By comparing one or more factors of identification, such as those used in single-factor authentication (SFA) or multi-factor authentication, the access control process verifies that the identity being claimed by a person or entity is one that the system is aware of.
The permission given to a system entity so that it can access a system resource.
Ensuring that authorized users have prompt, dependable access to and use of information.
The Open Systems Interconnection model’s Layer 1 is the most fundamental representation of data (0’s or 1’s).
A malicious software with additional Trojan and worm capabilities that can be controlled remotely by an attacker.
Digital information is stored in units which typically have eight bits.
Cloud Computing
Unified, practical, on-demand network access to a common pool of reconfigurable computing resources (such as networks, servers, storage, applications, and services) that can be swiftly deployed and released with little administration effort or service provider involvement.
Data or information when it is not made accessible to or disclosed to unapproved persons or processes.
The study or use of techniques to hide, obscure, or otherwise alter the meaning or content of communications, files, or other types of information in order to secure or safeguard it.
Data Integrity
No unauthorized changes have been made to the data. Integrity includes data while it is being processed, stored, and transported.
Synonymous with “deciphering”, the opposite of the encryption procedure. It involves using the right decryption key and cryptographic method to transform a communication from ciphertext back into plaintext which is the same for symmetric encryption, but different for asymmetric encryption.
Blocking allowed access to resources or postponing time-sensitive operations.
Disaster Recovery
The actions required to restore IT and communications services to an organization during and after an outage, disruption, or disturbance of any kind or scale.
Disaster Recovery Plan
The systems, policies, and procedures involved in preparing for the restoration or continuance of a company’s vital business operations, technological foundation, and software following a disaster. When a crucial business function of an organization cannot be performed at a satisfactory level within a set time frame after a disruption, that situation is referred to be a disaster.
To safeguard sensitive data by encoding it in a format that can only be accessed by those with the proper authorization.
The procedure and action of changing a message’s plaintext to ciphertext. Enciphering is another name for it on occasion.
Encryption System
Set of methods, processes, tools, programs, and other elements that, when combined, enable encryption and decryption.
An attack that takes use of system flaws, hence the name.
File Transfer Protocol
The program and internet protocol used to move files between hosts.
Devices that apply administrative security policies by filtering incoming traffic in accordance with a predetermined set of criteria.
General Data Protection Regulation
Personal privacy that was a subject of extensive legislation that the European Union adopted in 2016 and recognized as a fundamental human right.
A method of implementing secure settings to minimize the attack surface and locking down different hardware, communications systems, and software, including operating systems, web servers, application servers, and other software.
The physical components of computers and connected devices.
Hash Function 
A method that computes a number referred to as the hash value on a data file or electronic message that is used to represent that file or message and is dependent on the whole contents of the file or message.
The method of applying a mathematical formula to data to generate a numerical value that accurately represents that data.
Health Insurance Portability and Accountability Act
The most significant healthcare information regulation in the United States is contained in this federal legislation. While ensuring the confidentiality of each person’s health information, it directs the development of national standards for electronic healthcare transactions. Other sections cover a wide range of healthcare-related topics, including reducing fraud, protecting those with health insurance, and more.
Hybrid Cloud
Combination of public and private clouds where certain crucial data is kept in the enterprise’s private cloud while other data is kept and accessed through a public cloud storage provider.
A computer operating system produced by Apple Inc. utilized for mobile phones.
An operating system whose source code is open source and freely accessible to users.
Multi-Factor Authentication
Confirming your identity by using two or more unique instances of the three aspects of authentication something you know, something you have, and something you are.
Harmful software that restricts or prevents access to a user’s system and data until a fee is paid by locking the computer screen or files.
Records Retention
A method based on the records life cycle where records are kept for the requisite amount of time before being deleted after the proper amount of time has passed.
A potential occurrence that might be detrimental to the organization.
Risk Acceptance
Deciding that a business function’s potential benefits surpass any risk impact or likelihood, and then carrying out that business function alone.
Risk Assessment
The act of detecting and evaluating risks to an organization’s assets, people, and other organizations—including its mission, functions, image, and reputation. Threat and vulnerability studies are part of the risk management analysis, which also takes into account mitigations offered by security controls that are either planned for or already in place.
Risk Avoidance
Deciding that a certain risk’s impact and/or likelihood is too high to be balanced out by its possible advantages and refraining from carrying out a specific business function as a result.
Risk Management
The procedure for locating, assessing, and reducing hazards, which includes all stages of risk context, risk assessment, risk treatment, and risk monitoring
Risk Management Framework
A methodical process used to monitor and control risk for an organization.
Risk Mitigation
Putting security measures in place to lessen a certain risk’s potential impact or possibility.
Risk Tolerance
The amount of risk that an organization is prepared to take on in order to potentially attain its goals.
Risk Treatment
Choose which approach to take to address a risk that has been recognized.
Role-Based Access Control
A method of access control that bases user permissions
Security Governance
All of the rules, responsibilities, and procedures that an organization employs to decide on security matters.
Simple Mail Transport Protocol
The accepted method of communication between senders and recipients when sending and receiving emails.
Single-Factor Authentication
Something you know, something you have, or something you can use to complete the requested authentication process.
Social Engineering
Techniques for breaking into systems using email, phone, text, or social media, frequently by posing as an authority figure or a government agency or promising a gift. Simply following someone into a protected building would be a low-tech approach.
Programs and data related to them that can be dynamically written or changed while being used.
Software as a Service
A cloud customer that makes use of apps that the cloud provider hosts on a cloud architecture. Through a program interface or a thin client interface, such as a web browser, the programs can be accessed from a variety of client devices. With the possible exception of a small number of user-specific application configuration choices, the customer does not manage or control the underlying cloud infrastructure, which includes the network, servers, operating systems, storage, or even specific application capabilities.
Falsifying a transmission’s sending address in order to gain unauthorized access to a secure system.
Symmetric Encryption
A technique where the same key is used for both encryption and decryption.
System Integrity
A system’s ability to carry out its intended purpose without interruption and to be free from unauthorized tampering, whether deliberate or unintentional.
Any situation or event that may have the potential to negatively affect an organization’s operations, assets, people, other organizations, or the country through the use of an information system, whether through unauthorized access, information destruction, disclosure, modification, or denial of service.
Transport Control Protocol/Internet Protocol Model
The Link layer, Internet Layer, Transport Layer and Application Layer where other protocols and user application programs use network services are the four functional layers specified by the Internetworking protocol model developed by the IETF.
A multiuser, multitasking operating system created with adaptability and flexibility in mind.
Virtual Local Area Network
Logical collection of computers, servers, and network gadgets that, despite their geographical separation, appear to be connected to the same LAN.
Virtual Private Network
Is constructed on top of already-existing networks and can offer a secure method of transmission between networks.
Could be exploited by a threat source in an information system, system security procedures, internal controls, or implementation.
Web Server
A computer that offers Internet World Wide Web services.
Whaling Attack
Phishing attempts that aim to trick senior officials or wealthy private individuals into approving large wire transfers of funds to previously unidentified entities.
Wireless Area Network
Group of devices that are close together and link via radio transmissions rather than wired connections to form a network.
Zero Day
An undiscovered system flaw that could be exploited without running the danger of being discovered or stopped since it generally does not match with established patterns, signatures, or techniques.