Introduction to Information Security

A comprehensive set of vocabulary flashcards covering key concepts in information security, focusing on terms and definitions relevant to the field.

Information Security

Protecting data from unauthorized access and ensuring confidentiality, integrity, and availability.

Information Privacy

Control over personal data, emphasizing legal and ethical compliance, and protection against misuse.

Data Protection

Security policies and measures implemented to safeguard sensitive information like PII, financial, and health records.

CIA Triad

A model for information security that focuses on Confidentiality, Integrity, and Availability.

Confidentiality

Restricts information access to authorized users to maintain privacy.

Integrity

Ensures data accuracy and completeness through validation methods.

Availability

Guarantees access to systems and data to authorized users when needed.

Threats

Potential causes of incidents that may harm systems, such as malware and phishing.

Vulnerabilities

Weaknesses in a system that can be exploited by threats.

Risk

The potential for loss when threats exploit vulnerabilities.

Access Control

Regulates permissions, granting or denying resource access to authorized users.

Discretionary Access Control (DAC)

Access is granted at the discretion of the object's owner.

Mandatory Access Control (MAC)

Access is mandated by a central authority rather than individual users.

Role-Based Access Control (RBAC)

Access is based on the user's role within an organization.

Security Policies

Define rules for accessing, storing, and transmitting data.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to systems.

Social Engineering

Manipulation of people to gain confidential information.

Penetration Testing

A simulated cyberattack to identify exploitable vulnerabilities in a system.

Vulnerability Scanning

Automatic identification of known system weaknesses.

Incident Response

Important measures taken to detect, respond to, and recover from security incidents.

Technical Controls

Technological security measures that protect systems and data from cyber threats.

Privacy Impact Assessment (PIA)

A process to evaluate and manage impacts on personal data privacy.

Data Subject's Rights

Rights defined for individuals concerning their personal data.

Personal Information Controller (PIC)

An entity responsible for controlling the collection and use of personal information.

Personal Information Processor (PIP)

An entity that processes personal data on behalf of the PIC.