Compliance and Governance Definitions

  • B

    blue pill rootkit

    The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.

  • C

    CAIQ (Consensus Assessments Initiative Questionnaire)

    The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider.

  • clickwrap agreement (clickthrough agreement)

    A clickwrap agreement, also known as a click through, shrink-wrap, or sign-in-wrap, is an online agreement in which the user signifies his or her acceptance by clicking a button or checking a box that states “I agree.”

  • cloud access security broker (CASB)

    A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.

  • Cloud Controls Matrix

    The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.

  • CloudAudit

    CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

  • CloudTrust Protocol (CTP)

    The CloudTrust Protocol or CTP is a mechanism that helps cloud service customers request and retrieve standardized inquiries about cloud provider transparency.

  • M

    Microsoft Cloud Security Readiness Tool (CSRT)

    The Microsoft Cloud Security Readiness Tool (CSRT) is a survey that assesses the systems, processes and productivity of an IT environment in preparation for the adoption and secure use of cloud computing services.

  • S

    Security, Trust and Assurance Registry (STAR)

    The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.

  • Soc 1 (Service Organization Control 1)

    A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

  • Soc 2 (Service Organization Control 2)

    A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.

  • Soc 3 (Service Organization Control 3)

    A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.

  • software-defined perimeter (SDP)

    Software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance (CSA) that controls access to resources based on identity.

  • SSAE 16

    The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close