Government Information Security Reform Act of 2000
Government Information Security Reform Act of 2000: A US federal law that mandates government agencies to establish comprehensive security programs for their information systems. It requires annual reviews and reports to ensure the effectiveness of information security policies and practices, enhancing accountability and security measures in federal agencies.
Gramm-Leach-Bliley (GLBA) Act
Gramm-Leach-Bliley (GLBA) Act: A law passed in the United States that requires financial institutions to protect their customers’ personal information. It is used to ensure that financial institutions handle personal data responsibly and that customers’ information is secure. Examples of GLBA compliance include implementing security policies and procedures, conducting security audits, and providing security training […]
Guideline
Guideline: A general rule or principle designed to steer actions or decisions in security practices. Such guidelines are essential for creating and maintaining standards for system and network security, data protection, threat mitigation, and regulatory compliance. Notable security guideline examples include the OWASP Top 10 for web application security, the NIST Cybersecurity Framework for comprehensive […]
GAAS (Generally Accepted Auditing Standards)
GAAS (Generally Accepted Auditing Standards): A set of systematic guidelines auditors use when assessing companies’ financial statements, ensuring the accuracy, consistency, and reliability of auditors’ actions and reports. In IT and cybersecurity, GAAS principles guide the auditing of IT systems and controls, emphasizing data integrity, security, and the effectiveness of IT governance practices.
Gamification
Gamification: The use of game design elements and mechanics in non-game contexts to increase user engagement and motivation. It is used in various industries, including information security, to make tasks and activities more enjoyable and rewarding for users. Examples include using points, badges, and leaderboards to incentivize users to follow security best practices or using […]
General computer control
General computer control: The infrastructure controls in a computer system, including network security, access controls, and data backup procedures, among others. These controls are not specific to individual applications within the system but, instead, provide a secure foundation that supports all applications. They help ensure the integrity, reliability, and security of data and systems by […]