Latest News: Plurilock Announces Four Cybersecurity Contract Renewals Totalling $1.19 Million Across Two Enterprise and Government Customers

Watch: Plurilock FY2024 Earnings Call

Live Now:

How EDR Killers are Changing Cybersecurity

Contact us today.Phone: +1 888 776-9234Email: sales@plurilock.com

Glossary Term

Cybersecurity Reference > Glossary

Frequently Asked Question

Sarbanes Oxley Act (SOX Act)

Definition

ANSWER

The Sarbanes Oxley Act of 2002, or SOX Act, is a US federal law establishing a variety of auditing and financial regulations for public companies.

Interpretive guidance from the US Securities and Exchange Commission (SEC) states that companies may be obligated under the law to disclose cybersecurity risks and incidents, and outlines the conditions under which such disclosures must take place.

In particular, companies are required to engage in cybersecurity disclosures when these risks or incidents are material to investors as the result of potential financial, legal, or reputational consequences.

The guidance also instructs companies to put in place controls and procedures to ensure that cybersecurity risks and incidences are properly disclosed, appropriately documented, and reflective of factual circumstances.

Downloadable References

PDF

Sample Governance Policy for AI Use

Sample, shareable addition for employee handbook or company policy library to provide governance for employee AI use.

PDF

Establishing Guardrails for AI Whitepaper

Generative AI is exploding, but workplace governance is lagging. Use this whitepaper to help implement guardrails.

PDF

Practical Cybersecurity Cheat Sheet

Cheat sheet for basics to stay secure, their ideal deployment order, and steps to take in case of a breach.

