Term
|
Definition
| a potentially negative occurrence |
|
|
Term
|
Definition
| seeks to prevent the unauthorized disclosure of information: it keeps data secret |
|
|
Term
|
Definition
| seeks to prevent unauthorized modification of information. In other words, integrity seeks to prevent unauthorized write access to data. Integrity also seeks to ensure data that is written in an authorized manner is complete and accurate. |
|
|
Term
|
Definition
| ensures that information is available when needed |
|
|
Term
|
Definition
| An active entity on an information system |
|
|
Term
|
Definition
|
|
Term
| Annualized Loss Expectancy |
|
Definition
| the cost of loss due to a risk over a year |
|
|
Term
|
Definition
|
|
Term
|
Definition
| a matched threat and vulnerability |
|
|
Term
|
Definition
| a measure taken to reduce risk |
|
|
Term
|
Definition
|
|
Term
|
Definition
| money saved by deploying a safeguard |
|
|
Term
|
Definition
| Confidentiality, Integrity, and Availability |
|
|
Term
|
Definition
| disclosure, alteration, and destruction - Counterpoint to CIA |
|
|
Term
| An example of a confidentiality attack |
|
Definition
| Theft of PII such as SSNs or Credit Card info |
|
|
Term
|
Definition
| protect information against unauthorized modification |
|
|
Term
| An example of attack on availability |
|
Definition
|
|
Term
|
Definition
| Authorization, Authentication, Accountability |
|
|
Term
|
Definition
| informal- doing what a reasonable person would do. It is sometimes called the “prudent man” rule |
|
|
Term
|
Definition
| follows a process - management of due care. |
|
|
Term
|
Definition
|
|
