{tableName=glossary, name=Privilege Escalation, description=
Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an ordinary user. It is a type of attack where an attacker with limited access privileges is able to, without authorization, elevate their privileges or access level. Privilege escalation can be used to gain access to files, settings, and other resources that are normally protected from an ordinary user. It can also be used to gain access to more powerful accounts, such as those with administrative or root privileges, which can then be used to launch further attacks on the system. Privilege escalation attacks are usually carried out through exploiting security vulnerabilities in the operating system or application, or by using malicious software, such as malware, to gain access to higher-level accounts., topic=null, hs_path=privilege-escalation}--
{tableName=glossary, name=Reputational Risk, description=
Reputational risk is the risk of damage to a company's reputation, resulting from adverse events or negative publicity. It is a type of non-financial risk and can be difficult to quantify, but can have a significant impact on a company's ability to attract customers, raise capital, and maintain relationships with employees, suppliers, and other stakeholders. Reputational risk is often caused by a company's failure to meet customer expectations, unethical behavior, or a lack of transparency. It can also be caused by events outside of the company's control, such as a natural disaster or a scandal involving another company in the same industry. Companies can manage reputational risk by monitoring their public image, engaging in corporate social responsibility initiatives, and having strong internal controls in place., topic=null, hs_path=reputational-risk}--
{tableName=glossary, name=ISO/IEC Directives Part 1, description=
ISO/IEC Directives Part 1 is an international standard that provides guidelines for the development, approval, publication, and maintenance of International Standards, Technical Specifications, Technical Reports, and Publicly Available Specifications. It is the main document of the ISO/IEC process for the development and publication of international standards. It outlines the roles and responsibilities of the various entities involved in the process, such as the ISO/IEC members, the ISO/IEC Technical Management Board, the ISO/IEC Central Secretariat, and the ISO/IEC Technical Committees. It also outlines the process for the development of new standards, the review process, and the publication and maintenance process. Furthermore, it provides guidance on the use of the ISO/IEC logo and the ISO/IEC copyright statement. Finally, it outlines the process for the withdrawal, revision, and amendment of existing standards., topic=null, hs_path=iso-iec-directives-part-1}--
{tableName=glossary, name=Information Security, description=
Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a broad term that encompasses a wide range of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. It is also known as cyber security or computer security. Information security is important because it helps protect organizations from data loss, unauthorized access, and other security threats. It also helps organizations protect their customers' information and ensure compliance with applicable laws and regulations. Information security involves the use of a variety of measures to protect data, including encryption, authentication, access control, and data backup. Additionally, organizations must also take steps to ensure that their networks and systems are secure and regularly updated to prevent security breaches., topic=null, hs_path=information-security}--
{tableName=glossary, name=NIST SP 800-53, description=
NIST SP 800-53 is a set of security controls and guidelines developed by the National Institute of Standards and Technology (NIST). It provides a comprehensive set of security requirements for federal information systems and organizations. It is designed to help organizations protect their information systems from unauthorized access, modification, misuse, and destruction. The security controls are divided into 18 categories, with each category containing a set of security controls and associated implementation guidance. The categories include access control, audit and accountability, awareness and training, configuration management, contingency planning, identification and authentication, incident response, maintenance, media protection, physical and environmental protection, planning, personnel security, risk assessment, system and services acquisition, system and communications protection, system and information integrity, system and network security, and system and organization security. Each security control is further divided into sub-controls, with each sub-control having a set of implementation guidance and a baseline security requirement. The baseline security requirement defines the minimum level of security that must be achieved for each sub-control. NIST SP 800-53 also provides guidance on how to implement the security controls and provides a framework for developing a security program., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name='
NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value=
This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53}--
{tableName=glossary, name=ISO/IEC /IEC 27000, description=
ISO/IEC 27000 is a family of international standards developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provide best practice guidelines for information security management. It is designed to help organizations ensure the confidentiality, integrity, and availability of their information assets. The standards cover a wide range of topics, including risk management, access control, physical and environmental security, asset classification, personnel security, and incident management. They provide guidance on how to design, implement, and maintain an effective information security management system (ISMS). The standards also provide a framework for organizations to assess their security posture and identify potential areas for improvement. The ISO/IEC 27000 family of standards is widely recognized and adopted by organizations around the world., topic=[{id=97620570516, createdAt=1673040885379, updatedAt=1715624504033, path='iso-27000', name='
ISO 27000 Guide: Security Management System Overview', 1='{type=string, value=ISO 27000}', 2='{type=string, value=
This guide is designed to help you understand the fundamentals of ISO 27000, the international standard for Information Security Management Systems. Learn how to create a secure framework to protect your data and assets.}', 5='{type=string, value=This authoritative guide provides an in-depth overview of the International Organization for Standardization (ISO) 27000 Series, which is a set of standards focused on information security management. The guide covers the essential elements of the ISO 27000 Series, including the different standards and their objectives, the implementation process, and best practices for security management. It also provides practical advice and guidance for organizations looking to adopt the ISO 27000 Series and ensure their information security management is up to the highest standards. With this guide, readers will gain a better understanding of the ISO 27000 Series and how to effectively implement and manage security within their organization.}', 15='{type=list, value=[{id=97620570516, name='ISO 27000'}]}'}], hs_path=iso-iec-iec-27000}--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77