C - Definitions

  • C

    Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cloud computing security

    Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.

  • COBIT 5 (Control Objectives for Information and Related Technology 5)

    COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).

  • Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS)

    Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is program for evaluating IT products' conformance to international IT security standards. 

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit... (Continued)

  • compliance burden

    Compliance burden, also called regulatory burden, is the administrative cost of a regulation in terms of dollars, time and complexity.

  • compliance framework

    A compliance framework is a structured set of guidelines that details an organization's processes for maintaining accordance with established regulations, specifications or legislation.

  • compliance risk

    Compliance risk is exposure to legal penalties, financial forfeiture and material loss an organization faces when it fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.

  • compliance validation

    In compliance, validation is a formal procedure to determine how well an official or prescribed plan or course of action is being carried out. Continued...

  • Computer Fraud and Abuse Act (CFAA)

    The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.

  • COMSEC (communications security)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.

  • conduct risk

    Conduct risk is the prospect of financial loss to an organization that is caused by the actions of an organization's administrators and employees.

  • control framework

    A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close