InfoSec Terms

these terms are specifically from my second semester 2nd Test

ISO 27001

An ISO standard that provides information on implementing another ISO security standard and setting up an information security management system.

Security architecture models

Illustrate information security implementations and help organizations make improvements through adaptation.

NIST Risk Management Framework Component 3

Addresses how organizations respond to risk once that risk is determined based on risk assessment results.

SP 800-39

The NIST special publication titled 'Managing InfoSec Risk'.

Access Controls

Regulates the admission of users into trusted areas, both logical access to information systems and physical access to facilities.

ISO 27002

An ISO standard that provides a broad overview of various areas of security.

Single Loss Expectancy (SLE)

The calculated value associated with the most likely loss from a single occurrence of a specific attack.

Organizational feasibility

An analysis that examines how proposed information security alternatives contribute to efficiency, effectiveness, and overall operations.

Principles of Access Control

Built on the principles of least privilege, need-to-know, and separation of duties.

Clark-Wilson Integrity Model

A model based on change control principles, designed for the commercial environment.

Business Impact Analysis

The first phase of contingency planning, assessing the impact of adverse events on an organization.

Information Technology Infrastructure Library (ITIL)

A collection of methods and practices useful for managing the development and operation of IT infrastructures.

NIST Risk Management Framework Component 1

Addresses how organizations frame risk or establish a risk context.

Security Strategy Rule of Thumb

When a vulnerability exists in an important asset, implement security controls to reduce exploitation likelihood.

SP 800-14

The NIST special publication known as 'Generally Accepted Security Principles and Practices'.

Minimizing Exploitable Vulnerabilities

Apply layered protections, architectural designs, and administrative controls when a vulnerability can be exploited.

Mitigation

The risk treatment strategy focusing on planning and preparation to reduce the impact of incidents or disasters.

Baselining

A level of performance used to compare changes.

Bell-LaPadula (BLP) Model

An access control model with security rules preventing information movement from higher to lower security levels.

Incident Candidates

A term used in the Incident Response plan for events that represent potential loss.

Risk Management

A systematic approach to identifying, evaluating, and prioritizing risks to minimize their probability or impact.