Core Concepts
Navigate the complex world of cyber security with CISO Plus
Understand key terms and concepts crucial for CISOs and security teams
CISO – Chief Information Security Officer
A Chief Information Security Officer (CISO) is a senior executive...
Read MoreDigital Forensics
Digital Forensics is a field that specializes in the investigation...
Read MoreGRC – Governance Risk Compliance
Governance, Risk, and Compliance (GRC) is a comprehensive concept that...
Read MorePenetration Test
A Penetration Test or simply pen test, is a simulated...
Read MoreCryptography
Cryptography is the practice of securing information by converting it...
Read MoreAdministrative Controls
Administrative controls are policies, procedures, and guidelines that govern how...
Read MorePhysical Controls
Security measures designed to protect an organization's physical infrastructure and...
Read MoreTOR – The Onion Router
TOR is a privacy-focused network that enables anonymous communication over...
Read MoreTails OS – The Amnesic Incognito Live System
Tails (The Amnesic Incognito Live System) is a privacy-focused Linux...
Read MorePrivilege Creep
Privilege creep occurs when an individual within an organization gradually...
Read MoreThe Principle of Least Privilege
The Principle of Least Privilege (PoLP) is a security concept...
Read MoreIAAA – Identification and Authentication Authorization and Accountability
Identification, Authentication, Authorization, and Accountability (IAAA) are four key principles...
Read MoreDPO – Data Privacy Officer
A Data Privacy Officer (DPO) is a key role within...
Read MoreData Owner
A Data Owner is a person or entity accountable for...
Read MoreData Custodian
A Data Custodian is responsible for the technical management, storage,...
Read MoreBiba Model
The Biba Model is a formal security model focused on...
Read MoreCyber Security Architect
A Cyber Security Architect is a professional responsible for designing...
Read MoreBell LaPadula Model
The Bell-LaPadula Model is a formal security model designed to...
Read MoreTLS – Transport Layer Encryption
TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets...
Read MoreRansomware
Ransomware is a type of cyber attack in which the...
Read MoreVulnerability
A Vulnerability refers to a weakness or flaw in a...
Read MoreAPT – Advanced Persistent Threat
Advanced Persistent Threat (APT) is a term describing a sophisticated...
Read MoreThreat Hunting
Threat Hunting is a proactive process aimed at locating and...
Read MoreCyber Attack Vectors
Attack Vectors are the pathways through which attackers infiltrate computer...
Read MoreCVE – Common Vulnerabilities and Exposures
CVE is a program used for reporting security vulnerabilities and...
Read MoreIOC – Indicators of Compromise
Indicators of Compromise (IOCs) are data or parameters that help...
Read MoreBrute Force Attack
A Brute Force Attack is a trial-and-error method used by...
Read MoreInsider Threat
An Insider Threat refers to a security risk posed by...
Read MorePacket Sniffing
Packet Sniffing is a technique used to monitor and capture...
Read MorePhishing Attack
Phishing is a social engineering attack in which cybercriminals impersonate...
Read MoreIOA – Indicators of Attack
Indicators of Attack (IOA) are behavioral patterns or activities that...
Read MoreSQL Injection
SQL Injection (SQLi) is a code injection technique in which...
Read MoreSupply Chain Attack
A Supply Chain Attack refers to a situation where attackers...
Read MoreDOS/DDOS- Denial of Service
A Denial of Service (DoS) attack is an attempt to...
Read MoreSocial Engineering
Social Engineering is a manipulation technique used by attackers to...
Read MoreRAT – Remote Access Trojan
A Remote Access Trojan (RAT) is a type of malware...
Read MoreNAC – Network Access Control
Network Access Control (NAC) is a security solution that helps...
Read MoreIDPS – Intrusion Detection and Prevention System
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are...
Read MoreVPN – Virtual Private Network
A Virtual Private Network (VPN) is a technology that allows...
Read MoreEDR / XDR – Extended Endpoint Detection and Response
Extended Detection and Response (XDR), similar in nature to EDR,...
Read MoreSIEM – Security Information and Event Management
Security Information and Event Management (SIEM) is a system designed...
Read MoreSOAR – Security Orchestration Automation and Response
Security Orchestration, Automation, and Response (SOAR) is a solution designed...
