Course 002 Glossary

Question 1

Define Assess

Answer 1

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

Question 2

Define Asset

Answer 2

An item perceived as having value to an organization

Question 3

Define Attack vectors

Answer 3

The pathways attackers use to penetrate security defenses

Question 4

Define Authentication

Answer 4

The process of verifying who someone is

Question 5

Define Authorization

Answer 5

The concept of granting access to specific resources in a system

Question 6

Define Authorize

Answer 6

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

Question 7

Define Availability

Answer 7

The idea that data is accessible to those who are authorized to access it

Question 8

Define Biometrics

Answer 8

The unique physical characteristics that can be used to verify a person’s identity

Question 9

Define Business continuity

Answer 9

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 10

Define Categorize

Answer 10

The second step of the NIST RMF that is used to develop risk management processes and tasks

Question 11

Define Chronicle

Answer 11

A cloud-native tool designed to retain, analyze, and search data

Question 12

Define Confidentiality

Answer 12

The idea that only authorized users can access specific assets or data

Question 13

Define Confidentiality, Integrity, Availability (CIA) triad

Answer 13

A model that helps inform how organizations consider risk when setting up systems and security policies

Question 14

Define Detect

Answer 14

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Question 15

Define Encryption

Answer 15

The process of converting data from a readable format to an encoded format

Question 16

Define External threat

Answer 16

Anything outside the organization that has the potential to harm organizational assets

Question 17

Define Identify

Answer 17

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Question 18

Define Implement

Answer 18

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Question 19

Define Incident response

Answer 19

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Question 20

Define Integrity

Answer 20

The idea that the data is correct, authentic, and reliable

Question 21

Define Internal threat

Answer 21

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 22

Define Log

Answer 22

A record of events that occur within an organization’s systems

Question 23

Define Metrics

Answer 23

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Question 24

Define Monitor

Answer 24

The seventh step of the NIST RMF that means be aware of how systems are operating

Question 25

Define National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Answer 25

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 26

Define Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)

Answer 26

A non-profit organization focused on improving software security

Question 26

Define National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53

Answer 26

A unified framework for protecting the security of information systems within the U.S. federal government

Question 27

Define Operating system (OS)

Answer 27

The interface between computer hardware and the user

Question 28

Define Playbook

Answer 28

A manual that provides details about any operational action

Question 29

Define Prepare

Answer 29

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Question 30

Define Protect

Answer 30

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Question 31

Define Ransomware

Answer 31

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Question 32

Define Recover

Answer 32

A NIST core function related to returning affected systems back to normal operation

Question 33

Define Respond

Answer 33

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Question 34

Define Risk

Answer 34

Anything that can impact the confidentiality, integrity, or availability of an asset

Question 35

Define Risk mitigation

Answer 35

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 36

Define Security frameworks

Answer 36

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 36

Define Security controls

Answer 36

Safeguards designed to reduce specific security risks

Question 37

Define Security audit

Answer 37

A review of an organization’s security controls, policies, and procedures against a set of expectations

Question 38

Define Security orchestration, automation, and response (SOAR)

Answer 38

A collection of applications, tools, and workflows that use automation to respond to security events

Question 38

Define Security information and event management (SIEM)

Answer 38

An application that collects and analyzes log data to monitor critical activities in an organization

Question 39

Define Shared responsibility

Answer 39

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Question 39

Define Security posture

Answer 39

An organization’s ability to manage its defense of critical assets and data and react to change

Question 39

Define SIEM tools

Answer 39

A software platform that collects, analyzes, and correlates security data from various sources across your IT infrastructure that helps identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations

Question 39

Define Select

Answer 39

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Question 40

Define Social engineering

Answer 40

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 41

Define Splunk Cloud

Answer 41

A cloud-hosted tool used to collect, search, and monitor log data

Question 42

Define Splunk Enterprise

Answer 42

A self-hosted tool used to retain, analyze, and search an
organization’s log data to provide security information and alerts in real-time

Question 43

Define Vulnerability

Answer 43

A weakness that can be exploited by a threat

Question 43

Define Threat

Answer 43

Any circumstance or event that can negatively impact assets