Glossary

AICPA

AICPA- American Institute of Certified Public Accountants The AICPA is a professional organization for certified public accountants (CPAs) in the United States. It provides guidance, sets professional standards, and advocates for the accounting profession. It is the largest organization of […]

Learn More

Auditor

A professional that examines and evaluates financial information, internal controls, and business processes. A business hires an Auditor to assess compliance security standards like SOC 2, ISO 27001 and PCI DSS. It also helps companies to express an opinion on […]

Learn More

CCPA

CCPA- California Consumer Privacy Act Comprehensive privacy legislation in California grants consumers certain personal rights. It imposes obligations on businesses that collect, process, or sell consumer data. As per this act, businesses must notify customers about the uses of their […]

Learn More

Cardholder Data

Cardholder data is defined by the Payment Card Industry Security Standards Council (PCI SSC) as the complete Primary Account Number (PAN) or the complete PAN. It can include any of the following components: Name of the cardholder Date of expiration […]

Learn More

Risk Management

Risk Management is defined as the systematic process of identifying, assessing, prioritizing, and mitigating risks to minimize their impact on an organization’s objectives. It involves planning, monitoring, and controlling risks. It can include both quantitative and qualitative approaches to identify […]

Learn More

Compliance Software

Compliance Software is Software designed to assist organizations in adhering to regulatory requirements, industry standards, and internal policies. It helps automate compliance management processes, track regulatory changes, and ensure adherence to guidelines. A company can use compliance software to scan […]

Learn More

Cybersecurity

Cybersecurity is the advanced practice of protecting computer systems, networks, and data from theft, damage, or unauthorized access to the internet. It encompasses various technologies, processes, and practices to ensure the confidentiality, integrity, and availability of information. Designing effective cybersecurity […]

Learn More

Data Breach

Data Breach is defined as the unauthorized access, disclosure, or acquisition of sensitive information, such as personal or financial data. Data breaches can result in the compromise of data integrity and confidentiality. Numerous things, such as physical theft, human error, […]

Learn More

Data Integrity

The reliability, correctness, and consistency of data at every stage of its lifecycle—from creation to deletion—are referred to as data integrity. It is an essential component of data management that guarantees data is reliable and suitable for the intended use. […]

Learn More

Data Loss Prevention

DLP- Data Loss Prevention A collection of procedures and tools known as data loss prevention (DLP) are intended to stop private or sensitive data from being misplaced, stolen, or made public. It is an essential part of information security that […]

Learn More

Firewall

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between trusted internal networks and untrusted external networks. Firewalls come in various varieties, such as […]

Learn More

GDPR

GDPR- General Data Protection Regulation GDPR is a comprehensive data protection and privacy regulation enacted by the European Union (EU). It governs the processing and handling of personal data and enhances the rights and privacy of individuals. GDPR is important […]

Learn More

Governance, Risk, and Compliance (GRC)

Organizations utilize the GRC management framework to make sure they are conducting business in a morally, legal, and efficient manner. It is a comprehensive strategy that mixes different procedures, practices, and technological tools to control risks for a company, comply […]

Learn More

ISO 27001

ISO 27001 is an international standard protocol for information security management systems (ISMS), and the International Electrotechnical Commission (IEC). It provides a systematic approach to managing sensitive company information and ensuring its confidentiality, integrity, and availability. Auditors can award ISO […]

Learn More

ISO 27001 Stage 1 Audit

Stage 1 Audit of ISO 27001 is an audit where the information security management system (ISMS) documentation will be examined by the auditor to make sure that the policies and procedures adhere to the specifications stated in clauses 4 through […]

Learn More

ISO 27001 Stage 2 Audit

The second stage of the two-stage audit process for Information Security Management System (ISMS) certification to the ISO/IEC 27001 standard is called an ISO 27001 Stage 2 audit. This stage determines whether the organization’s ISMS is successfully implemented and maintained […]

Learn More

ISMS

ISMS- Information Security Management System The ISMS protects and safeguards sensitive data within an enterprise. It secures organizations’ information which consists of people, processes, systems, technologies, information assets, and policies. Data is safeguarded by an ISMS through: Determining which information […]

Learn More

Information Security Policy

A comprehensive document that outlines an organization’s approach, commitment, and directives regarding the protection of information assets and the management of information security risks. The policy acts as a guide for the information security program of an organization, defining the […]

Learn More

Internal Audit

An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. Internal audit provides an evaluation of risk management, control, and governance processes.

