The FREE Cybersecurity Glossary by Thor Pedersen!

Information security governance: The overall management and oversight of an organization's information security program. This includes defining the roles and responsibilities of individuals and groups within the organization, establishing policies and procedures for information security, and monitoring compliance with those policies and procedures. Information security governance is used to ensure that the organization's information and systems are secure, and that the organization's information security program is effective.

Information Security Management System (ISMS): A framework for managing and protecting an organization's information assets. An ISMS typically includes policies, procedures, and controls for ensuring the confidentiality, integrity, and availability of sensitive data. Examples of ISMS components could include access controls, encryption, and user awareness training.

Information Security Policy: A set of guidelines and rules that outline an organization's approach to information security. It is used in organizations to provide a clear and consistent framework for protecting information assets. Examples - a policy on acceptable use of company devices, a policy on data classification, and a policy on incident response.

Information Security Program: A program that outlines the policies, procedures, and technical measures used to protect an organization's information assets. It is used in organizations to ensure that information is secure and that all employees understand their roles and responsibilities in maintaining information security. Examples - an employee training program on information security, a policy on password management, and regular security audits.

Information System (IS): A combination of hardware, software, and people that is used to collect, process, store, and share information. It is used in organizations to support business operations and decision-making. Examples - a database management system, a customer relationship management system, and a supply chain management system.

Information systems audit: An information systems audit is a systematic review and evaluation of an organization's information systems, practices, operations, and related controls. Conducted by internal or external auditors, these audits aim to verify the reliability and integrity of IT systems, ensure compliance with policies and regulations, and detect any breaches or security risks. Audits can cover areas such as network security, system integrity, and data management.