Domain 1 - Key Security Terminologies Flashcards
(17 cards)
What is a threat in cybersecurity?
A potential harmful event that can cause damage to an organization.
Threats can be human-made or non-human-made.
What are the three types of damage caused by threats?
- Confidentiality: Unauthorized disclosure of sensitive information.
- Integrity: Alteration or manipulation of data.
- Availability: Disruption of access to services.
What are assets in the context of cybersecurity?
Resources owned by an organization that hold economic value.
Assets can be tangible or intangible.
What are the two types of assets?
- Tangible: Physical resources such as buildings and equipment.
- Intangible: Non-physical resources including trade secrets and organizational reputation.
Why is it important to protect assets?
They contribute to an organization’s credibility, revenue, and operational integrity.
What is a vulnerability?
Weaknesses or flaws in a system, application, network, or human behavior that can be exploited by threats.
What are the two types of vulnerabilities?
- Technical: Security weaknesses in software, hardware, or systems.
- Non-Technical: Human vulnerabilities, such as lack of security awareness.
How are vulnerabilities tracked?
Using unique identifiers known as Common Vulnerabilities and Exposures (CVE).
What system is used to assess the criticality of vulnerabilities?
Common Vulnerability Scoring System (CVSS).
What is a zero-day vulnerability?
A vulnerability that is exploited before a fix is available.
What is essential for mitigating zero-day vulnerabilities?
Applying patches and updates promptly, and employing robust security measures.
What is a holistic security program?
Encompasses patching, monitoring, optimization, and enhancement of security controls.
What are the elements of an attack?
A combination of a threat, a motivated threat actor, and a vulnerability.
What are common goals of many attacks?
Data exfiltration or theft, seeking to compromise sensitive information.
What is crucial for detecting unauthorized data collection?
Proactive monitoring.
What is needed to achieve a mature security posture?
A comprehensive approach involving multiple layers of defense and ongoing improvement.
True or False: Effective security is only about implementing controls.
False. It is also about maintaining a dynamic and evolving security strategy.
