Security Introduction
The location where security professionals monitor and protect critical information assets in an organization.
Security operations center (SOC)
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.
Security control
A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.
Preventive
a cybersecurity professional who simulates real-world cyberattacks on an organization’s systems, networks, applications, or physical infrastructure to identify and exploit security vulnerabilities.
penetration tester
A person or entity responsible for an event that has been identified as a security incident or as a risk.
Threat actor
A combination of software development and systems operations and refers to the practice of integrating one discipline with the other.
Development and operations (DevOps)
A category of security control that provides oversight of information systems.
Managerial
The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).
Access control lists (ACLs)
A company officer with the primary responsibility of managing information technology assets and procedures.
Chief Information Officer (CIO)
The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.
Internal/external
A combination of software development, security operations, and systems operations and refers to the practice of integrating each discipline with the others.
DevSecOps
A category of security control that is implemented by people.
Operational
A type of security control that acts during an incident to identify or record that it is happening.
Detective
A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.
Chief Technology Officer (CTO)
A formal classification of the resources and expertise available to a threat actor.
Level of sophistication/capability
Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).
Computer incident response team (CIRT)/computer security incident response team (CSIRT)/computer emergency response team (CERT)
A category of security control that is implemented as a system.
Technical
A type of security control that acts after an incident to eliminate or minimize its impact.
Corrective
Typically, the job title of the person with overall responsibility for information assurance and systems security.
Chief Security Officer (CSO)
The ability of threat actors to draw upon funding to acquire personnel, tools, and development of novel attack types.
Resources/funding
Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.
Vary their behavior, making the same attack appear differently each time.
Sophisticated attacks
A category of security control that is implemented by hardware used to deter or detect, such as alarms, gateways, locks, lighting, and security cameras.
Physical
A type of control that enforces a rule of behavior through a policy or contract.
Directive
Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.
Information Systems Security Officer (ISSO)
A type of attack that compromises the availability of an asset or business process.
Service disruption