ITASC glossary

Terms that you need to know about Security, Compliance & Audit




Cyber Security


IT Risk Management
It is the process of identifying, assessing, and mitigating risks associated with information technology (IT) systems, infrastructure, and operations within an organization. It’s an ongoing and iterative process. It requires collaboration among IT teams, risk management professionals, and stakeholders to ensure that IT risks are identified, assessed, and managed effectively.

Network Risk Assessment
A process of evaluating and analyzing the potential risks and vulnerabilities in an organization’s network infrastructure. It involves assessing the security posture of the network to identify weaknesses, potential threats, and areas that require improvement.

Risk Management Methodology
A systematic approach or framework used to identify, assess, mitigate, and monitor risks within an organization or project. It provides a structured process for understanding, evaluating, and managing risks to minimize their potential impact and maximize opportunities for success.

SOC for Cyber Security
SOC (System and Organization Controls) for Cybersecurity is a framework and attestation report developed by the American Institute of CPAs (AICPA) to assess, service organization’s cybersecurity posture and risk management program.

TPRM – Third Party Risk Management
It refers to the process of identifying, assessing, and managing the risks associated with engaging third-party vendors, suppliers, contractors, or service providers. TPRM is crucial because organizations often rely on third parties to perform critical functions or handle sensitive data, and any risks arising from these relationships can impact the organization’s operations, reputation, and compliance with regulations.

Vendor Risk Assessment
Vendor risk assessment, also known as third-party risk assessment or supplier risk assessment, is the process of evaluating and assessing the potential risks associated with third-party vendors or suppliers.