Cybersecurity Principles and Governance

These flashcards cover key terms and concepts related to cybersecurity principles and governance, including definitions and roles of regulations, policies, standards, and core security principles.

Governance

The systems and structures implemented by leaders and management to achieve organizational goals, guided by laws and regulations.

Regulations

Laws issued by governments that carry financial penalties for non-compliance and guide the development of organizational standards and practices.

Policies

Guidance put in place by organizational governance to ensure activities support industry standards and regulations.

Procedures

Detailed steps to complete tasks that support departmental or organizational policies.

Standards

Frameworks developed to introduce policies and procedures in support of regulations.

HIPAA

Health Insurance Portability and Accountability Act of 1996, governing the use of protected health information (PHI) in the United States.

GDPR

General Data Protection Regulation enacted by the EU to control the use of Personally Identifiable Information (PII) of citizens.

NIST

National Institute of Standards and Technology, a U.S. government agency publishing various technical and security standards.

CIA Triad

Framework describing security concepts: Confidentiality, Integrity, and Availability.

Risk Management

The process of identifying, assessing, and mitigating risks that could disrupt an organization.

Vulnerability

A gap or weakness in an organization's protection efforts.

Threat

Something or someone that aims to exploit a vulnerability.

Authentication

The process of verifying or proving the identity of a user.

Confidentiality

The property of allowing authorized access to information while protecting it from unauthorized disclosure.

Integrity

Ensuring information is complete, accurate, and useful for its intended purpose.

Availability

Ensuring systems and data are accessible when needed by users.