What is confidentiality in information security?
Prevents unauthorized access to sensitive data by ensuring that only authorized individuals can view it.
What is integrity in information security?
Maintains data accuracy and reliability by preventing unauthorized modification, deletion, or corruption.
What is availability in information security?
Ensures that data and resources are accessible when needed by authorized users, minimizing disruptions.
What is information security?
The practice of protecting digital information from unauthorized access, modification, and disruptions.
What is authentication in information security?
The process of verifying the identity of a user or entity before granting access to a system or resource.
What is access control in information security?
A security measure that determines who is allowed to access specific data, systems, or resources within an organization.
What is data analysis?
Looking at large amounts of information to identify common patterns and notice when something is different.
What is a hot site?
A fully operational backup facility equipped with all necessary hardware, software, and data to quickly resume operations in case of a disaster. Most expensive but offers the fastest recovery time.
What is a warm site?
A backup facility partially equipped with hardware and software, requiring additional setup before becoming fully operational. Less expensive than a hot site but faster recovery than a cold site.
What is a cold site?
A backup facility that provides only physical space and basic infrastructure for data recovery. Lacks hardware, software, and data, making it the least expensive but with the longest recovery time.
Assets
Resources within an organization (data, systems, devices) that need protection from security threats.
Controls
Security measures or policies designed to protect assets by preventing, detecting, or responding to threats and vulnerabilities.
Threats
Potential dangers that could exploit weaknesses in a system, leading to unauthorized access, data breaches, or system disruptions.
Vulnerabilities
Weaknesses or flaws in a system, process, or security control that could be exploited by threats.
FERPA (Family Educational Rights and Privacy Act)
U.S. law that safeguards student education records and grants access rights to parents and eligible students.
FISMA (Federal Information Security Modernization Act)
U.S. law requiring federal agencies to implement security programs to protect government information and systems.
GRC (Governance, Regulation, and Compliance)
Framework organizations use to align security policies with legal and industry requirements while managing risks effectively.
GDPR (General Data Protection Regulation)
EU law regulating how organizations collect, store, and process personal data to protect individual privacy.
HIPAA (Health Insurance Portability and Accountability Act)
U.S. law establishing standards for protecting sensitive patient health information from unauthorized access.
PCI DSS (Payment Card Industry Data Security Standard)
Security standard for organizations handling credit card transactions to protect payment data from fraud and breaches.
SOX (Sarbanes–Oxley Act)
U.S. law enforcing financial reporting and accountability measures to prevent corporate fraud and protect investors.
Malware
Malicious software like viruses and ransomware that infect systems and steal or encrypt data.
Phishing
Attacks that trick users into revealing sensitive information through deceptive emails or websites.
Denial-of-Service (DoS)
Flooding systems with traffic to make them unavailable to legitimate users.
