Chapter 2 Flashcards
Adverse Events
Events with negative consequences- system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page, or execution of malicious code that destroys data
Breach
loss of control, compromise, unauthorized disclosure
Disaster recovery
processes, policies, and procedures related to preparing or for recovery or continuation of an organization’s critical business functions, technology infrastructure, systems, and applications after the organization experiences a disaster
Business Continuity
Actions, processes, and tools for ensuring an organization can continue critical operations during a contingency
Business Impact Analysis
Analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption
Event
observable occurrence in a network or system
Exploit
Particular attack
Incident
event that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores or transmits
Incident handling
mitigations of violations of security policies and recommended practices
Incident response plan
documentation of predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyberattack against an organization’s information systems
Threat
circumstance/event with the potential to adversely impact organizational operations
Zero day
previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures or method
