Cybersecurity and Risk Management Concepts

This set of flashcards covers important vocabulary related to cybersecurity and risk management concepts.

Cybersecurity

The art of protecting networks, devices, and data from unauthorized access or criminal use.

CIA Triad

A model that encompasses three core principles of information security: Confidentiality, Integrity, and Availability.

Confidentiality

The protection of sensitive information from being accessed or disclosed by unauthorized individuals.

Integrity

The protection of data from unauthorized modification or destruction.

Availability

The assurance of timely and reliable access to data and systems by authorized users.

Risk Management

The process of managing risks to organizational operations, assets, or individuals resulting from the operation of an information system.

Risk Assessment

The phase of risk management that involves identifying assets and their potential threats.

Risk Mitigation

Deploying appropriate countermeasures to reduce risk.

Risk Acceptance

Accepting the loss using no countermeasures.

Penetration Testing

An evaluation method for assessing the security of systems by simulating attacks.

Qualitative Risk Analysis

A type of risk analysis that does not quantify risk but assesses it based on understanding.

Quantitative Risk Analysis

A type of risk analysis that uses numerical values to determine risk, often involving metrics like ALE.

Asset

Something of value to the organization that needs protection.

Threat

Something that could harm an asset.

Vulnerability

Lack of or weaknesses of countermeasures that can be exploited.

Risk Transference

Sharing risk with another entity, often through insurance.

Risk Avoidance

Removing the technology/activity that introduces risk.

Black Box Testing

A penetration testing strategy with zero knowledge from the tester's perspective.

Gray Box Testing

A penetration testing strategy with partial knowledge, typically from a user account perspective.

White Box Testing

A penetration testing strategy with full knowledge of the system, usually from an admin perspective.