Cyber Threats Flashcards
acceptable use policy
a set of wording that describes an agreement between any user and the enterprise that owns the service, application or device being accessed. The agreement usually defines both the primary permitted and prohibited activities
access controls
rules and techniques used to manage and restrict entry to or exit from a physical, virtual or digital area though the use of permissions. Permissions are usually assigned individually to a person, device or application service to ensure accountability and traceability of usage.
Advanced Persistent Threats (APTs)
a term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices and to then leave malicious software in place for as long as possible. The purpose can be for financial gain, brand damage or other political purposes.
adware
any computer program designed to render adverts to an end user. This type of software can be considered a form of malware.
air gap
to use some form of physical and electronic separation to ensure that activities in one area cannot impact or infect activities in another. Used in the context of cybersecurity to describe how sensitive or infected systems are physically and digitally isolated so they have no possibility of interacting with any other systems and networks
alert status
An escalation flag that can be assigned to a security incident to indicate that it cannot be managed inside allowable time limits or other acceptable tolerances that are defined by an organisation’s security processes
anti malware
is a computer program designed to look for specific files and behaviors that indicate the presence or attempted installation of malicious software.
application
a collection of functions and instructions in electronic format that resides across one or more digital devices, usually designed to create, modify, process, store, inspect and/or transmit specific types of data
assessments
the evaluation of a target against specific goals, objectives or other criteria through the collection of information about it
asset
any item (physical or digital) that has inherent value. For cybersecurity, information items that can be monetized are regarded as high-value assets due to their potential resale or blackmail value
attack
the occurrence of an unauthorized instrusion
attack surface
the sum of the potential exposure area that could be used to gain unauthorised entry to any part of a digital landscape
audits
The use of one or more independent examiners to check if a target product, service and/or location is meeting the specific required control standards.
backdoor
a covert method of accessing software or a device that bypasses the normal authentication requirements
backup
the process of archiving a copy of something so that it can be restored following a disruption. OR, having a redundant capability to continue a process, service or application if the primary capability is disrupted.
biometrics
the use of physical qualities and attributes as a form of identity authentication. Fingerprint scans, retina scans and facial recognition are all examples of biometrics. Biometrics is usually used only as part of a multi-factor authentication.
black-box penetration testing
The term used to describe a situation in which no advance information about the technical details of a computer program has been made available to those who are checking it for.
black hat
a person who engages in attempts to gain unauthorized access to one or more digital devices with nefarious objectives. A hacker with unethical goals, or no perceived ethical goals
black-listing
Adding a specific file type, URL or data packet to a security defense program to prevent it from being directly accessed or used. For example, a website domain can be blocked using firewall rules to ensure that no user can visit that website through customary means
bleeding edge
using inventions so new, they have the likelihood to cause damage to their population before they become stable and safe
Border Gateway Protocol (BGP)
Is a standard format that different systems on a network can use to share and make decisions about the path (routing) for information being transmitted
bot
a computer program designed to perform specific tasks. They are usually simple, small and designed to perform fast, repetitive tasks. When the purpose of the program conflicts with an organisation’s goals and needs, a bot can be considered a form of malware.
botnet
A connected set of programs designed to operate together over a network to achieve specific purposes. These purposes can be good or bad. A botnet is sometimes referred to as a zombie army.
bot herder / bot master
a hacker who uses automated techniques to seek vulnerable networks and systems. The bot herder’s initial goal is to install or find bot programs that can be used to achieve a particular purpose.