Other Plurilock Terms

Other Threat Terms

Abuse of Trust

AB

Account Enumeration

Account Misbinding

Account Recovery Abuse

ATO

Active Reconnaissance

APT

Adversary Objectives

Adversary Tradecraft

AiTM

Anomalous Authentication

Application Layer Attack

Attack Lifecycle

Attack Path

Backdoor Account

Botnet

BFA

Business Logic Flaw

Cloud Misconfiguration

C2

Compromise Path

Credential Exposure

Credential Harvesting

Credential Sharing

Credential Stuffing

Data Breach

Data Exfiltration Path

Defense Evasion

DoS

Deployment Attack Path

Dictionary Attack

DDoS

Domain Fronting

Employee Substitution

Exfiltration Readiness

Exploit Chaining

Exploit Kit

Exploit Readiness

Exploitability

Identity Spoofing

Inference Abuse

Initial Access Vector

Insider Threat

Intrusion

Lateral Movement

Lateral Privilege Escalation

License Sharing

LotL

Memory Injection

Model Hallucination Risk

Payload

Phishing

Post-Exploitation

Prompt Injection

Ransomware

RAT

RCE

Rootkit

Rubber Ducky Attack

Security Control Bypass

Silent Intrusion

Social Engineering

Spam

Spear Phishing

Tactics

Threat Actor

Threat Vector

Token Theft

Training Data Poisoning

Trojan Horse

Unauthorized Credential Use

User Carelessness

Virus

Vishing

Watering Hole Attack

Worm

Other Security Terms

Abuse Case

Access Path Analysis

Account Hygiene

Active Defense

Adversary Emulation

Adversary Playbook

AI Attack Surface

AI Model Exposure

Alert Fatigue

Allowlisting

API Penetration Testing

API Security

Application Attack Surface

Application Hardening

Application Security Testing

Asset Attribution

Asset Discovery

Asset Exposure

Asset Inventory

Assume Breach

Attack Graph

Attack Hypothesis

Attack Path Enumeration

Attack Path Inheritance

Attack Preconditions

Attack Readiness

Attack Replay

Attack Scenario

Attack Simulation

Attack Success Criteria

Attack Surface

Attack Surface

ASR

Attribution

Authentication Context

Authentication Strength

Authorization Drift

Authorization Graph

Baseline Deviation

Behavior Drift

Black Box Testing

Blast Radius Analysis

Blue Team

Breach Containment

Breach Impact Analysis

BYOD

Bug Bounty Program

Campaign Correlation

Campaign-Based Testing

Capability-Based Testing

Cloud Control Validation

Cloud Identity Drift

Cloud Native Security

Cloud Penetration Testing

Cloud Permission Sprawl

Cloud Risk Posture

Cloud Security Architecture

Cloud Security Assessment

Compromise Assessment

Compromise Dwell Analysis

CERT

Conditional Access

Confidence Scoring

Configuration Drift

Container Security

Containment

Containment Strategy

Contextual Access Control

Contextual Threat Intelligence

Continuous Discovery

Continuous Identity Assurance

Continuous Monitoring

Continuous Red Teaming

CTEM

Counter-Incident Operations

Counterfactual Attack Modeling

Credential Lifecycle

Critical Asset Protection

Crown Jewel Analysis

Cryptographic Agility

CIAM

Cyber Kill Chain

Cyber Resilience

Dark Web Monitoring

Data Access Path

Data at Rest

Data Contextualization

Data Exposure Risk

Data Flow Mapping

Data in Transit

DLP

Data Usage Analytics

Defense-in-Depth

Defensibility Assessment

Defensible Security Program

Detection Confidence

Detection Coverage Mapping

Detection Efficacy

Detection Engineering

Detection Gap Analysis

Detection Latency

DaC

Device Trust Posture

Digital Exhaust

DFIR

Digital Trust

Directory Services Hardening

Distributed Trust Model

DNS Security

Dwell Time

Emulation-Based Testing

EDR

Endpoint Hardening

Environment Parity Risk

Environmental Drift

Ephemeral Asset Risk

Executive Tabletop

Exposure Management

Exposure Validation

XDR

FAR

False Negative

FRR

First Responder Playbook

Forensic Readiness

Forward Defense

Forward Incident Response

Fraud Signal Correlation

Full-Scope Red Team

Fuzzing

Gray Box Testing

HVA

Hybrid Red Team

ICS and SCADA Security Testing

IAM or IdM

Identity Assurance

Identity Attack Surface

Identity Blast Radius

Identity Context

Identity Correlation

Identity Factor

Identity Lifecycle Risk

Identity Posture

Identity Proofing

ITDR

Identity-as-a-signal

In-Band

In-session detection

Incident Classification

Incident Escalation Matrix

IR

IRT

Incident Severity Rating

Incident Triage

IOC

Information Flow Control

Information Security

Infrastructure Drift

Infrastructure Exposure

Insider Risk Program

Integrity Monitoring

Invisible Authentication

IP Data Mapping

IP Exposure Surface

Isolation Strategy

JEA

JIT

Kerberos

Kill Chain Disruption

Kill Chain Mapping

Kill Switch

KBA

Kubernetes Security

Lateral Exposure

Least Privilege Enforcement

Lessons Learned

Log Integrity

Logging Coverage

Machine Identity

M2M

Malware

MTTD

MTTR

Misuse Case

Mitre ATT&CK Framework

MAST

Mobile Penetration Testing

Model Integrity

Multi-factor Authentication

Network Penetration Testing

NHI

Non-repudiation

Operational Decision Latency

Operational Dwell Reduction

Operational Security Effectiveness

OT Security

Orphaned Account

OOB

Out-of-Policy Access

Passive Authentication

Other Tech Terms

ALM

Account Provisioning

ADFS

Advanced Authentication

Air-Gapped Network

Alert Correlation

AWS

Anomaly Detection

AV

API Gateway

Application Control

ASPM

AI

ANN

ABAC

Behavioral Biometrics

Behavioral DLP

Biometrics

BAS

CA

CASB

Cloud Control Plane

CDR

CIEM

CNAPP

CSPM

CWPP

CMDB

CAE

Continuous Authentication

C-UAS

Cryptography

Data Encryption

Data Masking

DSPM

Decision Automation

Decryption

DMZ

Device-free MFA

DevSecOps Pipeline

Digital Certificate

