click below
click below
Normal Size Small Size show me how
Chapter 1 Terms
Chapter 1 Security Terms
Term | Definition |
---|---|
acceptance | Acknowledging a risk but taking no action to address it. |
accounting | The ability that provides tracking of events. |
APT | Multiyear intrusion campaign that targets highly sensitive economic, proprietary, or national security information. |
asset | An item that has value. |
authorization | The steps that ensure that the individual is who he or she claims to be. |
availability | Security actions that ensure that data is accessible to authorized users. |
broker | Attacker who sells knowledge of a vulnerability to other attackers or governments. |
BYOD | The practice of allowing users to use their own personal devices to connect to an organizational network. |
California's Database Security Breach Notification Act | The first state electronic privacy law, which covers any state agency, person, or company that does business in California. |
confidentiality | Security actions that ensure that only authorized parties can view the information. |
cyber Kill Chain | A systematic outline of the steps of a cyberattack, introduced at Lockheed Martin in 2011. |
cybercrime | Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information. |
cyberterrorism | A premeditated, politically motivated attack against information, computer systems, computer programs, and data, which often results in violence. |
cyberterrorist | Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs. |
deterrence | Understanding the attacker and then informing him of the consequences of the action. |
exploit kit | Automated attack package that can be used without an advanced knowledge of computers. |
Gramm-Leach-Bliley Act | A U.S. law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. |
hactivist | Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorist's motivation. |
Health Insurance Portability and Accountability Act | A U.S. law designed to guard protected health information and implement policies and procedures to safeguard it. |
identity theft | Stealing another person's personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain. |
information security | The tasks of protecting the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures. |
insiders | Employees, contractors, and business partners who can be responsible for an attack. |
integrity | Security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data. |
mitigation | Addressing a risk by making it less serious. |
Payment Card Industry Data Security Standard | A set of security standards that all U.S. companies processing, storing, or transmitting credit card information must follow. |
risk | A situation that involves exposure to danger. |
risk avoidance | Identifying the risk but making the decision to not engage in the activity. |
Sarbanes-Oxley Act | A U.S. law designed to fight corporate corruption. |
script Kiddie | Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems. |
state-sponsored attacker | Attacker commissioned by governments to attack enemies' information systems. |
threat | A type of action that has the potential to cause harm. |
threat agent | A person or element that has the power to carry out a threat. |
threat likelihood | The probability that a threat will actually occur. |
threat vector | The means by which an attack could occur. |
transference | Transferring the risk to a third party. |
vulnerability | A flaw or weakness that allows a threat agent to bypass security. |
cybercriminals | A network of attackers, identity thieves, spammers, and financial fraudsters. |