Cyber Security Flashcards
SOC
Security Operations Center (SOC)
- centralized unit that monitors and manages an organization’s security posture on a 24/7 basis
NIPS
Network Intrusion Prevention System (NIPS)
- monitors network traffic for suspicious activity and can take automated actions to block or prevent potential threats
WAF
Web Application Firewall (WAF) with DDoS protection
- specifically designed to mitigate and block DDoS attacks by filtering and monitoring incoming traffic to a web application.
PKI
Public Key Infrastructure (PKI)
- involves the use of asymmetric cryptography to provide secure communication and authentication, each device is assigned a unique key pair consisting of a public key and a private key
IDS
Intrusion Detection System (IDS)
- designed to monitor network traffic for suspicious activities or patterns that may indicate unauthorized access, malware infections, or other security threats
ACL
Access Control Lists (ACLs)
- used to control access to network resources by specifying which users of systems are allowed or denied access to specific resources
TPM
Trusted Platform Module (TPM)
- dedicated microcontroller designed to secure hardware by integrated cryptographic keys into devices
SAN Certificate
Subject Alternative Name (SAN) Certificate
- can secure multiple domains and subdomains by specifying them in the certificate’s SAN field
VLAN
Virtual Local Area Network
- logical grouping of network devices that allows devices on different physical LANs to communicate as if they were on the same physical LAN
RSA
Rivest, Shamir, & Adleman
- an asymmetric algorithm used primarily for secure data transmission and digital signature
HMAC
Hash-based Message Authentication Code (HMAC)
- used to verify the integrity and authenticity of a message, requires a shared secret key but does not provide a method for establishing or agreeing upon that key
AES
Advanced Encryption Standard (AES)
- a symmetric encryption algorithm used to encrypt data
TLS
Transport Layer Security (TLS)
- security protocol that protects data and privacy when communicating over the internet
SSL
Secure Socket Layer (SSL)
- standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers)
CRL
Certificate Revocation List (CRL)
- list of digital corticates that have been revoked by the CA (Certificate Authority) before their expiration date
CSRF
Cross-Site Request Forgery (CSRF)
- web-based attack where an attacker tricks a user into performing actions on a web application without their consent
APT
Advanced Persistent Threat (APT)
- highly skilled, well-resourced, and persistent attackers, often associated with state-sponsored groups, that focus on long-term espionage or sabotage
ARP
Address Resolution Protocol (ARP)
- protocol or procedure that connects an ever-changing Internet Protocol (IP) address to a fixed physical machine address, also known as a media access control (MAC) address, in a local-area network (LAN)
WEP
Wired Equivalent Privacy (WEP)
- an outdated encryption standard known to have significant vulnerabilities that can be easily compromised
WPA
Wi-Fi Protected Access (WPA)
- a security standard for wireless networks that protects data transmitted between devices and the internet
PSK
Pre-Shared Key (PSK)
- a complex string of characters that is used to authenticate users on a network and secure wireless communication
AES
Advanced Encryption Standard (AES)
- a symmetric block cipher chosen by the U.S. government to protect classified information
NTLM
New Technology LAN Manager
- suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users
TOC
Time-of-check (TOC)
- refers to the moment when a system checks the state of a resources
TOU
Time-of-use (TOU)
- refers to the moment when a system uses a resource after it has been checked
SSH
Secure Shell (SSH)
- a network protocol that allows secure communication between devices over an unsecured network
HIPS
Host-based Intrusion Prevention System (HIPS)
- a security software that monitors and prevents malicious activity on a device
CVE
Common Vulnerability and Exposure (CVE)
- a system that identifies and tracks publicly known cybersecurity vulnerabilities
EDR
Endpoint Detection and Response (EDR)
- focuses on identifying and addressing security threats at the endpoint level, such as laptops, desktops, and mobile devices
RAT
Remote Access Trojan (RAT)
- re malware designed to allow an attacker to remotely control an infected computer
SCADA
Supervisory Control and Data Acquisition (SCADA)
- provide centralized control, data acquisition, and real-time monitoring of industrial processes
RTO
Recovery Time Objective (RTO)
