DevSecOps

Information Security

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Security Audit

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Compliance Framework

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

ISO 27001

An international standard for information security management systems specifying requirements for establishing and maintaining security.

SOC 2

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.

NIST Cybersecurity Framework

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Cyber Insurance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Threat Modelling

A structured approach for identifying, quantifying, and addressing security threats to a system or application.

Security by Design

An approach that integrates security considerations into every stage of the software development lifecycle.

Software Supply Chain Security

Practices and tools that protect the integrity of software components, dependencies, build pipelines, and distribution channels from compromise and tampering.

Cloud Security Posture Management

Automated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.

A globally accessible knowledge base of adversary tactics and techniques based on real-world cyber observations.

A group of security professionals who simulate real-world attacks to test an organisation's defensive capabilities.

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

Security systems that leverage machine learning and behavioural analytics to identify sophisticated cyber threats, anomalous patterns, and zero-day attacks in real time.

The specific path, method, or scenario used by an attacker to gain unauthorised access to a system.

An authentication method requiring two or more verification factors to gain access to a resource.

Security solutions that deploy decoy assets such as fake servers, credentials, and data to detect, misdirect, and analyse attackers who have breached perimeter defences.

An integrated security platform that protects cloud-native applications across the full lifecycle, combining workload protection, configuration management, and runtime security.

DevOps

A set of practices combining software development and IT operations to shorten the development lifecycle and deliver continuous value.