Skip to content

Glossary

Cybersecurity | Data protection

Understanding the vocabulary of cybersecurity, information security, and data protection is essential to grasp the challenges and key concepts of these fields. This glossary provides clear and concise definitions of the terms most commonly used.

Table of Contents – Cybersecurity Glossary

1. Standards and Certifications

ISO 27001

The leading international standard for information security. It defines best practices that help organizations protect their data, manage risks related to the confidentiality, integrity, and availability of information, and implement an Information Security Management System (ISMS). ISO 27001 certification demonstrates an organization’s commitment to information security and the protection of its information systems.

ISO 27701

An international standard dedicated to privacy and the protection of personal data. Designed as an extension of ISO 27001, it helps organizations implement controls to safeguard personal information, strengthen compliance with data protection regulations (such as the Swiss FADP, GDPR, and others), and demonstrate their commitment to privacy management.

ISO 42001

The first international standard focused on Artificial Intelligence (AI) governance. ISO 42001 helps organizations establish policies and processes to govern the use of AI, manage associated risks, and ensure responsible, transparent, and regulatory-compliant AI practices.

Cyber-Safe

A Swiss cybersecurity label that enables organizations to assess and strengthen the protection of their information systems and data. It is based on a set of technical, organizational, and human criteria designed to demonstrate a level of security appropriate to today’s digital threats.

Gap Analysis

A Gap Analysis compares an organization’s current practices with the requirements of a standard, regulation, or framework. It helps identify areas for improvement and the actions needed to achieve the desired level of compliance. This assessment is typically conducted at the beginning of a compliance project or in preparation for a certification audit.

2. Data Protection

LPD (Swiss Federal Act on Data Protection – FADP)

The Swiss Federal Act on Data Protection (FADP) is Switzerland’s data protection law governing the use and protection of personal data. It requires organizations to implement appropriate measures to safeguard personal information and protect individuals’ privacy. The FADP applies to any organization processing personal data in Switzerland and establishes requirements for transparency, security, and incident management.

GDPR

The General Data Protection Regulation (GDPR) is the European Union’s data protection regulation that safeguards the personal data of individuals within the EU. It governs how organizations collect, use, store, and share personal information. The GDPR sets strict requirements for transparency, privacy, and data security. It also applies to organizations outside the EU if they process the personal data of EU residents.

DPIA (Data Protection Impact Assessment)

A Data Protection Impact Assessment (DPIA) is an assessment used to identify and evaluate the risks associated with processing personal data. It helps organizations implement appropriate measures to protect individuals’ privacy. A DPIA is generally required when a processing activity is likely to result in a high risk to individuals’ rights and freedoms or involves sensitive personal data.

Record of Processing Activities (RoPA)

A Record of Processing Activities (RoPA) is a document that lists all personal data processing activities carried out by an organization. It describes, among other things, what personal data is collected, the purposes for which it is processed, who has access to it, and how long it is retained. Maintaining a RoPA is a key requirement for demonstrating compliance with the GDPR and the Swiss FADP, and it facilitates audits and inspections by supervisory authorities.

3. Governance, Risk & Compliance (GRC)

GRC (Governance, Risk & Compliance)

Governance, Risk & Compliance (GRC) is a strategic approach that helps organizations manage their operations effectively while controlling risks and ensuring compliance with applicable laws, regulations, and standards. It enables organizations to streamline processes, anticipate risks, and make better-informed decisions. A well-implemented GRC framework strengthens security, compliance, and overall organizational performance.

Risk Assessment

A Risk Assessment is the process of identifying events that could impact an organization, whether related to security, operations, or information systems. It helps evaluate the likelihood and potential impact of these risks and determine the appropriate measures to prevent them or reduce their consequences. This process is essential for protecting organizational assets and supporting informed security and risk management decisions.

Risk Mapping

Risk Mapping provides a visual overview of all identified risks within an organization. Risks are typically categorized according to their likelihood of occurrence and potential impact. This consolidated view helps identify the most critical risks, prioritize mitigation efforts, and monitor how risks evolve over time.

Compliance Frameworks

Compliance Frameworks are collections of standards, regulations, and best practices that organizations can adopt to meet their legal and regulatory obligations while improving risk management. They define requirements related to information security, data protection, governance, and risk management. Well-known frameworks include ISO 27001, ISO 27701, the GDPR, and the Swiss Federal Act on Data Protection (FADP).

4. Cybersecurity

Phishing

Phishing is a cyberattack technique used by threat actors to obtain sensitive information such as passwords, banking details, or business data. Attackers impersonate trusted organizations through fraudulent emails, messages, or websites to deceive victims into disclosing confidential information. Phishing is one of the most common cybersecurity threats today and can have serious consequences for both organizations and individuals.

