Data Owner - someone in charge of a particular kind of information in a company. Their main job is to make sure the data is categorized correctly, labeled properly, and protected well. , Data Steward - someone who helps the data owner manage information by ensuring instructions about the data are followed properly., Data Custodian - someone who handles the day-to-day tasks involving data, like backing it up, storing it, and following rules about how it's used. Usually I.T professionals , Data Controller - the organization that gathers information from its employees for specific purposes, Data Processor - a third-party organization that handles and manages data on behalf of the data controller., Snapshots - a method of capturing the state of a system at a particular point in time., Journaling - a method that keeps track of changes made to the data since the last full backup., Risk mitigation - steps to reduce the likelihood or impact of a risk , Risk Avoidance - involves changing plans or procedures to eliminate the risk or remove the organizational operations and objectives, Risk Appetite - the risk an organization is willing to accept, Risk Thershold - the level of risk that the organization is willing to accept, Qualitative Risk Analysis - involves assessing risks based on subjective criteria, such as expert opinions, scenario analysis and industry best practice , Quantitative Risk Analysis  - Monetary amount to an identified risk., Ad Hoc Risk Assessment - Are Performed as needed often in response to specific events or changes in the environment. , Playbook - Sets of procedures that detail the steps to be taken in response to specific security incidents, Centralized Governance - Decision making is considered within a central entity or group within the organization , Decentralized Governance - Responsibilities are distributed across various departments or units within the organization, Time-based One-Time Password (TOTP) - generate passwords that change at regular time intervals, such as every 30 or 60 seconds., Enumeration - the detailed listing of all parts in a particular device. For a computer, this could include the CPU type, memory, storage drive details, keyboard model, and more, SASE - solution is a next-generation VPN technology designed to optimize the process of secure communication to cloud services., Penetration test - can be used to actively exploit potential vulnerabilities in a system or application., Mandatory Access control  - uses a series of security levels and assigns those levels to each object in the operating system. Users are assigned a security level, and they would only have access to objects that meet or are below that assigned security level , Discretionary Access control - allows the owner of an object to assign access, Role-based Access control  - assigns a user’s permissions based on their role in the organization., Rule-based Access control - determines access based on a series of system-enforced rules., False Acceptance Rate (FAR) - When an invalid subject is authenticated , False Rejection Rate (FRR) - When a valid subject isn't authenticated, Gateway - Implement email gateways to filter out malicious content., SPF - Verifies that incoming email comes from a trusted source, Privilege Creep - the gradual accumulation of access rights by employees beyond what is necessary for their job functions.,

Sec+ 701

Trykke
Integrere

Rangliste

Visuel stil

Indstillinger

Skift skabelon

Gendan automatisk gemt: ?