Term 91
DREAD
DREAD is a qualitative risk assessment model used to rank threats by evaluating Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.
Acronym study
Terms 91–120 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 91
DREAD is a qualitative risk assessment model used to rank threats by evaluating Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.
Term 92
Due care is the legal and ethical duty of an organization to take reasonable steps to protect sensitive information and IT systems from harm.
Term 93
Due diligence is the process of systematically reviewing and verifying information, policies, and procedures to identify and manage risks before making a decision or taking an action in an IT or security context.
Term 94
EAL, or Evaluation Assurance Level, is a numeric rating from 1 to 7 that measures how thoroughly a computer product has been tested for security, with higher numbers indicating more rigorous testing.
Term 95
Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoint devices to detect, investigate, and respond to advanced threats.
Term 96
An EDR alert is a notification generated by Endpoint Detection and Response software when it detects potentially malicious activity or an anomaly on a device like a laptop, server, or workstation.
Term 97
Encryption is the process of converting readable data into a secret code to prevent unauthorized access.
Term 98
Encryption at rest is the practice of securing stored data by converting it into an unreadable format using cryptographic algorithms, so that even if physical or digital access to the storage medium is obtained, the data remains confidential.
Term 99
Encryption in transit is the process of scrambling data as it moves between two points over a network so that anyone who intercepts it cannot read it.
Term 100
An encryption key is a string of random characters used by an algorithm to lock (encrypt) and unlock (decrypt) data, ensuring only authorized parties can read it.
Term 101
An endpoint security baseline is a set of minimum security configurations and controls applied to devices like laptops, servers, and mobile devices to protect against threats.
Term 102
An endpoint security policy is a set of rules that controls how devices like laptops, phones, and servers connect to a network and what security protections they must have to keep data safe.
Term 103
Enterprise Mobility and Security is a Microsoft 365 suite of cloud services that secures and manages mobile devices, apps, and data within an organization.
Term 104
Enterprise risk management is the systematic process of identifying, assessing, and responding to risks that could affect an organization’s ability to achieve its objectives.
Term 105
A rating from the Common Criteria that measures how thoroughly a computer product or system has been tested and verified for security.
Term 106
Exposure factor is the percentage of an asset's value that would be lost if a specific threat event occurs, used to calculate the single loss expectancy in risk analysis.
Term 107
A feature update policy is a set of rules that controls how and when new features and capabilities are deployed to software, ensuring consistency, security, and minimal disruption across an organization.
Term 108
Federated identity is a system that allows users to use one set of login credentials across multiple different organizations' systems and websites without needing to create separate accounts.
Term 109
Fileless malware is a type of malicious activity that uses legitimate system tools and memory to execute attacks, leaving no traditional file on the hard drive.
Term 110
A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined security rules to protect trusted internal networks from untrusted external networks.
Term 111
A firewall log is a record of network traffic that a firewall has allowed or denied, used by IT professionals to monitor security events and troubleshoot connectivity issues.
Term 112
A firewall rule is a set of conditions that tells a firewall which network traffic to allow or block based on attributes like source, destination, port, and protocol.
Term 113
The General Data Protection Regulation (GDPR) is a European Union law that sets strict rules for how organizations collect, store, process, and protect the personal data of individuals within the EU.
Term 114
GitHub Advanced Security is a suite of security tools integrated into GitHub that helps developers find and fix vulnerabilities, secrets, and code quality issues directly in their repositories.
Term 115
Group Policy is a Windows-based feature that allows administrators to centrally manage and enforce settings for users and computers across an organization.
Term 116
Guest access allows a user to temporarily connect to a network, application, or shared resource with limited permissions, without being a permanent member of the organization.
Term 117
A specialized hardware appliance that securely generates, stores, and manages cryptographic keys in a tamper-resistant environment for enterprise security systems.
Term 118
Hashing is a one-way mathematical function that converts any input data into a fixed-length string of characters, called a hash or digest, which is used to verify data integrity and store passwords securely.
Term 119
HIPAA is a U.S. law that sets national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.
Term 120
A host firewall is a software-based security tool that runs directly on an individual device, such as a laptop, server, or desktop, to monitor and control incoming and outgoing network traffic based on a set of security rules.