Your cyber resilience glossary 🦸

From maturity assessments to incident response plans, understand all the terminology on your path to cyber resilience.

Filter by alphabet ↓

Acceptable use policy

Guidelines outlining the proper use of an organisation's technology resources.

Annex A controls

The specific controls outlined in Annex A of the ISO 27001 standard, addressing various aspects of information security.

Audit trail

A record of system activities to track and monitor user interactions and changes.

Backup and recovery

Regularly creating copies of data and systems to restore them after data loss or a disaster.

BYOD guidelines

Bring Your Own Device: Policies and practices for bringing personal devices into an organisation's network.

Business continuity planning

Developing strategies to ensure essential business operations continue during and after disruptions.

Compliance

Adhering to laws, regulations, and industry standards relevant to security and privacy.

Critical systems

Essential components and processes in an organisation's infrastructure.

Cryptography

Techniques for secure communication, data protection, and authentication.

Cyber resilience

The ability to prepare for, respond to, and recover from cyber incidents.

Cybersecurity frameworks

Structured guidelines and best practices to manage cybersecurity risk.

Cybersecurity governance

Establishing structures and processes to oversee cybersecurity efforts in an organisation.

Data breach

Unauthorised access, disclosure, or loss of sensitive information.

Data classification

Categorising data based on its sensitivity and value.

Data Loss Prevention (DLP)

Measures to prevent sensitive data from leaving the organisation's network.

Data minimisation

Collecting and storing only the minimum amount of necessary data.

Data processing agreement

A contract specifying data processing terms between data controllers and processors.

Encryption

The process of converting data into a code to prevent unauthorised access.

Ethical hacking

Authorised testing of systems to identify vulnerabilities, also known as "white hat" hacking.

External privacy statement

Publicly available information regarding an organisation's approach to privacy.

Firewall

A network security device that filters incoming and outgoing network traffic based on predetermined security rules.

GDPR

General Data Protection Regulation: European Union regulation focused on data protection and privacy.

Incident classification

Categorising incidents based on severity and impact for effective response.

Incident response plan

A predefined set of procedures to follow in the event of a cybersecurity incident.

Information security incident

An event that compromises the confidentiality, integrity, or availability of information, triggering the need for a response.

Information security policy

A high-level directive (usually from top management) that sets out the organisation's commitment to information security.

Individual rights request

Requests from individuals to access or manage their personal data.

Internal privacy policy

Guidelines for how an organisation handles internal data and employee information.

Insecure protocols

Communication protocols vulnerable to attacks due to lack of encryption or security.

ISMS

Information Security Management System: A systematic approach to managing an organisation's information security.

ISO 27001

 International standard for information security management.

Malware

Malicious software designed to disrupt, damage, or gain unauthorised access to systems.

Maturity assessments

Evaluating an organisation's security and privacy maturity level.

Password manager

Software for securely storing and managing passwords.

Penetration testing

Or pen test: Simulating cyberattacks to identify vulnerabilities in systems.

Phishing

Attempting to deceive individuals into revealing sensitive information or performing actions through fraudulent communication.

Privacy Officer

A designated person responsible for managing an organisation's privacy efforts.

Privacy Impact Assessment (PIA)

Evaluating and addressing potential privacy risks before implementing a project or system.

Redundancy

Duplication of critical components or systems to ensure availability in case of failure.

Risk assurance framework

A structured approach to assessing and managing risks in an organisation.

Risk assessment

The process of identifying, analysing, and prioritising potential security risks.

Risk treatment plan

A structured plan that outlines how identified risks will be addressed, mitigated, or accepted within the ISMS.

Risk owner

The individual responsible for overseeing and managing the treatment of a specific information security risk.

Risk register

A detailed record of identified risks, including their descriptions, impact, likelihood, and risk owners.

Security awareness training

Educating users about security threats and best practices.

Security culture

The collective attitude, beliefs, and behaviours regarding security within an organisation.

Security incident

Any adverse event or potential threat that could compromise information security.

Security policy

Documented rules and guidelines for maintaining security within an organisation.

Single Sign-On (SSO)

A method allowing users to authenticate once to access multiple systems.

SOC 2

Service Organisational Control 2: Report focusing on the security, availability, processing integrity, confidentiality, and privacy of service providers.

Social engineering

Manipulating individuals into divulging confidential information or performing actions.

Supply chain security

Ensuring the security of products and services acquired from third-party vendors.

Third-party risk management

Duplication of critical components or systems to ensure availability in case of failure.

Threat

Any potential danger to the confidentiality, integrity, or availability of information or systems.

Two-factor authentication (2FA)

A security process that requires users to provide two different authentication factors to access a system.

User identity management

Managing user identities, roles, and permissions to ensure appropriate access control.

Virtual Private Network (VPN)

A secure and encrypted network connection over a public network, such as the internet.

Web Application Firewall (WAF)

A security tool that filters and monitors incoming traffic to web applications.

Zero-trust architecture

A security approach that assumes no trust by default and verifies all access requests.

