Click on a LETTER to navigate to that section of the Glossary. Within each alphabetized section are links to jump to the description of a specific key term.
Jump to:
• A • B • C • D • E • H • I • K • L • M • N • P • R • S • T • V •
Term |
Definition |
A
|
↑
|
Acceptable Use Policy |
An Acceptable Use Policy is a set of rules that define how to use organisational systems like email, internet, and social media platforms. |
Access Control Policy |
|
Asset Inventory |
Asset Inventory is a maintained list of every asset owned by an organisation (i.e. hardware, software, end-user devices like laptops and mobile devices). |
Asset Management |
Asset Management involves overseeing all information assets owned by an organisation, which includes acquiring, monitoring, safeguarding, and disposing/recycling assets. |
Authentication |
Authentication is the process of confirming the identity of users, software, or other entities. |
Authorization |
Authorization is granting permission to a user, software, or entity to access a system or service. |
BBaseline Configurations |
↑
|
Baseline Configurations |
Baseline Configurations are a defined set of specifications for an information system, or a specific item within a system, that has undergone a formal review and approval process. |
Bring Your Own Device |
Bring Your Own Device (BYOD) means that employees are permitted to use their personal devices (such as laptops, mobile phones, tablets) within the organisation, including for accessing the organisation's networks or systems. |
Business Continuity Plan |
A Business Continuity Plan is an official document outlining how an organisation will respond to unexpected events or incidents. It includes detailed procedures for restoring systems, business functions, and operations. |
Business Impact Assessment |
Business Impact Assessment is a structured procedure used to identify and measure the effect of disruptive events on processes, functions, and operations. |
C |
↑
|
Capacity Management |
Capacity Management involves overseeing resource needs for IT systems and technology. It includes planning and monitoring disk space, memory usage, and storage across various devices and services. |
Compensating Control |
|
Constituent |
Constituent refers to an individual who is currently employed or working as a contractor. |
Containerization |
|
Contingency Plans |
Contingency Plans are official strategies that organisations use to deal with unexpected incidents or situations. They are often included in risk management planning to handle significant or high-impact risks. |
Covered Entity |
A Covered Entity refers to an individual, organisation, or agency that's required to follow regulations of the Health Insurance Portability and Accountability Act (HIPAA) to safeguard the confidentiality and safety of health data. |
Critical Infrastructure |
|
Critical Systems |
Critical Systems are essential information systems due to the data or information they hold, as well as their visibility or ownership (i.e. client-facing). |
Cyber Threat Intelligence |
|
D |
↑
|
Data Archive |
Storing data that is no longer in active use on storage devices for long-term preservation is known as a Data Archive. This can involve older data that holds importance for an organisation or must be retained for compliance purposes. |
Data Flow |
Data Flow is monitoring how information is transferred between systems and networks, such as identifying where data is entered and exited. |
Data Loss Prevention |
|
Data Protection Officer |
|
Data Steward |
A Data Steward is a position tasked with overseeing and controlling an organisation's data resources. Data stewards are responsible for maintaining the quality of data assets utilised by the organisation. |
Data-at-rest |
Data-at-rest is data stored on computer storage devices such as employee computers, databases, servers, and external devices like hard drives and backup tapes. This includes any data saved in digital formats. |
Data-in-transit |
Data-in-transit refers to data that is sent from one system to another. This includes transfer of data between internal-facing systems, and external-facing systems (i.e. between a company and its suppliers, customers, regulatory bodies). |
Disaster Recovery |
Disaster Recovery involves the procedures for preserving or restoring essential infrastructure and systems after disasters caused by nature or human actions. |
Demilitarized Zone |
A Demilitarized Zone (DMZ) refers to a distinct network segment, whether physical or virtual, that hosts an organisation's public-facing services for access by untrusted networks such as the Internet. |
E |
↑
|
Encrypted Virtual Private Networks |
Encrypted Virtual Private Networks (VPNs) are secure connections between devices and networks that use end-to-end encryption to protect data by routing it through an encrypted tunnel. This technology can also conceal IP addresses and locations. |
End-point Port Blocking |
End-point Port Blocking is the process of making selected ports on a device unavailable, and rending such ports inactive to access requests from external devices (i.e. USB drive). |
Event Data |
|
H |
↑
|
Hardening |
Hardening is intended to eliminate a means of attack by patching vulnerabilities and turning off non-essential services. |
Hypervisor |
Hypervisor is a software that abstracts physical resources like CPUs, memory, network, and storage. It allows multiple virtual machines (comprising operating systems, middleware, and applications) to operate on a single physical host. |
I |
↑
|
Incident Response |
|
Information Asset |
An Information Asset encompasses physical and digital assets holding significant information. The assets include hardware, software, data, people, and services. |
Information Classification |
|
Information Systems |
Information Systems involve the integrated use of various resources (i.e. hardware, software, telecom networks) to gather, store, transmit, and share information. |
Information Transfer Policy |
|
Infrastructure as a Service |
Infrastructure as a Service (IaaS) is a category of cloud computing in which a third-party hosts servers, storage, and other infrastructure resources, and makes them available through a cloud environment (i.e. AWS, Microsoft Azure). |
Integrity Checking |
Integrity Checking is verifying that data or information has not been altered or compromised; it may involve confirming the non-repudiation and authenticity of the information. |
