Centraleyes’s Glossary

We Consolidated Key Words, Phrases And Acronyms Into One Central Location.
This Glossary Will Help You Cut Through The Complexity To Fully Understand The Ins And Outs Of The Industry

Glossary visual

Resources | Glossary

Digital Risk Protection
What are Digital Risk Protection Services? To address the rapidly evolving attack surface on digital and social platforms, digital risk
Advanced Persistent Threat
An APT is not your average cyberattack; it is a prolonged and highly targeted campaign orchestrated by skilled adversaries with
Continuous Auditing
What is Continuous Auditing? With automated technologies readily available on the digital market, auditors can now analyze vast volumes of
Risk Control
What is Risk Control? Risk control refers to the systematic and proactive measures and strategies put in place by organizations
What is SSAE 16? Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a standard developed by the
ISMS Awareness Training
What is ISMS Awareness Training? Information Security Management System (ISMS) awareness training teaches individuals the importance of protecting sensitive information
Risk Management Policy
What is a Risk Management Policy? A risk management policy is a structured framework and set of guidelines established by
Risk Avoidance
What is Risk Avoidance? Risk avoidance in cyber security refers to the strategic measures to prevent potential risks and threats.
Resilience Management
A new buzzword has taken center stage in the digital world: resilience. In a world where data flows ceaselessly, businesses
End-To-End Encryption
What is End-To-End Encryption? End-to-end encryption (e2ee) is a security measure that ensures that the data exchanged between two parties
Data Minimization
The ever-increasing volume and speed of data flowing within your organization introduces opportunities and risks. While this data abundance can
Data Spillage
What is Data Spillage? NIST defines data spillage as a “security incident that results in the transfer of classified information
Account Takeover
What Is an Account Takeover? An account takeover refers to a situation where an unauthorized individual gains access to an
Security Gap Analysis
What is a Gap Analysis? Security gap analysis is a procedure that aids businesses in assessing how well their existing
IoT Cybersecurity
The term IoT (Internet of Things) refers to physical devices, vehicles, appliances, and other objects embedded with sensors, software, and
Issue Management
What is Issue Management? Issue management refers to the handling of issues that develop within a company such as employee
Audit Management
What is Audit Management? Audit management is the oversight, governance, and established procedures that help you manage an audit. Audits
Risk Appetite Statement
What is a Risk Appetite Statement? A risk appetite statement is a formal document that states an organization’s willingness and
Due diligence is an investigative process that is carried out to assess an entity under consideration. In business, due diligence
What is GRC? GRC is a structured approach for managing an organization’s overall governance, risk management, and compliance requirements. The
Penetration Testing
What is Penetration Testing? Cyber penetration testing is an effective way to show that your security program is capable of
Complimentary User Entity Controls
What Are Complimentary User Entity Controls? When you think of third-party risk management, what usually comes to mind is the
Network Security Test
What is a Network Security Test? Network security tests help to discover vulnerabilities in a company’s network and internal systems
Compliance Tracking
What is Compliance Tracking? Compliance tracking is a monitoring process that ensures that compliance requirements are being met and identifies
3x3 Matrix
What is a Risk Matrix? A risk matrix is a tool used during the risk assessment stage of risk management.
5x5 Risk Matrix
What is a Risk Matrix? A risk matrix is a tool used during the risk assessment stage of risk management.
4x4 Matrix
What is a Risk Matrix? A risk matrix is a tool used during the risk assessment stage of risk management.
Spooling in Cyber Security
What is Spooling in Cyber Security? Spooling is an important mechanism in computer systems that helps temporarily store data in
Regulatory Risk
What is Regulatory Risk? Regulatory risk is the impact of changing laws and regulations on your business. Changes in regulation
EHS Compliance
What is EHS Compliance? EHS (Environmental Health and Safety) compliance is the process of ensuring that a company complies with
Dynamic Risk Assessment 
What is a Dynamic Risk Assessment? Risk assessments, as we know them, are a one-time evaluation of potential risks inherent
Written Information Security Program
What is a Written Information Security Program? A Written Information Security Program (WISP) is a document that details an organization’s
Attack Surface Management
What is Attack Surface Management? Attack surface management (ASM) is the continuous identification, assessment, and remediation of potential attack vectors
Qualified Security Assessor
A qualified security assessor, often known as a QSA, assists businesses in detecting weaknesses in their cybersecurity and cyber security
Risk Acceptance
What is Risk Acceptance? Risk acceptance is a decision to accept risk instead of eliminating, avoiding, or mitigating it. Accepting
Vulnerability Scanners
What are Vulnerability Scanners? Vulnerability scanners identify and assess vulnerabilities on a computer or network that could be exploited by
Residual Risk
What is Residual Risk? Residual risk is the byproduct of managed risk that remains after controls are implemented. Residual risk
What is DevSecOps? DevSecOps is a trend in application security (AppSec) that involves introducing security at the conception of the
Vulnerability Remediation
A security vulnerability is a weakness in your system which can be exploited if left unattended. The process of identifying
Identity & Access Management
What is Identity and Access Management? Identity and Access Management (IAM) system defines and manages user identities and access permissions.
