> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/2.-play-it-safe-manage-security-risks/glossary-terms-from-module-2.md).

# Glossary terms from module 2

Let’s turn this cybersecurity lesson into a fun, ADHD-friendly adventure! Imagine we're going through a city filled with important buildings, hidden treasures, sneaky thieves, and guardians that are trying to keep everything safe. Each concept is part of this city’s defense system. Ready? Let’s jump in!

#### 1. **Asset**

Think of an **asset** as the treasure or valuable things in our city, like gold coins, secret maps, or important documents. It's anything that we really care about and want to protect, like your password or your bank account. We want to make sure that no one steals or messes with these treasures!

#### 2. **Attack Vectors**

An **attack vector** is like a secret tunnel or passage that sneaky thieves (aka hackers) can use to sneak into the city and grab that treasure. These could be weak doors (bad passwords), windows left open (unpatched software), or a fake delivery man tricking the guards (phishing emails).

#### 3. **Authentication**

**Authentication** is like showing your ID at the gate to prove you’re really a resident of the city. Whether it’s a fingerprint, a password, or a face scan, the city needs to verify that you’re the right person who should be entering.

#### 4. **Authorization**

Once you're in the city, **authorization** is all about what buildings you can actually go into. Maybe you have a pass that lets you into the treasury (your bank account) or just into the library (basic website access). The guards check your pass to see if you’re allowed in.

#### 5. **Availability**

**Availability** is like the city gates being open whenever a trusted resident needs to come in. We want to make sure the treasure is always there when authorized people need it, but keep the thieves out. If the gates are locked all the time, that’s a problem!

#### 6. **Biometrics**

**Biometrics** are like super high-tech ID checks. Instead of just showing a card, the city guard checks your unique traits—your fingerprint, your face, or even the way you walk. It’s impossible to fake!

#### 7. **Confidentiality**

**Confidentiality** is like putting a lock on the treasure chest, ensuring only the people with the key (authorized users) can open it. This keeps the treasure (data) safe from prying eyes.

#### 8. **CIA Triad (Confidentiality, Integrity, Availability)**

The **CIA Triad** is like the city's master defense plan! It makes sure the treasure is:

* **Confidential**: Only the right people can see it.
* **Integrity**: The treasure is real, authentic, and hasn't been swapped with fake coins.
* **Available**: It’s there when needed, and the gates aren’t locked unexpectedly.

#### 9. **Detect (NIST Core Function)**

**Detect** is like having motion sensors and alarms all over the city, always on the lookout for thieves trying to sneak in. It helps us catch any suspicious activity before it turns into a full-on robbery.

#### 10. **Encryption**

**Encryption** is like scrambling the secret map so that even if a thief gets it, they can't read it without the right code. Only the person with the secret decoder ring (decryption key) can understand what’s written.

#### 11. **Identify (NIST Core Function)**

**Identify** is like mapping out the entire city and knowing exactly where all the valuable treasure is hidden, where the weak points are, and who the thieves are. It’s the first step in planning defenses.

#### 12. **Integrity**

**Integrity** is making sure the treasure is real and hasn’t been tampered with. Imagine someone trying to switch out gold coins with chocolate coins—**integrity** checks make sure that hasn’t happened, so what you get is always legit!

#### 13. **NIST Cybersecurity Framework (CSF)**

The **NIST Cybersecurity Framework** is like a big rulebook that helps cities everywhere build strong walls, set guard patrols, and create plans to defend against robbers. It’s full of the best practices for keeping everything safe.

#### 14. **NIST Special Publication 800-53**

This is like a specific section of the rulebook designed for protecting the most important government treasures. It’s all about keeping things super secure, especially in places with really sensitive secrets.

#### 15. **OWASP**

**OWASP** is like a non-profit group of friendly wizards and guards who focus on protecting software. They’re always discovering new tricks to keep hackers out of city systems.

#### 16. **Protect (NIST Core Function)**

**Protect** is everything the city does to keep robbers out: guards at the gates, locks on the treasure chests, and even training residents on how to spot sneaky thieves. It’s about setting up defenses ahead of time!

#### 17. **Recover (NIST Core Function)**

**Recover** is what happens after a robbery attempt. If something gets stolen, it’s all about getting the treasure back and making sure the city is back to normal as quickly as possible.

#### 18. **Respond (NIST Core Function)**

**Respond** is like having an emergency plan for when thieves are spotted. The guards work together to capture the intruders, lock down the city, and fix the weak spots so it doesn’t happen again.

#### 19. **Risk**

**Risk** is like anything that could make it easier for a thief to steal treasure. Maybe the city walls are weak, or there aren’t enough guards on duty. Risk is the possibility of something bad happening.

#### 20. **Security Audit**

A **security audit** is like a city inspector coming in to check if the walls are strong, the guards are alert, and the doors are locked. It’s a way to see if everything is secure and meets the rules.

#### 21. **Security Controls**

**Security controls** are like the guard dogs, walls, gates, and alarm systems the city uses to prevent robberies. These controls are there to keep specific risks in check.

#### 22. **Security Frameworks**

**Security frameworks** are like the city’s master blueprints for keeping the treasure safe. They help guide how to build walls, where to place guards, and what kind of traps to set for thieves.

#### 23. **Security Posture**

**Security posture** is how strong the city is overall when it comes to defending its treasure. It’s like asking, "How prepared are we to stop thieves?" It’s about being able to adjust and strengthen defenses whenever needed.

#### 24. **Threat**

A **threat** is like any person or event that might try to steal treasure or damage the city. It could be a group of sneaky robbers, or even a sudden flood that could wash away the treasure.

***

How are you feeling about the terms so far? I can dive deeper into any of these or help break down more specific concepts you’d like to explore! Let's start by gauging how familiar you are with some of these terms. How do you feel about topics like encryption, authentication, and risk management?
