CompTIA Security+ Guide to Network Security Ch. Terms

acknowledging a risk but taking no action to address it

acceptance

the ability that provides tracking of events

accounting

multiyear intrusion campaign that targets highly sensitive economic, proprietary, or national security information.

Advanced Persistent Threat (APT)

an item that has value

asset

the steps that ensure that the individual is who he or she claims to be

authentication

the act of providing permission or approval to technology resources

authorization

security actions that ensure that data is accessible to authorized users.

availability

attacker who sells knowledge of a vulnerability to other attackers or government

broker

the practice of allowing users to use their own personal devices to connect to an organizational network

BYOD (bring your own device)

the first state electronic privacy law, which covers any state agency, person, or company that does business in California

California's Database Security Breach Notification Act

security actions that ensure that only authorized parties can view information

confidentiality

a systematic outline of the steps of a cyberattack, introduced at Lockheed Martin in 2011

Cyber Kill Chain

targeted attacks against financial networks, unauthorized access to information, and theft of personal information.

cybercrime

a network of attackers, identity thieves, spammers, and financial fraudsters

cybercriminals

a premeditated, politically motivated attack against information, computer programs, and data which often results in violence

cyberterrorism

attacker whose motivation may be defined as ideological, or attacking for the sake of principals or beliefs

cyberterrorists

understanding the attacker and then informing him of the consequences of the action

deterrence

automated attack package that can be used without an advanced knowledge of computers

exploit kit

A U.S. law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information

Gramm-Leach-Bliley Act (GLBA)

attacker who attacks for idealogical reasons that are generally not as well defined as a cyberterrorists' motivation

hactivist

A U.S. law designed to guard protected health information and implement policies and procedures to safeguard it

Health Insurance Portability and Accountability Act (HIPAA)

stealing another persons personal information, such as a Social Security number, and then using the information to impersonate the victim, generally for financial gain

identity theft

the tasks of protecting the integrity, confidentiality, and availability of information on the devices to store, manipulate, and transmit the information through products, people, and procedures

information security

employees, contractors, and business partners who can be responsible for an attack

insiders

security actions that ensure that the information and is correct and no authorized person or malicious software has altered the data

integrity

addressing a risk by making it less serious

mitigation

a set of security standards that all U.S. companies processing, storing, or transmitting credit card information must follow

Payment Card Industry Data Security Standard (PCI DSS)

a situation that involves exposure to danger

risk

identifying the risk but making the decision to not engage in the activity

risk avoidance

A U.S. law designed to fight corporate corruption

Sarbanes-Oxley Act (Sarbox)

individual who lacks advance knowledge of computers and networks and so uses downloaded automated attack software to attack information systems

script kiddie

attacker commissioned by governments to attack enemies information systems

state-sponsored attacker

a type of action that has the potential to cause harm

threat

a person or element that has the power to carry out a threat

threat agent

the probability that a threat will actually occur

threat liklihood

the means by which an attack could occur

threat vector

transferring the risk to a third party

transference

a flaw or weakness that allows a threat agent to bypass security

vulnerability