Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Clarifying 10 Cybersecurity Terms

Clarifying 10 Cybersecurity Terms

Blog Article Published: 01/19/2024

Written by Megan Theimer, Content Program Specialist, CSA.

The many facets of cloud and cybersecurity work together to create a holistic security posture. It’s rare to find an organization that has the skills and resources to devote the ideal amount of attention and energy to every area of cybersecurity, but being able to define some basic policies and procedures is a great place to start.

In this blog, we’re clarifying the definitions of 10 cybersecurity terms related to the different domains of cybersecurity to help you take those first steps toward a more robust security posture.


1. Governance, Risk, and Compliance (GRC)

The policies and procedures that manage the organization's information security governance (aligning the management and control of information with business objectives), risk management (identifying, analyzing, and responding to risks), and compliance (conforming with requirements and regulations).

Learn how to create a GRC program.


2. Risk Tolerance

The level of risk or degree of uncertainty acceptable to organizations. An organization’s risk tolerance level is the amount of data and systems that can be risked to an acceptable level.

Participate in the CSA AI Technology and Risk Working Group.


3. Residual Risk Management

Analysis and plans for remediating information security risk that remains after the theoretical or applied implementation of mitigating controls with the intent of increasing control effectiveness and ultimately reducing risk to an acceptable level.

Get an update on the current state of risk governance.


4. Data Governance

Outlining and looking for compliance on how data is managed, transformed, and stored throughout the IT infrastructure of an organization. This includes data ownership, figuring out how data should be classified, outlining the responsibilities that asset owners have, prescribing the necessary controls, and figuring out how data should be deleted.

Explore the security and governance of data lakes.


5. Configuration Management

The process and procedures for managing the configuration of assets (servers, storage arrays, network equipment, etc.) to assure that their configuration as deployed matches that specified by policy, standards, and guidelines. The goal is to maintain the assets in a consistent, desired state as defined within the organization.

Learn about the configuration and monitoring of IAM.


6. Endpoint Monitoring

The collection of events associated with end user usage of devices, offering in-depth visibility into the total security of your network-connected devices or endpoints.

Discover why endpoint security shouldn’t be your organization’s primary focus.


7. Penetration Testing

Also known as ethical hacking. A means of evaluating an organization’s systems’, networks’, and applications’ security by using hacker tools and techniques in order to identify and discover vulnerabilities.

Learn how penetration testing in the cloud works.


8. Business Continuity and Disaster Recovery (BCDR)

The implementation of measures designed to ensure operational resiliency and minimize the impact of service disruptions, regardless of their nature or scale.

Get an overview of how to approach BCDR in the cloud.


9. Crisis Management

The overall coordination/strategy of an organization’s crisis response with the goal of avoiding or minimizing damage to the organization’s profitability, reputation, or ability to operate. This includes preparing for, responding to, and recovering from an incident.

Apply CSA’s Cloud Incident Response Framework to your crisis management plan.


10. Collective Responsibility

The idea that everyone is responsible for the security stance of an organization. Security must no longer be considered an afterthought, someone else’s responsibility, distinct from business objectives, or as something ephemeral whose progress cannot be measured.

Learn why a sense of collective responsibility is imperative to DevSecOps.



Find other helpful introductory resources on our Cloud 101 page.

Share this content on your favorite social network today!