Onyxia Cybersecurity glossary defining compliances, acronyms, and cyber metrics. Learn about the common terms used, related to and referenced across the Onyxia Cybersecurity Performance Management platform.

Access Control Violations - Number of incidents where unauthorized access to systems or data occurred.

Backup and Recovery Success Rate - Percentage of successful backups and recoveries of critical systems.

Compliance Audit Results - Percentage of compliance audits passed successfully.

Cybersecurity Performance Indicator (CPI) - Cybersecurity metrics that provide quantitative information for you to report on and measure the value of your security program

Cybersecurity Performance Management (CPM) - CPM is the process of managing cybersecurity performance by utilizing CPIs (cybersecurity performance indicators) to track cybersecurity metrics that allow decision-makers to strategically allocate resources to best mitigate cybersecurity risk.

Data Breach Cost - Total cost incurred due to a data breach, including investigation, remediation, and legal fees.

Data Loss Prevention (DLP) Incidents - Number of incidents where sensitive data was lost or leaked.

Encryption Usage - Percentage of sensitive data that is encrypted.

False Positive Rate - Percentage of security alerts that are determined to be false positives.

Firewall Rule Compliance - Percentage of firewall rules that are compliant with security policies.

Incident Resolution Rate - Percentage of security incidents successfully resolved within a given period.

Incident Severity Levels - Distribution of incident severity levels to identify critical incidents.

Insider Threat Incidents - Number of security incidents caused by internal employees or partners.

ISO/IEC 27001 - ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS)

Key Risk Indicators (KRIs) - A metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization's risk appetite and have a profoundly negative impact on an organization's ability to be successful.

Malware Detection Rate - Percentage of malware detected and blocked by security systems.

Mean Time to Detect (MTTD) - Average time taken to detect a cybersecurity incident.

Mean Time to Respond (MTTR) - Average time taken to respond and mitigate a cybersecurity incident.

Mobile Device Security Compliance - Average time taken to respond and mitigate a cybersecurity incident.

Network Security Health - Evaluation of the overall health and security of the network infrastructure.

NIST - National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data.

Number of Security Incidents - Total number of security incidents reported within a specific time frame.

Password Strength - Average strength of passwords used within the organization.

Patching Compliance - Percentage of systems and software kept up to date with the latest security patches.

Phishing Click Rate - Percentage of employees who click on simulated phishing emails.

Phishing Simulation Success Rate - Percentage of employees who correctly identify and report simulated phishing emails.

Response Time to Security Alerts - Average time taken to respond to security alerts.

Security Awareness Score - Assessment of employees' knowledge and understanding of cybersecurity best practices.

Security Incident Containment Rate - Percentage of security incidents contained to prevent further damage.

Security Incident Response Plan Effectiveness - Evaluation of the effectiveness of the incident response plan.

Security Operations Center (SOC) Effectiveness - Assessment of the efficiency and effectiveness of the SOC.

Security Policy Violations - Number of incidents where security policies were violated.

SOC - System and Organization Controls, as defined by the American Institute of Certified Public Accountants, is the name of a suite of reports produced during an audit.

SOC 2 - A report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

Third-Party Security Assessments - Number of successful security assessments conducted on third-party vendors.

User Awareness Training Completion - Percentage of employees who have completed cybersecurity awareness training.

Vulnerability Remediation Time - Average time taken to address identified vulnerabilities.