Course 002 Glossary Flashcards
Define Assess
The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
Define Asset
An item perceived as having value to an organization
Define Attack vectors
The pathways attackers use to penetrate security defenses
Define Authentication
The process of verifying who someone is
Define Authorization
The concept of granting access to specific resources in a system
Define Authorize
The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization
Define Availability
The idea that data is accessible to those who are authorized to access it
Define Biometrics
The unique physical characteristics that can be used to verify a person’s identity
Define Business continuity
An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans
Define Categorize
The second step of the NIST RMF that is used to develop risk management processes and tasks
Define Chronicle
A cloud-native tool designed to retain, analyze, and search data
Define Confidentiality
The idea that only authorized users can access specific assets or data
Define Confidentiality, Integrity, Availability (CIA) triad
A model that helps inform how organizations consider risk when setting up systems and security policies
Define Detect
A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections
Define Encryption
The process of converting data from a readable format to an encoded format
Define External threat
Anything outside the organization that has the potential to harm organizational assets
Define Identify
A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets
Define Implement
The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Define Incident response
An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach
Define Integrity
The idea that the data is correct, authentic, and reliable
Define Internal threat
A current or former employee, external vendor, or trusted partner who poses a security risk
Define Log
A record of events that occur within an organization’s systems
Define Metrics
Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application
Define Monitor
The seventh step of the NIST RMF that means be aware of how systems are operating
Define National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
Define Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)
A non-profit organization focused on improving software security
Define National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53
A unified framework for protecting the security of information systems within the U.S. federal government
Define Operating system (OS)
The interface between computer hardware and the user
Define Playbook
A manual that provides details about any operational action
Define Prepare
The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Define Protect
A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Define Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
Define Recover
A NIST core function related to returning affected systems back to normal operation
Define Respond
A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process
Define Risk
Anything that can impact the confidentiality, integrity, or availability of an asset
Define Risk mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Define Security frameworks
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Define Security controls
Safeguards designed to reduce specific security risks
Define Security audit
A review of an organization’s security controls, policies, and procedures against a set of expectations
Define Security orchestration, automation, and response (SOAR)
A collection of applications, tools, and workflows that use automation to respond to security events
Define Security information and event management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
Define Shared responsibility
The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
Define Security posture
An organization’s ability to manage its defense of critical assets and data and react to change
Define SIEM tools
A software platform that collects, analyzes, and correlates security data from various sources across your IT infrastructure that helps identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations
Define Select
The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Define Social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Define Splunk Cloud
A cloud-hosted tool used to collect, search, and monitor log data
Define Splunk Enterprise
A self-hosted tool used to retain, analyze, and search an
organization’s log data to provide security information and alerts in real-time
Define Vulnerability
A weakness that can be exploited by a threat
Define Threat
Any circumstance or event that can negatively impact assets