Read MoreDLP – Data Loss Prevention
Data Loss Prevention (DLP) systems focus on identifying, monitoring, and...
Read MoreSOC – Security Operations Center
A Security Operations Center (SOC) is a centralized unit within...
Read MorePatch Management
Patch Management involves identifying, assessing, and installing updates and patches...
Read MoreUAC – User Access Control
User Access Control (UAC) is a security feature in Windows...
Read MoreWSC – Windows Security Center
Windows Security Center (WSC) is a built-in feature in Windows...
Read MoreEmail Security Gateway
An Email Security Gateway is a system or appliance designed...
Read MoreAMSI – Anti Malware Scan Interface
The Anti-Malware Scan Interface (AMSI) is a security feature in...
Read MoreBastion Host
A Bastion Host (AKA Jump Box) is a specialized server...
Read MoreETW – Event Tracing for Windows
Event Tracing for Windows (ETW) is a high-performance logging mechanism...
Read MoreMFA – Multi Factor Authentication
Multi Factor Authentication (MFA) is a security mechanism that requires...
Read MoreCASB – Cloud Access Security Broker
A Cloud Security Access Broker (CASB) acts as an intermediary...
Read MoreDigital Signatures
Digital Signatures are cryptographic mechanisms used to authenticate the validity...
Read MoreIAM – Identity and Access Management
Identity and Access Management (IAM) is a framework of policies,...
Read MoreSASE – Secure Access Service Edge
Secure Access Service Edge (SASE) is a cloud-based architecture that...
Read MoreWAF – Web Application Firewall
A Web Application Firewall (WAF) is a security solution designed...
Read MoreZero Trust
Zero Trust is a security framework that operates on the...
Read MoreTechnical Controls
Technical controls (also known as logical controls) are security measures...
Read MoreCAASM – Cyber Asset Attack Surface Management
Cyber Asset Attack Surface Management (CAASM) is a security approach...
Read MoreCTI – Cyber Threat Intelligence
Cyber Threat Intelligence (CTI) involves collecting, analyzing, and interpreting information...
Read MoreCSPM – Cloud Security Posture Management
Cloud Security Posture Management (CSPM) refers to the continuous monitoring...
Read MoreRTO – Recovery Time Objective
The Recovery Time Objective (RTO) defines the maximum amount of...
Read MoreRPO – Recovery Point Objective
An Incident Response Plan (IRP) is a strategy that outlines...
Read MoreIRP – Incident Response Plan
An Incident Response Plan (IRP) is a strategy that outlines...
Read MoreDRP – Disaster Recovery Plan
A Disaster Recovery Plan (DRP) is a key document in...
Read MoreBIA – Business Impact Analysis
A Business Impact Analysis (BIA) is a vital process in...
Read MoreBCP – Business Continuity Plan
A Business Continuity Plan (BCP) is a key document in...
Read MoreCBA – Critical Business Asset
A Critical Business Asset (CBA) is the most essential resource...
Read MoreCBP – Critical Business Process
A Critical Business Process (CBP) is the most crucial process...
Read MoreCVSS – Common Vulnerability Scoring System
The Common Vulnerability Scoring System (CVSS) is an international method...
Read MoreMTTR – Mean Time to Recover
Mean Time to Recover (MTTR) is a key metric in...
Read MoreVulnerability Assessment
A Vulnerability Assessment is a systematic process used to identify,...
Read MoreSecurity Posture
Security Posture refers to an organization?s overall cyber security strength,...
Read MoreWRT – Weighted Risk Trend
Weighted Risk Trend (WRT) is a risk assessment metric that...
Read MoreMTTF – Mean Time to Failure
Mean Time to Failure (MTTF) is a metric that estimates...
Read MoreMTD – Maximum Tolerable Downtime
Maximum Tolerable Downtime (MTD) is the longest duration an organization...
Read MoreMTTA – Mean Time to Acknowledge
Mean Time to Acknowledge (MTTA) refers to the average time...
Read MoreMTBF – Mean Time Between Failures
Mean Time Between Failures (MTBF) is a reliability metric that...
Read MoreISO/IEC – 27001
ISO 27001 is a globally recognized standard for information security...
Read MoreNational Institute of Standards and Technology (NIST) Special Publication 800-53
The National Institute of Standards and Technology (NIST) Special Publication...
