NIST Cybersecurity Framework

Information Security

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Security Audit

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Compliance Framework

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

ISO 27001

An international standard for information security management systems specifying requirements for establishing and maintaining security.

SOC 2

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.

Cyber Insurance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Threat Modelling

A structured approach for identifying, quantifying, and addressing security threats to a system or application.

Security by Design

An approach that integrates security considerations into every stage of the software development lifecycle.

DevSecOps

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Software Supply Chain Security

Practices and tools that protect the integrity of software components, dependencies, build pipelines, and distribution channels from compromise and tampering.

Cloud Security Posture Management

Automated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.

Advanced red team exercises that replicate the tactics, techniques, and procedures of specific threat actors to evaluate an organisation's detection and response capabilities.

Malicious software that encrypts a victim's files and demands payment for the decryption key.

A unified security platform that integrates multiple security tools and data sources for comprehensive threat detection.

A security model that requires strict identity verification for every person and device accessing resources regardless of location.

Security solutions focused on detecting and responding to identity-based attacks such as credential theft, privilege escalation, and compromised service accounts.

The proactive search for cyber threats within an organisation's environment that have evaded automated detection, using hypotheses, threat intelligence, and advanced analytics.

A centralised facility where security professionals monitor, detect, analyse, and respond to cybersecurity incidents.

Technology that aggregates and analyses security data from across an organisation to detect threats.