Security ratings or cybersecurity ratings are a data-driven, objective, and dynamic measurement of an organization's security posture. They are created by a trusted, independent security rating platform making them valuable as an objective indicator of an organization's cybersecurity performance. Just as credit ratings and FICO scores aim to provide a quantitative measure of credit risk, security ratings aim to provide a quantitative measure of cyber risk.
Data classification is the process of organizing structured and unstructured data into categories, so it can be used and secured more efficiently. It makes data easier to locate and retrieve while facilitating better risk management, legal discovery, and regulatory compliance. Data classification involves labeling sensitive data and personal information to make it searchable and trackable.
In cybersecurity, the term open port refers to a TCP or UDP port number that is configured to accept packets. In contrast, a port which rejects connections or ignores all packets, is a closed port. Ports are an integral part of the Internet's communication model. All communication over the Internet is exchanged via ports. Every IP address contains two kinds of ports, UDP and TCP ports, and there are up to 65,535 of each for any given IP address.
The Consensus Assessments Initiative Questionnaire (CAIQ) is a security assessment provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.
The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains. SIG was developed by Shared Assessments and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security, and business resiliency. The SIG questionnaire was created by Shared Assessments.
The Vendor Security Alliance (VSA) questionnaire was created by a coalition of companies committed to improving Internet security. It is one of the most well-known, highly respected security questionnaires, alongside: The VSA questionnaire is free to use and accessible on the VSA website.
The Higher Education Community Vendor Assessment Tool (HECVAT) is a security assessment template that attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. HECVAT has various versions that are free to use and provide a consistent, streamlined third-party risk assessment framework.
The OWASP Top 10 is a regularly-updated report outlining the top 10 list of security concerns for web application security. The report is put together by a team of security experts around the world. OWASP refers to the Top 10 as an 'awareness document' and they recommend all companies incorporate the report's findings into the cybersecurity processes.
Data loss prevention (DLP) is a set of processes and technologies that ensure sensitive data is not lost, misused or exposed to unauthorized users by end-users or misconfiguration. Most data loss prevention solutions rely on data classification. This means that sensitive data is grouped into different buckets, e.g. regulated, confidential, financial data, intellectual property, and business-critical data.
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users and may be used to bypass access control, such as the same-origin policy. The impact of XSS can range from a small nuisance to significant cybersecurity risk, depending on the sensitivity of data handled by the vulnerable website, and the nature of any mitigations implemented.
