Practices and technologies designed to protect cloud-based systems, data, and infrastructure from threats.

The design framework that defines how security controls are integrated within a system or environment.

Adherence to standards set by the International Organization for Standardization for effective management and security.

Guidelines developed by the National Institute of Standards and Technology for managing cybersecurity risks.

The process of identifying, assessing, and mitigating risks to minimize their impact on an organization.

A structured approach to identifying and prioritizing potential security threats to a system.

The process of identifying, quantifying, and prioritizing vulnerabilities in a system.

Simulated cyberattacks to evaluate the security of a system by exploiting vulnerabilities.

Ongoing assessment of systems to ensure adherence to relevant laws, regulations, and standards.

A structure that outlines the processes and responsibilities for ensuring compliance and effective risk management.

Safeguards or countermeasures to protect information systems from threats.

Visual representations of the components of a system, showing how they interact and are secured.

A document that lists identified risks, their assessment, and mitigation strategies.

A practice exercise that mimics an actual audit to assess compliance and security measures.

An approach to ensure ongoing adherence to compliance requirements throughout a system's lifecycle.

The process of addressing and managing the aftermath of a security breach or attack.

The method of converting data into a coded format to prevent unauthorized access.

Mechanisms that restrict access to systems or data based on user roles and permissions.

A security measure requiring multiple forms of verification to access a system.

A formal document that outlines an organization's security expectations and practices.

A company that offers cloud computing services, including infrastructure, platforms, and software.

A framework defining the security responsibilities of cloud service providers and customers.

A standard for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

The process of informing affected individuals about a data breach that compromises their personal information.