Uploaded by chandasubba490

security+ Flashcards

advertisement
Confidentiality
The protection of sensitive information from unauthorized disclosure.
Integrity
The assurance that data is not modified or destroyed in an unauthorized manner.
Availability
The assurance that authorized users have access to data and systems when they need it.
Authentication
The process of verifying the identity of a user, device, or other entity in a computer system.
Authorization
The process of granting or denying access to a user, device, or other entity in a computer system.
Non-repudiation
The assurance that a user cannot deny having taken a particular action in a computer system.
Access Control
The process of controlling who has access to a computer system and what they are allowed to do.
Malware
Software designed to harm or exploit computer systems, often delivered through malicious email attachments
Social Engineering
Techniques used to manipulate individuals into divulging sensitive information or performing actions that may
Vulnerability
A weakness in a system that can be exploited to compromise its security.
Exploit
The use of a vulnerability to gain unauthorized access to a system or perform unauthorized actions within it.
Risk Assessment
The process of identifying and analyzing potential risks to a computer system or network.
Risk Management
The process of mitigating or accepting identified risks to a computer system or network.
Disaster Recovery Plan
A plan for recovering from a disaster or catastrophic event that disrupts normal business operations.
Business Continuity Plan
A plan for ensuring that critical business functions can continue in the event of a disaster or catastrophic even
Defense in Depth
A security strategy that uses multiple layers of defense to protect a computer system or network.
Principle of Least Privilege
The practice of giving users only the privileges they need to perform their job duties and nothing more.
Back Side:
The protection of sensitive information from unauthorized disclosure.
The assurance that data is not modified or destroyed in an unauthorized manner.
The assurance that authorized users have access to data and systems when they need it.
The process of verifying the identity of a user, device, or other entity in a computer system.
The process of granting or denying access to a user, device, or other entity in a computer system.
The assurance that a user cannot deny having taken a particular action in a computer system.
The process of controlling who has access to a computer system and what they are allowed to do.
Software designed to harm or exploit computer systems, often delivered through malicious email attachme
Techniques used to manipulate individuals into divulging sensitive information or performing actions that m
A weakness in a system that can be exploited to compromise its security.
The use of a vulnerability to gain unauthorized access to a system or perform unauthorized actions within i
The process of identifying and analyzing potential risks to a computer system or network.
The process of mitigating or accepting identified risks to a computer system or network.
A plan for recovering from a disaster or catastrophic event that disrupts normal business operations.
A plan for ensuring that critical business functions can continue in the event of a disaster or catastrophic ev
A security strategy that uses multiple layers of defense to protect a computer system or network.
The practice of giving users only the privileges they need to perform their job duties and nothing more.
A document that outlines an organization's policies, procedures, and standards for information security.
Technologies and processes designed to prevent the accidental or intentional loss of sensitive data.
The practice of securing information by encoding it so that it can only be read by authorized parties using a
Download