Class one Flashcards
DLP
Data Loss Prevention - ways to stop information from being taken out of an organization without appropriate authorization
CIA
Confidentiality, integrity, availability
PHI
Protected Health Information
PCI
Payment Card Information
GRC
Governance, Risk, Compliance
AAA
Authentication, Authorization, Availability
Control
AKA countermeasures. Method of regulating something - often a process or behavior - to achieve a desired outcome which usually reduces risk.
Network segmentation
divide network into security domains for each type of user to access. Eg: someone outside of the company should have a restricted access type security domain.
Unethical use of data
use that was not stated as the reason it was gathered
Data Sprawl
enterprise data ends up in a ton of different repos.
Data lifecycle
How long to hold onto it? When to destroy it?
CDV
Corporate Data and Value - intellectual property (IP), PII, PHI, PCI, algorithms, IoT sensor data, recordings and transcripts of virtual meetings, secrets like API keys in code repositories, AI models and their outputs, and business processes.
IP
Intellectual property - trade secrets, source code, designs, and other forms of sensitive corporate data like financial reports prior to public release
Threat Actors
collection of people and organizations that work to create cyber attacks. Cybercriminals, hacktivists, nation states, for example
Incident response
prepared set of responses triggered when known or suspected event takes place that could cause material damage to an organization. 1) verify event is real and identify affected areas, 2) contain the problem, 3) understand and eradicate root cause, 4) restore affected components to fixed state, 5) review how it went to identify improvements. Possibly trigger breach notification procedure.
