Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

Clarifying 10 Cybersecurity Terms

Home
Industry Insights
Clarifying 10 Cybersecurity Terms

Blog Article Published: 01/19/2024

Written by Megan Theimer, Content Program Specialist, CSA.

The many facets of cloud and cybersecurity work together to create a holistic security posture. It’s rare to find an organization that has the skills and resources to devote the ideal amount of attention and energy to every area of cybersecurity, but being able to define some basic policies and procedures is a great place to start.

In this blog, we’re clarifying the definitions of 10 cybersecurity terms related to the different domains of cybersecurity to help you take those first steps toward a more robust security posture.


1. Governance, Risk, and Compliance (GRC)

The policies and procedures that manage the organization's information security governance (aligning the management and control of information with business objectives), risk management (identifying, analyzing, and responding to risks), and compliance (conforming with requirements and regulations).

Learn how to create a GRC program.


2. Risk Tolerance

The level of risk or degree of uncertainty acceptable to organizations. An organization’s risk tolerance level is the amount of data and systems that can be risked to an acceptable level.

Participate in the CSA AI Technology and Risk Working Group.


3. Residual Risk Management

Analysis and plans for remediating information security risk that remains after the theoretical or applied implementation of mitigating controls with the intent of increasing control effectiveness and ultimately reducing risk to an acceptable level.

Get an update on the current state of risk governance.


4. Data Governance

Outlining and looking for compliance on how data is managed, transformed, and stored throughout the IT infrastructure of an organization. This includes data ownership, figuring out how data should be classified, outlining the responsibilities that asset owners have, prescribing the necessary controls, and figuring out how data should be deleted.

Explore the security and governance of data lakes.


5. Configuration Management

The process and procedures for managing the configuration of assets (servers, storage arrays, network equipment, etc.) to assure that their configuration as deployed matches that specified by policy, standards, and guidelines. The goal is to maintain the assets in a consistent, desired state as defined within the organization.

Learn about the configuration and monitoring of IAM.


6. Endpoint Monitoring

The collection of events associated with end user usage of devices, offering in-depth visibility into the total security of your network-connected devices or endpoints.

Discover why endpoint security shouldn’t be your organization’s primary focus.


7. Penetration Testing

Also known as ethical hacking. A means of evaluating an organization’s systems’, networks’, and applications’ security by using hacker tools and techniques in order to identify and discover vulnerabilities.

Learn how penetration testing in the cloud works.


8. Business Continuity and Disaster Recovery (BCDR)

The implementation of measures designed to ensure operational resiliency and minimize the impact of service disruptions, regardless of their nature or scale.

Get an overview of how to approach BCDR in the cloud.


9. Crisis Management

The overall coordination/strategy of an organization’s crisis response with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, or ability to operate. This includes preparing for, responding to, and recovering from an incident.

Apply CSA’s Cloud Incident Response Framework to your crisis management plan.


10. Collective Responsibility

The idea that everyone is responsible for the security stance of an organization. Security must no longer be considered an afterthought, someone else’s responsibility, distinct from business objectives, or as something ephemeral whose progress cannot be measured.

Learn why a sense of collective responsibility is imperative to DevSecOps.


Find other helpful introductory resources on our Cloud 101 page.

Risk ManagementTransitioning to the cloud

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Virtual Cloud Trust Summit 2024
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Why Business Risk Should be Your Guiding North Star for Remediation

Published: 04/25/2024

AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders

Published: 04/23/2024

Do You Know These 7 Terms About Cyber Threats and Vulnerabilities?

Published: 04/19/2024

The Data Security Risks of Adopting Copilot for Microsoft 365

Published: 04/16/2024