Risk Management and Cybersecurity Concepts

These flashcards cover key concepts in risk management and cybersecurity, including definitions of terms that are crucial for understanding the subject matter.

Risk

A situation involving exposure to danger with the possibility of an unpleasant outcome.

ISO 31000

An international standard providing a common approach to manage any kind of risk.

NIST

National Institute of Standards and Technology, a U.S. governmental organization developing standards for security and privacy.

Asset

A part of an organization that needs protection from risks to avoid exploitation by threats.

Information Security Management System (ISMS)

A framework of policies and procedures for managing sensitive company information to remain secure.

Risk Assessment Process

The systematic process of identifying, analyzing, and evaluating risks.

Threat Identification

The process of determining potential threats that could exploit vulnerabilities within an organization.

Attack Trees

A diagram that represents the various ways that an attack on a system can occur, illustrating the goals and potential actions of an attacker.

Vulnerability

A weakness in an asset or control that can be exploited by one or more threats.

Ransomware

Malware that encrypts files or blocks access to data until a ransom is paid.

Threat Modeling

A strategic process to identify and evaluate threats to an organization's assets.

K-Anonymity

A privacy protection technique ensuring that each released information is indistinguishably related to at least k individuals.

Differential Privacy

A technique that ensures that the inclusion or exclusion of a single data point does not significantly affect the outcome of data analysis.

Digital Certificate

An electronic document used to prove the ownership of a public key in public key infrastructure.

Privilege Escalation

A scenario where a user gains elevated access to resources that are normally protected from the user.

Multi-Factor Authentication (MFA)

An authentication method that requires two or more verification factors to gain access to a resource.

Cryptography

The practice and study of techniques for securing communication and information through the use of codes.

SIEM (Security Information and Event Management)

A solution that aggregates and analyzes log data from across an organization's technology infrastructure.