| CIA Triad |
Confidentiality, Integrity, Availability |
| Authentication |
Verifying the identity of a user, device, or other entity. |
| Authorization |
Granting or denying access to resources based on identity and permissions. |
| Accounting (Auditing) |
Tracking and logging user and system activities. |
| Non-Repudiation |
Ensuring that a user cannot deny having performed an action. |
| Least Privilege |
Granting users only the necessary permissions to perform their job functions. |
| Defense in Depth |
Implementing multiple layers of security controls. |
| Separation of Duties |
Dividing critical tasks among multiple individuals to prevent fraud or error. |
| Incident Response |
A set of procedures for detecting, responding to, and recovering from security incidents. |
| Disaster Recovery |
A plan for restoring critical business functions after a disaster. |
| Business Continuity |
A plan for maintaining business operations during and after a disruptive event. |
| Single Point of Failure (SPOF) |
A component whose failure will bring down an entire system |
| Recovery Time Objective (RTO) |
Maximum acceptable downtime before recovery |
| Recovery Point Objective (RPO) |
Maximum acceptable data loss in an incident |
| Mean Time to Repair (MTTR) |
Average time to repair a failed component or system |
| Mean Time Between Failures (MTBF) |
Average time between failures of a component or system |