Skip to main content

Wrap-up; terms and definitions from course 5, week 1

Well done! You made it to the end of this section!
Being a security practitioner takes commitment and a desire to learn.
A big part of the job involves keeping current with best practices and emerging trends.
Thinking back on my own journey into the world of security, I'm so proud of you for your continued commitment.
We've covered a lot of material this week, and this is a good time to reflect and look back
on the key concepts we explored together.

We covered the building blocks of organizational risk management: assets, threats, and vulnerabilities. 

We also spent some time demonstrating the importance of asset inventories.
It's much easier to protect company assets if you know where they are and who's responsible for them.

After that, we moved on to explore the challenges in a rapidly changing digital world.
Part of protecting data in this world is understanding if it's in use, in transit, or at rest.

Finally, in our high-level exploration of policies, standards, and procedures, we talked about
how each of them factor into achieving security goals.
There's no one-size-fits-all approach to achieving security.
While exploring the NIST Cybersecurity Framework, you gained an appreciation of how it supports good security practices.

Attackers are also constantly building their skills and finding new ways to break through the defenses we put up.
Remember, the landscape is always changing.
There's always more to learn if you want to be a good security practitioner.

Next up, we're going to expand our security mindset by learning more about the different systems security teams use
to protect organizational assets.
I'm looking forward to it! 

Glossary terms from week 1

Asset: An item perceived as having value to an organization

Asset classification: The practice of labeling assets based on sensitivity and importance to an organization

Asset inventory: A catalog of assets that need to be protected

Asset management: The process of tracking assets and the risks that affect them 

Compliance: The process of adhering to internal standards and external regulations

Data: Information that is translated, processed, or stored by a computer

Data at rest: Data not currently being accessed

Data in transit: Data traveling from one point to another

Data in use: Data being accessed by one or more users

Information security (InfoSec): The practice of keeping data in all states away from unauthorized users

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Policy: A set of rules that reduce risk and protect information

Procedures: Step-by-step instructions to perform a specific security task

Regulations: Rules set by a government or other authority to control the way something is done

Risk: Anything that can impact confidentiality, integrity, or availability of an asset

Standards: References that inform how to set policies

Threat: Any circumstance or event that can negatively impact assets

Vulnerability: A weakness that can be exploited by a threat


Back to top