Terms Flashcards
Cybersecurity (or security)
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Personally identifiable information (PII)
Any information used to infer an individual’s identity
Sensitive personally identifiable information (SPII
A specific type of PII that falls under stricter handling guidelines
Threat actor
Any person or group who presents a security risk
Compliance
Compliance is the process of adhering to internal standards and external regulations. It enables organizations to avoid fines and security breaches.
Malware
A software designed to harm devices or networks
Virus
A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data
Worm
Malware that self-replicates, spreading across the network and infecting computers
Ransomware
A malicious attack during which threat actors encrypt an organization’s data and demand payment to restore access
Spyware
Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Spear phishing
A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source
Whaling
A form of spear phishing during which threat actors target executives in order to gain access to sensitive data
Business email compromise (BEC)
An attack in which a threat actor impersonates a known source to obtain a financial advantage
Social media phishing
An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack
Social engineering
A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data
Watering hole attack
An attack in which a threat actor compromises a website frequently visited by a specific group of users
Physical social engineering
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
USB baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network
Hacker
Any person who uses computers to gain access to computer systems, networks, or data
Password attack
An attempt to access password-secured devices, systems, networks, or data
Supply-chain attack
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Security frameworks
Guidelines that are used for building plans to help mitigate risks and threats to data and privacy
security controls
They are safeguards designed to reduce specific security risks
Privacy protection
means safeguarding personal information from unauthorized use
Laws
rules that are recognized by a community and enforced by a governing entity.
National Institute of Standards and Technology (NIST) Cyber Security Framework
(CSF)
A voluntary framework that consists of standards, guidelines, and best
practices to manage cybersecurity risk
Security information and event management (SIEM)
An application that collects
and analyzes log data to monitor critical activities in an organization
