| A | B |
|---|
| access control | The process of restricting access to a resource to only permitted users, applications, or computer systems. |
| attack surface | The exposure, the reachable and exploitable vulnerabilities that a system or technology has. |
| availability | Describes a resource being accessible to a user,application, or computer system when required. In other words, availability means that when a user needs to get to information,he or she has the ability to do so. |
| confidentiality | The characteristic of a resource ensuring access is restricted to only permitted users, applications, orcomputer systems. |
| defense in depth | Using multiple layers of security to defend your assets. |
| flash drive | A small drive based on flash memory. |
| integrity | The consistency, accuracy, and validity of data or information. One of the goals of a successful information security program is to ensure that data is protected against any unauthorized or accidental changes. |
| keylogger | A physical or logical device used to capture keystrokes. |
| mobile device | Small devices that are used to process information, send and receive mail, store enormous amounts of data, surf the Internet, and interact remotely with internal networks and systems. They include laptops, PDAs (personal digital assistants), and smartphones. |
| principle of least privilege | A security discipline that requires that a particular user, system, or application be given no more privilege than necessary to perform its function or job. |
| removable device | A storage device that is designed to be taken out of a computer without turning the computer off. |
| residual risk | The risk that remains after measures have been taken to reduce the likelihood or minimize the effect of a particular event. |
| risk | The probability that an event will occur. In reality, businesses are concerned only about risks that would negatively impact the computing environment. |
| risk acceptance | The act of identifying and then making an informed decision to accept the likelihood and impact of a specific risk. |
| risk assessment | Identifies the risks that might impact your particular environment. |
| risk avoidance | The process of eliminating a risk by choosing not to engage in an action or activity. |
| risk management | The process of identifying, assessing, and prioritizing threats and risks. |
| risk mitigation | Taking steps to reduce the likelihood or impact of a risk. |
| risk transfer | The act of taking steps to move responsibility for a risk to a third party through insurance or outsourcing. |
