Báo cáo rủi ro
The process of collecting, analyzing, and communicating information about risk exposures, controls, and mitigation activities to organizational stakeholders.
View termCategories
Governance Risk Compliance
Browse Governance Risk Compliance terms for cybersecurity professionals.
Languages
Báo Cáo Sự Cố
The formal process of documenting and communicating information about detected security incidents to relevant stakeholders.
View termBáo cáo tuân thủ
The process of preparing and delivering evidence-based reports to demonstrate adherence to regulatory, legal, and contractual requirements.
View termChiến lược an ninh
A high-level plan that defines how an organization will protect its information assets, meet regulatory obligations, and manage cybersecurity risks in alignment with business objectives.
View termChuẩn bảo mật cơ bản
A documented set of minimum security controls or configurations established as a standard for systems, services, or processes to ensure a consistent level of risk mitigation.
View termChính sách lưu trữ
A documented set of rules defining how long information or records must be retained to comply with regulatory, legal, or business requirements, and the procedures for their eventual destruction or archival.
View termChấm điểm rủi ro
The process of quantifying and prioritizing risks by assigning numerical or qualitative values based on likelihood, impact, and organizational context.
View termChấp nhận rủi ro
A formal decision to acknowledge and accept the consequences of a specific risk, typically documented and approved by authorized management.
View termChủ quyền dữ liệu
The concept that digital data is subject to the laws and governance structures within the nation where it is collected or stored.
View termChủ Thể Dữ Liệu
An individual whose personal data is collected, held or processed by a data controller or processor as defined by privacy laws (e.g., GDPR).
View termChứng nhận truy cập
A formal, periodic review process in which managers or data owners attest that users have the appropriate levels of access to systems and information according to their roles and responsibilities.
View termCông bố lỗ hổng bảo mật
The process by which security vulnerabilities are reported to the relevant organization, vendor, or public, typically following a responsible or coordinated disclosure protocol.
View termCăn chỉnh quy định
The degree to which organizational controls, processes, and policies conform to laws, regulations, and relevant industry standards.
View termCấp phát người dùng
The process of creating, managing, and assigning user accounts and privileges within an organization's IT systems in accordance with security and compliance requirements.
View termDấu vết kiểm toán
A chronological record of system activities and user actions, providing documented evidence to support accountability, traceability, and compliance.
View termGhi nhật ký kiểm toán
The systematic recording of events and user actions in information systems to enable traceability, accountability, and forensic investigations.
View termGiám sát an ninh
The ongoing supervision and review of security policies, controls, and processes to ensure effective risk management and regulatory compliance.
View termGiám Sát Liên Tục
Ongoing real-time observation and analysis of security controls and risks to ensure timely detection of threats and compliance violations.
View termGiám sát tuân thủ
Ongoing supervision and review of an organization's compliance with laws, regulations, policies, and contractual obligations.
View termGiữ pháp lý
A directive to preserve all forms of relevant information when litigation or investigation is reasonably anticipated.
View termHiến Chương An Ninh
A formal document that defines the scope, authority, and responsibilities of the security function within an organization.
View termHội đồng giám sát
A governing committee or group responsible for strategic direction, oversight, and monitoring of the organization’s risk management, compliance, and cybersecurity frameworks.
View termKhoảng trống quy định
Any deficiency or mismatch between current organizational controls, policies, or processes and those required by relevant laws, regulations, or standards.
View termKhung chính sách
A structured set of overarching policies, standards, and guidelines that governs how information security, compliance, and risk are managed across an organization.
View termKhung kiểm soát
A structured set of governance, risk, and compliance (GRC) policies, processes, and controls aligned to industry standards for managing and mitigating organizational risks.
View termKhung trách nhiệm giải trình
A structured set of responsibilities, roles, and processes that ensure individuals and teams are answerable for security and compliance obligations.
View termKhung tuân thủ
An integrated system of standards, guidelines, and procedures designed to help an organization meet all relevant legal, regulatory, and contractual obligations.
