Cyber security

avatar
Created by
L Kingg

Cards (53)

  • Denial of Service (DoS) attacks overwhelm a target system with a flood of illegitimate requests, causing it to become unresponsive.
  • FISMA (Federal Information Security Management Act), was drafted in 2002 as a set of standardized guidelines government agencies could use to protect sensitive data. (For On-Prem Systems)
  • FedRAMP (Federal Risk and Authorization Management Program) was passed in 2011 and standardizes the approach to security assessments, authorization, and cloud service provider monitoring
  • 3PAO (Third Party Assessment Organization) evaluates a cloud provider's systems to ensure transparency between government and cloud providers and consistency in data security strategies. (For Cloud Systems)
  • System: System is a set of principles or procedures according to which something is done; an organized framework or method
  • Information System: An information system is a collection of many
    sets of data that ensures the successful completion of a business objective
  • Application means the use of information resources (information and information technology) to satisfy a specific set of user requirements. (LOW RISK)
  • General Support System or system means an interconnected set of information resources under the same direct management control which shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people. (MODERATE RISK)
  • Major Application means an application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. (HIGH RISK)
  • Security Controls: These are safeguards used by organizations to protect their assets against threats and vulnerabilities.
  • Organizational Information Security Program (OISP): The OISP provides guidance on how to manage cybersecurity risks within an organization.
  • Risk Management Framework (RMF): This is a process used to identify, assess, and mitigate risks associated with using IT systems and services.
  • Threats: Threats are potential sources of danger or damage to your organization’s systems, networks, devices, and data.
  • Vulnerability: Vulnerability refers to weaknesses in your organization’s defenses that can be exploited by threat actors.
  • Risk: The likelihood of a threat exploiting a vulnerability.
  • Asset: Anything valuable to the organization that needs protection.
  • Impact: The effect of a risk event occurring.
  • Integrity: Protecting against any changes made to data without authorization.
  • Asset Classification: Categorizing assets based on their importance to the organization's mission and operations.
  • Impact: refers to the negative consequences that could result if a threat were to exploit a vulnerability and compromise one or more of your organization's assets.
  • Continuous Monitoring: Continuously monitoring networks, devices, and applications can detect potential issues and alert administrators to take action.
  • Confidentiality: Ensuring that information is not disclosed to unauthorized parties.
  • Cybersecurity Incident Response Plan: A plan outlining steps to take when responding to a cybersecurity incident.
  • Likelihood: How likely it is that a particular risk will occur.
  • Network Security: Securing computer networks from external and internal threats.
  • Cybersecurity Risk Assessment: A systematic approach to identifying, analyzing, evaluating, and addressing information technology-related risks.
  • Asset: Assets refer to anything valuable to your organization, including physical items like buildings and equipment, as well as intangible things like intellectual property and customer data.
  • Identity, Credential, Access Management (ICAM): ICAM refers to the processes and technologies used to verify and authenticate users' identities and grant them appropriate levels of access to systems and data.
  • Security Controls: Measures taken to reduce the impact of threats and minimize the occurrence of adverse events.
  • Risk: The likelihood of a threat source exploiting vulnerabilities to compromise assets.
  • The Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle.
  • Step 1 Categorize Information System
    Categorize the system and identify security objectives
  • Step 2 – Select Security Controls
    Select a baseline of security controls based on the
    Security Categorization
    Tailor and supplement the control baseline based
    on a risk assessment
  • Step 3 – Implement Security Controls
    Implement and describe how the controls are used within the system
  • Step 4 – Assess Security Controls
    Assess the controls to determine the extent to which
    they are implemented correctly, operating as
    intended and producing the desired outcome
  • Step 5Authorize Information System
    Authorize the system based on the determination of acceptable risk to the organization
  • Step 6 – Monitor Security Controls
    Continuously monitor system controls assessing
    effectiveness, documenting changes, and reporting the security posture to officials
  • Data Classification is the process of assigning a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted.
  • Security controls
    Safeguards or countermeasures to avoid, counteract or minimize security risks.
  • Adequate Security
    means security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information.