CISSP Dictionary Flashcards
(34 cards)
SCRM
Supply chain risk management
The CIA Triad
Confidentiality, Integrity, Availability
The DAD Triad
Disclosure, Alteration, Destruction
aka the opposite of or failure of the CIA Triad
AAA Services
Authentication, Authorization, Accounting
CTO
Chief Technical Officer
ATO
authorization to operate
CSO
chief security officer
CIO
chief information officer
CIRT
cyber incident response team
NIST
National Institute of Standards and Technology
RMF
Risk Management Framework
CSF
Cybersecurity Framework
CIS
Center for Internet Security
COBIT
Control Objectives for Information and Related Technologies
A framework for IT governance that provides guidance for developing, implementing, and maintaining IT governance and management practices.
PCI DSS
Payment Card Industry Data Security Standard
FedRAMP
Federal Risk and Authorization Management Program
ITIL
Information Technology Infrastructure Library
itlibrary.org - originally created by the British government
PASTA
Process for Attack Simulation and Threat Analysis
VAST
Visual, Agile, and Simple Threat
A threat modeling concept
DREAD
- Damage
- Reproducibility
- Exploitability
- Affected Users
- Discoverability
STRIDE
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege
STRIDE is a threat categorization scheme developed by Microsoft
structured framework for identifying and analyzing potential threats to a system or application, based on six key threat categories.
Threat modeling
* Defined
* Ultimate Goal
- Security process where potential threats are identified, categorized, and analyzed.
- The ultimate goal of threat modeling is to prioritize the potential threats against an organization’s valuable assets
What are the six primary security roles as defined by ISC2 for CISSP
The CISSP exam outlines six primary security roles:
Senior Manager
Security Professional
Data Owner
Data Custodian
User
Auditor
ISC2
International Information System Security Certification Consortium
