Understandinf Vulnerability Response, Handling, And Management Flashcards
Security Operations Centers(SOC)
The location where security professionals monitor and protect critical information assets in an organization
Risk Avoidance
In risk mitigation, the practice of ceasing activity that presents risk
Risk Acceptance
The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.
Risk Mitigation
The response of reducing risk to fit within an organization’s willingness to accept risk.
Risk Transference
In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.
Threat Modeling
The process of identifying and assessing the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other system.
Technical Control
A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.
Operational Control
A category of security control that is implemented by people.
Managerial Control
A category of security control that gives oversight of the information system.
Preventative Control
A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.
Detective Control
A type of security control that acts during an incident to identify or record that it is happening.
Corrective Control
A type of security control that acts after an incident to eliminate or minimize its impact.
Compensating Control
A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
Responsive Control
A type of security control that serves to direct corrective actions after an incident has been confirmed.
Threat Actor
Person or entity responsible for an event that has been identified as a security incident or as a risk.
