{tableName=comparison, name=NIST SP 800-53 vs GDPR, description=NIST SP 800-53 and GDPR are two important frameworks for information security and privacy. Learn their similarities and differences., topic=[{id=97620570515, createdAt=1673040885373, updatedAt=1715624498921, path='nist-sp-800-53', name='
NIST SP 800-53 Security Guide: Protect Your Data', 1='{type=string, value=NIST SP 800-53}', 2='{type=string, value=
This guide provides a comprehensive overview of NIST SP 800-53, a security and privacy control framework for federal information systems and organizations. Learn how to protect your data and comply with NIST}', 5='{type=string, value=This authoritative guide is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, which provides guidance for federal agencies on selecting, implementing, and managing information security controls. The guide covers a wide range of topics, including risk assessment, security control selection, security control implementation, and security control monitoring. It also provides detailed information on the security controls that should be implemented in the organization, as well as guidance on how to assess and monitor the effectiveness of those controls. Additionally, the guide provides detailed information on the Federal Information Security Management Act (FISMA) and its requirements for information security. The guide is intended to help organizations ensure that their information systems are secure and compliant with applicable laws and regulations.}', 15='{type=list, value=[{id=97620570515, name='NIST SP 800-53'}]}'}], hs_path=nist-sp-800-53-vs-gdpr}--
{tableName=glossary, name=COBIT Framework, description=
COBIT (Control Objectives for Information and Related Technology) is an IT governance framework that provides a comprehensive set of best practices, processes, and procedures for IT management and control. It was developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) to help organizations achieve their business objectives by leveraging IT resources. COBIT enables organizations to align IT strategies with their business objectives by providing an integrated framework of processes, controls, and best practices for the effective management of IT. It covers all aspects of IT management, including planning, acquisition, implementation, operations, and maintenance. COBIT also provides guidance on IT governance, risk management, and compliance. It is a widely accepted and internationally recognized standard for IT governance, and is used by organizations of all sizes and industries., topic=null, hs_path=cobit-framework}--
{tableName=glossary, name=ISO/IEC 27002 Security Policy, description=
ISO/IEC 27002 Security Policy is a set of guidelines, procedures, and best practices that organizations use to protect their information assets. It is based on a framework of security controls that are designed to reduce the risk of unauthorized access, use, disclosure, disruption, modification, or destruction of information. The security policy outlines the organization’s security objectives and identifies the security controls that will be used to achieve those objectives. The policy also defines the roles and responsibilities of personnel involved in the security process, and outlines the procedures for responding to security incidents. ISO/IEC 27002 Security Policy provides organizations with a comprehensive approach to information security management., topic=null, hs_path=iso-iec-27002-security-policy}--
{tableName=glossary, name=Data Integrity, description=
Data Integrity is the assurance that data is complete, accurate, and reliable throughout its lifecycle. It is the process of ensuring that data is not corrupted, compromised, or altered in any way. Data Integrity is achieved through a combination of technical and administrative measures that prevent unauthorized access to data and protect it from being modified, deleted, or otherwise corrupted. Data Integrity also ensures that data is stored and maintained in its original form, and that any changes made to the data are done in a controlled and secure manner. Data Integrity is essential for the successful operation of any system that relies on data for its functioning. Data Integrity is critical for the accuracy and reliability of data, as well as for the security of data and the protection of information., topic=null, hs_path=data-integrity}--
{tableName=glossary, name=Cryptography, description=
Cryptography is the practice and study of techniques for secure communication in the presence of third parties. It is used to protect confidential information and to ensure its authenticity and integrity. Cryptography involves the use of mathematical algorithms, protocols, and techniques to protect data from unauthorized access, modification, and disclosure. It is also used to protect data from being read or intercepted by an unintended recipient. Cryptography includes both symmetric and asymmetric encryption, digital signatures, and public-key infrastructure. Cryptography is used to protect data in transit, at rest, and in storage. It is also used to protect data from being tampered with or manipulated. Cryptography is used in various applications, such as banking, military, and government communications, to ensure the confidentiality, integrity, and authenticity of information., topic=null, hs_path=cryptography}--
{tableName=glossary, name=Discretionary Access Control (DAC), description=
Discretionary Access Control (DAC) is a type of access control in which a user's access to a system or resource is based upon the user's individual identity. This type of access control allows the user to make decisions about who can access the system or resource, and what type of access they can have. DAC is based on the principle of least privilege, which means that a user is only allowed access to the minimum amount of resources necessary to perform their job. The user is also responsible for managing the access rights of other users. DAC is commonly used in operating systems, databases, networks, and other computer systems. It is also used in physical security systems, such as door locks, to control access to restricted areas., topic=null, hs_path=discretionary-access-control-dac}--
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77