Risk assessments Definitions

  • C

    Certified Information Systems Auditor (CISA)

    Certified Information Systems Auditor (CISA) is a certification issued by ISACA to people in charge of ensuring that an organization's IT and business systems are monitored, managed and protected; the certification is presented after completion of a comprehensive testing and application process.

  • CISO (chief information security officer)

    The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats.

  • counterfeit detector pen

    A counterfeit detector pen is a felt tip pen containing an iodine solution that can be used to help identify computer-generated counterfeit bills.

  • CSSLP (certified secure software lifecycle professional)

    The CSSLP (certified secure software lifecycle professional) is a certification for security professionals who wish to strengthen and demonstrate their knowledge about application security.

  • CVSS (Common Vulnerability Scoring System)

    The CVSS (Common Vulnerability Scoring System) rates the severity of software vulnerabilities so organizations are able to prioritize mitigation.

  • cybersecurity insurance (cybersecurity liability insurance)

    Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online.

  • What is cybersecurity? Everything you need to know

    Cybersecurity is the protection of internet-connected systems -- including hardware, software and data -- from cyberattacks.

  • G

    gray hat (or grey hat)

    Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.

  • I

    integrated risk management (IRM)

    Integrated risk management (IRM) is an approach to risk management that uses a set of practices and processes to improve an organization's security, risk tolerance profile and strategic decision-making.

  • M

    micro-botnet (mini-botnet or baby botnet)

    A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company.

  • O

    orphan account

    An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, services and applications but does not have a valid owner.

  • R

    risk analysis

    Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects.

  • S

    security debt

    Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront. The term compares the pressures of monetary debt with the long-term burden developers and IT teams face when security shortcuts are taken.

  • U

    user behavior analytics (UBA)

    User behavior analytics (UBA) is a process in which security teams use monitoring tools to track, collect and assess the network activities of all individuals accessing those system to detect potentially malicious activity.

  • USGCB (United States Government Configuration Baseline)

    The United States Government Configuration Baseline, or USGCB, is a government-wide initiative that provides guidance on information security configuration best practices for IT products leveraged by federal agencies.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close