Centraleyes’s Glossary

A-Z guide to commonly used cybersecurity terms and phrases
Glossary visual

Resources | Glossary

Authorization to Operate (ATO)
What is an ATO? An ATO is a hallmark of approval that endorses an information system for use within a
What is StateRAMP? In 2011, the Federal Risk and Authorization Management Program (FedRAMP) laid the groundwork for a standardized assessment
Segregation of Duties
What is the Segregation of Duties? Segregation of duties (SoD) is like a game of checks and balances in the
PCI Penetration Testing
The March 31, 2024, deadline for PCI 4.0 has already passed, and organizations must be updated with the new regulation.
Due Diligence Questionnaire
What is a Due Diligence Questionnaire (DDQ)? When companies evaluate a potential vendor or M&A transaction, they’ll use due diligence
Key Risk Indicator
What is a Key Risk Indicator? According to Cobit 5, KRIs are metrics that provide insight into an enterprise’s level
AI Policy
What are AI Policies? AI policies serve as a guiding framework for organizations, delineating the principles, guidelines, and procedures governing
What is TISAX? TISAX is a standard evaluation and exchange process for the automotive industry. It uses the ISA security
The Children’s Online Privacy Protection Act (COPPA) is a federal law in the United States that safeguards children’s online privacy.
AI Risk Management
Advancements in generative AI technologies, such as GPT-3 and DALL·E, have accelerated global AI adoption. While businesses implement AI to
AI Auditing
What is an AI Audit? AI audits determine whether an AI system and its supporting algorithms follow secure, legal, and
Data Exfiltration
What Is Data Exfiltration? Data exfiltration is the unauthorized removal or moving of data from or within digital devices. Data
Data Sovereignty
What is Data Sovereignty? Data sovereignty asserts that digital data is subject to the laws of the country in which
Control Objectives for Information and Related Technologies (COBIT)
What is Control Objectives for Information and Related Technologies (COBIT)? COBIT 5, developed by the Information Systems Audit and Control
Audit Management Software
What is Audit Management Software? Audit management software is the cornerstone of organizations’ efficient audit oversight, governance, and procedural management.
Vendor Framework
What is a Vendor Framework? In today’s turbo-charged business world, we’re all about connections, which means relying on third-party vendors
AI Governance
What is AI Governance? AI governance refers to the comprehensive principles, policies, and practices that guide the ethical development, deployment,
AI Transparency
In today’s digital age, where AI algorithms wield immense power in shaping our lives, understanding how these algorithms make decisions
Internal Penetration Testing
Internal penetration testing is a proactive approach to assess the security posture of an organization’s internal network infrastructure. Unlike external
Cybersecurity Automation
What is Cybersecurity Automation? Cybersecurity automation involves the use of technology, algorithms, and predefined processes to automatically handle and execute
GDPR Compliance Risk Assessment
Embarking on the GDPR (General Data Protection Regulation) compliance journey inevitably brings us face-to-face with a pivotal requirement: regular risk
Audit Fatigue
What is Audit Fatigue? Audit fatigue arises when organizations face numerous and repetitive security and compliance audits, leading to resource
Compliance Operations
What Are Compliance Operations? Compliance operations encompass multifacet‏ed processes and activities undertaken by organizations. They systematically identify, assess, and mitigate
Risk Management Automation
What is Risk Management Automation? Automated risk management involves using advanced technologies to identify, assess, and mitigate potential risks systematically
Corporate Sustainability Reporting Directive
EU’s Corporate Sustainability Reporting Directive (CSRD), in effect since January 5, 2023, mandates EU businesses, including qualifying EU subsidiaries of
Man-in-the-Middle Attack
What is a Man-in-the-Middle Attack? A Man-in-the-Middle (MitM) attack is a cybersecurity threat where an unauthorized actor intercepts and sometimes
Digital Rights Management
What Are Digital Rights? Digital Rights refer to the permissions and restrictions associated with using digital content, such as text,
Content Disarm and Reconstruction
What is Content Disarm and Reconstruction? CDR is a cybersecurity technique that disassembles and reconstructs files to ensure they are
Calculated Risk
Merriam-Webster’s definition of calculated risk: Calculated Risk in Cyber Risk Management In the context of cyber risk management, a calculated
Data Residency
In the digital era, where information traverses borders effortlessly, data residency has emerged as a critical consideration for organizations navigating
Skip to content