Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 8

Acronym study

CISSP Acronyms — Part 8 of 10

Terms 211–240 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 7Part 8 of 10Part 9 →

Term 211

Risk management

Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.

Full entry →
Full Risk management glossary entry →

Term 212

Risk mitigation

Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.

Full entry →
Full Risk mitigation glossary entry →

Term 213

Risk register

A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.

Full entry →
Full Risk register glossary entry →

Term 214

Risk score

A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.

Full entry →
Full Risk score glossary entry →

Term 215

Risk tolerance

Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.

Full entry →
Full Risk tolerance glossary entry →

Term 216

Risk transfer

Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.

Full entry →
Full Risk transfer glossary entry →

Term 217

Risk-based access

Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.

Full entry →
Full Risk-based access glossary entry →

Term 218

Risk-based vulnerability management

Risk-based vulnerability management is a cybersecurity approach that prioritizes the fixing of security weaknesses based on the level of risk they pose to an organization's specific environment, rather than just addressing all vulnerabilities in the order they are found.

Full entry →
Full Risk-based vulnerability management glossary entry →

Term 219

Rule-based access control

Rule-based access control (RuBAC) is a method of managing access to resources by evaluating a set of predefined rules that combine conditions such as time, location, device, and user attributes to allow or deny access.

Full entry →
Full Rule-based access control glossary entry →

Term 220

S3 bucket policy

An S3 bucket policy is a JSON-based resource-based access control document that defines who can access an Amazon S3 bucket and its objects, and what actions they can perform.

Full entry →
Full S3 bucket policy glossary entry →

Term 221

S3 lifecycle policy

An S3 lifecycle policy is a set of rules that automatically transitions objects between storage classes or deletes them after a specified time to optimize cost and manage data lifecycles.

Full entry →
Full S3 lifecycle policy glossary entry →

Term 222

Safeguard

A safeguard is a control, measure, or action designed to protect an organization's assets from threats, vulnerabilities, and risks.

Full entry →
Full Safeguard glossary entry →

Term 223

SAML

Security Assertion Markup Language (SAML) is an open standard that allows one system to securely tell another system that a user is who they say they are, without sharing the user's password.

Full entry →
Full SAML glossary entry →

Term 224

SDLC

The Software Development Life Cycle (SDLC) is a structured process used by IT teams to plan, create, test, and deploy software in a reliable and organized way.

Full entry →
Full SDLC glossary entry →

Term 225

Secure coding

Secure coding is the practice of writing software in a way that protects it from vulnerabilities and attacks by following security best practices throughout the development process.

Full entry →
Full Secure coding glossary entry →

Term 226

Secure enclave

A secure enclave is a dedicated, isolated hardware component within a processor that protects sensitive data and code from unauthorized access, even if the main operating system is compromised.

Full entry →
Full Secure enclave glossary entry →

Term 227

Security

Security in IT is the practice of protecting systems, networks, and data from unauthorized access, damage, or theft.

Full entry →
Full Security glossary entry →

Term 228

Security assessment

A security assessment is a systematic evaluation of an organization’s systems, networks, and applications to identify vulnerabilities, threats, and risks, and to recommend improvements.

Full entry →
Full Security assessment glossary entry →

Term 229

Security awareness

Security awareness is the ongoing practice of educating people within an organization about cybersecurity risks, safe behaviors, and their individual responsibilities to protect information assets.

Full entry →
Full Security awareness glossary entry →

Term 230

Security baseline

A security baseline is a documented minimum set of security configurations and settings that must be applied to a system, device, or network to ensure a known secure starting point.

Full entry →
Full Security baseline glossary entry →

Term 231

Security Command Center

Security Command Center is a centralized cloud security management platform that helps organizations detect, investigate, and respond to threats across their cloud infrastructure.

Full entry →
Full Security Command Center glossary entry →

Term 232

Security control

A security control is a safeguard or countermeasure designed to protect the confidentiality, integrity, and availability of information systems and data.

Full entry →
Full Security control glossary entry →

Term 233

Security defaults

Security defaults is a set of basic security settings in Microsoft Entra ID that automatically enables common protections like multifactor authentication for all users in a tenant.

Full entry →
Full Security defaults glossary entry →

Term 234

Security governance

Security governance is the framework of rules, policies, and processes that an organization uses to align its cybersecurity activities with its business goals and legal obligations.

Full entry →
Full Security governance glossary entry →

Term 235

Security group

A security group is a virtual firewall that controls inbound and outbound traffic to AWS resources, such as EC2 instances, based on defined rules.

Full entry →
Full Security group glossary entry →

Term 236

Security Hub

Security Hub is a cloud security posture management service that aggregates and prioritizes security alerts and compliance checks from multiple AWS services into a single place.

Full entry →
Full Security Hub glossary entry →

Term 237

Security kernel

The security kernel is the core, trusted part of an operating system that enforces access control and security policies for all system operations.

Full entry →
Full Security kernel glossary entry →

Term 238

Security misconfiguration

Security misconfiguration occurs when security settings are defined, implemented, or maintained incorrectly, leaving systems, applications, or networks vulnerable to unauthorized access or data breaches.

Full entry →
Full Security misconfiguration glossary entry →

Term 239

Security model

A security model is a formal framework that defines how subjects (users, processes) can access objects (files, resources) based on rules, ensuring confidentiality, integrity, and availability.

Full entry →
Full Security model glossary entry →

Term 240

Security operations center

A Security Operations Center (SOC) is a centralized team and facility that monitors, detects, analyzes, and responds to cybersecurity incidents across an organization's IT environment 24/7.

Full entry →
Full Security operations center glossary entry →
← Part 7Part 9 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8currentPart 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→