Chapter 1 - Today's Security Professional Flashcards
Ensures that unauthorized individuals are not able to gain access to sensitive information.
Confidentiality
Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them.
Availability
Ensures that there are no unauthorized modifications to information or systems, either intentionally or unintentionally.
Integrity
Someone who performed some action, such as sending a message, cannot later deny having taken that action
Nonrepudiation
A violation, or imminent threat of a violation, of a security policy or practice within the organization.
Security incidents
The occurrence of a violation of confidentiality when resources are made accessible to unauthorized entities.
Disclosure
An attack in which access to sensitive information is gained and then removed from an organization.
Data exfiltration attack
The unauthorized modification of information and a violation of the principle of integrity.
Alteration
The unintended disruption of an authorized user’s legitimate access to information.
Denial
The risk of monetary damage to the organization as the result of a data breach.
Financial risk
The risk that the negative publicity surrounding a security breach causes
the loss of goodwill among customers, employees, suppliers, and other stakeholders.
Reputational risk
The risk that an organization will become less effective in meeting its major goals and objectives as a result of the breach.
Strategic risk
The risk to the organization’s ability to carry out its day-to-day functions.
Operational risk
The risk that a security breach causes an organization to run afoul of legal or regulatory requirements.
Compliance risk
The risk of monetary damage to the organization as the result of a
data breach.
Financial risk
