Confidentiality The protection of sensitive information from unauthorized disclosure. Integrity The assurance that data is not modified or destroyed in an unauthorized manner. Availability The assurance that authorized users have access to data and systems when they need it. Authentication The process of verifying the identity of a user, device, or other entity in a computer system. Authorization The process of granting or denying access to a user, device, or other entity in a computer system. Non-repudiation The assurance that a user cannot deny having taken a particular action in a computer system. Access Control The process of controlling who has access to a computer system and what they are allowed to do. Malware Software designed to harm or exploit computer systems, often delivered through malicious email attachments Social Engineering Techniques used to manipulate individuals into divulging sensitive information or performing actions that may Vulnerability A weakness in a system that can be exploited to compromise its security. Exploit The use of a vulnerability to gain unauthorized access to a system or perform unauthorized actions within it. Risk Assessment The process of identifying and analyzing potential risks to a computer system or network. Risk Management The process of mitigating or accepting identified risks to a computer system or network. Disaster Recovery Plan A plan for recovering from a disaster or catastrophic event that disrupts normal business operations. Business Continuity Plan A plan for ensuring that critical business functions can continue in the event of a disaster or catastrophic even Defense in Depth A security strategy that uses multiple layers of defense to protect a computer system or network. Principle of Least Privilege The practice of giving users only the privileges they need to perform their job duties and nothing more. Back Side: The protection of sensitive information from unauthorized disclosure. The assurance that data is not modified or destroyed in an unauthorized manner. The assurance that authorized users have access to data and systems when they need it. The process of verifying the identity of a user, device, or other entity in a computer system. The process of granting or denying access to a user, device, or other entity in a computer system. The assurance that a user cannot deny having taken a particular action in a computer system. The process of controlling who has access to a computer system and what they are allowed to do. Software designed to harm or exploit computer systems, often delivered through malicious email attachme Techniques used to manipulate individuals into divulging sensitive information or performing actions that m A weakness in a system that can be exploited to compromise its security. The use of a vulnerability to gain unauthorized access to a system or perform unauthorized actions within i The process of identifying and analyzing potential risks to a computer system or network. The process of mitigating or accepting identified risks to a computer system or network. A plan for recovering from a disaster or catastrophic event that disrupts normal business operations. A plan for ensuring that critical business functions can continue in the event of a disaster or catastrophic ev A security strategy that uses multiple layers of defense to protect a computer system or network. The practice of giving users only the privileges they need to perform their job duties and nothing more. A document that outlines an organization's policies, procedures, and standards for information security. Technologies and processes designed to prevent the accidental or intentional loss of sensitive data. The practice of securing information by encoding it so that it can only be read by authorized parties using a
