Common cybersecurity terminology Flashcards
Compliance?
is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches
Security framework?
guidelines used for buildings plans to help mitigate risks and threats to data and privacy
Security controls
Safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture
Security posture
An organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization
Threat Actor (malicious attacker)
Any person or group who presents a security risk. This risk relates to computers, applications, networks, and data
Internal Threat
can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. Internal risks can be accidental and intentional
Give an example of an accidental internal risk
an employee who accidentally clicks on a malicious email link would be considered an accidental threat
Give an example of an intentional internal threat
the internal threat actor intentionally engages in risky activities, such as unauthorized data access.
Network Security
The practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network
Cloud Security
The process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users. The cloud is a network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet. Cloud security is a growing subfield of cybersecurity that specifically focuses on the protection of data, applications, and infrastructure in the cloud.
