Information Systems Security - Key Terms and Definitions

Practice flashcards for key terms and definitions in Information Systems Security.

Availability

Ensuring that data and services are accessible when needed.

Carrier Sense Multiple Access/Collision Detection (CSMA/CD)

A network protocol that manages data transmission and collision detection.

Certified Information Systems Security Professional (CISSP)

A globally recognized certification for information security professionals.

Cleartext

Data that is transmitted or stored without encryption.

Confidentiality

Ensuring that information is not disclosed to unauthorized individuals.

Confidentiality, integrity, and availability (C-I-A)

The three key principles of information security.

Content filtering

A security measure that blocks or restricts access to certain types of content.

Cybersecurity

Practices and technologies designed to protect systems from cyber threats.

Cyberspace

The virtual environment of digital networks and systems.

Data breach

An incident in which sensitive or confidential data is accessed without authorization.

Data classification standard

A framework for categorizing data based on sensitivity and access control needs.

Downtime

The period when a system or service is unavailable.

End-User License Agreement (EULA)

A legal contract between a software provider and the user, outlining usage rights.

Ethernet

A widely used wired networking technology for local area networks (LANs).

FICO

A company known for providing credit scores used in financial risk assessment.

File Transfer Protocol (FTP)

A standard network protocol for transferring files over the internet.

General Data Protection Regulation (GDPR)

A European Union regulation focused on data privacy and security.

Hardening

The process of securing a system by reducing vulnerabilities.

Hypertext Transfer Protocol (HTTP)

A protocol for transmitting web pages over the internet.

Hypertext Transfer Protocol Secure (HTTPS)

A secure version of HTTP that encrypts data transmitted between a browser and a server.

Identity theft

The fraudulent acquisition and use of someone's personal information.

Information security

The practice of protecting information from unauthorized access, use, or modification.

Information systems

A combination of technology, people, and processes used to manage and process data.

Information systems security

Measures taken to protect information systems from cyber threats.

Institute of Electrical and Electronics Engineers (IEEE)

A professional organization that develops technology standards.

Integrity

Ensuring data is accurate and has not been altered without authorization.

Internet

A global network that connects millions of computers for communication and data exchange.

Intrusion detection system/intrusion prevention system (IDS/IPS)

Security tools used to detect and prevent unauthorized access to networks.

IP default gateway router

A networking device that directs traffic from a local network to other networks.

IP stateful firewall

A firewall that monitors active connections and enforces security rules.

IT security policy framework

A set of policies and guidelines for securing IT systems.

Layer 2 switch

A network switch that operates at the data link layer and forwards data based on MAC addresses.

Layer 3 switch

A switch that operates at the network layer and can route traffic based on IP addresses.

Local area network (LAN)

A network that connects computers within a small geographical area.

Masking

The process of hiding or obfuscating data to protect sensitive information.

Network interface controller (NIC)

A hardware component that connects a computer to a network.

Network key

A security key used to authenticate access to a wireless network.

Protocol

A set of rules for transmitting data over a network.

Risk

The likelihood of a security threat exploiting a vulnerability.

Secure Sockets Layer virtual private network (SSL-VPN)

A type of VPN that uses SSL encryption for secure remote access.

Security

Measures taken to protect systems and data from unauthorized access or attacks.

Security control

Policies or mechanisms implemented to protect an organization's assets.

Service-level agreement (SLA)

A contract between a service provider and a client outlining service expectations.

Smartphone

A mobile device with computing and networking capabilities.

Software vulnerability

A flaw in software that can be exploited by attackers.

Telnet

A network protocol used for remote command-line access to systems.

Thick client

A computer that performs most processing locally rather than relying on a server.

Thin client

A computer that relies on a central server for processing and storage.

Threat

A potential danger that could exploit a system's vulnerability.

Transmission Control Protocol/Internet Protocol (TCP/IP)

A fundamental networking protocol suite for internet communication.

Trivial File Transfer Protocol (TFTP)

A simplified file transfer protocol with minimal security features.

Unified communications

Integration of communication tools such as voice, video, and messaging.

Uptime

The percentage of time a system is operational and available.

Virtual LAN (VLAN)

A network segmentation technique that groups devices logically instead of physically.

Virtual private network (VPN)

A secure network connection over the internet that protects data from interception.

Vulnerability

A weakness in a system that can be exploited by threats.

Vulnerability window

The time between discovering a vulnerability and deploying a fix.

Wireless access point (WAP)

A device that allows wireless devices to connect to a network.

Wi-Fi

A wireless networking technology for connecting devices to the internet.

Wireless LAN (WLAN)

A network that allows wireless devices to communicate within a local area.

Workstation

A computer designed for professional or technical tasks.

World Wide Web (WWW)

A system of interlinked web pages and resources accessible via the internet.