 Cybersecurity Mesh Architecture
Defining Cybersecurity Mesh Architecture Cybersecurity mesh architecture (CSMA) refers to an architectural model that integrates disparate and widely distributed security
Proactive Risk Management
What is proactive risk management? Proactive risk management is the concept of dealing with risks before they happen and figuring
Corporate Security Audit
A security audit systematically evaluates a company’s information system’s security by gauging how closely it adheres to predetermined standards. A
SOC Trust Services Criteria
Just how do the SOC2 people decide who qualifies to certify? The answer lies in the SOC 2 Trust Services
Risk Prioritization
Risks may be infinite, but our time and budget (sadly) are not. Risk prioritization is the process of analyzing identified
Vendor Assessment
Businesses have to purchase goods and services from third-party vendors regularly in order to develop their products and maintain internal
Automated Risk Assessment
Cyber security is a complex topic that strikes fear into the hearts of any stakeholder that could potentially be held
IT General Controls
What are IT General Controls and why do we need them?  IT applications are a core part of almost everything
Cyber Security Risk Register
The risks may vary but the goal does not: reducing risk through remediation or mitigation. Risk registers are not a
Cyber Risk Score
What is Cyber Risk Score A cyber risk score is a numerical assessment of the level of security of an
Risk-Based Security
What is Risk-Based Security Risk-based security approach addresses security risks by first identifying and evaluating threats facing the organization. A
Cyber Security Ratings
What Are Cyber Security Ratings Cyber security risk ratings are an important metric for businesses to consider when assessing their
Common Vulnerability Scoring System
What is CVSS Scoring Cybersecurity is an all-encompassing state of protection from unauthorized use of electronic data. It is an
Attribute-Based Access Control
What Is Access Control? Network users must be authorized and authenticated in any organization before they are allowed access to
Access Control Policy
What is Access Control Policy Considered a key component in a security plan, access control policies refer to rules or
What is Security Orchestration
What is Security Orchestration Security orchestration is the first of the SOAR cybersecurity acronym. Gartner introduced the SOAR (Security Orchestration,
Cyber risk remediation
What is Cyber Risk Remediation? Cyber risk remediation is a process of identifying, addressing, and minimizing cyber vulnerabilities and risks
ESG Framework
What is ESG? ESG (environmental, social, and governance) is a term used to represent an organization’s corporate interests that focus
FAIR Training
What is the FAIR model? The FAIR model introduces a unique method of risk management. Training in the FAIR Institute
cybersecurity architecture
What is the Definition of Cybersecurity Architecture? Cybersecurity Architecture, also known as Security Architecture or Network Security Architecture, describes the
Risk Management Maturity
What is Risk Management? Risk management is the process used to manage risk in your organization. It also accelerates the
Crosswalking Controls
What is a Security Controls Crosswalk? A control crosswalk helps link two different frameworks by connecting an identical requirement, or
Attestation of Compliance
What is an Attestation of Compliance (AoC)?  Attestation of Compliance (AoC) is a statement of an organization’s compliance with PCI
Cyber Attack Vector
What is an attack vector? We’ll start with a biology lesson. Vectors are small organisms such as mosquitoes, parasites, or
information security governance
The overarching concepts and values that govern how you operate your organization are known as governance. That has to do
Operational Resilience
Endurance in an Era of Uncertainty Operational resilience can be explained as the ability of a system to maintain operations
Digital Risk Management
What is Digital Risk? Digital risk refers to the negative, sometimes unknown, outcomes that stem from adopting new digital technologies.
