CYBER 160 Module 2~ Threat management and cybersecurity resources Flashcards
type of test that exploits vulnerabilites just as a threat actor would and gain unauthorized access
pen test or penetration test
monetary reward given for uncovering a software vulnerability
bug bounty
limitations or parameters in a penetration test
rules of engagement
returning all system back to normal following a penetration test
clean up
gathering information from outside the organization
footprinting
directly probing for vulnerabilities and useful information
active reconsissance
Ex: unprotected wireless data transmissions from wireless local area networks
searching for wireless signals from an automobile or on foot using a portobale computing device
war driving
efficient means of discovering a Wi-Fi signals using drones
war flying
searching online for publicly accessible information
passive reconnissance
publicly accessible informaiton
open source intelligence (OSINT)
frequent and ongoing process often automated that continuously identifies vulnerabilities risks and monitors cybersecurity progress
vulnerability scan
valid authentication credentials such as username and password which are supplied to vulnerability scanners to mimic the work of a threat actor who posses the credentials
credential scan
Type of major vulnerability scan
vulnerability scan that provides no authentication information to the tester
non-credential scan
vulnerability scan that attempts to employ any vulnerabilities which it finds like threat actors
intrusive scan
vulnerability scan that does not attempt to exploit the vulnerabilities but only records that of what it discovered
nonintrusive scan
tool that identifies vulnerabilities in an operating system and application software the most popular
Common Vulnerabilities and Exposure (CVE)
numbering rating system of the impact of vulnerabilities
Common Vulnerability Scoring System (CVSS)
tool that consolidates real-time securtity monitoring and management of security information with analysis and reporting security events
Security Information and Event Management (SIEM)
software that runs on a computer
interpretation and classificaiton of emotions (pos,neg,neutral) with in text data using text analysis techniques
sentiment analysist
designed to help security teams manage and respond to security warnings and alarms
Security Orchestration Automation and Responce
proactively searching for cyber threats that have gone undetected in a network
threat hunting
data feeds of information of the latest threats
threat feeds
a place of information from enterprises and government used to share information on the latest attacks
fusion center
series of documented process used to define policies and process for implementing and managing security controls in enterprise enviroments
framework
Most common frameworks
NIST,ISO,AICPA,CIS,CSA
NIST= National Institute of Standard and Technology
ISO= Intern Organization for Standardization
AICPA= American Institute of Certificate Public Accountats
CIS= Center of Internet Security
CSA= Cloust Security Alliance
guidance document designed to help organizations access and manage risks to their information and systems
NSIT Management Framework (RMF)
used as a measuring stick companies can use to compare their cybersecurity practices to the threats they face
NIST Cybersecurity Framework (CSF)
created NIST cybersecurity framework for helping private companies identify, detect and respond to cyber attacks
NIST (national institure of standards of Technology)
typically developed by established proffesional organizations or government agencies using the expertise of seasoned security proffesional
Industry regulations
document approved through consensus by a recognized standardization body
standard
database of behavior of threat actors and how they orchestrate and manage attacks
adversary tactics,techniques and procerdures (TTP)
white paper document which are authored by technology bodies employing speacilist,engineers,scientist who are experts in those areas
Request for comments (RFCs)
