Glossary terms from week 1
Terms and definitions from Course 2, Week 1
Assess: The fifth step of the NIST RMF that means to determine if established controls are implemented correctly
Business continuity: An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans
Categorize: The second step of the NIST RMF that is used to develop risk management processes and tasks
External threat: Anything outside the organization that has the potential to harm organizational assets
Implement: The fourth step of the NIST RMF that means to implement security and privacy plans for an organization
Internal threat: A current or former employee, external vendor, or trusted partner who poses a security risk
Monitor: The seventh step of the NIST RMF that means be aware of how systems are operating
Prepare: The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access
Risk: Anything that can impact the confidentiality, integrity, or availability of an asset
Risk mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
Security posture: An organization’s ability to manage its defense of critical assets and data and react to change
Select: The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization
Vulnerability: A weakness that can be exploited by a threat