Glossary Terms from Module 2-2

Question 1

Define Asset

Answer 1

An item perceived as having value to an organization

Question 2

Define Attack vectors

Answer 2

The pathways attackers use to penetrate security defenses

Question 3

Define Authentication

Answer 3

The process of verifying who someone is

Question 4

Define Authorization

Answer 4

The concept of granting access to specific resources in a system

Question 5

Define Availability

Answer 5

The idea that data is accessible to those who are authorized to access it

Question 6

Define Biometrics

Answer 6

The unique physical characteristics that can be used to verify a person’s identity

Question 7

Define Confidentiality

Answer 7

The idea that only authorized users can access specific assets or data

Question 8

Define Confidentiality, integrity, availability (CIA) triad

Answer 8

A model that helps inform how organizations consider risk when setting up systems and security policies

Question 9

Define Detect

Answer 9

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Question 10

Define Encryption

Answer 10

The process of converting data from a readable format to an encoded format

Question 11

Define Identify

Answer 11

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Question 12

Define Integrity

Answer 12

The idea that the data is correct, authentic, and reliable

Question 13

Define National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Answer 13

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 14

Define National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53

Answer 14

A unified framework for protecting the security of information systems within the U.S. federal government

Question 15

Define Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)

Answer 15

A non-profit organization focused on improving software security

Question 16

Define Protect

Answer 16

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Question 17

Define Recover

Answer 17

A NIST core function related to returning affected systems back to normal operation

Question 18

Define Respond

Answer 18

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Question 19

Define Risk

Answer 19

Anything that can impact the confidentiality, integrity, or availability of an asset

Question 20

Define Security audit

Answer 20

A review of an organization’s security controls, policies, and procedures against a set of expectations

Question 21

Define Security controls

Answer 21

Safeguards designed to reduce specific security risks

Question 22

Define Security posture

Answer 22

An organization’s ability to manage its defense of critical assets and data and react to change

Question 22

Define Security frameworks

Answer 22

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 23

Define Threat

Answer 23

Any circumstance or event that can negatively impact assets