|
Letter: R - recovery
- Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
- red team
- Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
- Related Term(s): Blue Team, White Team
- red team exercise
- Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
- Related Term(s): cyber exercise
- redundancy
- Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
- resilience
- Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
- response
- Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
- Extended Definition: In cybersecurity, response encompasses both automated and manual activities.
- Related Term(s): recovery
- response plan
- Synonym(s): incident response plan
- risk
- Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
- risk analysis
- Definition: The systematic examination of the components and characteristics of risk.
- Related Term(s): risk assessment, risk
- risk assessment
- Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
- Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
- Related Term(s): risk analysis, risk
- risk management
- Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
- Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
- Related Term(s): enterprise risk management, integrated risk management, risk
- risk mitigation
- Synonym(s): mitigation
- risk-based data management
- Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.
- rootkit
- Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
|
|
|