Across
- 4. Security controls that psychologically discourage attackers
- 6. Tricking targets into interacting with malicious resources disguised as trusted ones
- 8. Tracking and alerting on the usage of resources
- 10. Identifying deviations between current security systems and framework requirements
- 14. The path or tool used by a threat actor to execute an attack
- 16. Protecting data resources from unauthorized access, attack, theft, or damage
- 17. Determining and enforcing rights on resources
- 18. Security controls that enforce rules of behavior, policies, and procedures
- 21. Security controls that eliminate or reduce the likelihood of an attack succeeding
- 22. Ensuring that a person cannot deny performing an action
- 23. Creating an account or ID representing the user, device, or process
- 24. Ensuring information is accessible to authorized users when needed
Down
- 1. Ensuring data is stored and transferred as intended, without unauthorized modifications
- 2. Security controls implemented primarily by people
- 3. Proving the identity of a subject attempting to access a resource
- 5. Security controls that eliminate or reduce the impact of a security policy violation
- 7. Security controls that substitute for principal controls to provide equivalent protection
- 9. Security controls that identify and record attempted or successful intrusions
- 11. Ensuring information can only be read by authorized individuals
- 12. Security controls that provide oversight of the information system
- 13. The level of hazard posed by vulnerabilities and threats
- 14. Security controls implemented as hardware, software, or firmware
- 15. The potential for someone or something to exploit a vulnerability and breach security
- 19. A weakness that can be accidentally triggered or intentionally exploited
- 20. Security controls that deter and detect access to premises and hardware