Remote Journaling
Continuous transmission of transaction logs to a remote location
Incident
Any unplanned event that negatively impacts the confidentiality, integrity, or availability of an organization’s data that requires a response
Business Impact Analysis (BIA)
Process that identifies and evaluates the effects of an organization not being able to maintain their Mission Essential Functions (MEFs)
3-2-1 Backup Rule
Three copies of data
Stored across two different media types
One copy stored off-site (disconnected)
False Acceptance Rate (FAR)
Measures how often unauthorized individuals are mistakenly identified as legitimate users
False Rejection Rate (FRR)
Tracks how often legitimate users are wrongly denied access
Crossover Error Rate (CER)
Point where the FAR and FRR are equal
GDPR
EU’s General Data Protection Regulation
Individual’s can access, correct, delete, and transfer their personal data
CCPA
California Consumer Privacy Act
Provides California residents with the right to know what data is being collected
SHIELD Act
New York’s Stop Hacks and Improve Electronic Data Security Act
Focuses on data security, ensuring organizations take reasonable steps to protect personal data and notify individuals in the event of a breach
Data Sovereignty
Refers to the principle that data is subject to the laws and regulations of the country in which it is collected and/or stored
NIST RMF
Provides a method for managing risk, including categorizing information systems, selecting security controls, and monitoring effectiveness
COSO ERM
Aligns risk management with business strategy, functioning like a strategic planner for risk
Emphasizes the alignment of risk management with business strategy and objectives
OCTAVE
A hands-on framework designed to assess risks, threats, and vulnerabilities specific to organizational assets with a focus on IT infrastructure
FAIR
A framework that focuses on quantifying risk in financial terms, enabling decision-makers to better understand the monetary impact of security threats
Risk Assessment
Identifies, analyzes, and evaluates potential impact of risks and guides the implementation of mitigation strategies
Due Diligence
Process of thoroughly evaluating reliability, risks, and integrity before entering into a partnership
Due Care
Process of continuously taking reasonable steps to prevent harm and mitigate risks, ensuring that the operations remain secure
Subprocessor
A third-party entity that a vendor or service provider outsources certain functions to
-
Governance28
-
Risk Management19
-
Compliance33
-
Resilient System Design45
-
Secure Architecture Design16
-
Security in Systems38
-
Access, Authentication, Authorization5
-
Hardware Security7
-
PKI Architecture39
-
Troubleshooting IAM15
-
Troubleshooting Network Infrastructure26
-
Cloud Security31
-
Specialized System Security9
-
Automated Security Operations7
-
Integrated Security and Automation16
-
Artificial Intelligence17
-
Vulnerabilities and Attacks26
-
Detection and Mitigation7
-
Threat Modeling Considerations5
-
Threat Modeling Frameworks15
-
Attack Surface Determination11
-
Indication Analysis19
-
REVIEW217
-
Cryptographic Types13
-
802.1x and Authentication Protocols9
