click below
click below
Normal Size Small Size show me how
TSA terms pt 2
General Terms
Term | Definition |
---|---|
Risk Management Framework | a template and guideline used by companies to identify, eliminate and minimize risks |
Threat | a malicious act intended to steal or damage data or disrupt the digital wellbeing and stability of an enterprise |
Risk | the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems |
Vulnerablility | a weakness in an IT system that can be exploited by an attacker to deliver a successful attack |
Mitigation | describes the tools, processes, and strategies companies use to reduce the severity of or seriousness of a potential data breach or other cyber attack |
Attacker | a person pr group of persons who commit any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. |
Residual Risk | remains after your organization has implemented all the security controls, policies, and procedures you believe are appropriate to take |
Insider Threat | using authorized access, wittingly or unwittingly, to do harm to the Department's mission, resources, personnel, facilities, information, equipment, networks, or systems |
Information System | an integrated set of components for collecting, storing, and processing data and for providing information, knowledge, and digital products |
Vulnreability Management | the ongoing, regular process of identifying, assessing, reporting on, managing and remediating cyber vulnerabilities across endpoints, workloads, and systems |
Patch Management | the process of identifying and deploying software updates, or “patches,” to a variety of endpoints, including computers, mobile devices, and servers |
Least Privilege | he principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function. |
Separation of Duties | refers to the principle that no user should be given enough privileges to misuse the system on their own |
Approval/Authority to Operate (ATO) | a formal declaration by a Designated Approving Authority (DAA) that authorizes operation of a Business Product and explicitly accepts the risk to agency operations. |
Payload | the component of the attack which causes harm to the victim |
Identity Theft | a malicious actor that illegally acquires personal information (date of birth, social security number, credit card details etc.) and uses it for identity fraud (cloning credit cards, applying for loans, extorting the victim etc.) |
Personally Identifiable Information (PII) | Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means |
Payment Card Industry | organizations that process all types of payment cards, including credit cards, debit cards, ATM cards, and pre-paid cards |
HIIPPA (Health Information Portablity and Accountability Act | federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge |
Red Team | A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture |
Blue Team | The group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers |
Hacker | a person who uses computers to gain unauthorized access to data |
Black Hat | a person who hacks into a computer network with malicious or criminal intent |
White Hat | a person who hacks into a computer network in order to test or evaluate its security systems |
Grey Hat | someone who exploits a security vulnerability in order to spread public awareness that the vulnerability exists |
Hacktivist | a person who gains unauthorized access to computer files or networks in order to further social or political ends |
Script Kiddie | a person who uses existing computer scripts or code to hack into computers, lacking the expertise to write their own |
Malicious Actor | groups/individuals who, with malicious intent, aim to exploit weaknesses in an information system or exploit its operators to gain unauthorized access to or otherwise affect victims’ data, devices, systems, and network |
Advance Persistent Threat (APT) | An adversary with sophisticated levels of expertise and significant resources, allowing it through the use of multiple different attack vectors |
User | |
Privilege User |