ARO - The expected frequency of a specific risk will occur within a single year, ALE - The possible yearly cost of all instances of a specific realized threat against an asset , MOA - A formal document outlining an agreement between two or more parties, MOU - Used to outline a mutual agreement on a shared goal without legal obligations , MSA - A comprehensive contract that sets the general terms governing future transactions or agreements, NDA - A legal binding contract that establishes a confidential relationship, MTD - Defines the amount of time a business function can be inoperable without causing irreparable harm to the business, RTO - Amount of time To recover the function in the event of a disaster , KRI - Metric used to measure and monitor the likelihood and impact of risks, AV - Dollar value of an asset , EF - Percentage of loss that an Org would experience if a specific asset were violated, SLE - The cost associated with a single realized risk against an asset, SLA - A contract between a service provider & Client that specifies the level of service expected during the agreement , WO/SOW - Provides specific details about the work to be performed under a contract, CVE - A Database/list of known cybersecurity vulnerabilities , CVSS - Framework for rating the severity of vulnerabilities , RPO - the maximum acceptable amount of data loss after an unplanned data-loss incident, expressed as an amount of time., Change management - process includes a testing phase that can help identify potential issues relating to an application change or upgrade, Data subject - the individuals who have their personal information contained in this customer information database., DLP - technologies can identify and block the transmission of sensitive data across the network., HSM - A high-end cryptographic hardware appliance that can securely store keys and certifications for all devices , TPM - Provides cryptographic functions and securely store encryption keys , Firewall Logs - decide what traffic is allowed to enter and leave the network and what traffic will be blocked., Network Logs - record traffic on the network. These logs are on a variety of devices such as routers, firewalls, web servers, and network intrusion detection/prevention systems. , IDS/IPS Logs - monitor networks for malicious activity and try to block suspicious content., Packet Captures - sniffers capture network traffic allowing administrators to view and analyze individual packets., SIEM - provides a centralized solution for collecting, analyzing, and managing data from systems,

SEC + 701

สั่งพิมพ์
ฝัง

ลีดเดอร์บอร์ด

สไตล์ภาพ

ตัวเลือก

สลับแม่แบบ

คืนค่าการบันทึกอัตโนมัติ: ใช่ไหม