Comprehensive guide Flashcards
Acronym
Definition
AAA
Authentication
ACL
Access Control List - A router has an ACL that allows only specific IP addresses to access certain network resources.
AES
Advanced Encryption Standard - AES is used to encrypt sensitive data stored in cloud services.
CIA
Confidentiality
DLP
Data Loss Prevention - A DLP system detects and prevents the transfer of sensitive data outside the organization.
IDS
Intrusion Detection System - An IDS monitors network traffic for suspicious activities and alerts administrators.
IPS
Intrusion Prevention System - An IPS can block malicious traffic in real time
MFA
Multi-Factor Authentication - A user logs into an account using a password and a one-time code sent to their phone.
PKI
Public Key Infrastructure - PKI is used to issue digital certificates that validate user identities.
VPN
Virtual Private Network - Employees use a VPN to securely connect to the company’s internal network from remote locations.
SIEM
Security Information and Event Management - SIEM systems aggregate and analyze log data to detect security incidents.
SSO
Single Sign-On - With SSO
RADIUS
Remote Authentication Dial-In User Service - RADIUS is used to manage access for remote users connecting to a network.
TACACS+
Terminal Access Controller Access-Control System Plus - TACACS+ provides centralized authentication for network devices.
TLS
Transport Layer Security - TLS encrypts data transmitted over the internet
SSL
Secure Sockets Layer - SSL certificates secure web traffic between a user’s browser and a web server.
WAF
Web Application Firewall - A WAF protects web applications from common attacks like SQL injection.
BYOD
Bring Your Own Device - A BYOD policy allows employees to use personal devices for work purposes.
NIDS
Network Intrusion Detection System - NIDS monitors network traffic and alerts on suspicious behavior.
NIPS
Network Intrusion Prevention System - NIPS actively blocks potentially harmful traffic on the network.
SOC
Security Operations Center - A SOC monitors and analyzes security events in real-time to respond to incidents.
FIM
File Integrity Monitoring - FIM detects unauthorized changes to files and alerts administrators.
RPO
Recovery Point Objective - A business aims for an RPO of one hour
RTO
Recovery Time Objective - The RTO defines how quickly a system should be restored after a failure.
HIPS
Host Intrusion Prevention System - HIPS protects individual devices from attacks by monitoring system behavior.
HIDS
Host Intrusion Detection System - HIDS checks a host for signs of malicious activity and reports them to the admin.
GDPR
General Data Protection Regulation - GDPR requires organizations to protect personal data and privacy for EU citizens.
CISO
Chief Information Security Officer - The CISO is responsible for developing and implementing the company’s information security strategy.
CSIRT
Computer Security Incident Response Team - A CSIRT is tasked with responding to and managing security incidents.
MDM
Mobile Device Management - MDM solutions allow organizations to manage and secure employees’ mobile devices.
APT
Advanced Persistent Threat - APTs are sophisticated attacks that gain unauthorized access and remain undetected.
CCL
Common Control Line - CCL is used to define shared controls within organizations to manage risk.
CVE
Common Vulnerabilities and Exposures - CVE identifiers help track vulnerabilities in software.
CVSS
Common Vulnerability Scoring System - CVSS scores help prioritize vulnerabilities based on their severity.
EDR
Endpoint Detection and Response - EDR solutions provide real-time monitoring and data collection from endpoints.
DDoS
Distributed Denial of Service - A DDoS attack overwhelms a server with traffic
MITM
Man-In-The-Middle - MITM attacks intercept communications between two parties to eavesdrop or alter messages.
SHA
Secure Hash Algorithm - SHA is used to ensure data integrity by generating a unique hash for data.
RFID
Radio-Frequency Identification - RFID tags track inventory items in a warehouse.
OSI
Open Systems Interconnection - The OSI model helps standardize network communication protocols.
SAML
Security Assertion Markup Language - SAML enables SSO by allowing identity providers to share authentication data.
TTP
Tactics
NIST
National Institute of Standards and Technology - NIST publishes cybersecurity frameworks and guidelines for organizations.
ISO
International Organization for Standardization - ISO 27001 outlines requirements for establishing an information security management system.