Digital Signature

Dynamic Access Control

DAST

Egress Filtering

Encryption

Endpoint

Face ID or Facial Recognition

Federated Authorization

Federated Identity or Identity Federation

Fingerprint Scan

Firewall

Hashing

Honeypot

HIDS

Identity Control Plane

Identity Fabric

IGA

Identity Risk Engine

Identity Signal

IAP

ICS

IaC

Integrated GRC Platform

IoT

IDS

IPS

ITAM

KMS

Keystroke Dynamics

LLM

Machine Learning

MDR

MSSP

Micro-Segmentation

Mouse Dynamics

Multi-Tenancy

NVD

NAC

Network Segmentation

NIDS

NGFW

PTaaS

PDP

PEP

PaC

Proxy Server

PKI

Retina Scanner or Iris Scanner

RPA

RASP

SASE

SWG

SOC

SOAR

SMS Authentication

SCA

SDLC

SDP

SAST

Step-up Authentication

SCADA

Threat Feed

TIP

Tokenization

Trust Evaluation Engine

User Friction

VDI

VPN

Vulnerability Scanning

WAF

ZTA

ZTNA

Other Compliance Terms

23 NYCRR 500

Access Governance

Access Review

Access Transparency

ALE

Application Risk Profiling

Asset Criticality

Asset Ownership

Attestation

Audit Evidence

Audit Fatigue

Audit Program

Audit Scope Creep

Audit Trail Integrity

AAL

Board Risk Appetite Statement

Board Risk Reporting

BCP

Business Disruption Modeling

BIA

Business-Aligned Risk

CMM

Chain of Custody

Change Control

CISO

CIS CSC

Cloud Identity Governance

Compensating Control

Compliance Evidence Automation

Compliance Gap Analysis

Compliance Mapping

Compliance Scope Definition

Configuration Baseline

Continuous Authorization

cATO

CCM

Control Cost Efficiency

Control Coverage Gap

Control Effectiveness

Control Framework

Control Inheritance

Control Objective

Control Overlap

Control Rationalization

Control Testing

Control Validation

Control-to-Risk Traceability

Crisis Decision Velocity

Crisis Management

Cyber Operating Model

Cyber Risk Appetite

Cyber Risk Economics

CRQ

Cyber Risk Register

C-SCRM

Cybersecurity Maturity Assessment

CMMC

DAG

Data Classification

Data Minimization

Data Residency

Data Retention Policy

Data Risk Scoring

Data Sovereignty

DevSecOps Maturity Model

DRP

Dodd-Frank Act

Dynamic Risk Scoring

eDiscovery

EHR or EMR

ePHI or PHI

ERM

Enterprise Risk Register

Entitlement Review

Evidence Collection

Evidence Freshness

Executive Cyber Fluency

FAIR

FERPA

FISMA

FedRAMP

FFIEC Infosec Booklet

Financial Risk Modeling

FIPS Publication 200

Fourth-Party Exposure

Fourth-Party Risk

Governance

Governance Framework

GRC

GLBA

HITECH

HIPAA

IRP

Inherent Risk

IP

IP Concentration Risk

ISO 27001

KPI

KRI

LEF

Loss Magnitude

Material Cyber Risk

Materiality Threshold

Mission Impact Modeling

Multi-Cloud Governance

NFA Rulebook

NIST 800-171

National Institute of Standards and Technology Publication 800-53

NIST CSF

NERC CIP v5

Operational Dependency Risk

Operational Resilience

PCI DSS

POA&M

PLE

RPO

RTO

Regulatory Compliance

Residual Risk

Risk Acceptance

Risk Acceptance Rationale

Risk Aggregation

Risk Aggregation Bias

Risk Communication

Risk Confidence Interval

Risk Decomposition

Risk Distribution Curve

Risk Heat Map

Risk Mitigation

Risk Normalization

Risk Owner

Risk Scenario Modeling

Risk Sensitivity Analysis

Risk Signal Quality

Risk Transfer

Risk Treatment

Risk Velocity

SOX Act

Scenario Severity Modeling

SEC

Security Control Baseline

Security Control Ownership

Security Policy

Security Program Maturity

Security ROI

SOC 2

Shared Responsibility Model

SBOM

Stakeholder Impact Mapping

Supervisory Expectation Mapping

SSP

TPRM

Tolerance Threshold

Top Risk Narrative

Uncertainty Modeling

Vendor Concentration Risk

Vendor Risk Assessment

Zero Trust Maturity Model

Related

Cybersecurity Reference >

Frequently Asked Questions >

Plurilock Blog

The $1 Trillion Software Selloff and What It Means for Cybersecurity

Early 2026’s Breach Disclosures Reveal the Real Cost of Data at Scale

Your LLM Infrastructure Is Already on Attacker Target Lists

CISOs Are Now Chief Resilience Officers, Leading Companies Through the AI Security Paradox

IAM Automation Is Fraught, But Increasingly Necessary. Here’s How to Approach It.

ICS and OT Systems are Becoming More Frequent Cyber Attack Targets

Enterprise IT and Cyber Services

Zero trust, data protection, IAM, PKI, penetration testing and offensive security, emergency support, and incident management services.

Schedule a Consultation:
Talk to Plurilock About Your Needs

loading...

Thank you.

A plurilock representative will contact you within one business day.

Contact Plurilock
+1 (888) 776-9234 (Plurilock Toll Free)
+1 (310) 530-8260 (USA)
+1 (613) 526-4945 (Canada)

sales@plurilock.com

Your information is secure and will only be used to communicate about Plurilock and Plurilock services. We do not sell, rent, or share contact information with third parties. See our Privacy Policy for complete details.

More About Plurilock™ Services

(Beyond) Governance, Risk, and Compliance

→

Adversary Simulation and Readiness Services

→

AI Risk Assessment Services

→

Application and API Testing

→

Cloud Access Security Broker (CASB) Services

→

Cloud Governance

→

Cloud Guardrails Solutions

→

Cloud Visibility Assurance

→

Data Protection as a Service (DPaaS)

→

Data Protection Services

→

Emergency Support Services

→

Identity and Access Management (IAM) Services

→

Multi-Cloud Hardening

→

OT/ICS/SCADA Testing

→

Penetration Testing as a Service (PTaaS)

→

Public Key Infrastructure (PKI) Services

→

Ransomware and BEC Simulation Services

→

SOC Operations and Support

→

Social Engineering Testing Services

→

Zero Trust Maturity Assessment Services

→