Centraleyes’s Glossary

A-Z guide to commonly used cybersecurity terms and phrases
 
Glossary visual

Resources | Glossary

Supplier Performance Risk System
If you plan on working with the Department of Defense (DoD) and handling Controlled Unclassified Information (CUI), you’ve probably heard...
audit exception-feature
What is an Audit Exception? Audit Exception is a term that often pops up in discussions about internal audits, financial...
managed security service provider
What is a Managed Security Service Provider? A Managed Security Service Provider acts as an extension of an organization’s IT...
pa-dss
What is PA-DSS? The Payment Application Data Security Standard (PA-DSS) was a globally recognized security standard developed by the Payment...
cybersecurity-benchmark
What is Cybersecurity Benchmarking? Would you drive a car without knowing its safety rating? Just like crash tests help assess...
cardholder data environment
What is a Cardholder Data Environment (CDE)? A Cardholder Data Environment (CDE) refers to the specific systems, processes, and people...
c3pao
What Is a C3PAO? A C3PAO (Certified Third-Party Assessment Organization) is an organization accredited by the Cybersecurity Maturity Model Certification...
iso-annex-a-controls
ISO 27001 is the globally recognized standard for managing information security. Central to this standard is the concept of an...
Trust Center
Trust Centers are having their moment. They’ve become a must-have for organizations handling sensitive data. Acting as a central, public-facing...
iso-surveillane-audit-feature
ISO 27001 is one of the most widely recognized and adopted standards for information security management systems (ISMS). Achieving ISO...
iso-internal-audit-feature
The ISO 27001 internal audit process is a critical step in achieving and maintaining compliance with the standard. It ensures...
nacha-compliance-feature
What Is NACHA Compliance? NACHA compliance refers to adherence to the operating rules and guidelines set forth by the National...
microsoft-sspa
If you’re a Microsoft supplier, you must adhere to the Microsoft Supplier Security and Privacy Assurance (SSPA) program. This Microsoft...
Information Security Compliance
What is Information Security Compliance? Information security compliance is the ongoing process of ensuring your organization meets security standards, follows...
Privacy Threshold Assessment
As privacy concerns grow globally, organizations are often required to assess how they handle personal data to ensure they meet...
Incident Response Model
What is an Incident Response Model? When a cyberattack hits, every second counts. Organizations need a structured, reliable framework to...
GRC Maturity Model
Governance, risk, and compliance (GRC) programs have evolved significantly over the last two decades. From ad-hoc practices to sophisticated, technology-backed...
Risk Control Matrix
What Is a Risk Control Matrix? A Risk Control Matrix is a document or tool that helps organizations identify, assess,...
HIPAA Employee Training
What is HIPAA Employee Training?  The Health Insurance Portability and Accountability Act (HIPAA) is the backbone of patient privacy in...
Vendor Scorecard
What is a Vendor Scorecard? A vendor scorecard is a performance measurement tool used by organizations to assess, rate, and...
Threat Intelligence Platform
What is a Threat Intelligence Platform? A TIP software solution gathers, analyzes, and distributes real-time intelligence on cyber threats from...
What are Standard Contractual Clauses (SCCs)? Standard Contractual Clauses (SCCs) are essential for organizations that transfer personal data internationally. With...
NIS Regulations
What is the NIS Directive? The Network and Information Systems (NIS) Directive was introduced by the European Union in 2016...
Living-Off-the-Land Attacks
What Are Living Off the Land (LOTL) Attacks? The term “Living off the Land” refers to the technique where attackers...
grc as a service-feature
Today, businesses are juggling more GRC requirements than ever before. It’s no surprise that many companies are looking for smart...
DAC glossary feature
What is Discretionary Access Control (DAC)?  Discretionary Access Control (DAC) is one of the simplest and most flexible access control...
asv-glossary-feature
What is CDI (Covered Defense Information)? Covered Defense Information (CDI) refers to unclassified information that requires protection due to its...
ai secure development glossary feature
What is AI Secure Development? AI secure development means ensuring security is part of the AI development process from the...
asv-glossary-feature
What is an Approved Scanning Vendor? An Approved Scanning Vendor (ASV) is a company or organization that has been certified...
law enforcement security
Not all sensitive information is classified at the highest levels in the law enforcement sector. Some of it falls into...
Skip to content