Terminology Flashcards
Define compliance
Compliance is the process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
Define security frameworks
Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy.
Define Security Controls
Security controls are safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
Define Security posture
Security posture is an organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.
Define a treat factor
A threat factor, or malicious attacker, is any person or group who presents a security risk. This risk can relate to computers, applications, networks, and data.
Define an internal threat
An internal threat can be a current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, an internal threat is accidental.
Define Network security
Network security is the practice of keeping an organization’s network infrastructure secure from unauthorized access.
Define Cloud security
Cloud security is the process of ensuring that assets stores in the clod are properly configures, or set up correctly, and access to those assets is limited to authorized users.
Define SIEM Tools
Security Information and Event Managements Tools are software solutions designed to provide a centralized view of an organization’s IT security by collecting, analyzing, and managing data from multiple sources.
Define PII
Personally Indentifiable Information is any information used to infer an individual’s identity.
Define SPII
Sensitive PII - this term is used in data privacy and refers to personal information that, if exposed, can lead to identity theft or other forms of harm. Examples of SPII include social security numbers, financial account number, medical records, and biometric data.
Define Phishing
Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.
Define Malware
Malware is software designed to harm devices or networks. Their primary purpose is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory.
Define Social Engineering
Social Engineering is a manipulation that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question.
List common attack types
Phishing, Malware and Social Engineering
