Cybersecurity Important Terms Flashcards
Encryption
The process of converting information or data into a code, especially to prevent unauthorized access.
-Cornerstone of data protection.
-Different types of encryption
-Pay attention to depreciated encryption meaning too weak Sha-1 depreciated, AS256 or AS128 are good.
Single Sign-On
An authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
Multi-Factor Authentication
An electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism:
knowledge, possession, inherence, and location
Intrusion Detection System (IDS)
IDS: A device or software application that monitors a network or systems for malicious activity or policy violations
- Critical in modern day networks to understand what is not normal behaviors.
-Notified someone to take action.
Intrusion Prevention System (IPS)
IPS: A network security tool (which can be a hardware device or
software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.
- Critical in modern day networks to understand what is not normal behaviors.
- Can be programmed to take actions
Firewall
A part of a computer system or network which is designed to block unauthorized access while permitting outward communication.
-NGFW: Next Generation Fire Wall
IP Address
A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network.
-Address on the internet
Ports
A process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP)
Domain Name System (DNS)
The hierarchical and decentralized naming system used to identify computers reachable through the Internet or other Internet Protocol networks. The domain name server (DNS) translates domain names into IP addresses.
Network Access Control (NAC)
A security solution that enforces policy on devices that access
networks to increase network visibility and reduce risk.
-802.11X
Shared Responsibility Model
A cloud security framework that dictates the security obligations of a cloud computing provider and its users to ensure accountability.
Personally Identifiable Information (PII)
Information that, when used with one or more relevant sets of data, can identify an individual (such as name with email or address with birth date).
Protected Health Information (PHI)
Information about the health status, provision of health care, and/or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual.
Advanced Persistent Threat (APT)
A stealthy threat actor, typically a nation state or state-sponsored
group, which gains unauthorized access to a computer network and remains undetected for an extended period.
Software Development Lifecycle (SDLC)
A systematic, multi-step process that streamlines software
development from inception to release. It’s an easy-to-follow step
by step procedural model that enables organizations to develop
software in a timely manner.
