Software Supply Chain Security

Information Security

The practice of protecting information by mitigating information risks including unauthorised access, use, and disruption.

Security Audit

A systematic evaluation of an organisation's information system security by measuring compliance with established criteria.

Compliance Framework

A structured set of guidelines and best practices for meeting regulatory requirements and industry standards.

ISO 27001

An international standard for information security management systems specifying requirements for establishing and maintaining security.

SOC 2

An auditing framework that evaluates the security, availability, processing integrity, confidentiality, and privacy of service organisations.

NIST Cybersecurity Framework

A set of voluntary guidelines for managing and reducing cybersecurity risk developed by the US National Institute of Standards.

Cyber Insurance

Insurance coverage protecting organisations against financial losses from cyberattacks, data breaches, and related incidents.

Threat Modelling

A structured approach for identifying, quantifying, and addressing security threats to a system or application.

Security by Design

An approach that integrates security considerations into every stage of the software development lifecycle.

DevSecOps

An approach integrating security practices within the DevOps process, making security a shared responsibility.

Cloud Security Posture Management

Automated tools that continuously assess cloud infrastructure configurations against security best practices and compliance requirements, identifying and remediating misconfigurations.

A communication system where only the communicating users can read the messages, with encryption at both endpoints.

A comprehensive inventory of all software components, libraries, and dependencies used in an application, enabling vulnerability tracking and supply chain risk management.

The specific path, method, or scenario used by an attacker to gain unauthorised access to a system.

Using unique biological characteristics like fingerprints, facial features, or iris patterns to verify identity.

The discipline of protecting AI systems from adversarial attacks, data poisoning, model theft, and prompt injection while ensuring the secure deployment of AI in production environments.

A decoy system designed to attract attackers and study their methods while protecting real systems.

A collaborative security approach combining red team attack knowledge with blue team defensive capabilities.

A web security vulnerability allowing attackers to inject malicious scripts into web pages viewed by other users.