- the maximum amount of time an organization can tolerate for restoring its systems, applications, and data after a cyber incident
AAA
Authentication, Authorization, and Accounting (AAA)
AES-256
Advanced Encryption Standards 256-bits (AES-256)
AH
Authentication Header (AH)
- an IPSec header used to verify that the contents of a packet have not been modified while the packet was in transit
AIS
Automated Indicator Sharing (AIS)
- program enables organizations to share and receive machine-readable cyber threat indicators (CTIs) and defensive measures (DMs) in real-time for use in monitoring and defending their networks against known threats that are relevant to AIS participants
ALE
Annualized Loss Expectancy (ALE)
- the total loss we can expect from a risk in a one-year timeframe and is calculated by multiplying SLE (Single Loss Expectancy) by ARO (Annualized Rate Occurrence)
APT
Advanced Persistent Threat (APT)
- a type of cyber attack that involves a prolonged, covert intrusion into a network or system
ARO
Annualized Rate Occurrence (ARO)
- the likelihood of a risk being compromised and is calculated by dividing the estimated number of incidents by the time frame
ASLR
Address Space Layout Randomization (ASLR)
- a technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory
ATT&CK
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK)
- a comprehensive matrix of tactics and techniques used by cyber adversaries
AUP
Acceptable User Policy (AUP)
- sets rules related to an organization’s IT security policies
BASH
Bourne Again Shell (BASH)
- default shell language in most server computing environments in Linux
BCP
Business Continuity Planning (BCP)
- a proactive approach that prepares an organization to respond and recover from potential cyber threats
BGP
Border Gateway Protocol (BGP)
- a gateway protocol that enables the internet to exchange routing information between autonomous systems (AS)
BIA
Business Impact Analysis (BIA)
- a systematic process that helps organizations evaluate the potential impact of disruptions on their critical assets, processes, and services
BPA
Business Partners Agreement (BPA)
- legal agreements between partners, this is a legal agreement that outlines the terms, conditions, and expectations between the partners
BPDU
Bridge Protocol Data Unit (BPDU)
- a message that helps switches exchange information and determine the best paths for data to travel through a network.
BYOD
Bring Your Own Device (BYOD)
CAPTCHA
Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA)
CAR
Corrective Action Report (CAR)
- a formal document used by organizations to address and rectify issues, errors, non-conformances, or deficiencies identified in processes, products, services, or systems
CASB
Cloud Access Security Broker (CASB)
- a security solution that monitors and enforces an organization’s security policies for cloud applications
CBC
Cipher Block Chain (CBC)
- a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted
CCMP
Counter Mode/CBC-MAC Protocol (CCMP)
- a cryptographic protocol that uses the AES cipher to encrypt data and provide security services
CERT
Computer Emergency Response Team (CERT)
- a group of information security experts who protect an organization’s cybersecurity
CFB
Cipher Feedback (CFB)
- a block cipher mode of operation used in encryption algorithms to encrypt and transfer plaintext values
CHAP
Challenge Handshake Authentication Protocol (CHAP)
- an identity checking protocol that periodically re-authenticates the user during an online session
CIO
Chief Information Officer (CIO)
CIRT
Computer Incident Response Team (CIRT)
- a group of experts who manage and respond to cyber security incidents and breaches
COOP
Continuity of Operation Planning (COOP)
- a set of plans and procedures that ensure an organization can continue to perform essential functions during emergencies
COPE
Corporate Owned, Personally Enabled (COPE)
- a business model where a company owns devices that employees can use for both business and personal purposes
CP
Contingency Planning (CP)
- a set of procedures an organization initiates in the event of cyberattacks
CRC
Cyclical Redundancy Check (CRC)
- a technique used for detecting errors in digital data transmission, commonly employed in network communication and data storage
CSO
Chief Security Officer (CSO)
CSP
Cloud Service Provider (CSP)
CSR
Certificate Signing Request (CSR)
- a formal request to a Certificate Authority (CA) for a digital identity certificate, such as an SSL/TLS certificate
CSU
Channel Service Unit (CSU)
- a hardware device that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa
RTOS
Real-Time Operating System (RTOS)
