The FREE Cybersecurity Glossary by Thor Pedersen!

Governance/management practice: The processes and procedures used to manage and direct an organization. It is used to ensure that an organization operates efficiently and effectively. Examples of governance/management practices include setting policies and procedures, monitoring compliance, and making strategic decisions.

Governance of Enterprise IT (GEIT): The process of managing and directing the use of IT resources within an organization to achieve its goals and objectives. It is used to ensure that IT systems are aligned with the organization's strategic objectives and operate efficiently and securely. Examples of governance of enterprise IT include establishing IT policies and procedures, monitoring IT compliance, and making strategic IT decisions.

Governance, Risk Management and Compliance (GRC): A framework for managing an organization's governance, risk, and compliance activities. It is used to ensure that an organization operates efficiently and effectively while mitigating potential risks and complying with regulations. Examples of GRC include implementing a risk management program, conducting compliance audits, and developing a governance framework.

Government cloud: A type of cloud computing service that is designed specifically for government agencies to store, manage, and process sensitive data. It is used in situations where the data being handled requires a high level of security and compliance with government regulations. Examples include storing and processing data for military operations, social security records, and tax information.

Government Information Security Reform Act of 2000: A US federal law that mandates government agencies to establish comprehensive security programs for their information systems. It requires annual reviews and reports to ensure the effectiveness of information security policies and practices, enhancing accountability and security measures in federal agencies.

Graham-Denning Model: A formal framework used to define and analyze the protection of information in a computer system. It outlines a set of eight basic rights or rules (procedures) that can be defined for a system regarding the creation and deletion of objects and subjects, providing, transferring, and deleting access rights. The model focuses on the actions that subjects can execute over objects while taking into consideration the permissions and prohibitions applied to these actions, making it a fundamental model in the study of secure systems' architecture.