CHAPTER 2 ITM

antivirus software

Software installed on computers to regularly scan for viruses in memory and disk drives.

attack vector

The technique used to gain unauthorized access to a device or a network.

biometric authentication

Verifying identity using physiological or behavioral measures, such as fingerprints or voice recognition.

Botnet

A large group of computers controlled remotely by hackers without the owners' knowledge.

bring your own device (BYOD)

A business policy allowing employees to use personal mobile devices for work.

business continuity plan

Document including an organization’s disaster recovery, emergency evacuation, and incident management plans.

CIA security triad

Confidentiality, integrity, and availability—key principles of information security.

computer forensics

The discipline of collecting and preserving data from computer systems for legal evidence.

Cyberespionage

Using malware to secretly steal data from organizations' computer systems.

Cyberterrorism

Using information technology to intimidate or disable national infrastructure for political or ideological goals.

data breach

The unintended release or access of sensitive data by unauthorized individuals.

Department of Homeland Security (DHS)

A federal agency focused on ensuring a safe and secure America against terrorism and threats.

disaster recovery plan

Documented steps for recovering an organization’s IT assets in the event of a disaster.

distributed denial-of-service (DDoS) attack

Cyberattack that floods a target site with demands from compromised computers.

Encryption

The process of converting data into a coded format to prevent unauthorized access.

encryption key

A value used to transform plaintext into ciphertext, making it unreadable without the key.

Exploit

An attack that takes advantage of vulnerabilities in an information system.

Failover

Backup technique that switches applications to a redundant system to avoid service interruptions.

Firewall

System that monitors and controls incoming and outgoing network traffic based on security policies.

intrusion detection system (IDS)

System that monitors network traffic for security breaches and notifies personnel.

managed security service provider (MSSP)

Company that manages and maintains security for other organizations' networks.

mission-critical processes

Processes essential for an organization’s operations and achieving its goals.

next-generation firewall (NGFW)

Advanced firewall that can detect and block complex cyberattacks based on traffic content.

Ransomware

Malware that restricts access to a computer or data until demands are met.

reasonable assurance

The balance managers must find between control costs and system benefits or risks.

risk assessment

The process of evaluating security risks to an organization’s IT infrastructure.

security audit

Process for identifying threats, assessing current security, and planning improvements.

security policy

Document defining security requirements and necessary controls within an organization.

Transport Layer Security (TLS)

Protocol ensuring privacy and security for communications over the Internet.

U.S. Computer Emergency Readiness Team (US-CERT)

Partnership established to manage security incidents and improve analysis of threats.

virus signature

Code that detects a specific virus presence in a computer system.

zero-day attack

An attack that occurs before a security vulnerability is known and fixed.