethical and moral obligations. Companies must be aware of and manage their compliance risk in order to protect their brand, reputation, and bottom line. Compliance risk management involves identifying potential compliance risks, assessing their potential impact, and developing strategies to mitigate them. This includes developing policies and procedures to ensure compliance, training staff on the policies, and implementing systems to monitor and report on compliance., topic=null, hs_path=compliance-risk}--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77