Basics Flashcards
antivirus software
The software program used to prevent, detect and eliminate malware and viruses
asset management
The process of tracking assets, and the risks that affect them
asset inventory
A catalog of assets that need to be protected
Biometrics
The unique physical characteristics that can be used to verify a persons identity
Business continuity
An organizations ability to maintain their everyday productivity by establishing risk disaster recovery plans.
Business continuity plan (BCP)
A documented outlines the procedures to sustain business operations during and after a significant disruption
Business email compromise (BEC)
a type of fishing attack, where a threat actor impersonates a known source to obtain financial advantage
Computer virus
Malicious code written to interfere with computer operations, and cause damage to data and software
Cyber security
The practice of ensuring confidentiality, integrity and availability information by protecting networks devices, people and data from unauthorized access or criminal exploitation
Data
Information that is translated, processed or stored by a computer
hacker
Any person who uses computers to gain access to computers, systems, networks or data
Hacktivist
any person who uses hacking to achieve a political goal
Linux
Open source operating system
Log
A record of events that occur within an organization system
malware
software designed to harm devices or networks
National Institute of standards and technology (NIST) cybersecurity framework (CSF)
A voluntary framework that consists of standards guidelines, and best practices to manage cybersecurity risk
operating system (OS)
The interface between computer hardware and the user
order of volatility
A sequence outlining the order of data that must be preserved from first to last
Packet sniffing
The practice of capturing and inspecting data packets across the network
phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
playbook
a manual that provides details about any operational action
ransomware
A malicious attack or threat actors and krypton organizations, data, and demand payment to restore access
risk
Anything that can impact the confidentiality, integrity, or availability of an asset
risk mitigation
The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach
security information and event management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
sensitive data
A type of data that includes personally, identifiable, information(PII) , sensitive, personal identifiable (SPII) information, or protected health information (PHI)
social engineering
A manipulation technique that exploits human error to gain, private information, access, or valuables
spear phishing
A malicious email attack, targeting a specific user or group of users, appearing to originate from a trusted source
spyware
malware that’s used to gather and sell information without consent
SQL (structured query language)
A programming language used to create, interact with, and request information from a database
Threat
Any circumstance, or event that can negatively impact assets
threat actor
Any person or group who presents a security risk
USB baiting
an attack in which a threat actor strategically leaves a malware USB stick for an employee to find an install to unknowingly infected network
virus
Malicious code written to interfere with computer operations, and cause damage to data and software
Visual dashboard
A way of displaying various types of data quickly in one place
vulnerability
A weakness that can be exploited by a threat
vulnerability assessment
The internal review process of an organizations security systems
watering hole attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Layers of the web
Surface web
Deep web
Dark web
risk management framework (7)
Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor
RMF Step 1: Prepare
Activities that are necessary to manage security security, and privacy risks before a breach occurs
RMF Step 2: Categorize
Used to develop risk management processes and tasks
RMF Step 3: Select
Choose, customize, and capture documentation of the controls that protect an organization
RMF Step 4: Implement
implement security and privacy plans for the organization
RMF Step 5: Assess
Determine if established controls are implemented correctly
RMF Step 6: Authorize
Being accountable for the security and privacy risks that may exist in an organization
RMF Step 7: Monitor
be aware of how systems are operating
Asset
An item perceived is having value to an organization. Assets can be digital or physical.
insider threats
Staff members or vendors abuse their authorized access to obtain data that may harm an organization
Aavanced persistent threats (APTs)
A threat actor maintains an authorized access to a system for an extended period of time
External risk
Anything outside the organization that has the potential to harm organizational assets, such as threat actors, attempting to gain access to private information
Internal risk
A current, or former employee, vendor, or trusted partner, who poses a security risk
Legacy systems
Old systems that might not be accounted for or updated, but still impact assets, such as workstations or old mainframe systems
Multiparty risk
Outsourcing work to third-party vendors, can give them access to intellectual property, such as trade, secrets, software, designs, and inventions
software compliance/licensing
Software that is not updated or in compliance, or patches that are not installed in timely manner
ProxyLogon
A pre-authenticated vulnerability that affects the Microsoft exchange server. This means a threat actor can complete a user authentication process to deploy malicious code for a remote location.
ZeroLogon
A vulnerability in Microsoft net logon authentication protocol. An authentication protocol is a way to verify a persons identity. Net logon is a service insurance, a users identity before allowing access to a websites location
Log4Shell
Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices, connected to the Internet and run malicious code.
PetitPotam
affects windows, new technology, local area network (LAN) manager (NTLM). it is a theft technique that allows a LAN-based attacker to initiate an authentication request.
security, logging, and monitoring failures
Insufficient, logging and monitoring capabilities that result in hackers exploiting vulnerabilities without the organization, knowing it
server side request, forgery
Allows attackers to manipulate a server, side application into accessing and updating backend resources. It can also allow threat actors to steal data.
security posture
In organizations ability to manage its defense, critical assets and data, and react to change
Shared responsibility
The idea that all individuals within an organization, take an active role in lowering risk and maintaining both physical and virtual security. Core concept of the security and risk management domain.
security framework
Guidelines used for building, plans to help mitigate risk and threats to data and privacy
security controls
Safeguards designed to reduce specific security risks
encryption
The process of converting data from readable format to an encoded format. Typically involves converting data from plain text to ciphertext.
