click below
click below
Normal Size Small Size show me how
Chapter 1 terms
Chapter 1 Security Terms
Term | Definition |
---|---|
Advanced Persistent Threat (APT) | Multiyear intrusion campaign that targets highly sensitive economic, proprietary, or natiional security information. |
Asset | An item that has value |
Authentication | The steps that ensure that the individual is who he or she claims to be |
Availability | Security actions that ensure that data is accessible to authorized users |
Broker | Attacker who sells knowledge of a vulnerability to other attackers or governments |
BYOD (bring your own device) | The practice of allowing users to use their own personal devices to connect to an organizational network. |
Califorina's Database Security Breach Notification Act | The first state electronic privacy law, which covers any state agency, person, or company that does business in california |
Confidentiality | Security actions that ensure that only authorized parties can view the information |
Cyber Kill Chain | A systematic outline of the steps of a cyber attack, introduced at Lockheed Martin in 2011 |
Cybercrime | Targeted attacks against financial networks, unauthorized access to information, and the theft of person infomation |
Cybercriminals | A network of attackers, identity thieves, spammers, and financial fraudsters |
Cyber terrorsim | A premeditated politically motivated attack against information computer systems computer programs and data which often resuslts in violence |
deterrence | understanding the attacker and then informting him of the consequences of the action |
exploit kit | automated attack package that can be used without and advanced knowledge of computers |
Gramm-Leach-Bliley Act (GLBA) | A U.S. Law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information |
hactivist | attacker who attacks for ideological reasons that are generally not as well-defined as a cyberterrorist's motivations |
Heal Insurance Portability and Accountability Act (HIPPa) | A U.S. law designed to guard protected health information and implement policies and procedures to safeguard it. |
Identity theft | Stealing another person's personal infomration such as a Social Security number, and then using the information to impersonate the victim. generally for financial gain. |
Information security | the tasks of protecting the intergrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, peopole, and procedures |
insiders | Employees, contractors, and business partners who can be responsible for an attack |
Integrity | Security actions that ensure that the information is correct and no unauthroized person or malicious software has altered the data |
mitigation | addressing a risk by making it less serious |
Payment Card Industry Data Security Standard (PCI DSS) | A set of security standards that all U.S. compaines processing, storing, or transmitting credit card information must follow |
risk | A situation that involves exposure to danger |
risk avoidance | Identifying the risk but making the decision to not engage in the activity |
risk avoidance | identifying the risk but making the decision to not engage in the activity |
Sarbanes-Oxley Act (Sarbox) | A U.S. law designed to fight corporate corruption |
Script kiddie | Individual who lacks advancedknowledge of computers and networks and so uses downloaded automated attack softwar to attack information systems |
State-sponsored attacker | Attacker commissioned by governements to attack enemies information systems |
threat | a type of action that has the potential to cause harm |
threat agent | A person or element that has the power to carry out a threat |
Threat likelihood | The probability that a threat will actually occur |
Threat vector | the means by which an attack could occur |
Transference | Transferring the risk to a thrid party |
Vulnerability | A flaw or weakness that llows a threat agent to bypass security. |
Acceptance | Acknowledging a risk but taking to action to address it |
Accounting | the ability that provides tracking of events |