Browse the knowledge substrate.

IT Governance Frameworks

IT governance frameworks are structured bodies of guidance, processes, and practices that define how an organization …

Postimplementation Review

A postimplementation review (PIR) is a formal evaluation conducted after a system or project has gone live to determi…

Systems Development Lifecycle

The Systems Development Lifecycle (SDLC) is a structured framework that defines the phases, activities, roles, and co…

Access Control Concepts

Access control is the set of policies, mechanisms, and procedures that regulate which subjects — users, processes, or…

Security Governance Framework

An information security governance framework is the collection of leadership structures, policies, accountabilities, …

Incident Classification

Incident classification is the process of categorizing a detected security event by its type, severity, affected asse…

Security Program Development

An information security program is the comprehensive, coordinated set of policies, standards, procedures, controls, a…

Risk Appetite and Tolerance

Risk appetite is the aggregate level and type of information security risk that an organization is willing to accept …

IT Risk Governance

IT risk governance is the set of organizational structures, policies, and accountability mechanisms through which an …

Risk Identification

Risk identification is the systematic process of discovering, categorizing, and documenting potential threats and vul…