Governance, Risk, and Compliance, - integrates IT security governance, risk management, and
regulatory compliance into business operations
Security Architecture
The design of systems, technologies, and processes that align with business goals and mitigate risks
Security Engineering
The discipline of building and maintaining secure IT systems
Security Operations
The ongoing monitoring, detection, and response to security incidents
Policy
High-level statements from senior leadership outlining security goals and compliance
Procedure
Detailed instructions that explain how to implement security policies
, Standard
Mandatory rules and technical specifications that must be followed
Guideline
Best practice recommendations that help improve security posture
RACI Matrix
A framework defining who is Responsible, Accountable, Consulted, and Informed
Awareness Training
Educational programs to teach employees about cybersecurity risks and best practices
Phishing
A type of social engineering where users are tricked into providing sensitive information
Social Engineering
Manipulation of people into divulging confidential information
CIA Triad