Chapter 1 - Today's Security Professional Flashcards
Ensures that unauthorized individuals are not able to gain access to sensitive information.
Confidentiality
Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.
Availability
Ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.
Integrity
Someone who performed some action, such as sending a message, cannot later deny having taken that action
Nonrepudiation
A violation, or imminent threat of a violation, of a security policy or practice within the organization.
Security incidents
The occurrence of a violation of confidentiality when resources are made accessible to unauthorized entities.
Disclosure
An attack in which access to sensitive information is gained and then removed from an organization.
Data exfiltration attack
The unauthorized modification of information and a violation of the principle of integrity.
Alteration
The unintended disruption of an authorized user’s legitimate access to information.
Denial
The risk of monetary damage to the organization as the result of a data breach.
Financial risk
The risk that the negative publicity surrounding a security breach causes
the loss of goodwill among customers, employees, suppliers, and other stakeholders.
Reputational risk
The risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.
Strategic risk
The risk to the organization’s ability to carry out its day-to-day functions.
Operational risk
The risk that a security breach causes an organization to run afoul of legal or regulatory requirements.
Compliance risk
The risk of monetary damage to the organization as the result of a
data breach.
Financial risk
The risk that the negative publicity surrounding a security breach causes
the loss of goodwill among customers, employees, suppliers, and other stakeholders.
Reputational risk
When a security breach strikes an organization, the effects of that breach often extend beyond the walls of the breached organization, affecting customers, employees,and other individual stakeholders. The most common impact on these groups is the risk of identity theft posed by exposure of personally identifiable information (PII) to unscrupulous individuals.
Identity theft
The risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.
Strategic risk
The risk to the organization’s ability to carry out its day-to-day functions.
Operational risk
The risk that a security breach causes an organization to run afoul of legal or regulatory requirements.
Compliance risk
The safeguards or countermeasures used to address security vulnerabilities to reduce or manage risk.
Security controls
During a gap analysis, the cybersecurity professional reviews the control objectives for a particular organization, system, or service and then examines the controls designed to achieve those objectives.
Gap analysis
Controls that rely on technology.
Technical controls
The mechanisms and procedures used to ensure or maintain security on a day-to-day basis.
Operational controls
