Multi-factor Authentication

Multi-factor authentication (MFA) requires two or more different factors — something you know, have, or are — to verify identity. CC treats MFA as a core defense against credential theft.

All CC Terms

CIA Triad

The CIA triad is the trio of confidentiality, integrity, and availability that defines the goals of information security.

Non-repudiation

Non-repudiation ensures that someone cannot credibly deny having taken an action, typically through logging and digital signatures.

Defense in Depth

Defense in depth uses multiple layers of controls so that if one fails, others still protect the asset.

Least Privilege

Least privilege means giving a user or process only the access it needs to do its job, and nothing more.

Risk

Risk is the potential for loss when a threat exploits a vulnerability, measured by likelihood and impact.

Security Controls

Security controls are the safeguards used to reduce risk, grouped as technical, administrative, and physical.

Multi-factor Authentication

Multi-factor authentication (MFA) requires two or more different factors — something you know, have, or are — to verify identity.

Access Control Models

Access control models — DAC, MAC, and RBAC — define how permissions are assigned and enforced.

Firewall

A firewall filters network traffic against a set of rules to allow or block connections between network segments.

IDS/IPS

IDS/IPS is the pairing of an Intrusion Detection System (IDS), which alerts on suspicious traffic, and an Intrusion Prevention System (IPS), which can actively block it.

DDoS

A Distributed Denial-of-Service (DDoS) attack floods a target with traffic from many sources to exhaust its resources and deny availability.

Hashing

Hashing produces a fixed-length, one-way fingerprint of data that is used to verify integrity rather than to conceal content.

Encryption

Encryption transforms readable data into ciphertext that can only be reversed with the correct key, protecting confidentiality.

Data Classification

Data classification labels information by sensitivity so that appropriate handling, retention, and destruction rules apply.

Acceptable Use Policy

An Acceptable Use Policy (AUP) defines how employees may use organizational systems and data.