A
- AI guardrails
- Engineered controls that constrain what an AI agent can do, see, or output across input filtering, behaviour control, and output checks.
B
- BISO
- Business Information Security Officer. Embedded within a business line; translates security between business and central InfoSec.
C
- CSP
- Content Security Policy. HTTP response header that constrains what scripts, styles, and other resources a browser will load on a page.
D
- DORA
- EU Digital Operational Resilience Act covering ICT risk for financial entities, in force 17 January 2025.
H
- HSTS
- HTTP Strict Transport Security. Tells browsers to only ever load this site over HTTPS, even if the user types `http://`.
I
- ICT third-party risk
- Risk arising from ICT services provided by third parties to a regulated entity, governed by DORA Article 28.
- ISMS
- Information Security Management System. The structured set of policies, processes, and controls that govern an organisation's security posture.
- ISO 27001
- International standard for an information security management system (ISMS). The 2022 revision is the current edition.
P
- PCI DSS v4
- Payment Card Industry Data Security Standard, version 4.0. Mandatory for any entity that stores, processes, or transmits cardholder data.
- Prompt injection
- Adversarial input crafted to override an AI agent's system instructions, escalating its privileges or extracting protected information.
V
- vCISO
- Virtual CISO. A senior security leader engaged on a fractional cadence rather than as a permanent hire.