Segments

Security & Compliance

This cluster provides a comprehensive perspective on security and compliance topics that are crucial for organizations.

Model order
  1. Knowledge domains
  2. /Thematic areas
  3. /Segments
  4. /Building blocks
View
Segment
Type
Classification
MethodCompliance, Audit & Assurance

Audit

Systematic, independent evaluation of processes, systems and compliance to identify risks and ensure quality.

#Governance#Security
ConceptCompliance, Audit & Assurance

Assurance

Concept for ensuring quality, reliability and compliance across the software lifecycle.

#Reliability#Governance
ConceptCompliance, Audit & Assurance

Compliance

Compliance refers to adherence to laws, regulations, and internal policies by organizations.

#Governance#Architecture
ConceptIdentity & Access

Access Control

Access control involves security mechanisms to regulate and monitor access to systems and data.

#Data#Analytics
ConceptIdentity & Access

Authentication

A process for verifying the identity of a user.

#Data#Analytics
ConceptIdentity & Access

Authorization

Authorization is a critical process to ensure that users have access to specific resources.

#Data#Analytics
ConceptIdentity & Access

Identity Management

Concept for centralized management of digital identities, authentication and authorization across systems.

#Security#Integration
MethodPrivacy & Data Protection

Data Protection Impact Assessment (DPIA)

The Data Protection Impact Assessment (DPIA) is an essential process for evaluating the impacts of data processing activities on individuals' privacy.

#Data#Governance
ConceptPrivacy & Data Protection

Data Protection

Protection of personal and sensitive data through organizational, technical and legal measures.

#Security#Governance
ConceptPrivacy & Data Protection

Privacy

Core principles and measures for protecting personal data that guide technical and organizational decisions.

#Data#Security
MethodSecure Delivery & Operations

Vulnerability Management

Continuous process for identifying, assessing and remediating security vulnerabilities in IT systems.

#Security#Governance
ConceptSecure Delivery & Operations

Secure Software Development Lifecycle (SSDLC)

Concept for systematically integrating security across all phases of the software lifecycle.

#Security#Software Eng.
ConceptSecure Delivery & Operations

Security Operations

Security Operations orchestrates detection, analysis and response to security incidents to ensure the confidentiality, integrity and availability of systems.

#Security#DevOps
ConceptSecurity Architecture & Controls

Defense in Depth

Layered security principle that reduces risk through overlapping controls.

#Security#Architecture
ConceptSecurity Architecture & Controls

Security Architecture

A concept for the structural design of security capabilities in IT landscapes that defines principles, patterns and interfaces for protection measures.

#Security#Architecture
ConceptSecurity Architecture & Controls

Security Controls

Security controls are defined technical and organizational measures to reduce security risks and ensure confidentiality, integrity and availability. They form the foundation for compliance, operational security and incident response.

#Security#Governance
MethodThreat Modeling & Risk

Risk Assessment

A systematic approach to identifying, assessing, and prioritizing risks.

#Quality Assurance#Data
MethodThreat Modeling & Risk

Threat Modeling

A structured method for identifying and assessing potential threats and vulnerabilities in a system.

#Security#Governance
ConceptThreat Modeling & Risk

Risk Management

Risk management involves identifying, analyzing, and responding to risks in a project or organization.

#Delivery#Governance