Authentication
A type of authentication that requires the user to provide something that they know, such as a password or PIN.
Authorization
The process of giving someone permission to do or have something. Ex: Authorization to certain rooms
Accountability
The process of monitoring and recording what someone has accessed or modified in the system
Multi-factor Authentication
Authentication that requires two or more evidences of authentication, usually of different types.
Single Sign-on
A method of authenticating with one system to gain access to other related systems.
Device Password
A security concern regarding network devices and other devices, such smartphones, that give the option of using the device without a password.
Firewall
A device that controls the flow of network traffic to protect systems from unauthorized network connections.
Anti-Malware Software
Software that helps protect against malicious software infections.
Anti-Spam Software
Software that helps remove unwanted, unsolicited email.
Ecommerce
The buying and selling of products or services electronically, typically through the Internet.
Public/Private Classification
An attribute used to classify information based on the risk of public disclosure.
Government/Military Classification
A scheme for classifying information based on government and military requirements.
Data Destruction Policy
Directions for disposing and even destroying data when it's no longer needed or when a storage device needs to be replaced.
Data Redundancy
A method of increasing fault tolerance by storing data in a way that ensures that the data is recoverable in case of hardware failures. RAID arrays and replication are two data redundancy strategies.
Network Redundancy
A method of increasing fault tolerance by providing multiple network paths between hosts.
Power Redundancy
A method of increasing fault tolerance by providing power backups and power failover.
Network Attached Storage
A device that contains one or more hard drives that users can access over the network.
Ad Hoc Backup
Unscheduled backups performed periodically.
Regular Backup
Regularly scheduled backups.
System Backup
A backup of the system software, including operating system files.
Database Backup
A backup of data stored in a database.
Local Backup
Backups that are stored in the same building or even the same room as the computer systems they are taken from.
Off-site Backup
Backups that are stored at a location far enough from a possible natural disaster while being close enough to recover the data and systems within a reasonable amount of time.
Disaster Recovery
An area of security planning with the goal of protecting an organization from the effects of a natural or human-induced disaster.
Business Continuity
The process of creating systems of prevention and recovery to permit ongoing operation, before and during disaster recovery.
Systems Administrator
Concerning security, a person responsible for securing networks and responding to intrusions.
Computer Forensics Expert
A person who works closely with law enforcement officials to investigate security breaches, cyber-attacks, and other crimes.
Security Analyst
A person who is in charge of designing and implementing security methods to protect an organization's computer systems and networks.
Social Engineering
hackers use their social skills to trick people into revealing access credentials or other valuable information
Phishing
E-mail or pop-up message; usually looks like it's from a legitimate financial institution and TRICKS you into provide your personal information in order to fix a problem with your account
Impersonation/ Identity Theft
Someone who is pretending to be another person. They may use your name and other personal information.
Shredding
A procedure to destroy documents to protect your financial information and PII
Personally Identifiable Information (PII)
the name, postal address, or any other information that allows tracking down the specific person who owns a device
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
shoulder surfing
Watching an authorized user enter a security code or password on a keypad/keyboard.
Security Training
teaching computer users not to click on communications or software that they are not expecting to receive
Security Policies
Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be, require employees to go through security training, or have users log-out of there comp
Fault Tolerance
the ability for a system to respond to unexpected failures or system crashes by using a backup system immediately and automatically takes over with no loss of service
Outage Cost
Financial damage and reputational damage, causing the company to lose money and customers.
Device Hardening
Security tasks used to reduce the scope
of the device's vulnerability and attack surface.
Antivirus Software
Software used to detect and eliminate computer viruses and other types of malware.
Malware
software designed to infiltrate or damage a computer system without the user's informed consent.
-Spyware
-Adware
-Trojan Horse
-Ransomware
Patch Management
The practice of monitoring for, evaluating,
testing, and installing software patches and updates.
OEM (Original Equipment Manufacturer)
The original manufacturer of a hardware component or sub-component.
Signed Code
Code that is digitally signed by the creator; great for Microsoft and Google, not really important for small users with no inherit credibility
Abandon ware
computer software that is no longer distributed or supported by the developer or copyright holder.
biometric authentication
uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users
Quarantine
The process of separating malware or malicious software from the computers primary system
Updates
Changes to formally controlled documentation, plans etc., to reflect modified or additional ideas or content.
Firmware
Software that is permanently stored in a chip. The BIOS on a motherboard is an example of firmware.
virus definition
The characteristics of a list of known viruses.
Access Control List (ACL)
A clearly defined list of permissions that specifies what actions a user may perform on a shared resource or if they are authorized to use it at all
Role-Based Access Control (RBAC)
A control system in which access decisions are based on the roles of individual users as part of an organization. Roles could go under Job Title or Department
Mandatory Access Control (MAC)
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
Rule-Based Access Control
An access control model that based on a list of predefined rules that determine what accesses should be granted
Non-repudiation
The security goal of ensuring that data remains associated with the party that creates it or sends a transmission.
Hardware Token
A device held by a user that displays a number or a password that changes frequently, such as every 60 seconds. The number is synchronized with a server and used as a onetime password.
Software Token
An app, or other software that generates a token for authentication.
Something you know
An authentication factor indicating knowledge, such as a password or PIN.
Something you have
An authentication factor using something physical, such as a smart card or token.
Something you are
Authentication factor that relies on a physical characteristic (fingerprint, face, eye, palm)
Least Privilege
Providing only the minimum amount of privileges necessary to perform a job or function.
Default password
Password on system administration, user, or service accounts predefined in a system, application, or device; usually associated with default account. Default accounts and passwords are published and well known, and therefore easily guessed.
Global Positioning System (GPS)
A system that determines the precise position of something on Earth through a series of satellites, tracking stations, and receivers.
Indoor Position System (IDS)
System that determines the precise location of something or someone in an indoor space.
Single Sign On (SSO)
Using one authentication credential to access multiple accounts or applications.
plain text
Text or message which contains no encryption
Cipher text
Message data after it has been encrypted.
Symmetric Encryption
An encryption method in which the same key is used to encrypt and decrypt a message. The key in this case is the algorithm used to translate the message.
Encryption
Process of converting readable data into unreadable characters or scrambling data
Cipher types
-3DES
-AES
-RC
-Blowfish/Twofish
Asymmetric Encryption
a type of cryptographic based on algorithms that require two keys - one of which is secret (or private) and one of which is public (freely known to others).
Public Key Infrastructure (PKI)
A framework for managing all of the entities involved in creating, storing, distributing, and revoking digital certificates.
digital signature
a means of electronically signing a document with data that cannot be forged
digital certificate
a data file that uniquely identifies individuals or organizations online and is comparable to a digital signature
Public Key
One of the keys used in asymmetric encryption systems. It is widely distributed and available to everyone.
Private Key
In an asymmetric encryption scheme the decryption key is kept private and never shared.
Virtual Private Network (VPN)
Companies can establish direct private network links among themselves or create private, secure Internet access, in effect a "private tunnel" within the Internet to another Network
Dictionary Attack
Attempt to break a password by trying all possible words.
Brute Force Attack
A password-cracking program that tries every possible combination of characters, given only part of the passwords