Glossary
ISSP (security policy)
The reference document that sets an organisation's security rules, objectives and responsibilities.
The ISSP (information systems security policy) sets out in writing an organisation's main security rules and who is responsible for what. It translates leadership's priorities into concrete principles, then broken down into procedures. To be of any use, it must be championed by leadership, known to all and kept up to date.
See also
Cyber Resilience Act (CRA)A European regulation that imposes cybersecurity requirements on digital products sold in Europe.Shared responsibility modelIn the cloud, the split of security roles between the provider and the customer depending on the type of service.Network segmentationDividing a network into walled-off zones to stop an attack from spreading everywhere.OSINTThe collection of information from public sources, useful to attackers and defenders alike.