- a specialized operating system used in critical embedded systems that requires fast, deterministic responses to events
PDU
Power Distribution Unit (PDU)
- a device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center
PEAP
Protected Extensible Authentication Protocol (PEAP)
- a security protocol that protects wireless networks by encrypting authentication data during transmission, does not require client-side certificates
LEAP
Lightweight Extensible Authentication Protocol (LEAP)
- a proprietary wireless LAN authentication method developed by Cisco Systems, considered insecure due to known vulnerabilities
ESP
Encapsulating Security Payload (ESP)
- a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data
DLP
Data Loss Prevention (DLP)
- the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data
UTM
Unified Threat Management (UTM)
- UTM devices are hardware or software that tie together network security features into one simple-to-use, easy-to-manage appliance
IPSec
Internet Protocol Security (IPSec)
- a set of communication rules or protocols for setting up secure connections over a network
SHA
Secure Hashing Algorithm (SHA)
SASE
Secure Access Service Edge (SASE)
- a cloud-based architecture that combines network and security services into a single solution
SD-WAN
Software-defined Wide Area Newtork (SD-WAN)
- a technique for using software to make wide area networks more intelligent and flexible
NAC
Network Access Control (NAC)
- controls and manages access to a network, ensuring that only authorized devices and users can connect
DMZ
Demilitarized Zone (DMZ)
- also known as a screened subnet, designed to add an extra layer of security by isolating the public-facing service from the internal network
CVE
Common Vulnerabilities and Exposures (CVE)
- a list of publicly known cybersecurity vulnerabilities that affect software, hardware, and firmware
IoC
Indicators of Compromise (IoC)
- are clues or evidence that a network or system has been compromised or attacked
OSINT
Open-source Intelligence (OSINT)
- a method of gathering information from public or other open sources, which can be used by security experts, national intelligence agencies, or cybercriminals
STIX
Structured Threat Information eXchange (STIX)
- a standardized language and data model that allows organizations to share cyber threat intelligence (CTI) in a consistent and readable format
SAML
Security Assertion Markup Language (SAML)
- is used for single sign-in (SSO) and can be used for both authentication and authorization, especially in enterprise environments
MAC
Mandatory Access Control (MAC)
- an access control model where access rights are regulated by central authority based on a multiple levels of security, users cannot change access policies
DAC
Discretionary Access Control (DAC)
- access to resources is determined by the resource owner
RBAC
Role-Based Access Control (RBAC)
- a cybersecurity method that limits access to applications and networks based on a user’s role and assigned permissions
SNMPv3
Simple Network Management Protocol version 3 (SNMPv3)
- designed specifically to provide secure management and monitoring of network devices, it includes important security features such as authentication, encryption, and message integrity
RADIUS
Remote Authentication Dial-In User Service (RADIUS)
- is used for authentication, authorization and accounting (AAA) services, particularly for network access
SFTP
SSH File Transfer Protocol (SFTP)
ABAC
Attribute-based Access Control (ABAC)
- uses various attributes, such as user role, time of access, and geographic location, to determine access rights
CVSS
Common Vulnerability Scoring System (CVSS)
- standard for assessing the severity of security vulnerabilities
FDE
Full Disk Encryption (FDE)
SPF
Sender Policy Framework (SPF)
- an email authentication method designed to detect forging sender addresses during the delivery of the email, allows domain owners to specify which mail servers are permitted to send email on behalf of their domains by creating a specific SPF record in the DNS
DKIM
Domain Keys Identified Mail (DKIM)
- provides a way to verify that an email was indeed sent and authorized by the owner of that domain, it does this by using a digital signature
DMARC
Domain-based Message Authentication, Reporting & Conformance (DMARC)
- builds on SPF and DKIM to provide additional reporting and policy enforcement
EF
Exposure Factor (EF)
- the percentage of an asset’s value that is exposed to be lost due to a specific incident of loss event
CYOD
Choose Your Own Device (CYOD)
PAM
Privileged Access Management (PAM)
