Term 181
Policy assignment
Policy assignment is the process of attaching a set of rules or permissions to a specific resource, user, or group so that those rules are enforced in a cloud or IT environment.
Acronym study
Terms 181–210 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 181
Policy assignment is the process of attaching a set of rules or permissions to a specific resource, user, or group so that those rules are enforced in a cloud or IT environment.
Term 182
A policy definition is a formal rule or set of rules that specifies allowed or denied actions on resources within an IT environment, often used for governance, compliance, and security control.
Term 183
Policy enforcement is the process of implementing and ensuring compliance with defined security rules and configurations across an IT environment.
Term 184
Policy inheritance is the mechanism by which policies applied to a parent container in a hierarchical system automatically apply to all child objects within that container, unless explicitly blocked or overridden.
Term 185
Port security is a network switch feature that restricts which devices can connect to a port based on the device's MAC address, preventing unauthorized access.
Term 186
A preventive control is a security measure designed to stop unauthorized access, attacks, or errors before they can occur.
Term 187
Privacy in IT is the control over how personal data is collected, stored, used, and shared by systems and organizations.
Term 188
Privacy and security refer to the practices and technologies used to protect sensitive data from unauthorized access while ensuring individuals' rights over their personal information are respected.
Term 189
Privacy risk management is the ongoing process of identifying, assessing, and responding to risks that could compromise the confidentiality, integrity, or availability of personal data.
Term 190
Private Google Access lets virtual machines in a Google Cloud VPC reach Google APIs and services using private IP addresses, without needing public internet access.
Term 191
Privileged access is a special level of permission that allows a user or system to perform high-impact actions like installing software, changing system settings, or accessing sensitive data across an IT environment.
Term 192
Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.
Term 193
Pseudonymization is a data processing technique that replaces private identifiers with artificial identifiers, or pseudonyms, to protect personal data while still allowing for analysis and processing.
Term 194
Qualitative risk analysis is a subjective, scenario-based approach to prioritizing information security risks by evaluating their likelihood and potential impact using predefined scales rather than numerical calculations.
Term 195
A quality update policy is a set of rules and schedules that IT administrators use to control which Windows updates are deployed to devices to ensure stability, security, and compatibility.
Term 196
Quantitative risk analysis is a structured process that uses numerical data and statistical methods to calculate the potential financial impact of risks on an organization's assets and projects.
Term 197
RADIUS is a network protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service.
Term 198
RBAC is a method of restricting network access based on the roles of individual users within an organization, where permissions are assigned to roles rather than to individuals directly.
Term 199
Read-access geo-redundant storage (RA-GRS) is a cloud storage replication option that maintains three synchronous copies in one primary region and three asynchronous copies in a secondary region, while allowing read access to the secondary copy even during normal operations.
Term 200
A trusted, always-active component of a computer's operating system that enforces security policies by checking every access request to files, memory, or devices before allowing it.
Term 201
A regulatory requirement is a rule issued by a government or industry authority that organizations must follow, often to protect data, ensure safety, or maintain fair practices.
Term 202
Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.
Term 203
A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.
Term 204
A retention policy is a set of rules that determines how long an organization keeps its data and what happens to it when the retention period expires.
Term 205
A retry policy is a set of rules that automatically re-attempts a failed operation after a defined interval, up to a maximum number of tries.
Term 206
Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.
Term 207
Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.
Term 208
Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.
Term 209
Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.
Term 210
Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.