SOC 2

Information Security

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Security Audit

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Compliance Framework

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

ISO 27001

An international standard for information security management systems specifying requirements for establishing and maintaining security.

NIST Cybersecurity Framework

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Cyber Insurance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Threat Modelling

A structured approach for identifying, quantifying, and addressing security threats to a system or application.

Security by Design

An approach that integrates security considerations into every stage of the software development lifecycle.

DevSecOps

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Software Supply Chain Security

Practices and tools that protect the integrity of software components, dependencies, build pipelines, and distribution channels from compromise and tampering.

Cloud Security Posture Management

Automated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

A simulated cyberattack against a system to evaluate the security of its defences and identify exploitable vulnerabilities.

The secure storage, distribution, rotation, and auditing of sensitive credentials such as API keys, tokens, passwords, and certificates used by applications and services.

A network security device that monitors and filters incoming and outgoing network traffic based on security rules.

Security technology embedded within applications that detects and blocks attacks in real time by monitoring application behaviour and request patterns during execution.

An entity that issues digital certificates, verifying the identity of organisations and encrypting communications.

Malicious software designed to disrupt, damage, or gain unauthorised access to computer systems.

Security solutions that control and monitor access for users with elevated permissions to critical systems.