NISTy Business
Develops computer security standards for US federal agencies and publishes cybersecurity best practices.
What is the National Institute of Standards and Technology (NIST)?
The process of issuing a user account and credentials to the correct person.
What is Identification?
The goal of keeping information private and protected from unauthorized access.
What is Confidentiality?
A type of control that identifies or records an incident as it happens.
What is Detective?
A category of security control implemented by people.
What is Operational?
A company officer responsible for managing information technology assets and procedures.
What is a Chief Information Officer (CIO)?
The practice of integrating software development and systems operations.
What is Development and operations (DevOps)?
An analysis measuring the difference between current and desired states to assess project scope.
What is a gap analysis?
A method of validating an individual’s unique credentials.
What is Authentication?
The goal of ensuring information is accurate and unaltered.
What is Integrity?
A type of control that acts after an incident to minimize its impact.
What is Corrective?
A control implemented as a system, like firewalls or antivirus software.
What is Technical?
A company officer focused on using new and emerging computing platforms and innovations.
What is a Chief Technology Officer (CTO)?
The practice of integrating software development, security operations, and systems operations.
What is DevSecOps?
A technology or procedure to mitigate vulnerabilities and ensure the confidentiality, integrity, and availability of information.
What are security controls?
The process of determining an entity’s rights and privileges.
What is Authorization?
The goal of ensuring systems are operational and accessible to authorized users.
What is Availability?
A control that enforces a rule of behavior through a policy or contract.
What is Directive?
Controls like alarms and security cameras that deter and detect access to premises and hardware.
What is Physical?
The person with overall responsibility for information assurance and systems security.
What is a Chief Security Officer (CSO)?
A team responsible for incident response, requiring expertise across various business domains.
What is a computer incident response team (CIRT)?
Standards and guidelines for effective security risk management, varying in specificity.
What are cybersecurity frameworks (CSF)?
Tracking authorized usage of a resource and alerting when unauthorized use is detected.
What is Accounting?
A model consisting of three core principles of security management.
What is the CIA Triad?
A type of control that discourages intrusion attempts.
What is Deterrent?
A type of control that acts before an incident to reduce the likelihood of an attack.
What is Preventive?
A role with technical responsibilities for implementing security policies and controls.
What is an Information Systems Security Officer (ISSO)?
A security process providing identification, authentication, and authorization mechanisms for organizational assets.
What is identity and access management (IAM)?
A security concept where a centralized platform verifies identification, assigns permissions, and logs actions.
What is authentication, authorization, and accounting (AAA)?
The goal of ensuring that actions or communications cannot be denied by the party responsible.
What is Non-repudiation?
A collection of entries determining which subjects are allowed or denied access to an object.
What are Access control lists (ACL)?
A control that provides oversight of the information system, such as risk identification.
What is Managerial?
The location where security professionals monitor and protect critical information assets.
What is a security operations center (SOC)?