| Access Control | A security technique used to regulate who or what can view or use resources. |
| Accountability | The obligation of an individual or organization to account for activities and accept responsibility. |
| Adverse Selection | A market situation where asymmetric information leads to high-risk selections. |
| Agile Governance | A flexible governance approach that adapts quickly to changes. |
| AML (Anti-Money Laundering) | Laws, regulations, and procedures aimed at preventing financial crimes. |
| Annual Risk Assessment | An annual evaluation of risks affecting an organization. |
| Asset Management | The systematic process of managing an organization’s assets. |
| Audit Committee | A governing body responsible for overseeing audit processes. |
| Audit Log | A record of events related to system security and activities. |
| Audit Trail | A chronological record of system activities for audit purposes. |
| Authentication | The process of verifying user identity. |
| Authorization | The process of granting or denying access to resources. |
| Baseline Security | Minimum security requirements set as a standard. |
| Benchmarking | Comparing organizational performance against industry standards. |
| Board Oversight | Oversight function ensuring responsible decision-making. |
| Business Continuity Plan (BCP) | A plan to ensure business operations continue after disruptions. |
| Business Impact Analysis (BIA) | An analysis of potential disruptions and their business impact. |
| BYOD (Bring Your Own Device) Policy | A policy for managing employee-owned devices in the workplace. |
| CAPA (Corrective and Preventive Action) | A process to identify and correct deficiencies in operations. |
| CISO (Chief Information Security Officer) | An executive responsible for cybersecurity and information security. |
| Cloud Governance | Policies and practices for managing cloud computing risks. |
| Compliance Audit | An examination of adherence to laws and regulations. |
| Compliance Framework | A structure of rules ensuring compliance with laws and regulations. |
| Compliance Risk | The potential for failing to comply with regulations. |
| Confidentiality | Ensuring information is only accessible by authorized parties. |
| Conflict of Interest | A situation where personal interests conflict with organizational duties. |
| Continuous Monitoring | Ongoing evaluation of systems and activities for compliance. |
| Control Deficiency | A weakness in an internal control system. |
| Control Environment | The policies and procedures governing risk management. |
| Control Self-Assessment (CSA) | A process for self-evaluating internal control effectiveness. |
| Corporate Governance | The framework that governs corporate decision-making. |
| COSO (Committee of Sponsoring Organizations) | A framework for internal controls and risk management. |
| Crisis Management | Planning and responding to crises effectively. |
| Cyber Risk | The potential harm resulting from cyber threats. |
| Cybersecurity Framework | A structured approach to managing cybersecurity risks. |
| Data Classification | The classification of data based on sensitivity levels. |
| Data Governance | The process of managing data-related risks and policies. |
| Data Leakage Prevention (DLP) | Security measures to prevent unauthorized data leaks. |
| Data Privacy | Protecting personal data from unauthorized access. |
| Data Protection | Safeguarding information through encryption and controls. |
| Data Retention Policy | Policies defining how long data is retained. |
| Digital Risk | The risk associated with digital transformation and automation. |
| Disaster Recovery Plan (DRP) | A plan to restore operations after a disaster. |
| Due Diligence | A thorough investigation before engaging in business relationships. |
| Enterprise Risk Management (ERM) | A holistic approach to managing enterprise-wide risks. |
| Ethical Hacking | Simulated cyberattacks to test security controls. |
| Ethics Hotline | A reporting mechanism for unethical behavior. |
| Event Logging | Recording system events for security and compliance. |
| Exception Handling | Managing unexpected errors and exceptions in processes. |
| Exit Strategy | A planned approach for discontinuing operations responsibly. |
| External Audit | An independent review of financial and operational practices. |
| Fair Dealing | Ensuring fair treatment of customers and stakeholders. |
| FCPA (Foreign Corrupt Practices Act) | A law preventing corruption in business transactions. |
| Financial Compliance | Compliance with financial laws and regulations. |
| Financial Risk | Managing financial exposure and uncertainties. |
| Fraud Prevention | Methods to detect and prevent fraudulent activities. |
| GAP Analysis | Identifying gaps between current and desired states. |
| GDPR (General Data Protection Regulation) | A European regulation for data protection and privacy. |
| Governance Model | A structured approach to governance processes. |
| Governance Risk | Risks related to governance structures and decisions. |
| HIPAA (Health Insurance Portability and Accountability Act) | A US law ensuring medical data privacy. |
| Identity and Access Management (IAM) | Managing access rights and user identities. |
| Incident Management | Handling security incidents in an organization. |
| Incident Response Plan (IRP) | A structured plan to respond to security incidents. |
| Information Security Management System (ISMS) | A system for managing security risks systematically. |
| Information Security Policy | A formal policy guiding security controls. |
| Internal Audit | An internal function evaluating risks and controls. |
| Internal Controls | Procedures ensuring operational integrity and accountability. |
| IT Compliance | Ensuring IT systems comply with regulations. |
| IT Governance | The system of rules governing IT management. |
| IT Risk Management | Identifying and mitigating IT-related risks. |
| Key Performance Indicators (KPIs) | Metrics for assessing business performance. |
| Key Risk Indicators (KRIs) | Indicators measuring potential risks in operations. |
| Legal Risk | Legal obligations and associated risks. |
| Log Management | Processes managing system logs and activities. |
| Loss Prevention | Strategies to prevent financial and security losses. |
| Malware Protection | Protection against malicious software threats. |
| Market Risk | Risks associated with market fluctuations. |
| Material Weakness | A significant weakness in an internal control system. |
| Mitigation Strategy | A strategy to reduce or eliminate risks. |
| Monitoring Controls | Controls designed to continuously track risks. |
| Multi-Factor Authentication (MFA) | Using multiple authentication factors for security. |
| NDA (Non-Disclosure Agreement) | A legal contract ensuring confidentiality. |
| Network Security | Protecting organizational networks from cyber threats. |
| Operational Resilience | The ability to adapt to operational disruptions. |
| Operational Risk | Risks related to daily business operations. |
| Outsourcing Risk | Managing risks from outsourced services. |
| Penetration Testing | Testing security defenses through simulated attacks. |
| Personal Data Protection | Ensuring personal information remains secure. |
| Phishing Awareness | Training employees on phishing risks. |
| Policy Enforcement | Ensuring compliance with policies and procedures. |
| Policy Management | Managing policies effectively across the organization. |
| Privacy Impact Assessment (PIA) | Assessing privacy risks in processes. |
| Process Automation | Automating compliance and risk management tasks. |
| Ransomware Protection | Preventing and mitigating ransomware attacks. |
| Regulatory Compliance | Ensuring adherence to regulatory requirements. |
| Regulatory Reporting | Reporting regulatory compliance data to authorities. |
| Residual Risk | The remaining risk after mitigation. |
| Risk Acceptance | Accepting a level of risk within an organization. |
| Risk Appetite | The amount of risk an organization is willing to take. |
| Risk Assessment | Identifying potential risks before they occur. |
| Risk Avoidance | Eliminating potential risks where possible. |
| Risk Culture | The culture that influences risk management. |
| Risk Governance | A governance approach to handling risks. |
| Risk Identification | Detecting and identifying emerging risks. |
| Risk Mitigation | Reducing or controlling risks effectively. |
| Third-Party Risk Management | Assessing risks associated with third parties. |
| Whistleblower Policy | A policy encouraging ethical reporting of issues. |
