Cybersecurity governance terms

A security domain is a set of resources and permissions, protected by a common security policy, that applies to specific applications, groups of objects, or environments.

Proprietary information refers to personal or exclusive knowledge, data, or intellectual property owned by a specific individual, organization, or company.

An operational level agreement is an agreement between departments detailing how they work together to support a company’s services.

IT Asset Life Cycle Management oversees an IT asset's entire lifespan in an organization.

An insider attack is a malicious act conducted by someone within an organization, such as an employee or contractor.

An information security policy is a set of rules and guidelines that define how an organization protects its information and technology resources from unauthorized access, misuse, and other security risks.

An information security management system helps organizations to protect their sensitive data.

Identity proofing is verifying a user's claimed identity to ensure it aligns with the actual identity.

Identity orchestration is the coordinated management and synchronization of user identities across various systems and applications.

An identity life cycle is the stages an individual's digital identity goes through in a given system.

Identity fabric is a centralized system designed to securely manage user identities and control system access within an organization.

Identity and access management (IAM) is a framework of policies, processes, and technologies designed to manage digital identities and people's access to systems, applications, and data within an organization.

A human firewall is the practice of empowering employees in an organization to recognize and respond effectively to cybersecurity threats.

Gamification incorporates game elements and mechanics into environments like websites, apps, online communities, business intranets, and learning management systems to boost participation.

Enterprise security architecture is a structured strategy organizations create to protect themselves from cyber threats and unauthorized access.

Enterprise application security refers to various practices protecting critical business applications.

Endpoint security is a means of protecting a network by securing the phones, laptops, and other devices that access it.

Digitalization is using digital technology to modify current or create new business processes, culture, and customer experiences.

Digital trust is the confidence users have in an organization to handle their digital data.

Deprovisioning is about taking away or limiting a user's access to IT tools and data.

Deperimeterization is a concept in information security that suggests a move away from a traditional, perimeter-based security model (where security measures are focused primarily on the outer boundaries of an organization) to a model that emphasizes data protection no matter where it resides.

Generally, declassification is removing the “classified“ label from information or documents that were once kept secret for privacy or national security reasons.

A data governance framework is a set of policies, procedures, standards, and guidelines that define how an organization manages its data assets.

A data custodian is a person or entity responsible for managing and protecting an organization’s data.

A cybersecurity framework provides organizations with guidelines, best practices, and standards to manage and enhance their cybersecurity.

A cybersecurity ecosystem is a safety network that includes people, rules, tools, and devices all working together to protect our computers and online information.

Cyber insurance is an insurance policy protecting holders from the financial fallout of cyber attacks or data breaches.

Critical infrastructure and key resources are the assets that a nation requires to properly function, including the services needed to process, procure, and protect them.

A control framework is a comprehensive set of policies, processes, and procedures organizations use to implement adequate security controls aligned with their business objectives and manage their cybersecurity risks.

The compartmented security mode is a way to handle classified information by dividing it into “compartments.”

CIA triad refers to a popular model used to guide policies for information security within an organization.

C-SCRM (cybersecurity supply chain risk management) refers to strategies, processes, and technical measures designed to mitigate risks related to the supply chain.

An automation platform is a system or tool that can automatically handle, control, and simplify different tasks and processes all by itself.

Application sprawl is an out-of-control proliferation of software within an organization that threatens the efficiency of its operations.

An acceptable use policy is a set of rules users must agree to if they want to access a corporate network, website, or the internet.

CISSP stands for Certified Information Systems Security Professional. It's a respected global certification in cybersecurity offered by (ISC)².