- a cybersecurity strategy that helps organizations protect against cyber threats by monitoring and controlling access to critical resources
GPO
Group Policy Objects (GPOs)
- a collection of settings that can be used to manage and configure systems, applications, and user settings in Active Directory
ICS
Industrial Control System (ICS)
- a general term for any system used to control and manage industrial processes, including manufacturing, production and distribution
SE Linux
Security-enhanced Linux (SE Linux)
- a security module integrated into the Linux kernel that provides mandatory access control (MAC) policies
MSA
Master Service Agreement (MSA)
- a fundamental contract outlining the scope of the relationship between two parties, including terms and conditions for current and future activities and responsibilities
MOA
Memorandum of Agreement (MOA)
- a written document describing a cooperative relationship between two parties wishing to work together on a project
MOU
Memorandum of Understanding (MOU)
- a non-binding agreement that outlines the general intentions and understanding between parties
MTBF
Mean Time Between Failures (MTBF)
- the average time between repairable failures of a technology product
MTTR
Mean Time To Failure (MTTF)
- the average time between non-repairable failures of a technology product
RPO
Recovery Point Objective (RPO)
- the maximum length of time permitted that data can be restored from
SLA
Service Level Agreement (SLA)
- a formal agreement between a service provider and a client that defines the level of service expected
DRP
Disaster Recovery Plan (DRP)
- process involves creating a strategy to restore IT systems and data after a disaster
IRP
Incident Response Plan (IRP)
- a written document, formally approved by the senior leadership team, that helps your organization before, during, and after a confirmed or suspected security incident
RDP
Remote Desktop Protocol (RDP)
- a protocol that enables users anywhere in the world to access and control a computer through a secure, reliable channel
PII
Personally Identifiable Information (PII)
- a category of sensitive data that can be used to identify an individual
SPIM
Spam Over Internet Messaging (SPIM)
- involves sending un
HSM
Hardware Security Module (HSM)
- a physical device that protects cryptographic keys and other sensitive data in an organization
OCSP
Online Certificate Status Protocol (OCSP)
- an alternative to the certificate revocation list (CRL) and is used to check whether a digital certificate is valid or if it has been revoked
CMS
Content Management System (CMS)
- software suites that allow site administrators to easily manage the design, functionality, and operation of websites with minimal technical expertise
CTM
Counter Mode (CTM)
DEP
Data Execution Prevention (DEP)
- a technology built into Windows that helps protect you from executable code launching from places it’s not supposed to
DES
Data Encryption Standard (DES)
- a symmetric-key algorithm for the encryption of digital data
DHCP
Dynamic Host Configuration Protocol (DHCP)
- a networking protocol that automatically assigns IP addresses and other network parameters to devices connected to a network; responsible for setting up configurations when a computer first joins a local network
DHE
Diffie-Hellman Ephemeral (DHE)
DNAT
Destination Network Address Translation (DNAT)
- a networking technology that can be used to enhance network security and allow external users to access internal services
DNS
Domain Name System (DNS)
- a critical part of the internet infrastructure that translates domain names into IP addresses so that computers can communicate with each other
DPO
Data Privacy Officer (DPO)
- a role in an organization that ensures that the company is compliant with data protection laws and regulations when handling personal data
DSA
Digital Signature Algorithm (DSA)
- a FIPS (Federal Information Processing Standard) and public-key cryptosystem that’s used for digital signatures
DSL
Digital Subscriber Line (DSL)
EAP
Extensible Authentication Protocol (EAP)
- used to pass the authentication information between the supplicant (the Wi-Fi workstation) and the authentication server (Microsoft IAS or other)
ECB
Electronic Code Book (ECB)
- a block cipher mode of operation that encrypts messages by dividing them into blocks and encrypting each block separately
ECC
Elliptic Curve Cryptography (ECC)
- a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys
ECDHE
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
ECDSA
Elliptic Curve Digital Signature Algorithm (ECDSA)
EFS
Encrypted File System (EFS)
- a Windows feature that encrypts files and folders to protect them from unauthorized access