View termKhẩu vị rủi ro
The level and type of risk an organization is willing to accept in pursuit of its objectives, as formally defined by senior management or the board.
View termKiểm kê tài sản
A comprehensive list of all information assets within an organization, including hardware, software, data, and supporting infrastructure, used for risk and compliance management.
View termKiểm soát thay đổi
A formal process used to ensure that all modifications to systems, processes, or documents are introduced in a controlled and coordinated manner, minimizing security and compliance risks.
View termKiểm soát tuân thủ
A specific policy, process, or technical measure implemented to ensure an organization meets applicable legal, regulatory, and contractual requirements in its operations and information systems.
View termKiểm toán an ninh
A formal, systematic review of an organization’s information systems, controls, and procedures to verify their effectiveness and compliance with security policies and regulations.
View termKiểm toán tuân thủ
A systematic, independent review to determine whether activities and related results comply with planned arrangements, policies, and regulatory requirements in information security and GRC frameworks.
View termKế hoạch giám sát
A documented approach outlining processes, tools, and responsibilities for continuously observing and assessing security controls, compliance, and risk indicators within an organization.
View termKế Hoạch Giảm Thiểu
A documented strategy detailing specific actions and controls to reduce the likelihood or impact of identified risks.
View termKế hoạch khắc phục
A formal strategy that outlines actions, responsibilities, and timelines to correct identified security or compliance deficiencies.
View termLiên tục kinh doanh
A holistic management process that identifies potential threats and ensures organizational resilience by planning for continued operation during and after a disruptive incident.
View termLưu trữ dữ liệu
The set of policies and procedures governing how long organizational data must be kept, archived, or deleted in compliance with legal, regulatory, or business requirements.
View termLập bản đồ dữ liệu
The structured process of identifying, documenting, and connecting the flow of data elements across systems, applications, and business processes, primarily for compliance, privacy, or integration requirements.
View termLập bản đồ kiểm soát
The process of linking controls to regulatory, policy, or framework requirements to demonstrate compliance and facilitate audits.
View termLập bản đồ quy trình
A systematic technique for visually documenting and analyzing business or IT processes, their sequence, stakeholders, inputs, outputs, and control points, supporting compliance, risk, and security management.
View termLập bản đồ quy trình
A structured method of visually documenting and analyzing processes, including their steps, controls, and responsible parties, to support compliance and risk management.
View termLập kế hoạch khả năng phục hồi
The strategic process of designing and implementing measures to ensure an organization can adapt, recover, and continue operating through adverse events or disruptions.
View termMa Trận Rủi Ro
A graphical tool that maps risk likelihood and impact to prioritize mitigation and support risk management decisions.
View termMô hình hóa mối đe dọa
A structured methodology to identify, analyze, and address potential threats and vulnerabilities in information systems throughout their lifecycle.
View termMô hình quản trị
A documented structure that defines roles, responsibilities, decision-making processes, and authority for managing information security, risk, and compliance within an organization.
View termMất Dữ Liệu
The unintended or unauthorized destruction, corruption, or loss of data, potentially resulting in business disruption or compliance violations.
View termMục tiêu kiểm soát
A specific statement of the desired result or purpose that a control is intended to achieve, forming the basis for assessing the effectiveness of risk management and compliance controls.
View termNgoại lệ chính sách
A formally approved, documented deviation from an established security policy, typically granted on a temporary basis with compensating controls.
View termNgưỡng Chịu Rủi Ro
The amount and type of risk an organization is willing to accept in pursuit of its objectives, as defined in risk management policies.
View termPhân loại bảo mật
The categorization of data or assets based on sensitivity, value, and required level of protection, typically in alignment with legal, regulatory, and organizational requirements.
View termPhân loại dữ liệu
The process of categorizing data based on its sensitivity, value, and the impact to the organization if disclosed, altered, or destroyed, as required by security policies and compliance frameworks.
View termPhân loại dữ liệu
The systematic process of categorizing information based on sensitivity, criticality, and regulatory requirements to determine appropriate protection and handling procedures.