FIPS
Federal Information Processing Standards - FIPS are mandatory for federal agencies to ensure security in IT systems.
AAL
Authentication Assurance Level - AAL levels define the strength of authentication methods used in systems.
AUP
Acceptable Use Policy - An AUP outlines acceptable behaviors for using company IT resources.
ITAR
International Traffic in Arms Regulations - ITAR restricts the export of defense-related articles and services.
FERPA
Family Educational Rights and Privacy Act - FERPA protects the privacy of student education records.
HIPAA
Health Insurance Portability and Accountability Act - HIPAA sets standards for protecting sensitive patient health information.
PCI DSS
Payment Card Industry Data Security Standard - PCI DSS provides guidelines for protecting cardholder data in payment processing.
RACI
Responsible
TCO
Total Cost of Ownership - TCO considers all costs associated with owning and operating a system.
VAPT
Vulnerability Assessment and Penetration Testing - VAPT identifies and exploits vulnerabilities in systems to improve security.
FUD
Fear
DNSSEC
Domain Name System Security Extensions - DNSSEC protects against certain types of attacks on the DNS.
S3
Simple Storage Service (AWS) - Amazon S3 provides scalable cloud storage solutions.
IaaS
Infrastructure as a Service - IaaS allows businesses to rent computing resources over the internet.
PaaS
Platform as a Service - PaaS provides a platform for developers to build and deploy applications without managing infrastructure.
SaaS
Software as a Service - SaaS applications are accessed over the internet
VM
Virtual Machine - VMs allow multiple operating systems to run on a single physical machine.
SLA
Service Level Agreement - An SLA defines the expected service performance and availability.
Ransomware
Malware that encrypts files and demands payment - Ransomware attacks often target hospitals
BIA
Business Impact Analysis - A BIA identifies critical business functions and the impact of disruptions.
HSM
Hardware Security Module - HSMs secure cryptographic keys and perform encryption/decryption.
SOAR
Security Orchestration
UEBA
User and Entity Behavior Analytics - UEBA identifies anomalies in user behavior to detect potential threats.
XSS
Cross-Site Scripting - XSS attacks inject malicious scripts into web pages viewed by users.
CSRF
Cross-Site Request Forgery - CSRF tricks users into submitting requests without their consent.
L2TP
Layer 2 Tunneling Protocol - L2TP is used to create VPNs that securely transmit data.
IPsec
Internet Protocol Security - IPsec encrypts data at the IP layer for secure communications.
CAA
Certification Authority Authorization - CAA records specify which CAs are permitted to issue certificates for a domain.
TFA
Two-Factor Authentication - TFA adds an extra layer of security by requiring a second form of verification.
OAUTH
Open Authorization - OAUTH allows users to share specific data with third-party applications without exposing credentials.
OpenID
An open standard for user authentication - OpenID enables users to log in to various websites using a single account.
SYN
Synchronize - SYN packets are part of the TCP handshake to establish a connection.
NAC
Network Access Control - NAC solutions enforce security policies for devices connecting to a network.
Breach
Unauthorized access to data - A data breach occurs when hackers access confidential information.
CIRT
Computer Incident Response Team - A CIRT responds to security incidents and manages recovery efforts.
Forensics
The application of science to criminal and civil laws - Digital forensics investigates cybercrimes by analyzing digital evidence.
Threat Actor
An individual or group that exploits vulnerabilities - A threat actor may be a hacker targeting financial institutions.
Phishing
Fraudulent attempt to obtain sensitive information - Phishing emails trick users into revealing passwords.
Social Engineering
Manipulating people to divulge confidential information - Attackers may pose as IT support to gain user trust and information.
Zero-Day
A vulnerability exploited before a fix is available - A zero-day exploit can lead to widespread attacks if not patched quickly.
Payload
The part of malware that performs the malicious action - The payload of a virus might delete files or steal data.
Sandbox
An isolated environment for safely running programs - Malware analysis often uses a sandbox to test suspicious files without risk.
Malware
Malicious software designed to harm or exploit devices - Types of malware include viruses
Brute Force
Attempting to guess passwords or encryption keys - Brute force attacks may use various combinations to crack passwords.
