Question | Answer |
APT | Advanced Persistent Threat |
Asset | An item that has a value |
Authentication | The steps that ensure that the individual is who he or she claims |
Authorization | The act of proving permission or approval to technology resources |
Availibility | security actions that ensure that data is accessible to authorized users |
Broker | Attacker who sell knowledge of a vulnerability to other attackers or governments |
BYOD | Bring Your Own Device |
California Database Security Breach Notification Act | The first state electronic privacy law which covers any state agency person or company that does business in california |
Confidentiality | Security actions that ensure that only authorized parties can view the information |
Cyber Kill Chain | A systematic outline of the steps of a cyberattack introduced at lockheed martin in 2011 |
Cybercrime | Targeted attacks against financial networks unauthorized access to information and the theft of personal information |
Cyber criminals | A network of attackers identity thieves spammers and financial fraudsters |
Cyberterrorism | A premeditated politically motivated attack against information computer systems computer programs and data which often results in violence |
Cyberterrorist | Attacker whose motivation may be defined as idological or attacking fo rthe sake of principals or beliefs |
Deterrence | Understanding the attacker and then informing him of the consequences of the action |
Exploit Kit | Automated attack package that can be used without an advanced knowledge of computers |
GLBA | Gramm Leach Bliley Act |
Hactivist | Attacker who attacks for ideological reasons that are generally not as well defined as a cyberterrorists motivation |
HIPAA | Health Insurance Portability and Accountability Act |
Identifty Theft | Stealing another persons personal information such as a social security number and then using the information to impersonate the victim generally for financial gain |
Information Security | The tasks of protecting the integrity confidentiality and availability of information on the devices that store manipulate and transmit the information through products people and procedures |
Insiders | Employees, contractors and business partners who can be responsible for an attack |
Integrity | Security actions that ensure that the information is correct and no unauthorized person or malicious software has been altered |
Mitigation | Addressing a risk by making it less serious |
PCI DSS | Payment Card Industry Data Security Standard |
Risk | A situation that involves exposure to danger |
Risk Avoidance | Identifying the risk by making the decision to not engage in the activity |
Sarbox | Sarbanes Oxley Act |
Script Kiddie | Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack information systems |
State Sponsored Attacker | Attacker commissioned by governments to attack enemies information systems |
Threat | a type of action that has the potential to cause harm |
Threat Agent | A person of action that has the potential to cause harm |
Threat Likelihood | the probability that a threat will actually occur |
Threat Vector | The means by which an attack could occur |
Transference | Transferring the risk to a third party |
Vulnerability | A flaw or weakness that allows a threat agent to bypass security |