39333158
Description
| Question | Answer |
| Any weakness in a system, procedure or control | Vulnerability |
| Anything that can take advantage of a vulnerability | Threat |
| A measure of the likelihood and consequence of a threat materializing | Risk |
| The amount of risk an organization is willing to take to function | Risk Tolerance |
| Safeguards, countermeasures or protection capability to avoid, detect, counteract, or minimize risks | Security Controls |
| Guidelines and security standards to protect government information and operations | Federal Information Security Modernization Act (FISMA) |
| The US government agency that defines scientific and technical measurements and standards | National Institute of Standards and Technology (NIST) |
| DOS official policy manual | Foreign Affairs Manuals (FAM) |
| DOS official procedures manuals | Foreign Affairs Handbooks (FAHs) |
| Oversees an organization's information, cyber, and technology security | Chief Information Security Officer (CISO) |
| Strategy for managing information security | Information Assurance |
| Processes and tools used to protect information systems | Information Security |
| Unsanctioned use of IT resources | Shadow IT |
| A technically sophisticated and well-funded adversary | Advanced Persistent Threat (APT) |
| An authorized user who knowingly or unknowingly uses their access to cause harm | Insider Threat |
| The process of assessing and prioritizing risks to information and associated systems | Risk Assessment |
| The process of identifying, assessing, and minimizing the impact of risk | Risk Management |
| Implementing countermeasures to reduce risk | Risk Mitigation |
| Ensuring timely and reliable access to and use of information | Availability |
| Making the decision to allow someone to access a system or data | Authorization |
| An authentication system that requires more than one distinct authentication factor for successful authentication | Multi-Factor Authentication (MFA) |
| Granting a person just enough permissions to do their job and no more | Least Privilege |
| Only granting access to information if a user needs it for their job | "Need to Know" |
| Protecting unclassified information from being compiled and used by an adversary | Operations Security (OPSEC) |
| Maintaining data in its original state, without unauthorized modification | Integrity |
| Protecting data from unauthorized access | Confidentiality |
| A security approach where trust is never assumed and access is constantly verified | Zero Trust |
| The ability to prevent a user from denying they authored an electronic message or performed some kind of action | Non-repudiation |
0 comments
Want to create your own Flashcards for free with GoConqr? Learn more.