Chapter 1 Flashcards
Confidentiality
Ensures that unauthorized individuals are not able to gain access to sensitive information.
Integrity
Ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.
Availability
Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.
Disclosure
The exposure of sensitive information to unauthorized individuals, also known as data loss. This is a violation of Confidentiality.
Alteration
The unauthorized modification of information, and is a violation of Integrity.
Denial
The unintended disruption of an authorized user’s legitimate access to information. This violates the principle of Availability.
Financial Risk
The risk of monetary damage to the organization as the result of a data breach.
Reputational Risk
The risk of negative publicity surrounding a security breach causes the loss of goodwill among customers, employees, suppliers, and other stakeholders.
Strategic Risk
The risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.
Operational Risk
The risk to the organization’s ability to carry out its day-to-day functions.
Compliance Risk
The risk that when a security breach causes an organization to run afoul of legal or regulatory requirements.
Technical Controls
Enforce confidentiality, integrity, and availability in the digital space. Examples: firewall rules, access control lists, intrusion prevention systems, and encryption.
Operational Controls
The processes that we put in place to manage technology in a secure manner. Examples: access reviews, log monitoring, and vulnerability management.
Managerial Controls
Procedural mechanisms that focus on the mechanics of the risk management process. Examples: periodic risk assessments, security planning exercises.
Preventive Controls
To stop a security issue before it occurs.
