A Flashcards
Acceptable Use Policy (AUP)
A document that provides network and system users with a clear direction on permissible uses of information resources.
Access badges
Used for entry access via magnetic stripe and radio frequency ID access system and when including a picture, allows personal to determine if the person is who they say they are.
Access control list (ACL)
Rule that either permits or denies actions?
What does ACL mean?
Access control list (ACL) and it is a rule that either permits or denies actions.
Access restrictions
Security measures that limit the ability of individuals or systems to access sensitive information or resources.
Account Lockout
Accounts are often locked out after failed login attempts. Maybe an indictor of compromised because of brute force.
Acknowledgement
Ensuring that employees and business partners state that they are aware of the compliance requirements.
Active/active load balancer
A kind of load balancer that brings backup or secondary systems online when an active system is removed or fails to respond properly to a health check. 2
Active reconnaissance
A technique that directly engages the target in intelligence gathering.
Ad Hoc reports
Reports that are produced as needed
Ad Hoc risk assessment
Conducted in response to a specific event or situation.
802.1X
The IEEE standard that defines port-based security for network access control 2
Adaptive identity
Often called adaptive authentication, it leverages context-based authentication that considers data points like where the user is logging in from, what device they are logging in from, and whether the device meets security and configuration requirements. 3
Address resolution protocol (ARP)
A protocol that provides translations between MAC addresses and IP addresses on a local network.
Adversarial artificial intelligence (AI)
The use of artificial intelligence techniques by attackers for malicious purposes.
Adversary tactics, techniques, and procedures (TTPs)
The study of the methods used by cyber security adversaries when engaging in attacks. 3
Agents
Software that is deployed to endpoints allowing them to perform actions or to be controlled by central server or services. 3
Agent based scanning
The use of software agents installed on target devices to assist with vulnerability scans.
Agile
A software development model that is both iterative and incremental.
Agility
The speed to provision cloud resource and ability to use them for short periods of time.
Advance Persistent Threats (APT)
Cybersecurity adversary characterized by a sophisticated series of related attacks taking placed over an extended period of time.3
Air gapped
A design that physically separates network segments, preventing network connectivity between those segments.
Algorithm
A set of rules, that dictates how enciphering and deciphering process are to take place.
Allow listing
The most effective form of input validation in which the developer describes the exact type of input that is expected from the user and then verifies that the input matches that specification before passing the input to other processes or servers.
Alteration
The unauthorized modification of information and validation of the principles of integrity.
Amplified denial of serice attacks
An amplified denial of service attack takes advantage of protocols that allow a small query to return large results like a DNS query. 4
Annualized loss expectancy (ALE)
The possible yearly cost of all instances of a specific realized threat against a specific asset. THE ALE is calculated using the formula ALE=Single loss expectancy (SLE) *Annualized rate of occurrence (ARO)
Annualized Rate of Occurrence ARO
Annualized Rate of Occurrence ARO- The expected frequency that a specific threat or risk will occur within a single year.
Anomalous behavior recognition
Employees should be able to recognize when risky, unexpected, and or unintentional behavior takes place. 4
Anomaly detection
A method of detecting abnormal or malicious events by looking for abnormal occurrences or violations of specified rules. 4
API-based CASB solution
Cloud access security broker solutions do not interact directly with the user but rather interact directly with the cloud provider through the providers API 4
API inspection
A technology that scrutinizes API requests for security issues.
Application programming interfaces (API)
Application programming interfaces (API)- API’s allow application developers to interact directly with a web service through function calls. 4
Assessment
Reviews of security controls that are typically requested by the security organization itself in an effort to engage in process improvement. 4
Assest Critically
Determination of the importance of an asset to the business. 4
Assest Inventory
Systematic method of tracking hardware, software, and information assets owned by an organization. 4
Asset management
A process that the organization will follow for accepting new assets into inventory, tracking those assets over their life time, and properly disposing of them at the end of the useful life. 4
Asset Value AV
Asset Value (AV)– A dollar value assigned to an asset based on actual cost and nonmonetary expenses. 4
Asymmetric Key Algorithms
Cryptographic algorithms that use two different keys: one key to encrypt and another to decrypt. Also called public key cryptography.
ATT & CK
A public knowledge based describing adversarial techniques and tactics maintained by MITRE
Attack Complexity Metric (AC)
Attack Complexity Metric (AC)- A metric that describes the difficulty of exploiting a vulnerability. 5
Attack Surface
A system, application, or service that contains a vulnerability that might be exploited. 5
Attestation
A primary outcome of an audit by an auditor, It is a formal statement that the auditors have reviewed the controls and found that they are both adequate to meet the control objectives and working properly. 5
Attack Vector Metric (AV)
Attack Vector Metric (AV)- A metric that describes how an attacker would exploit a vulnerability.5
Attribute based access control (ABAC)
Attribute based access control (ABAC)- An advance implementation of a rule based access control model that uses polices that include multiple attributes for rules. 5
Auditability
Cloud computing contracts should include language guaranteeing the right of the customer to audit cloud service providers. 5
Audits
Formal reviews of an organization’s security program or specific compliance issues conducted on behalf of a third party.
Authentication
Verifies the claimed identity of system users and is a major function of Cryptosystems. 5
Authentication Header (AH)
Authentication Header (AH)- Uses hashing and a shared secret key to ensure integrity of data and validates senders by authenticating the IP packets that are sent. AH can ensure that IP payload and headers are protected. 5
Authority
A Key principle that relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, whether or not they are. 5
Authorized attackers
hackers who act with authorization and seek to discover security vulnerabilities with the intent of correcting them . 5
Availability
Ensures that information and systems are ready to meet the needs of legitimate users at the time those users request them. 5
Availability Metric (A)
Availability Metric (A) - A metric that describes the type of distribution that might occur if an attacker successfully exploits a vulnerability. 5