add a definition of risk mgmt

1 files changed, 8 insertions, 0 deletions

diff --git a/learn/hacking/README.md b/learn/hacking/README.md
index 7e7cedb..86818b4 100644
--- a/learn/hacking/README.md
+++ b/learn/hacking/README.md
@@ -292,11 +292,17 @@ an incident has been fully resolved before sharing details of it with others.
   technical transport mechanisms for enabling info exchange to occur in an
   automated fashion.
 
+Risk Management
+
+Risk mgmt is the ongoing process of identifying, assessing, and responding to
+risk.
+
 ## Glossary
 
 * ACL: Access Control List
 * APT: Advanced Persisten Threat
 * AUP: Acceptable Usage Policy
+* CEA: Cybersecurity Enhancement Act
 * CIA: Confidentiality, Integrity, Availability
 * CIRT: Computer Incident Response Team
 * CISO: Chief Information Security Officer
@@ -308,6 +314,7 @@ an incident has been fully resolved before sharing details of it with others.
 * IOC: Indicator of Compromise
 * IR: Incident Response
 * NIDS: Network Intrustion Detection System
+* NIST: National Institute of Standards and Technology
 * PE: Portable Executable
 * PII: Personally Identifiable Information
 * PR: Public Relations
@@ -331,3 +338,4 @@ an incident has been fully resolved before sharing details of it with others.
 * [Intel Driven Defense](https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf)
 * [IR Stages](https://www.secureworks.com/blog/incident-response-life-cycle-phases-for-effective-ir)
 * [NIST IR Guide](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf)
+* [Framework for Improving Critical Infrastructure](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf)