Browsing 67 concepts
A policy defining the rules governing the use of an organisation's information systems, networks, and data by employees and other users.
The process of granting or denying specific requests to obtain and use information and related information processing services.
A technique that identifies patterns in data that deviate from expected behaviour, used to detect potential security incidents.
Software that detects, prevents, and removes malware by scanning files and processes against known malicious signatures.
The systematic process of identifying, classifying, and maintaining responsibility for information assets throughout their lifecycle.
The recording of system and user activities to provide an auditable trail for detecting security incidents and supporting forensic investigations.
Procedures and technologies for creating copies of data and restoring systems to a functional state following data loss or system failure.
A holistic management process that identifies potential threats and their impacts, providing a framework for building organisational resilience.
The process of monitoring and managing system resources to ensure adequate capacity is available to meet performance and availability requirements.
A structured approach to transitioning systems from a current state to a desired future state while minimising disruption and security risk.
An organisational policy requiring employees to clear their desks of sensitive materials when not in use to prevent unauthorised access.
Security controls and practices designed to protect data, applications, and infrastructure in cloud computing environments.
Security practices and controls for protecting containerised applications and the container runtime environment.
An ongoing process of maintaining awareness of information security, vulnerabilities, and threats to support organisational risk management decisions.
A recommended action or set of actions to prevent or respond to an attack or mitigate the impact of a security incident.
A mathematical function that transforms input data of arbitrary size into a fixed-size output, used to verify data integrity.
An organisational policy governing the use of cryptographic controls to protect the confidentiality, integrity, and authenticity of information.
A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorised users.
A technique that obscures specific data within a database or dataset to protect sensitive information while retaining its usability for testing or analysis.
A cryptographic mechanism that provides authentication, non-repudiation, and integrity verification of digital messages or documents.
Security measures applied to the Domain Name System to prevent DNS-based attacks such as cache poisoning, hijacking, and amplification.
Mechanisms and protocols that protect email communications from threats such as phishing, spoofing, and malware delivery.
The process of converting plaintext into ciphertext using a cryptographic algorithm and key to protect data confidentiality.
A security technology that continuously monitors endpoint devices to detect, investigate, and respond to advanced threats.
A security approach that focuses on protecting endpoint devices such as workstations, laptops, and mobile devices from cyber threats.
A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
The processes and technologies used to manage digital identities and control user access to systems and resources.
An organised approach to addressing and managing the aftermath of a security breach or cyber attack.
Observable artefacts or patterns that suggest a system has been compromised, used to detect and respond to security incidents.
The process of categorising information according to its sensitivity and the level of protection required.
A documented set of rules and principles that defines an organisation's approach to managing and protecting its information assets.
The process of verifying that data provided by a user or external system meets expected format and value constraints before processing.
A device or software application that monitors a network or system for malicious activity and policy violations.
A network security system that monitors for malicious activity and can automatically take action to block detected threats.
The administration of cryptographic keys, including their generation, distribution, storage, use, and destruction.
The principle of restricting access rights for users, accounts, and computing processes to only those resources required to perform legitimate activities.
The process of collecting, storing, analysing, and retaining log data from systems and applications for security and compliance purposes.
An authentication method that requires users to present two or more verification factors from different categories to gain access.
A security approach that enforces policy compliance on devices seeking to access a network before granting connectivity.
The practice of dividing a network into multiple isolated segments to contain the spread of threats and limit lateral movement.
An advanced firewall that adds application-layer inspection, intrusion prevention, and deep packet inspection to traditional firewall capabilities.
Controls applied to software development activities performed by external parties to ensure security requirements are met throughout the development process.
The systematic process of identifying, testing, and deploying software updates to address vulnerabilities and improve security.
A simulated cyber attack against a system to check for exploitable vulnerabilities and assess the effectiveness of security controls.
Physical boundaries such as walls, fences, and controlled entry points used to protect areas containing sensitive information and systems.
A security mechanism that manages and monitors the use of privileged accounts and administrative access to critical systems.
A framework of policies, hardware, software, and procedures to create, manage, distribute, use, store, and revoke digital certificates.
The process of identifying, estimating, and prioritising information security risks to organisational operations and assets.
An access control model that restricts system access based on the roles assigned to individual users within an organisation.
A security standard that ensures a device boots using only firmware and software that is trusted and verified by the manufacturer.
A software development process that integrates security activities at every phase to reduce vulnerabilities in the final product.
Procedures for the secure destruction or sanitisation of storage media and equipment to prevent unauthorised recovery of sensitive data.
An educational programme designed to improve employees' understanding of cybersecurity risks and best practices.
The management and control of configurations for information systems to enable security and to facilitate the management of information security risk.
A system that aggregates and analyses security event data from across an organisation's IT infrastructure to detect threats and support incident response.
The continuous observation and analysis of an organisation's systems and networks to detect and respond to security events.
The process of evaluating a system or application to identify security vulnerabilities through techniques such as code review, vulnerability scanning, and penetration testing.
A security principle that divides critical tasks and privileges among multiple users to prevent fraud and errors.
An authentication mechanism that permits a user to authenticate once and gain access to multiple related systems without re-authenticating.
Processes and controls for managing information security risks associated with third-party suppliers and service providers.
Evidence-based knowledge about existing or emerging threats that can be used to inform decisions about how to respond.
A cryptographic protocol that provides end-to-end security for communications over a network, protecting data confidentiality and integrity.
A technology that creates an encrypted tunnel over a public network to securely connect remote users or sites.
A tool that automatically identifies known vulnerabilities in systems and applications by comparing configurations against a database of known weaknesses.
A security appliance or service that filters and monitors HTTP traffic to protect web applications from common attacks.
A technology that monitors and controls access to websites and web content based on organisational security and acceptable use policies.
A security model that assumes no implicit trust is granted to any asset or user based solely on physical or network location.
