Glossary Cybersecurity Terms and definitions from Course 2

A
Antivirus software: A software program used to prevent, detect, and eliminate
malware and viruses
Assess: The fifth step of the NIST RMF that means to determine if established controls
are implemented correctly
Asset: An item perceived as having value to an organization
Attack vectors: The pathways attackers use to penetrate security defenses
Authentication: The process of verifying who someone is
Authorization: The concept of granting access to specific resources in a system
Authorize: The sixth step of the NIST RMF that refers to being accountable for the
security and privacy risks that might exist in an organization
Availability: The idea that data is accessible to those who are authorized to access it

B
Biometrics: The unique physical characteristics that can be used to verify a person’s
identity
Business continuity: An organization's ability to maintain their everyday productivity
by establishing risk disaster recovery plans

C
Categorize: The second step of the NIST RMF that is used to develop risk
management processes and tasks
Chronicle: A cloud-native tool designed to retain, analyze, and search data
Confidentiality: The idea that only authorized users can access specific assets or data
Confidentiality, integrity, availability (CIA) triad: A model that helps inform how
organizations consider risk when setting up systems and security policies

D
Detect: A NIST core function related to identifying potential security incidents and
improving monitoring capabilities to increase the speed and efficiency of detections

E
Encryption: The process of converting data from a readable format to an encoded
format
External threat: Anything outside the organization that has the potential to harm
organizational assets

I
Identify: A NIST core function related to management of cybersecurity risk and its
effect on an organization’s people and assets
Implement: The fourth step of the NIST RMF that means to implement security and
privacy plans for an organization
Incident response: An organization’s quick attempt to identify an attack, contain the
damage, and correct the effects of a security breach

Integrity: The idea that the data is correct, authentic, and reliable
Internal threat: A current or former employee, external vendor, or trusted partner who
poses a security risk

L
Log: A record of events that occur within an organization’s systems

M
Metrics: Key technical attributes such as response time, availability, and failure rate,
which are used to assess the performance of a software application
Monitor: The seventh step of the NIST RMF that means be aware of how systems are
operating

N
National Institute of Standards and Technology (NIST) Cybersecurity Framework
(CSF): A voluntary framework that consists of standards, guidelines, and best
practices to manage cybersecurity risk
National Institute of Standards and Technology (NIST) Special Publication (S.P.)
800-53: A unified framework for protecting the security of information systems within
the U.S. federal government

O
Open Web Application Security Project/Open Worldwide Application Security
Project (OWASP): A non-profit organization focused on improving software security
Operating system (OS): The interface between computer hardware and the user

P
Playbook: A manual that provides details about any operational action
Prepare: The first step of the NIST RMF related to activities that are necessary to
manage security and privacy risks before a breach occurs
Protect: A NIST core function used to protect an organization through the
implementation of policies, procedures, training, and tools that help mitigate
cybersecurity threats

R
Ransomware: A malicious attack where threat actors encrypt an organization’s data
and demand payment to restore access
Recover: A NIST core function related to returning affected systems back to normal
operation
Respond: A NIST core function related to making sure that the proper procedures are
used to contain, neutralize, and analyze security incidents, and implement
improvements to the security process
Risk: Anything that can impact the confidentiality, integrity, or availability of an asset
Risk mitigation: The process of having the right procedures and rules in place to
quickly reduce the impact of a risk like a breach

S
Security audit: A review of an organization's security controls, policies, and
procedures against a set of expectations
Security controls: Safeguards designed to reduce specific security risks
Security frameworks: Guidelines used for building plans to help mitigate risk and
threats to data and privacy

Security information and event management (SIEM): An application that collects
and analyzes log data to monitor critical activities in an organization
Security orchestration, automation, and response (SOAR): A collection of
applications, tools, and workflows that use automation to respond to security events
Security posture: An organization’s ability to manage its defense of critical assets and
data and react to change
Select: The third step of the NIST RMF that means to choose, customize, and capture
documentation of the controls that protect an organization
Shared responsibility: The idea that all individuals within an organization take an
active role in lowering risk and maintaining both physical and virtual security
Social engineering: A manipulation technique that exploits human error to gain
private information, access, or valuables
Splunk Cloud: A cloud-hosted tool used to collect, search, and monitor log data
Splunk Enterprise: A self-hosted tool used to retain, analyze, and search an
organization's log data to provide security information and alerts in real-time

T
Threat: Any circumstance or event that can negatively impact assets

V
Vulnerability: A weakness that can be exploited by a threat