1.1 Basic Concepts Flashcards
These terms are the building blocks for further study.
Confidentiality
Ensures that sensitive information is accessible only to authorized individuals or entities. Involves protecting data from unauthorized access, disclosure, or exposure.
Integrity
Ensures that data remains accurate, complete, and unaltered during storage, transmission, or processing. Guards against unauthorized modification or tampering.
Authorization
Determines the level of access or privileges granted to authenticated users or entities. Ensures users can only access the resources they are authorized to use
Availability
Ensures systems, networks, and data are accessible and operational when needed. Measures are taken to prevent disruptions or denial-of-service attacks that could render resources unavailable.
Authentication
Verifies the identity of users or devices attempting to access a system. Confirms individuals or entities are who they claim to be before granting access.
Non-Repudiation
Prevents individuals from denying their actions or transactions. Ensures that actions, such as data exchange or digital signatures, are verifiable and cannot later be denied.
Vulnerability
A weakness or flaw in a system, application, or process that could be exploited by attackers to gain unauthorized access or cause harm.
Threat
Any potential danger or harmful event that could exploit vulnerabilities and compromise security. Threats can be internal or external.
Risk
The likelihood of a threat exploiting a vulnerability and the potential impact of that occurrence. Cybersecurity exists to mitigate risks.
Malware
Malicious software designed to harm, steal, or disrupt systems or data. Includes viruses, worms, trojans, ransomeware, or spyware.
Phishing
Social engineering technique where attackers impersonate trusted people or entities to trick individuals into revealing sensitive information.
Firewall
A security device or software that monitors and controls incoming and outgoing network traffic, acting as a barrier between a trusted internal network and untrusted external networks.
Encryption
The process of converting data into a secure code to protect it from unauthorized access. Only those with the decryption key can access the original data.
Patch
A software update released by vendors to fix security vulnerabilities and improve functionality. Regularly applying patches helps protect against known threats.
Incident Response
The process of identifying, managing, and mitigating the impact of a cybersecurity incident or breach to minimize damage and recover quickly.
Social Engineering
The phycological manipulation of individuals to trick them into revealing sensitive information or performing actions that may compromise security.
Multi-Factor Authentication (MFA)
A security mechanism that requires users to provide multiple forms of verification before gaining access to an account or system . It adds an extra layer of security beyond passwords.
Denial of Service (DoS) Attack
A n attempt to make a computer system or network resource unavailable to its users by overwhelming it with excessive traffic or requests. When this is done using multiple devices it is a Distributed Denial of Service (DDoS)
Advanced Persistent Threat (APT)
A prolonged and targeted cyberattack by sophisticated adversaries, such as nation-states or well-funded groups. ATPs often aim to steal sensitive information or conduct espionage.
Internet of Things (IoT) Security
Involves protecting the vast network of devices, ranging from smart home appliances to industrial sensors, from cyber threats.
Red Team vs. Blue Team
Red Team–Conducts offensive operations and attacks.
Blue Team–Defend against Red Team.
Exercises are done to assess security posture and situational preparedness.
Virtual Private Network (VPN)
A secure and encrypted connection that allows users to access the internet or a private network while maintaining privacy and anonymity.
Zero-Day Exploit
An attack that exploits a previously unknown vulnerability in software or systems before a patch or solution is available.
Cybersecurity Frameworks
Provide a structured approach for organizations to assess, develop, and improve their cybersecurity capabilities. Examples include NIST Cybersecurity Framework, ISO/IEC 27001, and CIS Controls.
Cybersecurity Awareness Training
Training employees and users to recognize and respond to cybersecurity threats is crucial in reducing the risk of successful cyberattacks.
