GRC
A suitable level of risk commensurate with the potential benefits as determined by senior management.
What is acceptable risk?
A documented, lowest level of security configuration allowed by a standard or organization.
What is a baseline?
Not identical on both sides. In cryptography, key pairs are used, one to encrypt, the other to decrypt.
What is asymmetric?
Testing of the functionality of software; also known as black box testing.
What is dynamic testing?
Actions, processes, and tools for ensuring an organization can continue critical operations during a contingency.
What is Business Continuity?
Formal review of software to ensure that all security controls were built into the software as designed, also know as certification.
What is assessment?
Safeguards and countermeasures commensurate with the level of risk
What are adequate controls?
Model where all processing is performed at a central location.
What is centralized architecture?
A cryptographic operation that works on data arranged in blocks.
What is a block mode cipher?
A set of rules, defined by the resource owner, for managing access to a resource and for what purpose.
What is entitlement?
The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.
What is Business Continuity and Disaster Recovery (BCDR)?
Formal management acceptance of risk and approval for software to be placed into production based on certain operating conditions; also known as accreditation.
What is systems authorization?
Ensuring timely and reliable access to and use of information by authorized users.
What is availability?
Model where processing can be done at many different connected locations.
What is distributed architecture?
A formal statement of ownership of a public encryption key.
What is a certificate?
Management of Identities throughout the identity management lifecycle.
What is Identity and Access Management (IAM)?
A list of the organization's assets, annotated to reflect the criticality of each asset to the organization.
What is Business Impact Analysis (BIA)?
A tool to help ensure that the project's scope, requirements, and deliverables remain “as is ” when compared to the baseline.
What is a Requirements Traceability Matrix (RTM)?
Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence.
What is compliance?
A firewall or other device sitting at the edge of a network to regulate traffic and enforce rules.
What is a gateway device?
A packaged software unit.
What are containers?
Accounts on a system with higher levels of permissions.
What are privileged accounts?
A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
What is a Computer Security Incident?
A specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
What is a Web Application Firewall (WAF)?
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
What is confidentiality?
A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
What is threat modeling?
The action of changing a message into another format through the use of a code.
What is encoding?
A way to verify ownership of an identity.
What is Proof of Possession?
The ability to provide IT services following an interruption, often at an alternate location.
What is Disaster Recovery?
An online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
What is The Open Worldwide Application Security Project (OWASP)?