Cybersecurity and Governance Flashcards
The objective of security:
to provide confidentiality, integrity, availability, authenticity, and nonrepudiation.
Confidentiality
Keeping unauthorized access entities (be they people or processes) from gaining access to information assets.
Integrity
An asset is free from unauthorized alterations.
Availability
Protection ensures reliability and timely access to data and resources to authorized individuals
Authenticity
Protections ensure we can trust that something comes from its claimed source.
Nonrepudiation
Which is closely related to authenticity, means that someone cannot disallow being the source of given action.
Vulnerability
This is a weakness in a system that allows a threat source to compromise its security.
Threat
This is any potential danger that is associated with the exploitation of a vulnerability.
Threat Source
(Threat agent or threat actor) is any entity that can exploit a vulnerability.
Risk
A Risk is the likelihood of a threat source exploiting a vulnerability and the corresponding business impact.
Control or Countermeasure
A Control or Countermeasure is put into place to mitigate (reduce) the potential risk.
Information Security Management System (ISMS)
ISMS is a collection of policies, procedures, baselines, and standards that an organization puts in place to make sure that its security efforts are aligned with business needs, streamlined and effective and that no security controls are missing.
Enterprise Security Architecture
Enterprise Security Architecture implements an information security strategy and consists of layers of solutions, processes, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally. Enterprise Security Architecture should tie in strategic alignment, business enablement, process enhancement, and security effectiveness.
Security Governance
Security governance is a framework that provides oversight, accountability, and compliance.
Security Governance is a framework that supports the security goals of an organization being set and expressed by senior management, communicated throughout the different levels of the organization, and consistently applied and assessed.
Senior management
Senior management always carries the ultimate responsibility for the organization.