An attack vector is a specific path or technique that an attacker uses to try to get into an IT system.
= “Bring your own device": Employees use their (private) devices for professional activities – mostly smartphones or notebooks.
The BSI ( = Bundesamt für Informationssicherheit, in English 'Federal Office for Information Security') sets important security standards in Germany and beyond.
“Cloud" as short form for “cloud computing" means that computing power, software or storage space is made available in a spatially remote data center. Access is possible from anywhere via the Internet.
CVE stands for “Common Vulnerabilities and Exposures". A uniform numbering system is used to give a unique name and to categorize vulnerabilities and security gaps continuously.
The Common Vulnerability Scoring System is a rating system that ranks CVEs by severity and presents key characteristics of the vulnerability. The numerical value of the CVSS can be converted into a qualitative representation (e.g. low, medium, high, and critical). Although the CVSS usually refers to the CVE list, these two systems exist independently.
This broad term refers to the protection of all IT systems, networks and data, as well as end devices connected to the Internet (PC, smartphone) against attacks.
“Coporate-Owned, Personally Enabled" means that work devices such as smartphones are provided by the company, but private use is permitted.
The three security-relevant areas of “Governance, Risk & Compliance" are brought together in a holistic view in companies in order to deal efficiently with risks, act with integrity and achieve goals.
A “Key Risk Indicator" is a key figure used to assess a potential risk.
A “Key Performance Indicator" provides information about performance or achievement of targets in the company.
“Mobile Device Management" is used to administrate and manage the mobile devices of a company.
The “OS Harmony" is a metric that indicates the complexity in terms of the number of mobile operating systems used.
Patching is the process of closing security gaps or correcting an error by updating software or operating systems.
Risk Management means the identification and evaluation of all risks of a company.
Resilience is the ability to respond quickly to change. In companies, resilience can be improved, for example, through risk management and emergency planning.
Vulnerability refers to security gaps in corporate networks that can be exploited by attackers.
Attackers are exploiting a security vulnerability that has just been made public, even before it could be closed.