Kooch Cybersecurity & Compliance – Technical Terms Wiki
Mechanisms ensuring only authorized users can access systems, networks, or data.
The set of 114 reference security controls listed in ISO/IEC 27001 that organizations can choose from to manage risks.
A structured list of all information assets (servers, databases, documents) needed for risk assessments under ISO 27001.
The mandatory process of informing regulators and affected data subjects about a personal data breach within legal timeframes.
A framework ensuring critical business functions continue during and after incidents (e.g., cyberattacks, outages).
A mandatory privacy notice under Turkish law (KVKK) informing individuals how their data is processed.
Practices and technologies (IAM, encryption, monitoring) to secure data and applications hosted in cloud platforms such as AWS, Azure, and GCP.
The continuous process of monitoring, auditing, and updating organizational practices to meet laws like KVKK and GDPR.
A website popup requesting users’ consent for cookies and trackers as required under GDPR/KVKK.
Turkey’s mandatory registry where organizations must list their personal data processing activities.
The process of identifying how personal data flows through an organization (collection, storage, transfers).
A legal contract between a data controller and processor that defines obligations for handling personal data.
A structured risk assessment for projects that process sensitive or high-risk personal data.
A formal request by an individual to access, correct, or delete their personal data.
A designated role responsible for overseeing data protection compliance and liaising with regulators.
A local representative appointed by foreign companies to meet KVKK requirements for handling Turkish personal data.
A network security device or software that filters incoming/outgoing traffic based on predefined security rules.
An audit that compares current data protection practices against regulatory requirements to identify compliance gaps.
The EU’s data privacy regulation, setting standards for personal data collection, storage, and use.
Tools that monitor and potentially block malicious activity on networks.
A structured process for detecting, managing, and recovering from cybersecurity incidents.
A documented management framework aligning with ISO 27001 for managing and improving information security.
The international standard for information security management systems, widely recognized for audits and certifications.
Turkey’s Personal Data Protection Law, similar in scope to the EU’s GDPR.
A confidentiality agreement protecting sensitive business or client information.
Safeguards (firewalls, VPNs, IDS/IPS) to protect networks against unauthorized access or cyberattacks.
A legal statement informing individuals how their personal data will be used (required by both KVKK and GDPR).
Insurance covering consulting errors or negligence in data protection services.
A structured evaluation of threats, vulnerabilities, and potential impacts on organizational assets.
A GDPR/KVKK requirement to maintain an internal log of how personal data is processed.
The defined boundaries of an ISO 27001 implementation (e.g., which departments, systems, and data types are covered).
A governance framework ensuring goals are Specific, Measurable, Achievable, Relevant, and Time-bound.
ISO 27001 document listing all security controls chosen or excluded, with justifications.
See Data Controllers’ Registry.