Read MoreSABSA – Sherwood Applied Business Security Architecture
SABSA (Sherwood Applied Business Security Architecture) is a business-driven security...
Read MoreTOGAF – The Open Group Architecture Framework
TOGAF is a comprehensive framework that guides organizations in designing,...
Read MoreMITRE ATT&CK
MITRE is a not-for-profit organization that operates federally funded research...
Read MoreMITRE D3FEND
MITRE D3FEND is a cyber security framework designed to help...
Read MoreSystems Security Engineering and ISO 15288
Systems Security Engineering focuses on integrating security principles into the...
Read MoreNational Institute of Standards and Technology (NIST) Special Publication 800-160
NIST SP 800-160 is a publication by the National Institute...
Read MoreCOBIT – Control Objectives for Information Technologies
Control Objectives for Information Technologies (COBIT) is a framework designed...
Read MoreNIST Cybersecurity Framework 2.0
The NIST Cybersecurity Framework 2.0 is the latest iteration of...
Read MoreCIS Community Defense Model 2.0
The CIS Community Defense Model (CDM) 2.0, developed by the...
Read MoreISC2 – The International Information System Security Certification Consortium
The International Information System Security Certification Consortium (ISC2) is a...
Read MoreCSA – Cloud Security Alliance
The Cloud Security Alliance (CSA) is a nonprofit organization dedicated...
Read MoreISACA – Information Systems Audit and Control Association
The Information Systems Audit and Control Association (ISACA) is a...
Read MoreIETF – Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is an open standards...
Read MoreICANN – Internet Corporation for Assigned Names and Numbers
The Internet Corporation for Assigned Names and Numbers (ICANN) is...
Read MoreIEEE – Institute of Electrical and Electronics Engineers
The Institute of Electrical and Electronics Engineers (IEEE) is the...
Read MoreIANA – Internet Assigned Numbers Authority
The Internet Assigned Numbers Authority (IANA) is a key organization...
Read MoreCISA – Cybersecurity and Infrastructure Security Agency
The Cyber security and Infrastructure Security Agency (CISA) is a...
Read MoreSANS Institute
The SANS Institute (SysAdmin, Audit, Network, Security) is a globally...
Read MoreEC Council
The EC-Council (International Council of E-Commerce Consultants) is a leading...
Read MoreGDPR – General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a comprehensive data...
Read MoreFISMA – Federal Information Security Modernization Act
The Federal Information Security Management Act (FISMA) is a United...
Read MoreHIPAA – Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) is a...
Read MoreAICPA – American Institute of Certified Public Accountants – SOC2
The American Institute of Certified Public Accountants (AICPA) SOC 2...
Read MoreGRC – Governance Risk Compliance
Governance, Risk, and Compliance (GRC) is a comprehensive concept that...
Read MoreFedRAMP – Federal Risk and Authorization Management Program
FedRAMP (Federal Risk and Authorization Management Program) is a U.S....
Read MorePII – Personally Identifiable Information
Personally Identifiable Information (PII) refers to any data that can...
Read MorePHI – Protected Health Information
Protected Health Information (PHI) refers to any information in a...
Read MoreDPO – Data Privacy Officer
A Data Privacy Officer (DPO) is a key role within...
Read MoreData Owner
A Data Owner is a person or entity accountable for...
Read MoreData Custodian
A Data Custodian is responsible for the technical management, storage,...
Read MoreCCPA – California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a data privacy...
Read MoreCISSP – Certified Information Systems Security Professional
Certified Information Systems Security Professional (CISSP) is an international certification...
Read MoreISC2 – The International Information System Security Certification Consortium
The International Information System Security Certification Consortium (ISC2) is a...
Read MoreCISM – Certified Information Security Manager
Certified Information Security Manager (CISM) is a globally recognized certification...
Read MoreISACA – Information Systems Audit and Control Association
The Information Systems Audit and Control Association (ISACA) is a...
Read MoreCRISC – Certified in Risk and Information Systems Control
Certified in Risk and Information Systems Control (CRISC) is a...
Read MoreSANS Institute
The SANS Institute (SysAdmin, Audit, Network, Security) is a globally...
Read MoreEC Council
The EC-Council (International Council of E-Commerce Consultants) is a leading...
Read More