ISC2 Certified in Cybersecurity (CC) Domain 1: Security Principles

Asset

A resource, person, or information of value to an organization that requires protection.

Threat

Any circumstance or event with the potential to harm an asset or organization.

Vulnerability

A weakness in a system, process, or control that can be exploited by a threat.

Risk

The potential for a loss or damage to an asset due to a threat exploiting a vulnerability.

Risk Assessment

The process of identifying, analyzing, and prioritizing risks to determine their potential impact.

Risk Mitigation

Actions or strategies taken to reduce the likelihood or impact of a risk.

Confidentiality

Ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Ensuring the accuracy, consistency, and reliability of data throughout its lifecycle.

Availability

Ensuring that information and resources are accessible when required.

Security Control

A safeguard or countermeasure implemented to manage or reduce security risks.

Preventive Control

A security measure designed to prevent a security incident from occurring.

Detective Control

A security mechanism designed to identify and alert about security incidents.

Corrective Control

A control designed to restore systems or data after a security incident occurs.

Governance

The framework of policies, procedures, and processes used to ensure effective security management.

Compliance

Adherence to laws, regulations, and standards governing information security practices.

Incident Response

The organized approach to managing and mitigating the effects of a security breach.

Acceptable Use Policy

A document defining the acceptable use of organizational assets by users.

Access Control

The process of ensuring that only authorized individuals have access to systems and information.

Business Continuity Plan

A plan to ensure the continuation of critical business functions during and after a crisis.

Audit Trail

A record of activities and transactions used to monitor security events and detect anomalies.

Asset

A resource, person, or information of value to an organization that requires protection.

Threat

Any circumstance or event with the potential to harm an asset or organization.

Vulnerability

A weakness in a system, process, or control that can be exploited by a threat.

Risk

The potential for a loss or damage to an asset due to a threat exploiting a vulnerability.

Risk Assessment

The process of identifying, analyzing, and prioritizing risks to determine their potential impact.

Risk Mitigation

Actions or strategies taken to reduce the likelihood or impact of a risk.

Confidentiality

Ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Ensuring the accuracy, consistency, and reliability of data throughout its lifecycle.

Availability

Ensuring that information and resources are accessible when required.

Security Control

A safeguard or countermeasure implemented to manage or reduce security risks.

Preventive Control

A security measure designed to prevent a security incident from occurring.

Detective Control

A security mechanism designed to identify and alert about security incidents.

Corrective Control

A control designed to restore systems or data after a security incident occurs.

Governance

The framework of policies, procedures, and processes used to ensure effective security management.

Compliance

Adherence to laws, regulations, and standards governing information security practices.

Incident Response

The organized approach to managing and mitigating the effects of a security breach.

Acceptable Use Policy

A document defining the acceptable use of organizational assets by users.

Access Control

The process of ensuring that only authorized individuals have access to systems and information.

Business Continuity Plan

A plan to ensure the continuation of critical business functions during and after a crisis.

Audit Trail

A record of activities and transactions used to monitor security events and detect anomalies.

Asset

A resource, person, or information of value to an organization that requires protection.

Threat

Any circumstance or event with the potential to harm an asset or organization.

Vulnerability

A weakness in a system, process, or control that can be exploited by a threat.

Risk

The potential for a loss or damage to an asset due to a threat exploiting a vulnerability.

Risk Assessment

The process of identifying, analyzing, and prioritizing risks to determine their potential impact.

Risk Mitigation

Actions or strategies taken to reduce the likelihood or impact of a risk.

Confidentiality

Ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Ensuring the accuracy, consistency, and reliability of data throughout its lifecycle.

Availability

Ensuring that information and resources are accessible when required.

Security Control

A safeguard or countermeasure implemented to manage or reduce security risks.

Preventive Control

A security measure designed to prevent a security incident from occurring.

Detective Control

A security mechanism designed to identify and alert about security incidents.

Corrective Control

A control designed to restore systems or data after a security incident occurs.

Governance

The framework of policies, procedures, and processes used to ensure effective security management.

Compliance

Adherence to laws, regulations, and standards governing information security practices.

Incident Response

The organized approach to managing and mitigating the effects of a security breach.

Acceptable Use Policy

A document defining the acceptable use of organizational assets by users.

Access Control

The process of ensuring that only authorized individuals have access to systems and information.

Business Continuity Plan

A plan to ensure the continuation of critical business functions during and after a crisis.

Audit Trail

A record of activities and transactions used to monitor security events and detect anomalies.

Asset

A resource, person, or information of value to an organization that requires protection.

Threat

Any circumstance or event with the potential to harm an asset or organization.

Vulnerability

A weakness in a system, process, or control that can be exploited by a threat.

Risk

The potential for a loss or damage to an asset due to a threat exploiting a vulnerability.

Risk Assessment

The process of identifying, analyzing, and prioritizing risks to determine their potential impact.

Risk Mitigation

Actions or strategies taken to reduce the likelihood or impact of a risk.

Confidentiality

Ensuring that sensitive information is only accessible to authorized individuals.

Integrity

Ensuring the accuracy, consistency, and reliability of data throughout its lifecycle.

Availability

Ensuring that information and resources are accessible when required.

Security Control

A safeguard or countermeasure implemented to manage or reduce security risks.

Preventive Control

A security measure designed to prevent a security incident from occurring.

Detective Control

A security mechanism designed to identify and alert about security incidents.

Corrective Control

A control designed to restore systems or data after a security incident occurs.

Governance

The framework of policies, procedures, and processes used to ensure effective security management.

Compliance

Adherence to laws, regulations, and standards governing information security practices.

Incident Response

The organized approach to managing and mitigating the effects of a security breach.

Acceptable Use Policy

A document defining the acceptable use of organizational assets by users.

Access Control

The process of ensuring that only authorized individuals have access to systems and information.

Business Continuity Plan

A plan to ensure the continuation of critical business functions during and after a crisis.

Audit Trail

A record of activities and transactions used to monitor security events and detect anomalies.

Zero Trust

A security model that requires strict verification for every access attempt, regardless of the user's location.

Security Posture

The overall state of an organization's security, including its controls, policies, and procedures.

Change Management

A structured process for handling changes to systems, minimizing risks and disruptions.

Risk Register

A documented record of identified risks, their analysis, and the mitigation measures.

Control Framework

A structured set of guidelines and controls for implementing security policies.

Incident Management

The process of detecting, analyzing, and responding to security incidents.

Key Risk Indicator (KRI)

A metric used to signal potential risks that could impact organizational objectives.

Penetration Testing

A simulated attack on a system to identify vulnerabilities before they can be exploited.

Gap Analysis

A comparison of the current state of security with the desired state to identify areas for improvement.

Asset Inventory

A comprehensive list of all assets in an organization, including their value and criticality.

Third-Party Assessment

Evaluating external vendors or partners to ensure they meet security requirements.

Risk Avoidance

Eliminating an activity or process to entirely remove the associated risk.

Security Baseline

A minimum set of security controls required to protect systems and data.

Control Effectiveness

The degree to which a security control reduces or mitigates a specific risk.

Security Governance Committee

A group responsible for overseeing and aligning security with business objectives.

Continuous Improvement

Ongoing efforts to enhance security processes, policies, and controls.

Supply Chain Risk

Risks introduced through the dependencies on suppliers and service providers.

Acceptable Risk

The level of risk deemed tolerable for an organization to achieve its goals.

Data Retention Policy

Defines how long data is kept and the processes for its secure disposal.

Digital Forensics

The process of collecting and analyzing digital evidence to investigate security incidents.