CISMP Glossary Words

123456789101112131415161718192021222324252627282930313233343536
Across
  1. 2. A set of rules that define how two entities communicate effectively.
  2. 4. The process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it but authorised parties can.
  3. 6. The maximum level of risk that an organisation is prepared to accept.
  4. 7. A common network grouping, under which a collection of network devices or addresses are organised.
  5. 10. A hardware device or software program capable of logging information on a network.
  6. 13. A method of splitting a computer network into sub-networks, each being a network segment, in order to boost performance and improve security by helping to contain malware and other threats (see also partitioning).
  7. 14. The act of making a judgement about the amount, number, or value of Something.
  8. 16. Enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security, and management policies of the private network.
  9. 20. Provide advice, direction, and best practice. Not mandatory / Discretionary.
  10. 21. A means to ensure access to assets is restricted based upon business requirements.
  11. 23. The intentional paralysing of a computer network by flooding it with data.
  12. 26. Used to breach cryptographic security systems and gain access to the contents of encrypted messages.
  13. 28. A mathematical scheme for demonstrating the authenticity of a digital message or document
  14. 31. A database that records relevant information about risks and can be used both for reporting purposes and to track risk treatment.
  15. 34. The ability to prove that a person, entity or process cannot deny having carried out an action.
  16. 35. A policy used to identify what personal use of company resources is acceptable.
  17. 36. The process of analysing the consequences a business disruption might have upon the organisation's assets.
Down
  1. 1. The amount of the risk a business can absorb.
  2. 3. The action or manner of controlling a process.
  3. 5. The ability of an organisation to continue to function in order to deliver its products or services at an acceptable level following a business disruption.
  4. 8. A technological barrier designed to prevent unauthorised or unwanted communications between computer networks or hosts.
  5. 9. A method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and insiders
  6. 11. Software designed to negate or destroy a computer virus.
  7. 12. The detailed examination of the elements or structure of an entity.
  8. 15. The property of ensuring that information can only be altered by authorised persons, entities or processes
  9. 17. A development and deployment environment in the cloud, with resources enabling the delivery of cloud-based applications
  10. 18. A principle or rule to guide decisions and achieve rational outcomes. Mandatory.
  11. 19. The activity of recovering telecommunications, IT or systems after a business disruption.
  12. 22. The risks that remain after all risk mitigation actions have been implemented.
  13. 24. Software designed to gather information in a covert manner Strategic risk treatment: Four control options of treat, terminate, tolerate or transfer (or the equivalent) a risk.
  14. 25. The act of attempting to acquire information such as usernames. passwords and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.
  15. 27. The process of securing a system by reducing its surface of vulnerability.
  16. 29. A non-self-replicating type of malware that appears to perform a desirable function but instead facilitates unauthorised access to the user's computer system.
  17. 30. Acting in accordance with a set of rules or a policy.
  18. 32. An unwanted or unauthorised access to an information system.
  19. 33. A standalone malware computer program that replicates itself in order to spread to other computers.