From maturity assessments to incident response plans, understand all the terminology on your path to cyber resilience.
Guidelines outlining the proper use of an organisation's technology resources.
The specific controls outlined in Annex A of the ISO 27001 standard, addressing various aspects of information security.
A record of system activities to track and monitor user interactions and changes.
Regularly creating copies of data and systems to restore them after data loss or a disaster.
Bring Your Own Device: Policies and practices for bringing personal devices into an organisation's network.
Developing strategies to ensure essential business operations continue during and after disruptions.
Adhering to laws, regulations, and industry standards relevant to security and privacy.
Essential components and processes in an organisation's infrastructure.
Techniques for secure communication, data protection, and authentication.
The ability to prepare for, respond to, and recover from cyber incidents.
Structured guidelines and best practices to manage cybersecurity risk.
Establishing structures and processes to oversee cybersecurity efforts in an organisation.
Unauthorised access, disclosure, or loss of sensitive information.
Categorising data based on its sensitivity and value.
Measures to prevent sensitive data from leaving the organisation's network.
Collecting and storing only the minimum amount of necessary data.
A contract specifying data processing terms between data controllers and processors.
The process of converting data into a code to prevent unauthorised access.
Authorised testing of systems to identify vulnerabilities, also known as "white hat" hacking.
Publicly available information regarding an organisation's approach to privacy.
A network security device that filters incoming and outgoing network traffic based on predetermined security rules.
General Data Protection Regulation: European Union regulation focused on data protection and privacy.
Categorising incidents based on severity and impact for effective response.
A predefined set of procedures to follow in the event of a cybersecurity incident.
An event that compromises the confidentiality, integrity, or availability of information, triggering the need for a response.
A high-level directive (usually from top management) that sets out the organisation's commitment to information security.
Requests from individuals to access or manage their personal data.
Guidelines for how an organisation handles internal data and employee information.
Communication protocols vulnerable to attacks due to lack of encryption or security.
Information Security Management System: A systematic approach to managing an organisation's information security.
International standard for information security management.
Malicious software designed to disrupt, damage, or gain unauthorised access to systems.
Evaluating an organisation's security and privacy maturity level.
Software for securely storing and managing passwords.
Or pen test: Simulating cyberattacks to identify vulnerabilities in systems.
Attempting to deceive individuals into revealing sensitive information or performing actions through fraudulent communication.
A designated person responsible for managing an organisation's privacy efforts.
Evaluating and addressing potential privacy risks before implementing a project or system.
Duplication of critical components or systems to ensure availability in case of failure.
A structured approach to assessing and managing risks in an organisation.
The process of identifying, analysing, and prioritising potential security risks.
A structured plan that outlines how identified risks will be addressed, mitigated, or accepted within the ISMS.
The individual responsible for overseeing and managing the treatment of a specific information security risk.
A detailed record of identified risks, including their descriptions, impact, likelihood, and risk owners.
Educating users about security threats and best practices.
The collective attitude, beliefs, and behaviours regarding security within an organisation.
Any adverse event or potential threat that could compromise information security.
Documented rules and guidelines for maintaining security within an organisation.
A method allowing users to authenticate once to access multiple systems.
Service Organisational Control 2: Report focusing on the security, availability, processing integrity, confidentiality, and privacy of service providers.
Manipulating individuals into divulging confidential information or performing actions.
Ensuring the security of products and services acquired from third-party vendors.
Duplication of critical components or systems to ensure availability in case of failure.
Any potential danger to the confidentiality, integrity, or availability of information or systems.
A security process that requires users to provide two different authentication factors to access a system.
Managing user identities, roles, and permissions to ensure appropriate access control.
A secure and encrypted network connection over a public network, such as the internet.
A security tool that filters and monitors incoming traffic to web applications.
A security approach that assumes no trust by default and verifies all access requests.
Guidelines outlining the proper use of an organisation's technology resources.
The specific controls outlined in Annex A of the ISO 27001 standard, addressing various aspects of information security.
A record of system activities to track and monitor user interactions and changes.
Regularly creating copies of data and systems to restore them after data loss or a disaster.
Bring Your Own Device: Policies and practices for bringing personal devices into an organisation's network.
Developing strategies to ensure essential business operations continue during and after disruptions.
Adhering to laws, regulations, and industry standards relevant to security and privacy.
Essential components and processes in an organisation's infrastructure.
Techniques for secure communication, data protection, and authentication.
The ability to prepare for, respond to, and recover from cyber incidents.
Structured guidelines and best practices to manage cybersecurity risk.
Establishing structures and processes to oversee cybersecurity efforts in an organisation.
Unauthorised access, disclosure, or loss of sensitive information.
Categorising data based on its sensitivity and value.
Measures to prevent sensitive data from leaving the organisation's network.
Collecting and storing only the minimum amount of necessary data.
A contract specifying data processing terms between data controllers and processors.
The process of converting data into a code to prevent unauthorised access.
Authorised testing of systems to identify vulnerabilities, also known as "white hat" hacking.
Publicly available information regarding an organisation's approach to privacy.
A network security device that filters incoming and outgoing network traffic based on predetermined security rules.
General Data Protection Regulation: European Union regulation focused on data protection and privacy.
Categorising incidents based on severity and impact for effective response.
A predefined set of procedures to follow in the event of a cybersecurity incident.
An event that compromises the confidentiality, integrity, or availability of information, triggering the need for a response.
A high-level directive (usually from top management) that sets out the organisation's commitment to information security.
Requests from individuals to access or manage their personal data.
Guidelines for how an organisation handles internal data and employee information.
Communication protocols vulnerable to attacks due to lack of encryption or security.
Information Security Management System: A systematic approach to managing an organisation's information security.
International standard for information security management.
Malicious software designed to disrupt, damage, or gain unauthorised access to systems.
Evaluating an organisation's security and privacy maturity level.
Software for securely storing and managing passwords.
Or pen test: Simulating cyberattacks to identify vulnerabilities in systems.
Attempting to deceive individuals into revealing sensitive information or performing actions through fraudulent communication.
A designated person responsible for managing an organisation's privacy efforts.
Evaluating and addressing potential privacy risks before implementing a project or system.
Duplication of critical components or systems to ensure availability in case of failure.
A structured approach to assessing and managing risks in an organisation.
The process of identifying, analysing, and prioritising potential security risks.
A structured plan that outlines how identified risks will be addressed, mitigated, or accepted within the ISMS.
The individual responsible for overseeing and managing the treatment of a specific information security risk.
A detailed record of identified risks, including their descriptions, impact, likelihood, and risk owners.
Educating users about security threats and best practices.
The collective attitude, beliefs, and behaviours regarding security within an organisation.
Any adverse event or potential threat that could compromise information security.
Documented rules and guidelines for maintaining security within an organisation.
A method allowing users to authenticate once to access multiple systems.
Service Organisational Control 2: Report focusing on the security, availability, processing integrity, confidentiality, and privacy of service providers.
Manipulating individuals into divulging confidential information or performing actions.
Ensuring the security of products and services acquired from third-party vendors.
Duplication of critical components or systems to ensure availability in case of failure.
Any potential danger to the confidentiality, integrity, or availability of information or systems.
A security process that requires users to provide two different authentication factors to access a system.
Managing user identities, roles, and permissions to ensure appropriate access control.
A secure and encrypted network connection over a public network, such as the internet.
A security tool that filters and monitors incoming traffic to web applications.
A security approach that assumes no trust by default and verifies all access requests.
Build, launch and manage your cyber resilience program in 30 minutes a week.