Learn More

International Organization for Standardization (ISO)

The non-governmental International Organization for Standardization, or ISO, is responsible for creating and disseminating international standards across a broad spectrum of fields and industries. The ISO 9001 standard for quality management systems, which is widely utilized by businesses worldwide to […]

Learn More

Intrusion Detection System (IDS)

IDS is an automated security technology designed to monitor and analyze network or system activities for signs of malicious activities or security policy violations. IDSs employ a variety of methods, such as anomaly, behavior, and signature-based detection, to find suspicious […]

Learn More

Intrusion Prevention System (IPS)

IPS is a network security solution that actively monitors and analyzes network or system activities to detect and prevent potential security threats or malicious activities in real-time. Unlike IDS, IPS identifies hostile activity and traffic in systems using methods including […]

Learn More

Malware

Any software or program that is intentionally created to harm, damage, or interfere with computer systems, networks, or mobile devices is referred to as malware or malicious software. Malware can be found in a wide variety of formats, such as […]

Learn More

Attestation of Compliance (AoC)

AoC or Attestation of Compliance (AoC) is a document that attests to an organization’s compliance with the Payment Card Industry Data Security Standard (PCI DSS) after scrutinizing an evaluation. Major credit card firms create the PCI DSS as a set […]

Learn More

Approved Scanning Vendor (ASV)

ASV is an organization authorized by the Payment Card Industry Security Standards Council (PCI SSC) to conduct external vulnerability scanning services for merchants and service providers to achieve PCI DSS compliance. The PCI SSC intends to safeguard the collection of […]

Learn More

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that guarantees any business handling, storing, or securely transmitting credit card data. To handle PCI security standards and enhance account security throughout the transaction process, it […]

Learn More

Self-Assessment Questionnaire (SAQ)

PCI SAQ- Payment Card Industry Self-Assessment Questionnaire A validation tool designed by the Payment Card Industry Security Standards Council (PCI SSC) for merchants and service providers to assess their compliance with the Payment Card Industry Data Security Standard (PCI DSS). […]

Learn More

Report on Compliance (RoC)

A comprehensive document generated by a Qualified Security Assessor (QSA) following an audit, detailing an organization’s adherence to the Payment Card Industry Data Security Standard (PCI DSS). The RoC serves as a validation of an organization’s commitment to maintaining secure […]

Learn More

Pen Test

A cybersecurity assessment technique that simulates real-world attacks on a system, network, or application to identify vulnerabilities and assess the effectiveness of security controls. Penetration testing is required for both the ISO 27001 and SOC 2 audits. For businesses, Penetration […]

Learn More

Phishing

Phishing is a form of social engineering attack in which a perpetrator sends phony emails, texts, or other electronic communications to people to compel them into disclosing personal information, financial information, or login credentials. Phishing attacks can employ several techniques […]

Learn More

Policy

A policy is a set of principles, guidelines, or rules established by an organization to govern its operations, decision-making processes, and behavior of individuals within the organization. It also underlines the procedures for maintaining compliance and security. It describes roles […]

Learn More

Privacy Policy

Privacy Policies are the legal procedures applied to an organization for gathering, using, and safeguarding personal data from users, clients, and consumers. It is a legally binding document. Names, addresses, phone numbers, email addresses, credit card numbers, and any other […]

Learn More

Qualified Security Assessor (QSA)

