Risk management Definitions

  • C

    Center for Internet Security (CIS)

    The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.

  • Certified Information Systems Risk and Compliance Professional (CISRCP)

    A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).

  • chief risk officer (CRO)

    The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.

  • cloud computing security

    Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. Auditors review security polices, user access controls and risk management procedures over the course of a compliance audit... (Continued)

  • Computer Fraud and Abuse Act (CFAA)

    The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.

  • COMSEC (communications security)

    Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.

  • D

    data governance policy

    A data governance policy is an organization’s set of information management processes that are designed to assist business administration and protect company assets.

  • E

    enterprise security governance

    Enterprise security governance is a company's strategy to reduce risk by protecting systems and information, as well as its execution of that strategy.

  • I

    inherent risk

    Inherent risk is a category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented.

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine how well it conforms to a set of specific criteria.

  • N

    National Information Assurance Partnership (NIAP)

    The National Information Assurance Partnership (NIAP) is a U.S. government program designed to meet the security testing needs of information technology consumers and developers. The

  • NERC CIP (critical infrastructure protection)

    The NERC CIP (critical infrastructure protection) plan is a set of requirements designed to secure assets vital to reliably operating North America's bulk electric system.

  • O

    Occupational Safety and Health Administration (OSHA)

    Occupational Safety and Health Administration (OSHA) is a federal organization (part of the Department of Labor) that ensures safe and healthy working conditions for Americans by enforcing standards and providing workplace safety training.

  • online risk

    Online risk is the vulnerability of an organization's internal resources that arises from the organization using the Internet to conduct business.

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close