Cyber Security for Beginners - glossary

Question 1

Acceptable use policy

Answer 1

A set of wording describes an agreement between any user and the enterprise that owns the service, application or device being accessed. The agreement usually defines both the primary permitted and prohibited activities.

Question 2

Access controls

Answer 2

Rules and techniques used to manage and restrict entry to or exit from a physical, virtual or digital area through the use of permissions

Question 3

APT

Answer 3

Advanced Persistent Threats, a term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices.

Question 4

Adware

Answer 4

Any computer program designed to render adverts to an end user. Considered malware.

Question 5

Air gap

Answer 5

to use some form of physical and electronic separation to ensure that activities in one are canoot impact or infect activities in another.

Question 6

Alert status

Answer 6

An escalation flag that can be assigned to a security incident to indicate that it cannot be managed inside allowable time limits or other acceptable tolerances.

Question 7

Anti-malware

Answer 7

A computer progeram designed to look for specific files and behaviours that indicate the presence or attempted installation of malware.

Question 8

Anti-virus

Answer 8

Predecessor of anti-malware that was used before the nature of malware had diversifided.

Question 9

Application

Answer 9

a collection of functions and instructions in electronic format.

Question 10

asset

Answer 10

any item that has inherent value

Question 11

attack

Answer 11

the occurance of unatuhorized intrusion

Question 12

attack surface

Answer 12

the sum of the potential exposure area that could be used to gain unauthorized entry to any part of a digital landscape. This area usually includes perimeter network hardware and web servers.

Question 13

Audits

Answer 13

The use of independent examiners to check if a target product, service and/or location is meeting the specific required standards.

Question 14

Backdoor

Answer 14

a covert method of accessing software or a device that bypasses normal authentication requirements

Question 15

Black box penetration testing

Answer 15

It is the term used to describe a situation in which no advance information about the technical details of a computer programs has been made available to the pen-testers?

Question 16

Black hat

Answer 16

A hacker with unethical goals, or no perceived ethical goals.

Question 17

Bleeding edge

Answer 17

using inventions so new , they have the likelihood to cause damage to their population before they become stable or safe

Question 18

BGP

Answer 18

Border Gateway Protocol is a standard format that different systems on a network can use to share and make decisions about the path for information being transmitted.

Question 19

Breach notification procedure

Answer 19

Some types of information, when suspected or known to be lost or stolen, must, by law be reporter to one or more autorities.

Question 20

Brute force,

Answer 20

A systematic approach that can quickly generate large volumes of possible methods to gain unauthorized access.

Question 21

Buffer overflow

Answer 21

Exceeding the region of electronic memory used to store data temporarily when it is being moved between locations

Question 22

BCP

Answer 22

Business Continuity Plan an operational document that describes how an organization can restore its critical products or services.

Question 23

BYOD

Answer 23

Bring your own devicce

Question 24

CAPA

Answer 24

Corrective Action Preventive Action.

Question 25

CISO

Answer 25

Chief information security officer - single point of accountability in any organization for ensuring that an appropriate framework for managing dangers and threats to electronic an physical information assets is operating and effective

Question 26

Cipher

Answer 26

the use of a key to change information into a secret or hidden format

Question 27

Closed system

Answer 27

a collection of applications, systems and devices that only have the ability to communicate with each other

Question 28

Compliance

Answer 28

The process used to verify that governance items are being followed. Audits, assessments and monitoring can be used to identify and report compliance deficiencies.

Question 29

Confidentiality

Answer 29

The assignment of a value to a set of information to indicate the level of secrecy and the access restriction required to prevent unauthorized people from viewing it. A typical example of a confidentiality scale is. 1. Public 2. Internal 3. Confidential 4. Strictly Confidential and 5. Restricted

Question 30

Containerization

Answer 30

the partitioning of software functions within a single device, system or network that is sufficient to isolate it from potential harm

Question 31

Containment

Answer 31

a stage during an incident response when steps are taken to isolate a confirmed problem

Question 32

Control modes

Answer 32

Umbrella term for preventitive, detective and corrective methods of defense.

Question 33

Corrective Control

Answer 33

a method of defense that is introduced as the reactive result of an observed deficiency

Question 34

Cros-Site scripting

Answer 34

A securit exploits that take advantage of security design flaws in web-generated pages.

Question 35

Cyber

Answer 35

Using digital devices

Question 36

Cyber attack

Answer 36

an aggressive or hostile action that leverages or targets digital de-vices

Question 37

Cyber attack lifecycle

Answer 37

A model of sequential steps that are involved in a successful unauthorized intrusion or disruption into a digital landscape or digital device.

Question 38

Cyber Defense Points

Answer 38

The digital locations were controls can be added

Question 39

Cybersecurity

Answer 39

The protection of digital devices and their communication channels to keep them stable, dependable and reasonably safe.

Question 40

dark web

Answer 40

website that hide their server locations, although publically accessible they are not registered on standard search engines and the hidden server values make it extremely difficult to determine which organizations and people are behind these sites.

Question 41

Data

Answer 41

Information stored in an electronic or digital format

Question 42

DLP

Answer 42

Data Loss Prevention this term can describe both the technologies and the strategies used to help stop information from being taken out of an organization without appropriate authorization.

Question 43

DDOS

Answer 43

Distributed Denial of Service

Question 44

deep web

Answer 44

Internet content that cannot be seen by search engines, This includes not only dark web content but also harmless and general content not indexed.

Question 45

Defense by design

Answer 45

The process of ensuring that protective security measures are consistently included and embedded from the earliest requirements stage of any component

Question 46

Defense in depth

Answer 46

The use of multiple layers of security techniques to help reduce the chance of a successful attack

Question 47

Doxxing

Answer 47

Pubicly exposing personal information on the internet.

Question 48

Drive-by download

Answer 48

An covert unintended download of software onto a device.

Question 49

Eavesdropping

Answer 49

Covertly or secretly listening in on communication

Question 50

Encryption

Answer 50

The act of encoding messages so that if they are intercepted by an unauthorized party the cannot be read unless the encoding mechanism can be deciphered.

Question 51

Endpoint

Answer 51

Any electronic device that can be used to store or process information ex. Laptop, Phone

Question 52

Ethical Hacker

Answer 52

Alternative name for Pen Tester

Question 53

Exploit

Answer 53

To take advantage of a vulnerability.

Question 54

HIPS

Answer 54

Host Based Intrusion Prevention Systems, a version of an IPS that is installed directly onto the digital device

Question 55

IAM

Answer 55

Identity Access Management

Question 56

Patch management

Answer 56

Controlled process used to deploy critical interim updates.