Cyber Security for Beginners - glossary Flashcards
Acceptable use policy
A set of wording describes an agreement between any user and the enterprise that owns the service, application or device being accessed. The agreement usually defines both the primary permitted and prohibited activities.
Access controls
Rules and techniques used to manage and restrict entry to or exit from a physical, virtual or digital area through the use of permissions
APT
Advanced Persistent Threats, a term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices.
Adware
Any computer program designed to render adverts to an end user. Considered malware.
Air gap
to use some form of physical and electronic separation to ensure that activities in one are canoot impact or infect activities in another.
Alert status
An escalation flag that can be assigned to a security incident to indicate that it cannot be managed inside allowable time limits or other acceptable tolerances.
Anti-malware
A computer progeram designed to look for specific files and behaviours that indicate the presence or attempted installation of malware.
Anti-virus
Predecessor of anti-malware that was used before the nature of malware had diversifided.
Application
a collection of functions and instructions in electronic format.
asset
any item that has inherent value
attack
the occurance of unatuhorized intrusion
attack surface
the sum of the potential exposure area that could be used to gain unauthorized entry to any part of a digital landscape. This area usually includes perimeter network hardware and web servers.
Audits
The use of independent examiners to check if a target product, service and/or location is meeting the specific required standards.
Backdoor
a covert method of accessing software or a device that bypasses normal authentication requirements
Black box penetration testing
It is the term used to describe a situation in which no advance information about the technical details of a computer programs has been made available to the pen-testers?
Black hat
A hacker with unethical goals, or no perceived ethical goals.
Bleeding edge
using inventions so new , they have the likelihood to cause damage to their population before they become stable or safe
BGP
Border Gateway Protocol is a standard format that different systems on a network can use to share and make decisions about the path for information being transmitted.
Breach notification procedure
Some types of information, when suspected or known to be lost or stolen, must, by law be reporter to one or more autorities.
Brute force,
A systematic approach that can quickly generate large volumes of possible methods to gain unauthorized access.
Buffer overflow
Exceeding the region of electronic memory used to store data temporarily when it is being moved between locations
BCP
Business Continuity Plan an operational document that describes how an organization can restore its critical products or services.
BYOD
Bring your own devicce
CAPA
Corrective Action Preventive Action.
CISO
Chief information security officer - single point of accountability in any organization for ensuring that an appropriate framework for managing dangers and threats to electronic an physical information assets is operating and effective
Cipher
the use of a key to change information into a secret or hidden format
Closed system
a collection of applications, systems and devices that only have the ability to communicate with each other
Compliance
The process used to verify that governance items are being followed. Audits, assessments and monitoring can be used to identify and report compliance deficiencies.
Confidentiality
The assignment of a value to a set of information to indicate the level of secrecy and the access restriction required to prevent unauthorized people from viewing it. A typical example of a confidentiality scale is. 1. Public 2. Internal 3. Confidential 4. Strictly Confidential and 5. Restricted
Containerization
the partitioning of software functions within a single device, system or network that is sufficient to isolate it from potential harm
Containment
a stage during an incident response when steps are taken to isolate a confirmed problem
Control modes
Umbrella term for preventitive, detective and corrective methods of defense.
Corrective Control
a method of defense that is introduced as the reactive result of an observed deficiency
Cros-Site scripting
A securit exploits that take advantage of security design flaws in web-generated pages.
Cyber
Using digital devices
Cyber attack
an aggressive or hostile action that leverages or targets digital de-vices
Cyber attack lifecycle
A model of sequential steps that are involved in a successful unauthorized intrusion or disruption into a digital landscape or digital device.
Cyber Defense Points
The digital locations were controls can be added
Cybersecurity
The protection of digital devices and their communication channels to keep them stable, dependable and reasonably safe.
dark web
website that hide their server locations, although publically accessible they are not registered on standard search engines and the hidden server values make it extremely difficult to determine which organizations and people are behind these sites.
Data
Information stored in an electronic or digital format
DLP
Data Loss Prevention this term can describe both the technologies and the strategies used to help stop information from being taken out of an organization without appropriate authorization.
DDOS
Distributed Denial of Service
deep web
Internet content that cannot be seen by search engines, This includes not only dark web content but also harmless and general content not indexed.
Defense by design
The process of ensuring that protective security measures are consistently included and embedded from the earliest requirements stage of any component
Defense in depth
The use of multiple layers of security techniques to help reduce the chance of a successful attack
Doxxing
Pubicly exposing personal information on the internet.
Drive-by download
An covert unintended download of software onto a device.
Eavesdropping
Covertly or secretly listening in on communication
Encryption
The act of encoding messages so that if they are intercepted by an unauthorized party the cannot be read unless the encoding mechanism can be deciphered.
Endpoint
Any electronic device that can be used to store or process information ex. Laptop, Phone
Ethical Hacker
Alternative name for Pen Tester
Exploit
To take advantage of a vulnerability.
HIPS
Host Based Intrusion Prevention Systems, a version of an IPS that is installed directly onto the digital device
IAM
Identity Access Management
Patch management
Controlled process used to deploy critical interim updates.
