Course 002 Glossary Flashcards

1
Q

Define Assess

A

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Asset

A

An item perceived as having value to an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Attack vectors

A

The pathways attackers use to penetrate security defenses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Authentication

A

The process of verifying who someone is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Authorization

A

The concept of granting access to specific resources in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Authorize

A

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Availability

A

The idea that data is accessible to those who are authorized to access it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Biometrics

A

The unique physical characteristics that can be used to verify a person’s identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Business continuity

A

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Categorize

A

The second step of the NIST RMF that is used to develop risk management processes and tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Chronicle

A

A cloud-native tool designed to retain, analyze, and search data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Confidentiality

A

The idea that only authorized users can access specific assets or data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Confidentiality, Integrity, Availability (CIA) triad

A

A model that helps inform how organizations consider risk when setting up systems and security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Detect

A

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Encryption

A

The process of converting data from a readable format to an encoded format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define External threat

A

Anything outside the organization that has the potential to harm organizational assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define Identify

A

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define Implement

A

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define Incident response

A

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define Integrity

A

The idea that the data is correct, authentic, and reliable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define Internal threat

A

A current or former employee, external vendor, or trusted partner who poses a security risk

22
Q

Define Log

A

A record of events that occur within an organization’s systems

23
Q

Define Metrics

A

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

24
Q

Define Monitor

A

The seventh step of the NIST RMF that means be aware of how systems are operating

25
Define National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
26
Define Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)
A non-profit organization focused on improving software security
26
Define National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53
A unified framework for protecting the security of information systems within the U.S. federal government
27
Define Operating system (OS)
The interface between computer hardware and the user
28
Define Playbook
A manual that provides details about any operational action
29
Define Prepare
The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
30
Define Protect
A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
31
Define Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
32
Define Recover
A NIST core function related to returning affected systems back to normal operation
33
Define Respond
A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process
34
Define Risk
Anything that can impact the confidentiality, integrity, or availability of an asset
35
Define Risk mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
36
Define Security frameworks
Guidelines used for building plans to help mitigate risk and threats to data and privacy
36
Define Security controls
Safeguards designed to reduce specific security risks
37
Define Security audit
A review of an organization's security controls, policies, and procedures against a set of expectations
38
Define Security orchestration, automation, and response (SOAR)
A collection of applications, tools, and workflows that use automation to respond to security events
38
Define Security information and event management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
39
Define Shared responsibility
The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
39
Define Security posture
An organization’s ability to manage its defense of critical assets and data and react to change
39
Define SIEM tools
A software platform that collects, analyzes, and correlates security data from various sources across your IT infrastructure that helps identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations
39
Define Select
The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
40
Define Social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
41
Define Splunk Cloud
A cloud-hosted tool used to collect, search, and monitor log data
42
Define Splunk Enterprise
A self-hosted tool used to retain, analyze, and search an organization's log data to provide security information and alerts in real-time
43
Define Vulnerability
A weakness that can be exploited by a threat
43
Define Threat
Any circumstance or event that can negatively impact assets