EU-US Privacy Shield
EU-US Privacy Shield: The EU-US Privacy Shield was a framework designed to ensure compliance with EU data protection requirements when transferring personal data from the European Union to the United States. However, it’s important to note that the Privacy Shield was invalidated by the Court of Justice of the European Union (CJEU) in July 2020. […]
Evaluation Assurance Level (EAL)
Evaluation Assurance Level (EAL): A numerical grade assigned to an information system product or system for the certification of its security. Defined by the Common Criteria certification standards, the EAL represents a third-party assessment of the design, implementation, and testing of security functions, with levels ranging from EAL1 (functionally tested) to EAL7 (formally verified, designed, […]
Export Administration Regulations (EAR)
Export Administration Regulations (EAR): United States regulatory laws that govern the export and re-export of most commercial items, including “dual-use” items that can serve both commercial and military or proliferation applications. EAR is administered by the Bureau of Industry and Security under the US Department of Commerce and covers technologies such as computers, software, and […]
Exposure Factor (EF)
Exposure Factor (EF): A metric that represents the magnitude of loss or impact that a threat could have on a system or data. It’s quantified as a percentage of loss that a realized threat would have on a specific asset. For example, an EF of 0.2 (or 20%) for a specific threat would indicate that […]
Exposure
Exposure: In the context of finance and investments, exposure refers to the degree to which an investor or business is open to risk from market fluctuations, which could potentially lead to loss. In cybersecurity, exposure denotes the vulnerability of an organization or individual to potential threats that could lead to unauthorized access or damage to […]
Extended Enterprise
Extended Enterprise: A network of associated entities that a central organization interacts with directly or indirectly, including suppliers, vendors, partners, contractors, and customers. These entities have access to certain data or systems of the central organization, thereby extending the risk landscape and necessitating the use of additional controls to safeguard assets and data.