CYBERSECURITY Coursera Specialization Flashcards
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Cybersecurity (or security)
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Cloud Security
A current or former employee, external vendor, or trusted partner who poses a security risk
Internal threat
The practice of keeping an organization’s network infrastructure secure from unauthorized access
Network security
Any information used to infer an individual’s identity
Personally identifiable information (PII)
A specific type of PII that falls under stricter handling guidelines
Sensitive personally identifiable information (SPII)
Skills that require knowledge of specific tools, procedures, and policies
Technical skills
Any circumstance or event that can negatively impact assets
Threat
Any person or group who presents a security risk
Threat actor
Skills from other areas that can apply to different careers
Transferable skills
: A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Adversarial artificial intelligence (AI):
The process of verifying who someone is
Authentication
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
Business Email Compromise (BEC)
Malicious code written to interfere with computer operations and cause damage to data and software
Computer virus
: An attack that affects secure forms of communication between a sender and the intended recipient
Cryptographic attack
An attempt to access password secured devices, systems, networks, or data
Password attack
Software designed to harm devices or networks
Malware
Any person or group who uses computers to gain unauthorized access to data
Hacker
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Supply-chain attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of user
Watering hole attack
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Vishing
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
USB baiting
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Phishing
A security incident that affects not only digital but also physical environments where the incident is deployed
Physical attack
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Physical social engineering:
: A manipulation technique that exploits human error to gain private information, access, or valuables
Social engineering:
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Social media phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Spear phishing
