IT Security Vocabulary

A set of vocabulary flashcards covering key concepts in IT security, aimed at helping students understand and remember essential terms.

Remediation

The process of taking corrective actions to permanently fix or eliminate identified vulnerabilities, threats, or security weaknesses.

Technology Governance

A framework of policies, processes, and structures that directs and controls how an organization's IT resources align with business goals, manage risks, deliver value, and ensure compliance.

Threshold

A predefined level, value, or limit that, when crossed, triggers an alert, action, or escalation, acting as a decision point to manage risk, detect anomalies, or enforce policies.

False Positive

An alert or alarm that occurs in the absence of an actual attack.

Projectitis

A phenomenon where a project manager or team focuses excessively on the mechanics of project management at the expense of meaningful work.

External Monitoring

The continuous process of discovering, cataloging, and assessing an organization's internet-facing assets from an attacker's perspective.

False Negative

Failure of a technical control to react to an actual attack event.

Methodology

Systematic framework of strategies, processes, and standards used to protect digital and physical information assets.

Inline Sensor

An IDPS sensor intended for network perimeter use and deployed in close proximity to a perimeter firewall.

Change Control

Ensures that the working system delivered to users represents the intent of the developers.

Trust Model Pinning

A security technique that hardens trust in digital certificates by associating a specific host with a predetermined certificate or public key.

Internal Monitoring

The continuous observation and assessment of activities within an organization's network and systems to detect threats, vulnerabilities, and policy violations.

Passive Sensor

A sensor that only monitors and analyzes observed networks and system traffic.

Difference Analysis

A procedure that compares the current state of a network segment against a known previous state of the same network segment.

Block Cipher

An encryption method that involves dividing the plaintext into blocks and then converting the plaintext to ciphertext one block at a time.

Gap Analysis

The process of comparing measured results against expected results and using the resulting 'gap' as a measure of project success.

Steganography

The cryptographic technique that allows the embedding of data bits in a digital version of graphical images, enabling a user to hide a message in a picture.

Metrics

To measure incident response, capability, and its effectiveness.