QSA is an organization or individual authorized by the Payment Card Industry Security Standards Council (PCI SSC) to assess, evaluate, and validate an entity’s compliance with the Payment Card Industry Data Security Standard (PCI DSS). A QSA will examine an […]

Learn More

Personally identifiable information (PII)

Personally Identifiable Information (PII) is a set of any information that can be used to identify an individual, including but not limited to name, address, email, social security number, financial data, and more. PII is critical to safeguard as it […]

Learn More

Ransomware

Malicious software also called ransomware encrypts a victim’s data or system, making it impossible for them to be accessed, and then demands a ransom to be paid to unlock the system. When a victim of a ransomware assault clicks on […]

Learn More

Risk Assessment

Risk Assessment is the best process that Organizations use to identify and assess their cybersecurity risks, vulnerabilities, and threats with the aid of a secured approach. The two main objectives of risk assessment are to impart an organization’s security posture […]

Learn More

SOC 1

SOC 1 is an auditor’s report that evaluates financial reporting controls. It is also called the Service Organization Control 1 Report (SOC 1). Businesses that offer services that might have an impact on a client’s financial statements or internal controls over financial reporting are the focus of SOC 1.

Learn More

SOC 2

Security and compliance controls are evaluated in the Service Organization Control 2 Report (SOC 2). It is also another version of the auditor report. In addition to B2C companies handling sensitive data, every business providing B2B services ought to consider completing a SOC 2 report.

Learn More

SOC 2 Report

SOC 2 Report is a comprehensive report generated based on the results of a Service Organization Control (SOC) 2 audit, assessing an organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. The SOC 2 Report includes Management Assertion, […]

Learn More

Trust Services Criteria

Trust Service Criteria is a set of criteria developed by the American Institute of CPAs (AICPA) for assessing controls related to security, availability, processing integrity, confidentiality, and privacy in service organizations undergoing audits such as SOC 2. Auditors utilize the […]

Learn More

SOC 2 Type I

SOC 2 Type I is a foundational step for organizations aiming to establish and communicate their commitment to the highest standards of data security and privacy at a point in time. SOC 2 Type I is a designation within the […]

Learn More

SOC 2 Type II

A SOC 2 Type 2 report looks at the system and control performance of a service organization for a set amount of time, usually three to twelve months. An external audit by a CPA firm authorized by the AICPA is […]

Learn More

SOC 3

A higher level and more succinct version of SOC 2, the Service Organizational Control 3 Report (SOC 3) is intended for public dissemination as promotional material. A SOC 2 Type II must be completed before an organization can receive a […]

Learn More

Security Questionnaires

Security questionnaires are a structured set of inquiries designed to assess the cybersecurity practices and measures implemented by organizations. Typically used in vendor risk management and third-party assessments, these questionnaires help evaluate the security posture of a company, ensuring it […]

Learn More

Social Engineering

The term “social engineering” describes the use of psychological manipulation strategies to deceive individuals into disclosing private information or acting against their better judgment. This can use strategies like trickery, cajoling, threats, or taking advantage of vulnerable feelings in people, […]

Learn More

System Description

System Description is a SOC 2 report on business systems, rules, and practices about the Trust Services criteria of security, availability, processing integrity, confidentiality, and privacy reports. Also included in the SOC 2 report, the System Description is a crucial […]

Learn More

Vendor Risk Assessment

A Vendor Risk Assessment (VRA) is a systematic process of evaluating and managing the potential risks associated with engaging third-party vendors, suppliers, or service providers. The assessment aims to ensure that these external entities adhere to security, privacy, and compliance […]

Learn More

Vulnerability Scan

A Vulnerability Scan is a systematic process of identifying, assessing, and prioritizing security vulnerabilities in computer systems, networks, applications, or infrastructure. It involves the use of specialized tools to detect weaknesses that could be exploited by malicious actors to compromise […]

Learn More