Scribd
Upload
30 views3 pages

Terms and Definitions From Course 1

The document defines several key cybersecurity terms from Courses 1, Modules 1-3 of a cybersecurity course. It defines terms like cybersecurity, cloud security, internal threat, network security, personally identifiable information, security posture, sensitive personally identifiable information, and technical and transferable skills from Module 1. It also defines cyberattack terms like adversarial artificial intelligence, business email compromise, computer virus, cryptographic attack, hacker, malware, password attack, phishing, physical attack, physical social engineering, social engineering, social media phishing, spear phishing, supply-chain attack, USB baiting, and watering hole attack from Module 2. Finally, it defines cybersecurity framework and governance terms like asset, availability,

Uploaded by

chouketm91
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views3 pages

Terms and Definitions From Course 1

The document defines several key cybersecurity terms from Courses 1, Modules 1-3 of a cybersecurity course. It defines terms like cybersecurity, cloud security, internal threat, network security, personally identifiable information, security posture, sensitive personally identifiable information, and technical and transferable skills from Module 1. It also defines cyberattack terms like adversarial artificial intelligence, business email compromise, computer virus, cryptographic attack, hacker, malware, password attack, phishing, physical attack, physical social engineering, social engineering, social media phishing, spear phishing, supply-chain attack, USB baiting, and watering hole attack from Module 2. Finally, it defines cybersecurity framework and governance terms like asset, availability,

Uploaded by

chouketm91
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Terms and definitions from Course 1, Module 1

Cybersecurity (or security): The practice of ensuring confidentiality, integrity, and


availability of information by protecting networks, devices, people, and data from
unauthorized access or criminal exploitation

Cloud security: The process of ensuring that assets stored in the cloud are properly
configured and access to those assets is limited to authorized users

Internal threat: A current or former employee, external vendor, or trusted partner who poses
a security risk

Network security: The practice of keeping an organization's network infrastructure secure


from unauthorized access

Personally identifiable information (PII): Any information used to infer an individual’s


identity

Security posture: An organization’s ability to manage its defense of critical assets and data
and react to change

Sensitive personally identifiable information (SPII): A specific type of PII that falls under
stricter handling guidelines

Technical skills: Skills that require knowledge of specific tools, procedures, and policies

Threat: Any circumstance or event that can negatively impact assets

Threat actor: Any person or group who presents a security risk

Transferable skills: Skills from other areas that can apply to different careers

Terms and definitions from Course 1, Module 2

Adversarial artificial intelligence (AI): A technique that manipulates artificial intelligence


(AI) and machine learning (ML) technology to conduct attacks more efficiently

Business Email Compromise (BEC): A type of phishing attack where a threat actor
impersonates a known source to obtain financial advantage

Computer virus: Malicious code written to interfere with computer operations and cause
damage to data and software

Cryptographic attack: An attack that affects secure forms of communication between a


sender and intended recipient
Hacker: Any person who uses computers to gain access to computer systems, networks, or
data

Malware: Software designed to harm devices or networks

Password attack: An attempt to access password secured devices, systems, networks, or data

Phishing: The use of digital communications to trick people into revealing sensitive data or
deploying malicious software

Physical attack: A security incident that affects not only digital but also physical
environments where the incident is deployed

Physical social engineering: An attack in which a threat actor impersonates an employee,


customer, or vendor to obtain unauthorized access to a physical location

Social engineering: A manipulation technique that exploits human error to gain private
information, access, or valuables

Social media phishing: A type of attack where a threat actor collects detailed information
about their target on social media sites before initiating the attack

Spear phishing: A malicious email attack targeting a specific user or group of users,
appearing to originate from a trusted source

Supply-chain attack: An attack that targets systems, applications, hardware, and/or software
to locate a vulnerability where malware can be deployed

USB baiting: An attack in which a threat actor strategically leaves a malware USB stick for
an employee to find and install to unknowingly infect a network

Virus: refer to “computer virus”

Vishing: The exploitation of electronic voice communication to obtain sensitive information


or to impersonate a known source

Watering hole attack: A type of attack when a threat actor compromises a website frequently
visited by a specific group of users

Terms and definitions from Course 1, Module 3


Asset: An item perceived as having value to an organization

Availability: The idea that data is accessible to those who are authorized to access it

Compliance: The process of adhering to internal standards and external regulations

Confidentiality: The idea that only authorized users can access specific assets or data
Confidentiality, integrity, availability (CIA) triad: A model that helps inform how
organizations consider risk when setting up systems and security policies

Hacktivist: A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law
established to protect patients' health information

Integrity: The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cyber Security Framework


(CSF): A voluntary framework that consists of standards, guidelines, and best practices to
manage cybersecurity risk

Privacy protection: The act of safeguarding personal information from unauthorized use

Protected health information (PHI): Information that relates to the past, present, or future
physical or mental health or condition of an individual

Security architecture: A type of security design composed of multiple components, such as


tools and processes, that are used to protect an organization from risks and external threats

Security controls: Safeguards designed to reduce specific security risks

Security ethics: Guidelines for making appropriate decisions as a security professional

Security frameworks: Guidelines used for building plans to help mitigate risk and threats to
data and privacy

Security governance: Practices that help support, define, and direct security efforts of an
organization

Sensitive personally identifiable information (SPII): A specific type of PII that falls under
stricter handling guidelines

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy