A-Z Cybersecurity Glossary with Definitions Flashcards

1
Q

Access Control

A

The means and mechanisms of managing access to and use of resources by users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Anti-virus (anti-malware)

A

A security program designed to monitor a system for malicious software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Antivirus software

A

A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

APT (Advanced Persistent Threat)

A

A security breach that enables an attacker to gain access or control
over a system for an extended period of time usually without the owner of the system being aware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Asset

A

Anything that is used in and is necessary to the completion of a business task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication

A

The process of proving an individual is a claimed identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authorization

A

The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Backing up

A

Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

BCP (Business Continuity Plan)

A

A business management plan used to resolve issues that threaten
core business tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Behavior Monitoring

A

Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Blacklist

A

A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Block Cipher

A

A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Botnet

A

A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system’s resources in order to perform illicit or criminal actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bug

A

An error or mistake in software coding or hardware design or construction. A bug represents a
flaw or vulnerability in a system discoverable by attackers and used as point of compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

BYOD (Bring Your Own Device)

A

A company’s security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ciphertext

A

The unintelligible and seeming random form of data that is produced by the cryptographic
function of encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Clickjacking

A

A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cloud Computing

A

A means to offer computing services to the public or for internal use through remote services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

CND (Computer Network Defense)

A

The establishment of a security perimeter and of internal security
requirements with the goal of defending a network against cyberattacks, intrusions and other violations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Cracker

A

The proper term to refer to an unauthorized attacker of computers, networks and technology
instead of the misused term “hacker.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

CVE (Common Vulnerabilities and Exposures)

A

An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Cryptography

A

The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Cyberattack

A

Any attempt to violate the security perimeter of a logical environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cyber ecosystem

A

The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Cyberespionage

A

The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Cybersecurity

A

The efforts to design, implement, and maintain security for an organization’s network, which is connected to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Cyber Teams

A

Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Data Breach

A

The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Data Integrity

A

A security benefit that verifies data is unmodified and therefore original, complete and intact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Data Mining

A

The activity of analyzing and/or searching through data in order to find items of relevance, significance or value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Data Theft

A

The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

DDoS (Distributed Denial of Service) Attack

A

An attack which attempts to block access to and use of a resource. It is a violation of availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Decrypt

A

The act which transforms ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Digital Certificate

A

A means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Digital Forensics

A

The means of gathering digital information to be used as evidence in a legal procedure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

DLP (Data Loss Prevention)

A

A collection of security mechanisms which aim at preventing the
occurrence of data loss and/or data leakage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

DMZ (Demilitarized Zone)

A

A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

DOS (Denial of Service)

A

An attack that attempts to block access to and use of a resource. It is a violation of availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Drive-by Download

A

A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Eavesdropping

A

The act of listening in on a transaction, communication, data transfer or conversation.

41
Q

Encode

A

The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption).

42
Q

Encryption Key

A

The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process.

43
Q

Firewall

A

A security tool, which may be a hardware or software solution that is used to filter network traffic.

44
Q

Hacker

A

A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities.

45
Q

Hacktivism

A

Attackers who hack for a cause or belief rather than some form of personal gain.

46
Q

Honeypot

A

A trap or decoy for attackers.

47
Q

IaaS (Infrastructure-as-a-Service)

A

A type of cloud computing service where the provider offers the
customer the ability to craft virtual networks within their computing environment.

48
Q

Identity Cloning

A

A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity.

49
Q

Identity Fraud

A

A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual.

50
Q

Information Security Policy

A

A written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and
guidelines.

51
Q

IPS (Intrusion Prevention System)

A

A security tool that attempts to detect the attempt to compromise
the security of a target and then prevent that attack from becoming successful.

52
Q

ISP (Internet Service Provider)

A

The organization that provides connectivity to the Internet for
individuals or companies.

53
Q

JBOH (JavaScript-Binding-Over-HTTP)

A

A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device.

54
Q

Keylogger

A

Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard.

55
Q

LAN (Local Area Network)

A

An interconnection of devices (i.e. a network) that is contained within a
limited geographic area (typically a single building).

