2.0 Architecture and Design Flashcards
data are subject to the laws and governance structures of the nation where they are collected
Data Sovereignty
the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data
Data Loss Prevention
a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed
Data Masking
data that has reached a destination and is not being accessed or used
Data at rest
any data that is sent from one system to another
data in transit/motion
occurs when data is collected and translated into usable information
data in processing
is the process of de-identifying sensitive cardholder data by converting it to a string of randomly generated numbers called a “token.” Similar to encryption, tokenization obfuscates the original data to render it unreadable in the event of a data breach or other exposure.
Tokenization
the process of intercepting and reviewing SSL-encrypted internet communication between the client and the server
SSL Secure Socket Layer Inspection
a security mechanism that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network
TLS Transport Layer Security Inspection
the process of transforming any given key or a string of characters into another value
Hasing
an off-premises location where a company’s work can resume immediately during a disaster. It has all the equipment ready to go and be used. Available 24/7
Hot Site
A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. Only available during the disaster
Cold Site
some or all of the IT equipment found in a typical primary data center, such as software and hardware. After a disaster at the primary site, an organization will introduce customer data and may install additional equipment at the site
Warm Site
a controlled and safe environment for showing how attackers work and examining different types of threats
honeypot
bait files intended for hackers to access
honeyfiles
a decoy network that contains one or more honeypots
honeynets
Hacker method that is trying to get the machine to think that the malware is actually something good.
Fake Telemetry
a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address
DNS Sinkholing
a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis.
IaaS Infrastructure as a Service
is a cloud computing model provides a platform for customers to develop, run, and manage applications without building and maintaining the cloud infrastructure required to develop and launch an app.
PaaS Platform as a Service
a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted
Software as a Service
describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet
Anything as a service
a decentralized computing infrastructure in which data, compute, storage and applications are located somewhere between the data source and the cloud
Fog Computing
an emerging computing paradigm which refers to a range of networks and devices at or near the user. about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes, leading to greater action-led results in real time.
Edge Computing
work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored.
Thin Client
packages of software that contain all of the necessary elements to run in any environment. In this way, virtualize the operating system and run anywhere, from a private data center to the public cloud or even on a developer’s personal laptop
Containers
an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network
Software Defined Networking
allows us to deploy next-generation firewalls, intrusion prevention, web application firewalls, and other security devices while at the same time being able to understand exactly what type of data is flowing between all of these systems
Software Defined Visibility
happens when an administrator can no longer effectively control and manage all the virtual machines on a network
virtual machine sprawl avoidance
protection that prevents a virtual machine from directly interacting with the host operating system
VM Escape Protection
checking through all of the data to make sure it’s in the right format, and if it’s not the right format, it should add any corrections
Normalization
prepared SQL code that you can save, so the code can be reused over and over again
Stored Procedure
process of taking something that would commonly be relatively easy to understand and make it very difficult to understand
Obfuscation
the processing takes place on a web server. This processing is important to execute the tasks required by the user on the web
Service Side Execution
the processing takes place on the user’s computer
Client Side Execution
when sensitive information is lost due to unintentional exposure
data exposure
nonprofit foundation dedicated to improving software security. It operates under an “open community” model, which means that anyone can participate in and contribute to related online chats, projects, and more
Open Web Application Security Project
a threat intelligence approach that automates the monitoring of information security controls, vulnerabilities, and other cyber threats to support organizational risk management decisions
Continuous Monitoring
lets you constantly monitor new code, testing it against criteria for functionality, security, and performance. It’s a vital way to screen out bugs, stop potential issues from reaching the main database, and ensure that rollouts go as smoothly as possible
continuous validation
application developers may constantly be updating an application and perhaps even merging it into a central repository many times a day
continuous integration
a way that you could provide access to your network using credentials that someone uses for a completely different service. This can be done for users that are on your local network or you could use this for third party individuals such as partners or customers to be able to gain access to your server
Federation