Week_7_-_Vulnerability_Assessment

Vulnerability Assessment

A proactive security practice to identify and address vulnerabilities to prevent cyberattacks.

Common Vulnerability Scoring System (CVSS)

A risk assessment tool that conveys the attributes and severity of vulnerabilities in software and hardware.

Risk Management

The selection and specification of security controls to manage and reduce risk to an organization.

Network Profiling

The process of understanding and characterizing the normal functioning of a network for security monitoring.

Penetration Testing

Simulated attacks on a network to test the strength of security and identify vulnerabilities.

Anomaly Detection

Techniques used to identify unusual patterns or behaviors in network traffic that may indicate a security breach.

Impact Metrics

Metrics that measure the consequences of a successful exploit based on the CIA triad: confidentiality, integrity, and availability.

Exploitability Metrics

Features of an exploit such as the attack vector, complexity, and user interaction required.

Server Profiling

Establishing the accepted operating state of servers to secure them against vulnerabilities.

Risk Avoidance

Stopping activities that create risk, potentially discontinuing certain operations based on risk assessment.

Malware

Malicious software that can exploit vulnerabilities in networks and devices.

Mobile Device Management (MDM)

Tools and policies used to manage mobile devices, addressing security risks associated with BYOD.

Configuration Management

The process of controlling hardware and software configurations to reduce security risks.

Incident Response

Actions taken to address and manage the consequences of a security breach or cyberattack.

Patch Management

The process of managing software updates to mitigate vulnerabilities in systems and applications.

Network Behavior Analysis (NBA)

Analyzing diverse network data to detect potential security incidents and anomalies.

Risk Sharing

Transferring some of the risk to other parties, such as through outsourcing security operations.

Threat-Vulnerability Pairing

The matching of identified threats with vulnerabilities, serving as a baseline for risk assessment.

CVE Identifiers

Standard names for known cybersecurity vulnerabilities used for research and reference purposes.

Risk Reduction

Taking measures to decrease vulnerabilities and risks in an organization.

Baseline Risk Profile

A reference point established to assess ongoing risks based on criticality and threats.

Big Data Analytics

Techniques used to analyze large sets of data for patterns that may indicate security threats.