Information security glossary
Clear, direct definitions on cybersecurity, compliance and standards — written by Certi360 experts in Laval, Quebec.
This glossary answers the most common questions about information security in Quebec. Each definition starts with the essentials — the format most useful for search engines and AI assistants.
- ISO 27001
-
ISO 27001 is the international standard for information security management. It defines requirements to establish, implement and maintain a certifiable information security management system (ISMS) audited by an external body.
- Bill 25
-
Bill 25 modernizes the protection of personal information in Quebec. It requires informed consent, transparency, data security, incident notification and appointing a person responsible for the protection of personal information (PRPI).
- Pentest
-
A pentest (penetration test) is an authorized attack simulation aimed at identifying and exploiting vulnerabilities in a system, network or application before a malicious attacker does.
- ISMS
-
An information security management system (ISMS) is the documented framework — policies, processes, roles and controls — an organization puts in place to manage information risks in line with ISO 27001.
- OWASP ASVS
-
The OWASP Application Security Verification Standard (ASVS) is a security control framework for web applications, organized in three rigour levels. It underpins application security audits.
- SOC 2
-
SOC 2 (Service Organization Control 2) is an American audit report based on Trust Services Criteria (security, availability, processing integrity, confidentiality, privacy). Cloud service providers use it to reassure clients.
- PCI DSS
-
PCI DSS (Payment Card Industry Data Security Standard) is the set of security requirements for organizations that process, store or transmit payment card data.
- vCISO
-
A vCISO (virtual Chief Information Security Officer) provides part-time strategic information security leadership without a full-time hire. They steer governance, risk prioritization and security initiative planning.
- SIEM
-
A SIEM (Security Information and Event Management) centralizes and correlates security event logs from multiple sources (servers, firewalls, applications) to detect incidents and support investigation.
- DMARC
-
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email protocol that prevents domain spoofing using SPF and DKIM. It reduces phishing and improves email deliverability.
- PRPI
-
The person responsible for the protection of personal information (PRPI) is designated by an organization to oversee Bill 25 compliance. They act as the contact point for individuals and the Commission d'accès à l'information.
- CVSS
-
CVSS (Common Vulnerability Scoring System) is an open standard for rating the severity of IT vulnerabilities on a 0–10 scale. Pentest reports often use CVSS to prioritize fixes.