View termPhân tách nhiệm vụ
A risk management control principle that divides critical tasks and privileges among multiple individuals to reduce opportunities for fraud or error in business processes.
View termPhân tích rủi ro
The systematic process of identifying, evaluating, and prioritizing risks to organizational assets, considering likelihood and potential impact.
View termPhân tích tác động
The process of identifying and evaluating the potential consequences and business impacts of threats, incidents, or policy changes.
View termQuy trình kiểm soát
A series of coordinated actions and procedures implemented to manage and mitigate risk by enforcing policies and security requirements.
View termQuy tắc ứng xử
A formal set of ethical and behavioral guidelines that define acceptable and unacceptable actions for personnel within an organization.
View termQuyền sở hữu dữ liệu
The formal assignment of authority and accountability for data assets to specific individuals or roles within an organization, defining responsibility for data integrity, security, and compliance.
View termQuyền sở hữu rủi ro
The assignment of accountability and authority for managing identified risks to a specific individual or organizational role.
View termQuản lý dữ liệu
The assignment of responsibility for the management, oversight, and protection of data assets to designated individuals or teams to ensure data quality, compliance, and lifecycle integrity.
View termQuản lý khóa
The set of processes and mechanisms used for the secure generation, distribution, storage, rotation, and destruction of cryptographic keys throughout their lifecycle.
View termQuản lý ngoại lệ
A formal process for documenting, assessing, approving, and monitoring deviations from standard policies or controls, ensuring appropriate risk evaluation and accountability.
View termQuản lý sự cố
A structured process for identifying, assessing, responding to, and recovering from security incidents to minimize impact and restore normal operations promptly.
View termQuản Lý Tuân Thủ
The coordinated set of processes and controls designed to ensure adherence to legal, regulatory, and internal policy requirements.
View termQuản lý vai trò
The process of defining, assigning, and controlling user roles and associated privileges within systems to enforce least privilege and separation of duties.
View termRủi ro bên thứ ba
The exposure to potential harm or loss resulting from external vendors, suppliers, contractors, or service providers who have access to the organization’s systems, data, or operations.
View termRủi ro quy định
The potential for losses or legal penalties resulting from non-compliance with laws, regulations, or mandatory standards governing business operations and information security.
View termSổ đăng ký rủi ro
A central repository listing identified organizational risks, their likelihood, impact, mitigation actions, and responsible parties, maintained as part of risk management processes.
View termTheo dõi khắc phục
The ongoing process of monitoring and managing corrective actions taken to resolve identified security or compliance issues.
View termThiếu sót kiểm soát
A weakness in the design or operation of a control that prevents it from effectively mitigating risk or achieving compliance.
View termThông báo về quyền riêng tư
A formal document that informs individuals about how their personal data is collected, used, stored, and protected by the organization, in compliance with privacy regulations.
View termThực thi chính sách
The process of ensuring that policies, standards, and procedures are implemented and followed within the organization, with mechanisms for monitoring and remediation.
View termTuân thủ chính sách
The degree to which organizational personnel follow established internal policies, procedures, and standards.
View termTuân thủ pháp lý
The state of adhering to all applicable laws, regulations, and legal obligations relevant to an organization's business and operations.
View termTuân thủ quy định
Adherence to laws, regulations, and standards applicable to the organization's operations and information security practices.
View termTài liệu chính sách
The comprehensive collection and maintenance of all written policies, procedures, and standards governing security, risk, and compliance within an organization.
View termTác động kinh doanh
The effect or consequence an incident, risk, or change has on an organization's operations, assets, individuals, or reputation, often measured in terms of financial loss, legal exposure, or operational disruption.
View termTác Động Đến Quyền Riêng Tư
The effect of a process, project, or system on the privacy of individuals, often measured and documented through a formal assessment (PIA).
View termTái xác nhận quyền truy cập
A formal process to periodically review and validate user access rights to systems and data to ensure only authorized personnel retain access, as required by regulatory and security policies.
