Compliance and Governance Definitions

  • B

    blue pill rootkit

    The blue pill rootkit is malware that executes as a hypervisor to gain control of computer resources. Joanna Rutkowska, a security researcher for Singapore-based IT security firm COSEINC, developed the Blue Pill rootkit as proof-of-concept malware, which she demonstrated at the 2006 Black Hat Briefings conference.

  • C

    CAIQ (Consensus Assessments Initiative Questionnaire)

    The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud service provider.

  • clickwrap agreement (clickthrough agreement or clickwrap license)

    A clickwrap agreement (also known as a clickthrough agreement or clickwrap license) is an online contract that confirms user consent to a company's terms and conditions.

  • cloud access security broker (CASB)

    Cloud access security brokers (CASBs) are tools or services that enforce an organization's security policies in a public cloud environment.

  • Cloud Controls Matrix

    The Cloud Controls Matrix is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider.

  • Cloud Security Alliance (CSA)

    The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into best practices for securing cloud computing and the use of cloud technologies to secure other forms of computing.

  • CloudAudit

    CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks. The specification provides a standard way to present and share detailed, automated statistics about performance and security.

  • CloudTrust Protocol (CTP)

    The CloudTrust Protocol or CTP is a mechanism that helps cloud service customers request and retrieve standardized inquiries about cloud provider transparency.

  • M

    Microsoft Cloud Security Readiness Tool (CSRT)

    The Microsoft Cloud Security Readiness Tool (CSRT) is a survey that assesses the systems, processes and productivity of an IT environment in preparation for the adoption and secure use of cloud computing services.

  • S

    Security, Trust and Assurance Registry (STAR)

    The Security, Trust and Assurance Registry (STAR) is an online registry of cloud provider security controls.

  • Soc 1 (Service Organization Control 1)

    A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

  • Soc 2 (Service Organization Control 2)

    A Service Organization Control 2 (Soc 2) reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.

  • Soc 3 (Service Organization Control 3)

    A Service Organization Control 3 (Soc 3) report outlines information related to a service organization’s internal controls in security, availability, processing integrity, confidentiality or privacy.

  • software-defined perimeter (SDP)

    Software-defined perimeter (SDP) is a security framework developed by the Cloud Security Alliance (CSA) that controls access to resources based on identity.

  • SSAE 16

    SSAE 16, also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.

-ADS BY GOOGLE

SearchSecurity

SearchCloudComputing

SearchAWS

SearchCloudApplications

SearchServerVirtualization

SearchVMware

ComputerWeekly.com

Close