Foundations of Cyber Security

CIA Triad

CIA Triad

A model guiding organizations in risk management regarding confidentiality, integrity, and availability.

Compliance

Adhering to internal standards and external regulations.

Security Governance

Practices that define and direct an organization’s security efforts.

Security Ethics

Guidelines for making ethical decisions in security roles.

Security Frameworks

Guidelines for building plans to mitigate risks to data and privacy.

Confidentiality

Ensuring that only authorized users can access specific assets or data.

Integrity

The assurance that data is correct, authentic, and reliable.

Availability

Ensuring that data is accessible to authorized users.

Threat

Any event that can negatively impact assets.

Threat Actor

Individuals or groups posing security risks.

Internal Threat

Current or former employees or trusted partners posing a security risk.

External Threat

Risks posed by individuals or entities outside the organization.

Adversarial Artificial Intelligence

Techniques that manipulate AI and machine learning to conduct attacks efficiently.

Phishing

Digital communications designed to trick individuals into revealing sensitive data.

Spear Phishing

Targeted phishing attacks directed at specific individuals.

Social Engineering

Techniques exploiting human error to gain private information.

Vishing

Exploiting voice communication to obtain sensitive information.

USB Baiting

Leaving malware-infected USB drives for users to find and connect.

Watering Hole Attack

Compromising a website frequented by a specific user group.

Supply-Chain Attack

Targeting vulnerabilities in systems, applications, or software.

Physical Attack

Security incidents affecting both digital and physical environments.

Antivirus Software

Programs used to prevent, detect, and eliminate malware and viruses.

Malware

Software designed to harm devices or networks.

Intrusion Detection System (IDS)

An application that monitors system activity for potential intrusions.

Security Information and Event Management (SIEM)

Applications that collect and analyze log data for monitoring.

Network Security

Practices to secure an organization's network from unauthorized access.

Cloud Security

Ensuring that cloud-stored assets are configured correctly and accessible only to authorized users.

Personally Identifiable Information (PII)

Information that can be used to infer an individual’s identity.

Sensitive Personally Identifiable Information (SPII)

A specific type of PII with stricter handling guidelines.

Protected Health Information (PHI)

Information regarding an individual’s health or medical conditions.

Cybersecurity Analyst

Focuses on monitoring networks for breaches, developing security strategies, and researching IT security trends.

Security Architecture

A design composed of components to protect an organization from risks.

Security Posture

An organization's ability to manage its defense against threats.

Health Insurance Portability and Accountability Act (HIPAA)

U.S. federal law protecting patients’ health information.

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

A voluntary framework with standards to manage cybersecurity risk.