Layered security
Layered security: A security strategy that uses multiple layers of defense to protect against attacks and prevent unauthorized access. It is used to reduce the risk of a single point of failure and increase the overall security of a system. Examples of layered security include firewalls, intrusion detection systems, and access control policies.
Legal holds in data retention
Legal holds in data retention: The process of preserving data that may be relevant to a legal matter. It is used by organizations to ensure that they do not destroy or alter any data that may be needed for a legal investigation or lawsuit. For example, a company may use legal holds in data retention […]
Legal liability for data
Legal liability for data: The responsibility of an organization for the data it collects, stores, and uses. It is used to ensure that organizations are held accountable for their handling of personal and sensitive data. For example, a company may be held legally liable for a data breach if it fails to adequately protect the […]
Level of abstraction
Level of abstraction: The distance between the details of a system and the concepts used to represent it. Higher levels of abstraction use more general concepts and provide less detail, while lower levels provide more specific details. Examples of high-level abstraction might include using a database abstraction layer to hide the details of database queries […]
Level of assurance
Level of assurance: A measure of the confidence that a system or process provides the desired level of security. It is used in security assessments and audits to determine the adequacy of security controls. Examples include low, medium, and high levels of assurance.
National Cyber Security Centre (NCSC) 12 Principles
National Cyber Security Centre (NCSC) 12 Principles: A set of guidelines provided by the UK’s National Cyber Security Centre to help organizations design and implement secure online services. These principles offer a strategic framework for security across various online services and business models, addressing aspects like data minimization, user authentication, security monitoring, and incident management. […]