ISO 27001
An international standard for information security management systems (ISMS) that specifies requirements for managing information security.
Practice this topic
Test your knowledge of grc concepts with exam-style practice questions.
Related GRC terms
Risk Assessment
The process of identifying, analyzing, and evaluating potential risks to an organization's information assets.
Vulnerability Assessment
A systematic process to identify, quantify, and prioritize security vulnerabilities in systems and applications.
Penetration Testing
An authorized simulated cyberattack on a computer system to evaluate its security posture.
Compliance
The act of conforming to established guidelines, specifications, or legislation related to information security.
NIST Framework
A set of guidelines and best practices published by the National Institute of Standards and Technology to manage cybersecurity risk.
GDPR
The General Data Protection Regulation — an EU regulation on data protection and privacy for individuals within the European Union.