Glossary

This glossary defines commonly used terms in cybersecurity in an enterprise-wide risk management (ERM) context. Words in italics have their own separate glossary entries, so please see cross listing for a complete understanding of definitions.

Access controls –

Mechanisms and techniques used to ensure that access to assets is authorized and restricted based on organization and security requirements.

Assessing risk-management effectiveness

To evaluate or diagnose how well an organization risk management system is doing the right things (effectiveness) to manage risk. For internal audit/board: an objective written assessment of the effectiveness of the system of risk management and the internal control framework to the board.

BCP

See business continuity plan (BCP).

Benchmarking

The use of internal or external points of reference or standards against which risk management system and effectiveness may be compared, checked, or assessed.

Board

The board of directors responsible for organization risk oversight and their equivalents in public agencies and not-for-profits.

Boom

A term for a cyber event with all pre-event planning actions taking place left of boom and all reactionary measures happening right of boom.

Business continuity plan (BCP)

Is typically made up of the corporate wide or level BCP and the business unit BCPs. The BCPs focus on the continuity, recovery, and resumption of the critical business unit functions (i.e., from a disruption).

Get The Cyber Risk Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.