Protecting Information Assets: Threats, Mitigations, and Continuity Planning

This set of vocabulary flashcards covers key concepts in information security, threat landscapes, defensive mitigations, and continuity planning based on the MT300 lecture materials.

Shared responsibility

The principle that protecting information assets requires coordinated action across leadership, employees, and technology owners rather than isolated technical teams.

Phishing

Deceptive messages used to manipulate users into revealing credentials, approving transactions, or opening malicious content.

Malware

Malicious software that encrypts, steals, or disrupts data and often uses persistence mechanisms to evade detection.

Insider misuse

When authorized users overstep permissions, misuse access, or deliberately exfiltrate sensitive information.

Exposure errors

Security gaps such as misconfigurations, weak sharing settings, and accidental disclosure that reveal data without a direct attack.

Technical drift

The expansion of an attack surface and reduction in resilience caused by delayed patching, configuration drift, and legacy systems.

Awareness training

Continuous, scenario-based education that helps employees recognize manipulation, verify requests, and report suspicious activity.

Strong authentication

The use of multi-factor authentication to reduce the value of stolen passwords and raise the cost of account takeover.

Least privilege

Restricting access to the minimum necessary for a user's role to limit lateral movement and contain the impact of mistakes.

Patch management

Prioritized vulnerability remediation to close exploitable flaws before they can be weaponized at scale by adversaries.

Endpoint detection (EDR)

Tools that identify suspicious behavior, isolate compromised devices, and accelerate forensic investigation.

Network segmentation

The practice of dividing a network to limit the lateral spread of a threat and improve detection fidelity through telemetry and alerts.

Governance controls

Policies, audits, and change management that ensure security decisions are documented, reviewed, and consistently enforced.

Ethical stewardship

Handling employee and customer data with proportionality, respect, and defensible purpose limitation.

Privacy by design

A framework using minimization, retention limits, and privacy-first architecture to reduce exposure while supporting lawful processing.

Impact analysis

Assessing mission-critical functions, downstream effects, and the business consequences of prolonged disruption.

Recovery targets

Defined thresholds for acceptable downtime and data loss using time and point recovery objectives.

Defense in depth

The use of overlapping preventive, detective, and corrective controls so that a single failure does not result in a breach.

Assume compromise

A design philosophy that expects some controls will fail and prepares containment and response accordingly.

Continuity readiness

Prepared recovery capabilities designed to preserve service delivery when disruption is unavoidable.