Module 1 Flashcards
Risk
Anything that can impact the confidentiality, integrity, or availability of an asset
Asset
An item perceived as having value to an organization
Threat
Any circumstance or event that can negatively impact assets
Vulnerability
A weakness that can be exploited by a threat
Asset Management
The process of tracking assets and the risks that affect them
Asset Inventory
A catalog of assets that need to be protected
Asset Classification
The practice of labeling assets based on sensitivity and importance to an organization
Levels of Asset Classification
Public
Internal-only
Confidential
Restricted
Data
Information that is translated, processed, or stored by a computer
States of Data
In use
In transit
At rest
Data in use
Data being accessed by one or more users
Data in transit
Data traveling from one point to another
Data at rest
Data not currently being accessed
Information Security (InfoSec)
The practice of keeping data in all states away from unauthorized users
Types of risk categories
Damage
Disclosure
Loss of information
Elements of a security plan
Policies
Standards
Procedures
Policy
A set of rules that reduces risk and protects information
Standards
References that inform how to set policies
Procedures
Step-by-step instructions to perform a specific security task
Compliance
The process of adhering to internal standards and external regulations
Regulations
Rules set by a government or other authority to control the way something is done
NIST Cybersecurity Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
NIST CSF components
Core
Tiers
Profiles
Five functions of the NIST CSF core
Identify
Protect
Detect
Respond
Recover