Cyphertext
raw encoded message that is unreadable by people and machines until it has been de-encrypted.
authentication
The process of verifying who someone or something is. MFA is an example
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
authorization
The concept of granting access to specific resources within a system
CIA Triad
Confidentiality
Integrity
Availability
cyber threat framework (CTF)
According to the office of the Director of national intelligence, the CTF was developed by the US government to provide a common language for describing and communicating information about cyber threat activity
International organization for standardization/international electrotechnical commission
(ISO/IEC) 27001
An internationally recognized and used framework is ISO/IEC 27001. ISO 27000 family of standards enables organizations of all sectors and sizes to manage the security of assets, such as financial information, textual property, data, and information. Trust the third parties. This outlines requirements for an information security management system, best practices, and controls to support an organizations ability to manage risks.
CIA Triad
A model that helps inform how organizations consider risk when setting up systems in security policies
confidentiality
Only authorized users can access specific assets or data
integrity
The data is correct, authentic, and reliable
availability
Data is accessible to those who are authorized to access it
NIST S.P. 800-53
A unified framework for protecting the security of information systems within the federal government
NIST CSF Core Functions
Identify
Protect
Detect
Respond
Recover
NIST CSF Core Function #1 Identify
The management of cyber security risk, and it’s effect on an organizations, people and assets
NIST CSF Core Function #2 Protect
The strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cyber security threats
NIST CSF Core Function #3 Detect
Identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections
NIST CSF Core Function #4 Respond
Making sure that the proper procedures are used to contain, neutralize, and analyze security, incidents, and implementing improvements to the security process
NIST CSF Core Function #5 Recover
process of returning affected systems, back to normal operations
attack surface area
refers to all potential vulnerabilities, a thread actor could exploit
principle of least privilege
Users have the least amount of access required to perform their everyday tasks
defense in depth
Organization should have varying security controls that mitigate risks and threats
separation of duties
Critical actions should rely on multiple people, each of whom follow the principle of lease privilege
keep security, simple
Avoid unnecessarily complicated solutions. Complexity makes security difficult.
fix security issues correctly
When security incident occur, identify the root cause, contain the impact, identify, vulnerabilities, and conduct tests to ensure that remediation is successful
establish secure defaults
this principal means that the optimal security state of an application is also its default state for users. It should take extra work to make the application insecure.
fail securely
Fail securely means that when a control fails or stops, it should do so by defaulting to its most secure option
avoid security by obscurity
The security of key systems should not rely on keeping details hidden.
security audit
Review of an organizations, security controls, policies, and procedures against a set of expectations
security controls
Safeguards designed to reduce specific security risks
attack vectors
The pathways attackers used to penetrate security defenses
Open Web application, security project/open worldwide application, security project (OWASP)
a nonprofit organization, focused on improving software security
firewall
Network security device that monitors traffic to or from your network. They can also restrict specific incoming and outgoing network traffic.
Hub
A network device that broadcast information to every device on the network
switch
A device that makes connections between specific devices on a network by sending, and receiving data between them
Router
A network device that connects multiple networks together
Modem
A device to connect your router to the Internet and brings Internet access to the LAN
virtualization tools
Pieces of software that perform network operations
cloud, computing
Practice of using remote servers, applications, and network services that are hosted on the Internet Internet instead of on local physical devices
cloud network
A collection of servers or computers, that stores, resources, and data and remote data centers that can be accessed via the Internet
Data packet
Basic unit of information that travels from one device to another within a network
bandwidth
The amount of data a device receives every second
speed
The rates at which data packets are received or downloaded
packet sniffing
The practice of capturing and inspecting data packets across the network
transmission control protocol
In Internet communication protocol that allows two devices to form a connection and stream data
Internet protocol
A set of standards used for routing and dressing data packets as they travel between devices on a network
Port
A software based location that organizes the sending, and receiving of data between devices on a network
network protocols
A set of rules used by two or more devices on a network to describe the order of delivery in the structure of the data
transmission control protocol (TCP)
In Internet communications protocol that allows two devices to form a connection and stream data
Address resolution protocol (ARP)
A network used to determine the MAC address of the next router or device on the path
HyperText Transfer Protocol Secure (HTTPS)
A network protocol that provides a secure method of communication between clients and website servers
Domain name system (DNS)
A network protocol that translate Internet domain names into IP addresses
user datagram protocol (UDP)
connection list protocol that does not establish a connection between devices before atransmission
simple network management protocol (snmp)
Network protocol used for monitoring and managing devices on a network
Internet control message protocol (ICMP)
Network protocol used by devices to tell each other about data transmission errors across the network
Secure file transfer protocol (sftp)
Secure protocol used to transfer files from one device to another over network
