Flashcards in Chapter 5 - Describing Information Security Concepts Deck (24)
What is the concept that guarantees only authorized users can view sensitive information?
The concept that guarantees only authorized subjects can change sensitive information and may also guarantee authenticity of data.
The concept that guarantees uninterrupted access by authorized users to important computing resources and data.
Information that can be used on its own, or with other information to identify, contact, or locate a single person.
Personally Identifiable Information (PII)
Any information about health status, provision of health care, or payment of health care that can be linked to a specific individual.
Personal Health Information (PHI)
A function of the likelihood of a given threat source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.
An intent and method that is targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability.
The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.
A weakness that makes a resource susceptible to a threat.
The resulting damage to the organization that is caused by a threat.
A network attack in which an unauthorized person gains access to a network and stays there undetected for a long time period.
Advanced Persistent Threat (APT)
A risk option when the cost of other risk management options may outweigh the cost of the risk itself.
A risk option that avoids any exposure to the risk.
A risk option where a company's risk exposure is limited by taking some action.
A risk option where the transference of risk to a willing third party.
A risk assessment approach that involves trying to map a dollar amount to each specific risk.
A risk assessment approach that involves assigning a risk level, such as low, medium, or high to each risk.
A defect in software or hardware, in the concept of information security.
The open framework for communicating and characteristics and severity of software vulnerabilities.
Access control model that secures information by assigning sensitivity labels on information and comparing it to the users operating sensitivity level.
Mandatory Access Control
Access control model that uses an ACL to decide which users or groups have access to the information.
Discretionary Access Control
Access control model that is based on an individual's roles and responsibilities within the organization (RBAC).
Non-Discretionary Access Control
Name the three types of Security Operations Centers
Threat-centric - actively looks for threats on the network
compliance-based - focuses on security posture as it relates to compliancy testing
operational-based - focuses on maintaining operational integrity and functionality