Centraleyes’s Glossary

A-Z guide to commonly used cybersecurity terms and phrases
Glossary visual

Resources | Glossary

Data Subprocessor
What is a Data Subprocessor? A Data Subprocessor is a third party engaged by a Data Processor to assist with
Threat-Based Risk Assessment
What is a Threat-Based Risk Assessment? Threat-Based Risk Assessment is an approach that incorporates real-time threat intelligence into the risk
Semi-Quantitative Risk Assessment
Various methodologies are employed to identify, evaluate, and mitigate risks. Among these methodologies, semi-quantitative risk assessment combines elements of both
Vulnerability-Based Risk Assessment
What is Vulnerability-Based Risk Assessment? A vulnerability-based risk assessment is a structured process designed to identify, evaluate, and address vulnerabilities
Risk Management Strategy
What is a Risk Management Strategy? A risk management strategy is a structured approach to identifying, assessing, and mitigating risks
Authorization to Operate (ATO)
What is an ATO? An ATO is a hallmark of approval that endorses an information system for use within a
What is StateRAMP? In 2011, the Federal Risk and Authorization Management Program (FedRAMP) laid the groundwork for a standardized assessment
Segregation of Duties
What is the Segregation of Duties? Segregation of duties (SoD) is like a game of checks and balances in the
PCI Penetration Testing
The March 31, 2024, deadline for PCI 4.0 has already passed, and organizations must be updated with the new regulation.
Due Diligence Questionnaire
What is a Due Diligence Questionnaire (DDQ)? When companies evaluate a potential vendor or M&A transaction, they’ll use due diligence
Key Risk Indicator
What is a Key Risk Indicator? According to Cobit 5, KRIs are metrics that provide insight into an enterprise’s level
AI Policy
What are AI Policies? AI policies serve as a guiding framework for organizations, delineating the principles, guidelines, and procedures governing
What is TISAX? TISAX is a standard evaluation and exchange process for the automotive industry. It uses the ISA security
The Children’s Online Privacy Protection Act (COPPA) is a federal law in the United States that safeguards children’s online privacy.
AI Risk Management
Advancements in generative AI technologies, such as GPT-3 and DALL·E, have accelerated global AI adoption. While businesses implement AI to
AI Auditing
What is an AI Audit? AI audits determine whether an AI system and its supporting algorithms follow secure, legal, and
Data Exfiltration
What Is Data Exfiltration? Data exfiltration is the unauthorized removal or moving of data from or within digital devices. Data
Data Sovereignty
What is Data Sovereignty? Data sovereignty asserts that digital data is subject to the laws of the country in which
Control Objectives for Information and Related Technologies (COBIT)
What is Control Objectives for Information and Related Technologies (COBIT)? COBIT 5, developed by the Information Systems Audit and Control
Audit Management Software
What is Audit Management Software? Audit management software is the cornerstone of organizations’ efficient audit oversight, governance, and procedural management.
Vendor Framework
What is a Vendor Framework? In today’s turbo-charged business world, we’re all about connections, which means relying on third-party vendors
AI Governance
What is AI Governance? AI governance refers to the comprehensive principles, policies, and practices that guide the ethical development, deployment,
AI Transparency
In today’s digital age, where AI algorithms wield immense power in shaping our lives, understanding how these algorithms make decisions
Internal Penetration Testing
Internal penetration testing is a proactive approach to assess the security posture of an organization’s internal network infrastructure. Unlike external
Cybersecurity Automation
What is Cybersecurity Automation? Cybersecurity automation involves the use of technology, algorithms, and predefined processes to automatically handle and execute
GDPR Compliance Risk Assessment
Embarking on the GDPR (General Data Protection Regulation) compliance journey inevitably brings us face-to-face with a pivotal requirement: regular risk
Audit Fatigue
What is Audit Fatigue? Audit fatigue arises when organizations face numerous and repetitive security and compliance audits, leading to resource
Compliance Operations
What Are Compliance Operations? Compliance operations encompass multifacet‏ed processes and activities undertaken by organizations. They systematically identify, assess, and mitigate
Risk Management Automation
What is Risk Management Automation? Automated risk management involves using advanced technologies to identify, assess, and mitigate potential risks systematically
Corporate Sustainability Reporting Directive
EU’s Corporate Sustainability Reporting Directive (CSRD), in effect since January 5, 2023, mandates EU businesses, including qualifying EU subsidiaries of
Skip to content