Intellectual Property |
|
Internet Filtering |
Internet Filtering is a software used to restrict or control which content a user can access. Particularly when managing materials or information delivered through websites or email. |
Intrusion Detection System |
|
Intrusion Prevention System |
|
KKey Management Policy |
↑
|
Key Management Policy |
A Key Management Policy is a comprehensive document on procedures for creating, storing, saving, accessing, sharing, decommissioning, and deleting cryptographic keys. |
L |
↑
|
Labelling |
Labelling involves assigning an identifier to information assets according to specified classification levels. For instance, labelling external devices with a "classified" tag or adding "confidential" to an email header. |
Least Functionality |
The concept of Least Functionality involves setting up information systems to offer only necessary features and to prevent or limit the use of unnecessary functions. |
M |
↑
|
Malicious Code |
Malicious Code is computer code (i.e. viruses, spyware, worms, and trojan horses) designed to exploit weaknesses in systems and services. |
Maximum Tolerable Period of Disruption |
The Maximum Tolerable Period of Disruption refers to the longest duration during which an organisation's essential products or services can be unavailable or undeliverable before the consequences are considered unacceptable. |
Media Transfer |
Media Transfer is the relocation of removable media devices from one place to another. |
Mobile Application Management |
|
Mobile Code |
Mobile Code refers to any app (i.e. software) or content that can move around (i.e. easily transferrable) when placed in an email, document, or website. |
Mobile Device |
A Mobile Device is any handheld physical devices used by an organization. Mobile phones, tablets, laptops, and other portable devices fit into this category. |
Mobile Device Management |
Mobile Device Management (MDM) is software designed to assist organisations in controlling and implementing company policies on laptops, smartphones, tablets, and other devices linked to the internal network. |
N |
↑
|
Network Address Translation |
|
Non-deprecated Algorithm |
A Non-deprecated Algorithm is an algorithm that meets the minimum requirement for bit length in accordance with industry best practice. |
Nth Party |
Nth Party is an open-ended term that expresses the concept that contractors (third parties) can have subcontractors. |
P |
↑
|
Phishing |
Phishing is a type of social engineering attack that deceives users into taking actions that can lead to downloading harmful software (malware) or disclosing personal or sensitive information (such as making significant payments). |
Platform as a Service |
Platform as a Service (PaaS) is a type of cloud computing that offers organisations hardware and software for developing applications. The PaaS provider manages and hosts the hardware and software in their own environment. |
Privacy Impact Assessments |
|
Privacy Notices |
|
Privileged Access |
Privileged Access ensures that only approved users have access to specific systems, software components, and services. It enables the execution of tasks that regular users or processes are unable to carry out. |
R |
↑
|
Ransomware |
Ransomware is a type of malware that is used to demand payment in exchange for releasing or not publishing personal or sensitive data. It can block access to the data and threaten to delete or expose it if the ransom is not paid. |
Remote Access |
Remote Access is connecting to IT systems, services, applications, or data from locations outside the premises. |
Removable Media |
Removable Media refers to storage devices that can be disconnected from computers. They are typically used to transfer data between different locations, such as CDs, DVDs, USB drives, and SD cards. |
Risk Management Strategy |
Risk Management Strategy is a structured method for recognising, measuring, reducing and regularly overseeing risks according to established acceptance criteria. |
Risk Tolerance |
Risk Tolerance refers to the degree to which an organisation is willing to accept risk. |
Role-based User Access Control |
|
SSecret Authentication Information |
↑
|
Scoped Data |
|
Scoped Systems |
Scope Systems is computer hardware, software, and/or Non-Public Personal Information that a service provider stores, transmits, or processes within the scope of an engagement. |
Secret Authentication Information |
Secret Authentication Information refers to passwords and encryption keys used to gain access to information systems. |
Secure Disposal |
Secure Disposal involves methods for getting rid of physical assets by ensuring that any data or information stored on them is removed before disposal or destruction. |
Secure Engineering Principles |
|
Secure File Transfer Protocol |
Secure File Transfer Protocol (SFTP) is a network protocol that enables secure access, transfer, and management of large files and sensitive data. |
Secure Sockets Layer |
Secure Sockets Layer (SSL) is a security technology that encrypts the connection between servers and clients, such as webservers. It protects sensitive data when transmitted between different systems. |
Simulated Adversary Attack |
A Simulated Adversary Attack involves mimicking the actions and behaviours of experienced cyber threat actors to target an organisation's IT or technology systems. |
Software as a Service |
Software as a Service (SaaS) refers to cloud computing applications hosted by a third-party provider and accessed through a platform (i.e. Salesforce, Concur). |
Software Development Life Cycle |
|
Special Interest Groups |
Special Interest Groups are security forums or professional associations made up of multiple organisations or businesses. Their goal is to improve knowledge of security best practices and bring attention to new and emerging threats. |
Supply Chain Risk Management Plan |
A Supply Chain Risk Management Plan is a strategic document that is used to identify and evaluate risks related to the supply chain. It also outlines how to manage, implement, and monitor controls for C-SCRM. |
T |
↑
|
Tenant Data |
Tenant Data is owned by a customer of a cloud service provider, who can be an individual user, a group of users, a department or entire company. |
Two-factor Authentication |
|
VVirtual Private Network |
↑
|
Virtual Private Network |
|
Comments
0 comments
Article is closed for comments.