Wrap-up; terms and definitions from course 5, week 1

Well done! You made it to the end of this section! 
 Being a security practitioner  takes commitment and a desire to learn. 
 A big part of the job involves keeping current with  best practices and emerging trends. 
 Thinking back on my own journey  into the world of security,  I'm so proud of you for your continued commitment. 
 We've covered a lot of material this week, and  this is a good time to reflect and look back 
 on the key concepts we explored together. 
 
 
 
 
 
 
 
 
 
 We covered the building blocks of  organizational risk management: assets, threats, and vulnerabilities.  
 
 
 
 
 
 
 
 
 
 We also spent some time demonstrating  the importance of asset inventories. 
 It's much easier to protect company assets if  you know where they are and who's responsible for them. 
 
 
 
 
 
 
 
 
 
 After that, we moved on to explore  the challenges in a rapidly changing digital world. 
 Part of protecting data in this world  is understanding if it's in use,  in transit, or at rest. 
 
 
 
 
 
 
 
 
 
 Finally, in our high-level exploration  of policies, standards,  and procedures, we talked about 
 how each of them factor into achieving security goals. 
 There's no one-size-fits-all  approach to achieving security. 
 While exploring the NIST Cybersecurity Framework,  you gained an appreciation of how it  supports good security practices. 
 
 
 
 
 
 
 
 
 
 Attackers are also constantly building their skills  and finding new ways to break  through the defenses we put up. 
 Remember, the landscape is always changing. 
 There's always more to learn if you want  to be a good security practitioner. 
 
 
 
 
 
 
 
 
 
 
 
 
 
 Next up, we're going to expand  our security mindset by learning more about  the different systems security teams use 
 to protect organizational assets. 
 I'm looking forward to it!  
 
 
 
 
 
 
 
 Glossary terms from week 1 
 Asset: An item perceived as having value to an organization 
 Asset classification: The practice of labeling assets based on sensitivity and importance to an organization 
 Asset inventory: A catalog of assets that need to be protected 
 Asset management: The process of tracking assets and the risks that affect them  
 Compliance: The process of adhering to internal standards and external regulations 
 Data: Information that is translated, processed, or stored by a computer 
 Data at rest: Data not currently being accessed 
 Data in transit: Data traveling from one point to another 
 Data in use: Data being accessed by one or more users 
 Information security (InfoSec): The practice of keeping data in all states away from unauthorized users 
 National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF): A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk 
 Policy: A set of rules that reduce risk and protect information 
 Procedures: Step-by-step instructions to perform a specific security task 
 Regulations: Rules set by a government or other authority to control the way something is done 
 Risk : Anything that can impact confidentiality, integrity, or availability of an asset 
 Standards: References that inform how to set policies 
 Threat: Any circumstance or event that can negatively impact assets 
 Vulnerability: A weakness that can be exploited by a threat