Compliance and Governance Definitions

  • B

    blue pill rootkit

    The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.

  • C

    CAIQ (Consensus Assessments Initiative Questionnaire)

    The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud provider.

  • clickwrap agreement (clickthrough agreement or clickwrap license)

    A clickwrap agreement (also known as a clickthrough agreement or clickwrap license) is an online contract that confirms user consent to a company's terms and conditions.

  • cloud access security broker (CASB)

    Cloud access security brokers (CASBs) are tools or services that enforce an organization's security policies in a public cloud environment.

  • Cloud Controls Matrix

    The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

  • Cloud Security Alliance (CSA)

    (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the ability of cloud technologies to secure other forms of computing. The industry group also provides security education and guidance to companies implementing cloud computing and helps vendors address security in their software delivery models.

  • CloudAudit

    CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

  • CloudTrust Protocol (CTP)

    The CloudTrust Protocol or CTP is a mechanism that helps cloud service customers request and retrieve standardized inquiries about cloud provider transparency.

  • M

    Microsoft Cloud Security Readiness Tool (CSRT)

    The Microsoft Cloud Security Readiness Tool (CSRT) is a survey that assesses the systems, processes and productivity of an IT environment in preparation for the adoption and secure use of cloud computing services.

  • S

    Security, Trust and Assurance Registry (STAR)

    The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.

  • Soc 1 (Service Organization Control 1)

    A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

  • Soc 2 (Service Organization Control 2)

    A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.

  • Soc 3 (Service Organization Control 3)

    A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.

  • software-defined perimeter (SDP)

    Software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance. All endpoints attempting to access a given infrastructure must be authenticated and authorized prior to entrance.

  • SSAE 16

    SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly

Close