Play it safe: Manage Security Risks Flashcards
The fifth step of the NIST RMF that means to* determine if established controls are implemented correctly*
Assess
The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization
Authorize
An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans
Business continuity
The second step of the NIST RMF that is used to develop risk management processes and tasks
Categorize
Anything outside the organization that has the potential to harm organizational assets
External threat
The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Implement
A current or former employee, external vendor, or trusted partner who poses a security risk
Internal threat
The seventh step of the NIST RMF that means be aware of how systems are operating
Monitor
The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Prepare
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
Ransomware
Anything that can impact the confidentiality, integrity, or availability of an asset
Risk
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Risk mitigation
An organization’s ability to manage its defense of critical assets and data and react to change
Security posture
The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Select
The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security
Shared responsibility
A manipulation technique that exploits human error to gain private information, access, or valuables
Social engineering
A weakness that can be exploited by a threat
Vulnerability
CISSP
Certified information systems security professional
CISSP 8 Domains
- Security and Risk management
- Asset Management,
- Security Archetecture & Engineering,
- Communications & Network Security,
- Idenity & Access Management,
- Security Assessment & Testing,
- Security Operations,
- Software Development security.
An item perceived as having value to an organization
Asset
The pathways attackers use to penetrate security defenses
Attack vectors
The process of verifying who someone is
Authentication