Term
|
Definition
| Acknowledging a risk but taking no action to address it. |
|
|
Term
|
Definition
| The ability that provides tracking of events. |
|
|
Term
| Advanced Persistent Threat (APT) |
|
Definition
| Multiyear intrusion campaign that targets highly sensitive economic, proprietary, or national security information. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| The steps that ensure that the individual is who he or she claims to be. |
|
|
Term
|
Definition
| The act of providing permission or approval to technology resources. |
|
|
Term
|
Definition
| Security actions that ensure that data is accessible to authorized users |
|
|
Term
|
Definition
| Attacker who sells knowledge of a vulnerability to other attackers or governments. |
|
|
Term
| BYOD (bring your own device) |
|
Definition
| The practice of allowing users to use their own personal devices to connect to an organizational network. |
|
|
Term
| California's Database Security Breach Notification Act |
|
Definition
| The first state electronic privacy law, which covers any state agency, person, or company that does business in California. |
|
|
Term
|
Definition
| Security actions that ensure that only authorized parties can view the information. |
|
|
Term
|
Definition
| A systematic outline of the steps of a cyberattack, introduced at Lockheed Martin in 2011. |
|
|
Term
|
Definition
| Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information. |
|
|
Term
|
Definition
| A network of attackers, identity thieves, spammers, and financial fraudsters |
|
|
Term
|
Definition
A premeditated, politically motivated attack against information, computer
systems, computer programs, and data, which often results in violence. |
|
|
Term
|
Definition
Attacker whose motivation may be defined as ideological, or attacking for
the sake of principles or beliefs. |
|
|
Term
|
Definition
| e Understanding the attacker and then informing him of the consequences of the action. |
|
|
Term
|
Definition
Automated attack package that can be used without an advanced knowledge of
computers. |
|
|
Term
| Gramm-Leach-Bliley Act (GLBA) |
|
Definition
A U.S. law that requires banks and financial institutions
to alert customers of their policies and practices in disclosing customer information. |
|
|
Term
|
Definition
Attacker who attacks for ideological reasons that are generally not as welldefined
as a cyberterrorist’s motivation. |
|
|
Term
| Health Insurance Portability and Accountability Act (HIPAA) |
|
Definition
A U.S. law designed to guard
protected health information and implement policies and procedures to safeguard it. |
|
|
Term
|
Definition
Stealing another person’s personal information, such as a Social Security
number, and then using the information to impersonate the victim, generally for financial
gain. |
|
|
Term
|
Definition
The tasks of protecting the integrity, confidentiality, and availability
of information on the devices that store, manipulate, and transmit the information through
products, people, and procedures |
|
|
Term
|
Definition
Employees, contractors, and business partners who can be responsible for an
attack. |
|
|
Term
|
Definition
Security actions that ensure that the information is correct and no unauthorized
person or malicious software has altered the data. |
|
|
Term
|
Definition
| Addressing a risk by making it less serious. |
|
|
Term
| Payment Card Industry Data Security Standard (PCI DSS) |
|
Definition
A set of security standards that
all U.S. companies processing, storing, or transmitting credit card information must follow |
|
|
Term
|
Definition
| A situation that involves exposure to danger. |
|
|
Term
|
Definition
| Identifying the risk but making the decision to not engage in the activity. |
|
|
Term
| Sarbanes-Oxley Act (Sarbox) |
|
Definition
| A U.S. law designed to fight corporate corruption. |
|
|
Term
|
Definition
Individual who lacks advanced knowledge of computers and networks and so
uses downloaded automated attack software to attack information systems. |
|
|
Term
|
Definition
Attacker commissioned by governments to attack enemies’
information systems. |
|
|
Term
|
Definition
| A type of action that has the potential to cause harm. |
|
|
Term
|
Definition
| A person or element that has the power to carry out a threat. |
|
|
Term
|
Definition
| The probability that a threat will actually occur. |
|
|
Term
|
Definition
| The means by which an attack could occur. |
|
|
Term
|
Definition
| Transferring the risk to a third party. |
|
|
Term
|
Definition
| A flaw or weakness that allows a threat agent to bypass security. |
|
|
