Browsing 42 concepts
An approach to security where only approved applications are allowed to run.
A key derivation function that was selected as the winner of the Password Hashing Competition.
The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization's risk strategy.
Microsoft's cloud-based identity and access management service.
The outcome of an attack (e.g., Confidentiality Loss, Integrity Loss).
Information and records (data) are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information.
A defense strategy that uses multiple security measures to protect the integrity of information.
The Detect function defines the appropriate activities to identify the occurrence of a cybersecurity event.
Cloud computing and backup service model that uses cloud resources to protect applications and data from disruption caused by disaster.
An internal control or process that validates the integrity of operating system and application software files.
The Govern function provides high-level oversight and ensures that the organization's cybersecurity risk management strategy is established, communicated, and monitored.
A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
The Identify function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities.
Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access.
Techniques used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack.
The principle that a security architecture should be designed so that each entity must be granted the minimum system resources and authorizations that the entity needs to perform its function.
Authentication method requiring two or more verification factors.
An authentication method that requires two or more verification factors.
The process of applying updates to software applications to fix vulnerabilities.
A key derivation function that applies a pseudorandom function to the input password or passphrase along with a salt value and repeats the process many times.
An encryption program that provides cryptographic privacy and authentication for data communication.
A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates.
Technical and legal aspects of privacy protection.
The Protect function outlines appropriate safeguards to ensure delivery of critical infrastructure services.
The Recover function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
A group that plays the role of an enemy or competitor to provide security feedback.
The Respond function includes appropriate activities to take action regarding a detected cybersecurity incident.
Random data that is used as an additional input to a one-way function that hashes data, a password or passphrase.
The process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of IT product and service supply chains.
A method of confirming a user's claimed identity by using a combination of two different pieces of evidence.