56
Q

Link jacking

A

A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards.

57
Q

Malware (malicious software)

A

Any code written for the specific purpose of causing harm, disclosing
information or otherwise violating the security or stability of a system.

58
Q

Outsider Threat

A

The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization.

59
Q

Outsourcing

A

The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organization to take advantages of external entities that can provide services for a fee.

60
Q

OWASP (Open Web Application Security Project)

A

An Internet community focused on understanding web technologies and exploitations.

61
Q

PaaS (Platform-as-a-Service)

A

A type of cloud computing service where the provider offers the
customer the ability to operate custom code or applications.

62
Q

Packet Sniffing

A

The act of collecting frames or packets off of a data network communication.

63
Q

Patch

A

An update or change to an operating system or application

64
Q

Patch Management

A

The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications.

65
Q

Payment Card Skimmers

A

A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POS (Point of Sale) payment system.

66
Q

Pen Testing

A

A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts.

67
Q

Phishing

A

A social engineering attack that attempts to collect information from victims.

68
Q

PKI (Public Key Infrastructure)

A

A security framework (i.e. a recipe) for using cryptographic concepts in
support of secure communications, storage and job tasks.

69
Q

POS (Point of Sale) Intrusions

A

An attack that gains access to the POS (Point of Sale) devices at a retail
outlet enabling an attacker to learn payment card information as well as other customer details.

70
Q

Ransomware

A

A form of malware that holds a victim’s data hostage on their computer typically through
robust encryption.

71
Q

Restore

A

The process of returning a system back to a state of normalcy.

72
Q

Risk Assessment

A

The process of evaluating the state of risk of an organization.

73
Q

Risk Management

A

The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks.

74
Q

SaaS (Software-as-a-Service)

A

A type of cloud computing service where the provider offers the
customer the ability to use a provided application.

75
Q

Sandboxing

A

A means of isolating applications, code or entire operating systems in order to perform testing or evaluation.

76
Q

SCADA (Supervisory Control and Data Acquisition)

A

A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration.

77
Q

Security Control

A

Anything used as part of a security response strategy which addresses a threat in order to reduce risk.

78
Q

SIEM (Security Information and Event Management)

A

A formal process by which the security of an organization is monitored and evaluated on a constant basis.

79
Q

Sniffing

A

See packet sniffing and eavesdropping.

80
Q

Social Engineering

A

An attack focusing on people rather than technology.

81
Q

SPAM

A

A form of unwanted or unsolicited messages or communications typically received via e-mail
but also occurring through text messaging, social networks or VoIP.

82
Q

Spear Phishing

A

A form of social engineering attack that is targeted to victims who have an existing digital relationship with an online entity such as a bank or retail website.

83
Q

Spoof (spoofing)

A

The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address.

84
Q

Spyware

A

A form of malware that monitors user activities and reports them to an external their party.

85
Q

Supply Chain

A

The path of linked organizations involved in the process of transforming original or raw
materials into a finished product that is delivered to a customer.

86
Q

Threat Assessment

A

The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization.

87
Q

Trojan Horse (Trojan)

A

A form of malware where a malicious payload is imbedded inside of a benign host file.

88
Q

Two-Factor Authentication

A

The means of proving identity using two authentication factors usually
considered stronger than any single factor authentication.

89
Q

Two-Step Authentication

A

A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication.

90
Q

Unauthorized Access

A

Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system.

91
Q

VPN (Virtual Private Network)

A

A communication link between systems or networks that is typically
encrypted in order to provide a secured, private, isolate pathway of communications.

92
Q

Virus

A

A form of malware that often attaches itself to a host file or the MBR (Master Boot Record) as a
parasite.

93
Q

Vishing

A

A form of phishing attack which takes place over VolP.

94
Q

Vulnerability

A

Any weakness in an asset or security protection which would allow for a threat to cause harm.

95
Q

Whitelist

A

A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software.

96
Q

Wi-Fi

A

A means to support network communication using radio waves rather than cables.

97
Q

Worm

A

A form of malware that focuses on replication and distribution.

98
Q

Zombie

A

A term related to the malicious concept of a botnet.