Glossary terms from module 2

Question 1

What is an Asset?

Answer 1

An item perceived as having value to an organization

Question 2

What are Attack vectors?

Answer 2

The pathways attackers use to penetrate security defences

Question 3

What is Authentication?

Answer 3

The process of verifying who someone is

Question 4

What is Authorization?

Answer 4

The concept of granting access to specific resources in a system

Question 5

What is meant by Availability?

Answer 5

The idea that data is accessible to those who are authorized to access it

Question 6

What are Biometrics?

Answer 6

The unique physical characteristics that can be used to verify a person’s identity

Question 7

What is Confidentiality?

Answer 7

The idea that only authorized users can access specific assets or data

Question 8

What is the model that helps inform how organizations consider risk when setting up systems and security policies

Answer 8

Confidentiality, integrity, availability.
The CIA Triad.

Question 9

What is the NIST core function related to: identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections.

Answer 9

Detect

Question 10

NIST core functions

Answer 10

Identify
Protect
Detect
Respond
Recover

Question 11

What is Encryption?

Answer 11

The process of converting data from a readable format to an encoded format

Question 12

Which NIST core function is related to management of cybersecurity risk and its effect on an organization’s people and assets

Answer 12

Identify

Question 13

What is the idea that the data is correct, authentic, and reliable?

Answer 13

Integrity

Question 14

What is NIST CSF?

Answer 14

National Institute of Standards and Technology-Cybersecurity Framework

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Question 15

What is NIST Special Publication (S.P.) 800-53?

Answer 15

National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53: A unified framework for protecting the security of information systems within the U.S. federal government

Question 16

What is OWASP?

Answer 16

Open Web Application Security Project/Open Worldwide Application Security Project
A non-profit organization focused on improving software security

Question 17

Which NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Answer 17

Protect

Question 18

Which NIST core function relates to returning affected systems back to normal operation

Answer 18

Recover

Question 19

Which NIST core function is related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Answer 19

Respond

Question 20

What is the term for: anything that can impact the confidentiality, integrity, or availability of an asset

Answer 20

Risk

Question 21

What is the term for: A review of an organization’s security controls, policies, and procedures against a set of expectations

Answer 21

Security audit

Question 22

What are Security controls?

Answer 22

Safeguards designed to reduce specific security risks

Question 23

What are security frameworks?

Answer 23

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Question 24

What is: An organization’s ability to manage its defence of critical assets and data and react to change

Answer 24

Security posture

Question 25

Any circumstance or event that can negatively impact assets is known as …?

Answer 25

Threat