EDR Solutions
What is an EDR solution? EDR stands for Endpoint Detection and Response.  The term originated as “ETDR” (Endpoint Threat Detection
Cyber Threat Modeling
What is Threat Modeling? Cyber threat modeling is a process whose goal is to identify the types of threats that
Information Security Management System
What is an ISMS? An information security management system (ISMS) involves putting policies, procedures, and controls into writing to create
GRC Tool
An Introduction to GRC Tools GRC management has become a necessity. To integrate a GRC management strategy, a company must
Cybersecurity Posture
What is Cybersecuriy Posture? This refers to an organization’s cybersecurity readiness.  The vast majority of companies have moved all their
Cybersecurity Maturity Model Certification (CMMC)
The CMMC, or Cybersecurity Maturity Model, is a program established by the Department of Defense to be upheld by contractors
Cybersecurity Audit
What is a Cybersecurity Audit? A cybersecurity audit takes place to assess compliance, identify vulnerabilities and recognize any other problem
Information Security Risk
Information technology is an excellent opportunity for businesses to increase their capabilities, but it’s also a significant source of organizational
Supply chain compliance
A supply chain is a delicate structure composed of multiple companies, decision-makers, and suppliers all working together to get things
Compliance Automation Software
Security and compliance have always been critical tasks in business operations, and management teams have always been looking for ways
Cybersecurity Risk Analysis
A cyber risk analysis will involve looking at each and every cyber security related risk in detail, reviewing them as
IT Vendor Risk Management
Almost all companies need to purchase goods and services from third-party suppliers to manufacture their products and maintain internal operations.
Cybersecurity Performance Management
As workflows become more digitized and the use of cloud tools and communication platforms becomes more commonplace, businesses are understandably
Cybersecurity Incident Disclosure
Surveys have shown that 7 out of 10 business leaders believe that cybersecurity risks are rising in recent years, partly
Cyber Governance
As business operations become more digitized and cloud-based, the need to address cyber security and data privacy risks is more
ESG Risk Management
ESG stands for Environmental, Social, and Governance. These are the issues that businesses today are taking a stand on, and
Application Risk Assessment
Businesses rely on a multitude of software platforms and applications every day, from cybersecurity tools, accounting solutions, to customer-facing applications.
Self Assessment Questionnaire
A Self-Assessment Questionnaire certainly sounds self-explanatory but when used to refer to the PCI-DSS, it takes on a more nuanced
The Digital Age has greatly improved the efficiency of business operations and boosted revenue for almost all industries involved. But
Zero Trust Architecture
Zero trust network security is a dramatic shift in attitude towards network security resulting in restrictive access to networks, environments,
RMIS Software
When you mention the acronym “RMIS,” most people think of claims management in the insurance industry. But the use cases
Vendor Management Policy
Businesses already have a compliance risk management program in place to prevent internal infractions of domestic and international regulations, avoid
Audit Trail
From malicious fraud and cybersecurity breaches to small typos in financial statements, no company is ever completely safe from risks.
As work becomes more digitized and connected to the cloud, the risk of cybersecurity threats and attacks grows, and businesses
Cloud Security Compliance
Cloud computing is more popular than ever before. The potential for new innovations and capabilities with Cloud Computing is endless.
IT Security Policy
Information Security’s high-level goal is to ensure the safety and privacy of critical data. An IT Security Policy lays out
Data Classification Policy
Data classification plays an important role in ensuring that a given enterprise remains in compliance with applicable regulations. Having a
Data Compliance
Data protection laws are becoming more stringent by the day as the threat of cybercrime has escalated in recent years.
Quantitative Risk Assessments
What is Quantitative Risk? NIST describes quantitative risk as the “use of a set of methods, principles, or rules for
Compliance Program
One of the key elements of any organization that uses Governance, Risk Management and Compliance (GRC) regulation tools is a
Controlled Unclassified Information
What is Controlled Unclassified Information (CUI)? CUI – Controlled Unclassified Information is information that is owned by the government and
Compliance Automation
In today’s business world, compliance plays a big part in every industry. Compliance increases safety and reduces risk. Staying compliant
Cyber Risk Quantification
Cyber Risk Management Cyber attacks today are complex and impact businesses on multiple levels:  Loss of business continuity The cost
Third-Party Risk
In today’s world, where we rely more and more on third parties and vendors for our business activities and needs,
IT Risk Assessment
What is an IT Risk Assessment? An IT security risk assessment is the process of assessing the risks facing your
Information Security Policy (ISP)
Information security policy (ISP) is a set of rules and processes for employees and affiliated parties that are created to
Security Questionnaire
Organizations today are increasingly using more third-party vendors who help streamline operations and services to support their business. The outsourcing
What is Integrated Risk Management
The needs of businesses everywhere are changing. Thanks to the adoption of the Internet, digital data, and other technologies, cybersecurity
What is Compliance Reporting
All organizations need to consider the laws and standards set by regulatory bodies when designing internal workflows, as the penalty
Businesses of all sizes and industries have to pay attention to the government regulations that impact them. The penalty for
Skip to content