Phishing Simulations

Phishing Simulations are controlled email-based exercises designed to assess employees’ ability to recognize and respond to phishing attempts. By recreating realistic attack scenarios, they help identify risky behaviors and measure the effectiveness of security awareness programs. These exercises enable organizations to strengthen security best practices and reduce risks associated with human error.

Incident Response

Incident Response refers to the processes and actions taken to detect, manage, and resolve cybersecurity incidents, such as cyberattacks, data breaches, or system compromises. Its primary objectives are to minimize business disruption, restore affected services as quickly as possible, and prevent similar incidents from occurring in the future. A well-defined incident response plan enables organizations to respond effectively to cyber threats and improve their overall resilience.

Cybersecurity Audit

A Cybersecurity Audit is an assessment that evaluates the security posture of an organization’s information systems, infrastructure, and security practices. It helps identify vulnerabilities, security risks, and gaps in compliance with security standards or regulatory requirements. The audit findings provide actionable recommendations to strengthen the protection of data, systems, and digital assets.

Penetration Testing (Pentest)

A Penetration Test (Pentest) is a controlled security assessment that simulates a cyberattack to identify vulnerabilities that could be exploited by malicious actors. It evaluates the resilience of a system, application, or network against real-world threats. The results help organizations remediate security weaknesses and improve their overall cybersecurity posture.

OSINT (Open Source Intelligence)

Open Source Intelligence (OSINT) is the process of collecting and analyzing publicly available information to generate actionable intelligence. In cybersecurity, OSINT is used to identify information exposed on the internet, assess an organization’s digital footprint, and detect potential risks associated with its online presence. This enables organizations to better understand and reduce their exposure to cyber threats.

SOC (Security Operations Center)

A Security Operations Center (SOC) is a dedicated team or function responsible for continuously monitoring an organization’s information systems for security threats. Its role is to detect suspicious activity, analyze security alerts, and respond rapidly to incidents. Through continuous monitoring and threat detection, a SOC helps organizations defend against cyberattacks and minimize their impact.

5. Information Security Management

ISMS (Information Security Management System)

An Information Security Management System (ISMS) is a structured framework that enables an organization to protect its information in a systematic and sustainable way. It brings together the policies, processes, and security controls required to ensure the confidentiality, integrity, and availability of information. An ISMS helps organizations manage security risks, comply with regulatory requirements, and strengthen their overall cybersecurity strategy.

Information Asset Management

Information Asset Management is the process of identifying, inventorying, and protecting an organization’s critical information assets, including data, documents, applications, IT equipment, and business knowledge. It enables organizations to determine which assets are most valuable, assess the risks associated with them, and implement appropriate security measures. Effective information asset management enhances information security and supports business continuity.

Surveillance Audit

A Surveillance Audit is a periodic audit conducted after an organization has achieved certification to verify its continued compliance with the requirements of the applicable standard. It ensures that processes remain effective, best practices continue to be followed, and improvement actions are implemented and monitored over time. In the context of ISO 27001, surveillance audits are essential for maintaining certification and driving the continual improvement of the Information Security Management System (ISMS).

6. Cybersecurity and Data Protection Roles

DPO (Data Protection Officer)

A Data Protection Officer (DPO) is responsible for ensuring that an organization complies with data protection laws and regulations. The DPO advises teams, supports projects involving personal data, promotes awareness among employees, and helps ensure that data protection best practices are consistently applied. The DPO also serves as a point of contact for supervisory authorities and individuals exercising their data protection rights.

CISO (Chief Information Security Officer)

The Chief Information Security Officer (CISO) is responsible for overseeing an organization’s information security strategy. The CISO defines the cybersecurity roadmap, manages information security risks, and ensures the protection of data, systems, and digital infrastructure. This role combines strategic leadership with operational oversight by developing security policies, coordinating technical teams, and ensuring compliance with applicable standards and regulations.

ISMS Manager

An ISMS Manager is responsible for implementing, maintaining, and continually improving an organization’s Information Security Management System (ISMS). The role includes ensuring the effective application of security policies, coordinating risk management activities, and maintaining compliance with the requirements of ISO 27001. The ISMS Manager also plays a central role in coordinating compliance initiatives, preparing for audits, and ensuring the ongoing effectiveness of the information security management system.

Lead Implementer

A Lead Implementer is a certified professional who helps organizations implement and achieve compliance with internationally recognized standards such as ISO 27001, ISO 27701, and ISO 42001. They guide organizations throughout the implementation process, from designing management processes to preparing for certification audits. This certification demonstrates the expertise required to successfully lead management system implementation projects.

Lead Auditor

A Lead Auditor is a certified professional qualified to plan, conduct, and supervise audits against internationally recognized standards such as ISO 27001, ISO 27701, and ISO 42001. Their role is to assess whether an organization complies with the requirements of the applicable standard, identify nonconformities, and recommend opportunities for improvem

Privacy Policy Summary

This site uses cookies so that we can provide you with the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team understand which sections of the site you find most interesting and useful.

To learn more, please see our privacy policy.