View termTư thế bảo mật
The overall status of an organization’s cybersecurity policies, controls, capabilities, and readiness to detect, prevent, and respond to threats.
View termTối thiểu hóa dữ liệu
The principle and practice of limiting personal or sensitive data collection, processing, and retention to only what is necessary for a specified purpose.
View termTự Đánh Giá Kiểm Soát
Short for 'Control Self-Assessment'—an internal process where departments evaluate the design and effectiveness of their own controls.
View termVi Phạm Chính Sách
An act or omission that breaches or contradicts an established organizational policy, potentially leading to disciplinary action or compliance failure.
View termXem xét quản lý
A formal evaluation conducted by senior management to assess the adequacy and effectiveness of security, compliance, and risk management processes.
View termXác thực tuân thủ
The formal process of testing and confirming that systems, processes, and controls meet regulatory, contractual, and policy requirements.
View termXử lý dữ liệu
The processes and procedures for collecting, processing, storing, transmitting, and disposing of data in a secure and compliant manner.
View termXử lý ngoại lệ
The systematic process of identifying, logging, resolving, and reporting deviations from expected information security or operational processes.
View termĐào tạo an ninh
Instructional activities designed to equip personnel with the knowledge and skills to recognize, prevent, and respond to cybersecurity threats and incidents.
View termĐào tạo nhận thức
Education provided to personnel to raise awareness about security risks, threats, and safe practices, often as part of compliance requirements.
View termĐánh giá an ninh
A systematic evaluation of the security posture of systems, networks, and processes to identify vulnerabilities, threats, and weaknesses.
View termĐánh Giá Chính Sách
A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance with relevant standards, laws, and regulations. Policy reviews are scheduled or ad hoc assessments conducted by GRC teams as part of governance cycles.
View termĐánh Giá Chính Sách
A formal and systematic evaluation of organizational policies to ensure their adequacy, effectiveness, and compliance with relevant standards, laws, and regulations.
View termĐánh giá hình phạt
The formal process of determining and imposing financial or legal penalties for non-compliance with regulatory or contractual obligations.
View termĐánh giá khoảng cách
A structured review that compares current security controls and practices against required standards or frameworks to identify deficiencies.
View termĐánh giá kiểm soát
A formal evaluation of the design and effectiveness of security controls to determine whether they are operating as intended within an organization’s environment.
View termĐánh Giá Kiểm Soát
An assessment of security controls to determine their effectiveness, adequacy, and proper implementation within the organizational environment.
View termĐánh giá mối đe dọa
A structured process for identifying, evaluating, and prioritizing potential threats to an organization's assets, operations, or individuals.
View termĐánh giá nhà cung cấp
A structured evaluation of third-party providers’ security, compliance, and risk management practices prior to and during their engagement with the organization.
View termĐánh giá quy định
A systematic evaluation of processes, policies, and controls to ensure alignment with applicable regulatory requirements and standards.
View termĐánh giá rủi ro
The process of assessing the potential impact and likelihood of identified risks to determine their significance and guide mitigation efforts.
View termĐánh giá tác động
A systematic analysis of the consequences that an identified risk or incident could have on business operations, assets, or individuals.
View termĐường dây nóng đạo đức
A confidential reporting mechanism that allows employees and third parties to report ethical or compliance concerns anonymously.
View termĐộ trưởng thành kiểm soát
A measure of how well an internal control is designed, implemented, and operating as intended to mitigate risk and meet compliance objectives.
View termƯu tiên rủi ro
The process of ranking identified risks based on their likelihood, potential impact, and organizational risk appetite to inform resource allocation and response strategies.
View termỦy ban kiểm toán
A formally established group within an organization tasked with oversight of financial reporting, internal controls, risk management, and compliance auditing.
View termỦy ban quản trị
A formal group of executives and stakeholders responsible for overseeing information security, compliance, and risk management governance processes within an organization.
View termỨng phó sự cố
The structured approach to managing and addressing cybersecurity incidents, with processes for detection, containment, eradication, recovery, and post-incident review.
View term