AI – Artificial Intelligence
AICPA – American Institute of Certified Public Accountants
ALARP – As Low As is Reasonably Practicable
AML – Anti–Money Laundering
ANSI – American National Standards Institute
APRA – Australian Prudential Regulation Authority
B2B – Business to Business
B2C – Business to Consumer
B2G – Business to Government
BC – Business Continuity
BCBS – Basel Committee for Banking Supervision
BCM – Business Continuity Management
BCMS – Business Continuity Management System
BCP – Business Continuity Plan
BCP – Business Continuity Planning
BIA – Business Impact Analysis
BIS – Bank for International Settlements
BRP – Business Resumption Plan
BS – British Standard
BSI – British Standards Institute
BYOD – Bring Your Own Device
CBA – Cost Benefit Analysis
CD – Committee Draft
CDD – Customer Due Diligence
CEN – European Committee for Standardization
CENELEC – European Committee for Electrotechnical Standardization
CEO – Chief Executive Officer
CERT – Computer Emergency Response Team
CFaR – Cash Flow at Risk
CFO – Chief Financial Officer
CIM – Critical Incident Management
CIO – Chief Information Officer
CISO – Chief Information Security Officer
CMP – Crisis Management Plan
COBIT – Control OBjectives for Information and related Technology
COOP – Continuity Of OPerations
COSO – Committee of Sponsoring Organizations
CP – Contingency Plan
CPO – Chief Privacy Officer
CRO – Chief Risk Officer
CRUD – Create, Read/Retrieve, Update, Delete/Destroy
CSAM – Cyber Security Assessment and Management
C–SCRM – Cyber Supply Chain Risk Management
CSF – Critical Success Factor
CSRM – Cybersecurity Risk Management
CSRR – Cybersecurity Risk Register
CURF – Core Unified Risk Framework
DIS – Draft International Standard
DPIA – Data Protection Impact Assessment
DR – Disaster Recovery
DRM – Disaster Risk Management
DRP – Disaster Recovery Plan
DRP – Disaster Recovery Planning
EAD – Exposure At Default
EL – Expected Loss
EMS – Environmental Management Systems
EN – European Standard
ENAS – Emergency Notification Alert System
EnMS – Energy Management Systems
ERA – European Railway Agency
ERM – Enterprise-wide Risk Management
ERM – Enterprise Risk Management
ERP – Emergency Response Plan
ERP – Enterprise Risk Profile
ERR – Enterprise Risk Register
ERSC – Enterprise Risk Steering Committee
ERT – Emergency Response Team
ETA – Event Tree Analysis
ETSI – European Telecommunications Standards Institute
FDIS – Final Draft International Standard
FEMA – Federal Emergency Management Agency
FERMA – Federation of European Risk Management Associations
FIRST – Forum of Incident Response and Security Teams
FMEA – Failure Mode and Effect Analysis
FMECA – Failure Modes, Effects and Criticality Analysis
FOIA – Freedom of Information Act
FTA – Fault Tree Analysis
GAGAS – Generally Accepted Government Auditing Standards
GDPR – General Data Protection Regulation
GPN – Good Practice Note
GRC – Governance/Risk/Compliance
HACCP – Hazard Analysis and Critical Control Points
HAZOP – HAZard and OPerability analysis
HIRA – Hazard Identification and Risk Assessment
HRA – Human Reliability Assesment
HVA – High Value Asset
IAS – International Accounting Standards
ICT – Information and Communications Technology
IEC – International Electrotechnical Commission
IFRS – International Financial Reporting Standards
IMF – International Monetary Fund
IoT – Internet of Things
IRR – Investment Risk Reserve
ISCM – Information Security Continuous Monitoring
ISO – International Organization for Standardization
ISRA – Information Security Risk Assessments
ISRM – Information Security Risk Management
IT – Information Technology
ITSCM – IT Service Continuity Management
KPI – Key Performance Indicator
KRI – Key Risk Indicators
KYC – Know Your Customer
KYCC – Know Your Customer’s Customer
LGD – Loss Given Default
LOPA – Layers Of Protection Analysis
MBCO – Minimum Business Continuity Objective
MCDA – MultiCriteria Decision Analysis
MTBF – Mean Time Between Failures
MTBSI – Mean Time Between Service Incidents
MTD – Maximum Tolerable Downtime
MTPD – Maximum Tolerable Period of Disruption
MTRS – Mean Time to Restore Service
MTTR – Mean Time To Repair
NIST – National Institute of Standards and Technology
NISTIR – National Institute of Standards and Technology Interagency or Internal Report
OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation
OHS – Occupational Health and Safety
PAIRS – Probability and Impact Rating System
PD – Probability of Default
PEP – Politically Exposed Person
PFMEA – Process Failure Mode and Effects Analysis
PHA – Preliminary Hazard Analysis
PIA – Privacy Impact Assessment
PII – Personal Identifiable Information
RA – Risk Assessment
RACI – Responsible, Accountable, Consulted, Informed
RAF – Risk Assessment Framework
RAMS – Reliability Availability Maintainability and Safety
RAR – Risk Assessment Report
RAROC – Risk Adjusted Return On Capital
RARORAC – Risk Adjusted Return On Risk Adjusted Capital
RBIA – Risk Based Internal Audit
RCA – Root Cause Analysis
RCB – Rządowe Centrum Bezpieczeństwa
RMF – Risk Management Framework
RORAC – Return On Risk Adjusted Capital
RPO – Recovery Point Objective
RTL – Risk Tolerance Limit
RTO – Recovery Time Objective
RTS – Risk Tolerance Statement
SEI – Software Engineering Institute
SLA – Service Level Agreement
SMART – Specific, Measurable, Achievable, Relevant, Time–bound
SP – Special Publication
SPOC – Single Point of Contact
SPOF – Single Points of Failure
SWIFT – Structured ‘‘What–If’’ Technique
SWOT – Strengths, Weaknesses, Opportunities, Threats
TC – Technical Committee
ToR – Terms of Reference
VaR – Value at Risk
