Western Governors University D 333
Chapter 1: Security Principles
76 studiers today 4.8 (146 reviews)
Save
Students also studied
Flashcard sets Study guides
Chapter 2: Incident Response, Busin... Chapter 4: Network Security Chapter 3: Access Controls Concept... (ISC)2 C
Teacher 16 terms Teacher 38 terms Teacher 28 terms 598 term
ISC2Education Preview ISC2Education Preview ISC2Education Preview Way
Terms in this set (57) Hide definitions
Adequate Security Security commensurate with the risk and the magnitude of harm resulting from the
loss, misuse or unauthorized access to or modification of information. Source:
OMB Circular A-130
Administrative Controls Controls implemented through policy and procedures. Examples include access
control processes and requiring multiple personnel to conduct a specific
operation. Administrative controls in modern environments are often enforced in
conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence The ability of computers and robots to simulate human intelligence and behavior.
Asset Anything of value that is owned by an organization. Assets include both tangible
items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication The act of identifying or verifying the eligibility of a station, originator, or
individual to access specific categories of information. Typically, a measure
designed to protect against fraudulent transmissions by establishing the validity of
a transmission, message, station or originator.
Authorization The right or a permission that is granted to a system entity to access a system
resource. NIST 800-82 Rev.2
Availability Ensuring timely and reliable access to and use of information by authorized users.
, Baseline A documented, lowest level of security configuration allowed by a standard or
organization.
Biometric Biological characteristics of an individual, such as a fingerprint, hand geometry,
voice, or iris patterns.
Bot Malicious code that acts like a remotely controlled "robot" for an attacker, with
other Trojan and worm capabilities.
Classified or Sensitive Information Information that has been determined to require protection against unauthorized
disclosure and is marked to indicate its classified status and classification level
when in documentary form.
Confidentiality The characteristic of data or information when it is not made available or
disclosed to unauthorized persons or processes. NIST 800-66
Criticality A measure of the degree to which an organization depends on the information or
information system for the success of a mission or of a business function. NIST SP
800-60 Vol. 1, Rev. 1
Data Integrity The property that data has not been altered in an unauthorized manner. Data
integrity covers data in storage, during processing and while in transit. Source:
NIST SP 800-27 Rev A
Encryption The process and act of converting the message from its plaintext to ciphertext.
Sometimes it is also referred to as enciphering. The two terms are sometimes used
interchangeably in literature and have similar meanings.
General Data Protection Regulation (GDPR) In 2016, the European Union passed comprehensive legislation that addresses
personal privacy, deeming it an individual human right.
Governance The process of how an organization is managed; usually includes all aspects of
how decisions are made for that organization, such as policies, roles, and
procedures the organization uses to make those decisions.
Health Insurance Portability and Accountability Act This U.S. federal law is the most important healthcare information regulation in the
(HIPAA) United States. It directs the adoption of national standards for electronic
healthcare transactions while protecting the privacy of individual's health
information. Other provisions address fraud reduction, protections for individuals
with health insurance and a wide range of other healthcare-related activities. Est.
1996.
Impact The magnitude of harm that could be caused by a threat's exercise of a
vulnerability.
Information Security Risk The potential adverse impacts to an organization's operations (including its
mission, functions and image and reputation), assets, individuals, other
organizations, and even the nation, which results from the possibility of
unauthorized access, use, disclosure, disruption, modification or destruction of
information and/or information systems.
Chapter 1: Security Principles
76 studiers today 4.8 (146 reviews)
Save
Students also studied
Flashcard sets Study guides
Chapter 2: Incident Response, Busin... Chapter 4: Network Security Chapter 3: Access Controls Concept... (ISC)2 C
Teacher 16 terms Teacher 38 terms Teacher 28 terms 598 term
ISC2Education Preview ISC2Education Preview ISC2Education Preview Way
Terms in this set (57) Hide definitions
Adequate Security Security commensurate with the risk and the magnitude of harm resulting from the
loss, misuse or unauthorized access to or modification of information. Source:
OMB Circular A-130
Administrative Controls Controls implemented through policy and procedures. Examples include access
control processes and requiring multiple personnel to conduct a specific
operation. Administrative controls in modern environments are often enforced in
conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence The ability of computers and robots to simulate human intelligence and behavior.
Asset Anything of value that is owned by an organization. Assets include both tangible
items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication The act of identifying or verifying the eligibility of a station, originator, or
individual to access specific categories of information. Typically, a measure
designed to protect against fraudulent transmissions by establishing the validity of
a transmission, message, station or originator.
Authorization The right or a permission that is granted to a system entity to access a system
resource. NIST 800-82 Rev.2
Availability Ensuring timely and reliable access to and use of information by authorized users.
, Baseline A documented, lowest level of security configuration allowed by a standard or
organization.
Biometric Biological characteristics of an individual, such as a fingerprint, hand geometry,
voice, or iris patterns.
Bot Malicious code that acts like a remotely controlled "robot" for an attacker, with
other Trojan and worm capabilities.
Classified or Sensitive Information Information that has been determined to require protection against unauthorized
disclosure and is marked to indicate its classified status and classification level
when in documentary form.
Confidentiality The characteristic of data or information when it is not made available or
disclosed to unauthorized persons or processes. NIST 800-66
Criticality A measure of the degree to which an organization depends on the information or
information system for the success of a mission or of a business function. NIST SP
800-60 Vol. 1, Rev. 1
Data Integrity The property that data has not been altered in an unauthorized manner. Data
integrity covers data in storage, during processing and while in transit. Source:
NIST SP 800-27 Rev A
Encryption The process and act of converting the message from its plaintext to ciphertext.
Sometimes it is also referred to as enciphering. The two terms are sometimes used
interchangeably in literature and have similar meanings.
General Data Protection Regulation (GDPR) In 2016, the European Union passed comprehensive legislation that addresses
personal privacy, deeming it an individual human right.
Governance The process of how an organization is managed; usually includes all aspects of
how decisions are made for that organization, such as policies, roles, and
procedures the organization uses to make those decisions.
Health Insurance Portability and Accountability Act This U.S. federal law is the most important healthcare information regulation in the
(HIPAA) United States. It directs the adoption of national standards for electronic
healthcare transactions while protecting the privacy of individual's health
information. Other provisions address fraud reduction, protections for individuals
with health insurance and a wide range of other healthcare-related activities. Est.
1996.
Impact The magnitude of harm that could be caused by a threat's exercise of a
vulnerability.
Information Security Risk The potential adverse impacts to an organization's operations (including its
mission, functions and image and reputation), assets, individuals, other
organizations, and even the nation, which results from the possibility of
unauthorized access, use, disclosure, disruption, modification or destruction of
information and/or information systems.
