Threats, Vulnerabilities, and Risk Management

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/20

flashcard set

Earn XP

Description and Tags

This set covers key terminology for DACS 2201, including vulnerabilities, scanning types, threat definitions, and risk management strategies.

Last updated 1:17 PM on 5/18/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

21 Terms

1
New cards

Vulnerability

A weakness, or a hole in the system that makes the system exposed to the possibility of being attacked or harmed.

2
New cards

Exploit

An action that takes advantage of a critical vulnerability to cause unintended behavior.

3
New cards

Patches

Software updates provided by vendors to fix bugs and close vulnerabilities throughout the planned lifecycle of their software.

4
New cards

Legacy Platforms

Older computer systems with old operating systems that cannot be updated anymore and do not receive security updates.

5
New cards

On-Premises Platforms

A computing model where all hardware and software are maintained at the company's physical location.

6
New cards

Cloud Platforms

Complex computing resources accessible from virtually anywhere that often introduce vulnerabilities as a result of misconfiguration.

7
New cards

Zero Day

Vulnerabilities that have not been patched yet, where the patch is either incomplete or the vulnerability is unknown to the vendor.

8
New cards

Vulnerability scan

A frequent and ongoing process that continuously identifies vulnerabilities and monitors cybersecurity progress to create a mitigation strategy.

9
New cards

Mitre Common Vulnerabilities and Exposures (CVE)

A list that identifies vulnerabilities in operating systems and application software, used to feed vulnerability scanning software.

10
New cards

Credentialed Scan

A scan where valid authentication credentials, such as usernames and passwords, are supplied to the scanner to mimic a threat actor who possesses them.

11
New cards

Non-credentialed Scan

A vulnerability scan conducted without providing any authentication information.

12
New cards

Intrusive Scan

A scan that attempts to employ any vulnerabilities it finds; while more accurate, it can impair the target system.

13
New cards

Nonintrusive Scan

A scan that does not attempt to exploit the discovered vulnerability but only records it.

14
New cards

Threat

Something that has the potential to cause harm and compromise the Confidentiality, Integrity, and Availability (CIA) of a system.

15
New cards

Risk

The likelihood that something bad will happen, requiring both a vulnerability and a threat that could exploit it.

16
New cards

Impact

A factor used (by organizations like the NSA) to calculate risk by taking into account the value of the asset being threatened.

17
New cards

Risk Management

The steps taken to prevent or mitigate risks in an environment, including identifying assets, threats, and assessing vulnerabilities.

18
New cards

Physical controls

Risk mitigation measures such as fences, gates, cameras, and fire suppression systems.

19
New cards

Logical controls

Security measures such as access control (privileges), data encryption, and intrusion detection systems (IDS).

20
New cards

Administrative controls

Controls based on rules, laws, policies, procedures, and guidelines.

21
New cards

Defense in depth

A strategy based on using multiple overlapping security mechanisms to maintain resistance should one or more defensive measures fail.