Acceptable use policy

Guidelines outlining the proper use of an organisation's technology resources.

Annex A controls

The specific controls outlined in Annex A of the ISO 27001 standard, addressing various aspects of information security.

Audit trail

A record of system activities to track and monitor user interactions and changes.

Backup and recovery

Regularly creating copies of data and systems to restore them after data loss or a disaster.

BYOD guidelines

Bring Your Own Device: Policies and practices for bringing personal devices into an organisation's network.

Business continuity planning

Developing strategies to ensure essential business operations continue during and after disruptions.

Compliance

Adhering to laws, regulations, and industry standards relevant to security and privacy.

Critical systems

Essential components and processes in an organisation's infrastructure.

Cryptography

Techniques for secure communication, data protection, and authentication.

Cyber resilience

The ability to prepare for, respond to, and recover from cyber incidents.

Cybersecurity frameworks

Structured guidelines and best practices to manage cybersecurity risk.

Cybersecurity governance

Establishing structures and processes to oversee cybersecurity efforts in an organisation.

Data breach

Unauthorised access, disclosure, or loss of sensitive information.

Data classification

Categorising data based on its sensitivity and value.

Data Loss Prevention (DLP)

Measures to prevent sensitive data from leaving the organisation's network.

Data minimisation

Collecting and storing only the minimum amount of necessary data.

Data processing agreement

A contract specifying data processing terms between data controllers and processors.

Encryption

The process of converting data into a code to prevent unauthorised access.

Ethical hacking

Authorised testing of systems to identify vulnerabilities, also known as "white hat" hacking.

External privacy statement

Publicly available information regarding an organisation's approach to privacy.

Firewall

A network security device that filters incoming and outgoing network traffic based on predetermined security rules.

GDPR

General Data Protection Regulation: European Union regulation focused on data protection and privacy.

Incident classification

Categorising incidents based on severity and impact for effective response.

Incident response plan

A predefined set of procedures to follow in the event of a cybersecurity incident.

Information security incident

An event that compromises the confidentiality, integrity, or availability of information, triggering the need for a response.

Information security policy

A high-level directive (usually from top management) that sets out the organisation's commitment to information security.

Individual rights request

Requests from individuals to access or manage their personal data.

Internal privacy policy

Guidelines for how an organisation handles internal data and employee information.

Insecure protocols

Communication protocols vulnerable to attacks due to lack of encryption or security.

ISMS

Information Security Management System: A systematic approach to managing an organisation's information security.

ISO 27001

 International standard for information security management.

Malware

Malicious software designed to disrupt, damage, or gain unauthorised access to systems.

Maturity assessments

Evaluating an organisation's security and privacy maturity level.

Password manager

Software for securely storing and managing passwords.

Penetration testing

Or pen test: Simulating cyberattacks to identify vulnerabilities in systems.

Phishing

Attempting to deceive individuals into revealing sensitive information or performing actions through fraudulent communication.

Privacy Officer

A designated person responsible for managing an organisation's privacy efforts.

Privacy Impact Assessment (PIA)

Evaluating and addressing potential privacy risks before implementing a project or system.

Redundancy

Duplication of critical components or systems to ensure availability in case of failure.

Risk assurance framework

A structured approach to assessing and managing risks in an organisation.

Risk assessment

The process of identifying, analysing, and prioritising potential security risks.

Risk treatment plan

A structured plan that outlines how identified risks will be addressed, mitigated, or accepted within the ISMS.

Risk owner

The individual responsible for overseeing and managing the treatment of a specific information security risk.

Risk register

A detailed record of identified risks, including their descriptions, impact, likelihood, and risk owners.

Security awareness training

Educating users about security threats and best practices.

Security culture

The collective attitude, beliefs, and behaviours regarding security within an organisation.

Security incident

Any adverse event or potential threat that could compromise information security.

Security policy

Documented rules and guidelines for maintaining security within an organisation.

Single Sign-On (SSO)

A method allowing users to authenticate once to access multiple systems.

SOC 2

Service Organisational Control 2: Report focusing on the security, availability, processing integrity, confidentiality, and privacy of service providers.

Social engineering

Manipulating individuals into divulging confidential information or performing actions.

Supply chain security

Ensuring the security of products and services acquired from third-party vendors.

Third-party risk management

Duplication of critical components or systems to ensure availability in case of failure.

Threat

Any potential danger to the confidentiality, integrity, or availability of information or systems.

Two-factor authentication (2FA)

A security process that requires users to provide two different authentication factors to access a system.

User identity management

Managing user identities, roles, and permissions to ensure appropriate access control.

Virtual Private Network (VPN)

A secure and encrypted network connection over a public network, such as the internet.

Web Application Firewall (WAF)

A security tool that filters and monitors incoming traffic to web applications.

Zero-trust architecture

A security approach that assumes no trust by default and verifies all access requests.

Unleash your inner security superhero 🦸

Build, launch and manage your cyber resilience program in 30 minutes a week.