Cybersecurity Fundamentals Vocabulary

Vocabulary flashcards covering key cybersecurity fundamentals, including core concepts, risk factors, threat classifications, and control types.

Cybersecurity

The protection of the hardware, software, and data assets of a computer system.

Asset

Anything of value that must be protected, including hardware, software/network components, and data.

Hardware (as an asset)

Physical devices such as computers, medical devices, automobiles, industrial controllers, security systems, and household appliances.

Software/Network Assets

Operating systems, applications, access-control mechanisms, network traffic, device identity, and related components.

Data Assets

Files, photos, databases, location information, payment data, access lists, and other stored or transmitted information.

Vulnerability

A weakness in a system that can allow harm to occur.

Threat

A circumstance or event with the potential to cause harm to an asset.

Attack

The exploitation of a vulnerability by a threat actor.

Countermeasure (Control)

An action or device that removes or reduces a vulnerability.

Attack Surface

The complete set of a system’s vulnerabilities that can be exploited.

Confidentiality

Ensuring that only authorized persons or systems can access information.

Integrity

Maintaining accurate, uncorrupted information that is only altered by authorized entities under controlled circumstances.

Availability

Ensuring information and systems are accessible when needed.

Authentication

The process of confirming the identity of a sender or signer.

Nonrepudiation

Assurance that an asserted action or communication cannot later be denied.

C-I-A Triad

The foundational cybersecurity model consisting of Confidentiality, Integrity, and Availability.

Risk

The potential for harm or loss resulting from threats exploiting vulnerabilities, considering likelihood and impact.

Likelihood

The chance that a specific threat will occur.

Impact

The amount of damage that could occur if a threat is realized.

Harm

The negative consequence of an attack, such as theft, privacy loss, destruction, operational disruption, or reputational damage.

Method (in attacks)

The skills and tools an attacker uses to carry out an attack.

Opportunity (in attacks)

The time and access an attacker has to perform an attack.

Motive (in attacks)

The reason an attacker chooses to carry out an attack.

Interception

Unauthorized access to information.

Interruption

An event that makes a system or service unavailable or unusable.

Modification

Unauthorized changes made to data or systems.

Fabrication

Creation of false data or records by an unauthorized party.

Detective Control

A control that identifies when a threat is acting or has acted on a vulnerability (e.g., monitoring, alarms).

Preventive Control

A control that keeps a threat from exploiting a vulnerability (e.g., firewalls, encryption).

Deterrent Control

A control that discourages attacks, often through policies, procedures, or training.

Corrective Control

A control that reduces the impact of an attack, such as backups or disaster recovery systems.

Physical Controls

Tangible protections like locks, security guards, and backup copies of data.

Technical Controls

Software, hardware, or network mechanisms such as passwords, encryption, firewalls, and biometric readers.

Procedural Controls

Policies, procedures, standards, and training aimed at governing human behavior.

Risk Transfer

Shifting risk to another party, such as through insurance or outsourcing.

Nonhuman Threat

Threats arising from natural disasters, hardware failures, and other nonhuman sources.

Human Threat

Threats arising from human actions, whether accidental (spills, mistakes) or intentional (hacking).

Malicious Threat

An intentional act designed to cause harm.

Non-malicious Threat

An accidental or unintentional act that may still cause harm.

Random Threat

A threat that is not specifically directed at a particular target.

Directed Threat

A threat specifically aimed at a particular system or organization.