Vocab 3 Flashcards
The level of certainty that an incident will occur; often expressed statistically as a probability of occurrence.
likelihood
A security concept that requires an individual have an actual requirement to access systems or data, based upon their job requirements.
need-to-know
The U.S. Department of Commerce’s National Institute of Standards and Technology.
NIST
The overall risk management methodology published and promulgated by the National Institute of Standards and Technology (NIST).
NIST Risk Management Framework (RMF)
The security concept that requires an individual to be accountable for their actions, such that they cannot deny that they took an action.
nonrepudiation
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology developed by Carnegie Mellon University and the U.S. government to assist organizations in identifying and assessing information security risk.
OCTAVE
Passive tools listen for network traffic or monitor the hosts they reside on, quietly and with little to no impact on the ongoing operations; used when there is a desire for no interference with daily activities.
passive tools
PCI-DSSA set of security requirements levied on merchants that process credit card transactions by the major payment card industry providers, including Discover, Visa, MasterCard, and American Express. PCI-DSS was developed in an effort to
impose security requirements and controls on retailers (merchants and service providers) in order to reduce credit card fraud and identity theft.
PCI-DSS
penetration testingDesigned to exploit weaknesses on a system based on their having been exploited, not just the probability.
penetration testing
A hardware or software infrastructure upon which to base computing operating systems, applications, and networks. It may involve different operating systems, network protocols, or particular types of hardware.
platform
Allows a tester to determine which ports on the system are listening for requests.
port scanner
A grouping of programs, managed as a whole. Portfolio management is the oversight and management of several different programs by a senior person in the organization.
portfolio
A proven, standardized methodology or way of performing particular tasks or processes.
practice
A grouping of similar projects; programs are usually ongoing and longer-term in nature and may also encompass several individual projects, as well as other activities specific to processes that may have an indefinite duration.
program
A limited-duration set of activities geared toward a particular goal; projects have definitive start and stop dates, resource allocations, scope, schedule, and costs.
project