Glossary
GRC
A way of steering security as a genuine business matter: governance, risk management and compliance with the rules.
GRC brings together three things: deciding who steers security (governance), identifying and treating risks, and meeting legal obligations (compliance). It serves to treat cybersecurity as a leadership issue, not just a technical subject. It connects security decisions to the organisation's priorities and budget.
See also
Identity and access management (IAM)The set of tools that manage accounts and decide who is allowed to access what.PhishingA message that impersonates a trusted body (bank, tax office, boss) to trap you and steal your passwords or your money.InfostealerA malicious program that rummages through your device to steal passwords, cookies and banking data.Social engineeringThe manipulation of people (trust, fear, urgency) to push them into doing what the attacker wants.