Foundations of Cyber Security Flashcards
Cybersecurity
_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Cloud Security
_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Internal threat
A current or former employee, external vendor, or trusted partner who poses a security risk
Network Security
The practice of keeping an organization’s network infrastructure secure from unauthorized access
Personally identifiable information (PII)
Any information used to infer an individual’s identity
Security posture
An organization’s ability to manage its defense of critical assets and data and react to change
Sensitive personally identifiable information (SPII)
A specific type of PII that falls under stricter handling guidelines
Technical skills
Skills that require knowledge of specific tools, procedures, and policies
Threat
Any circumstance or event that can negatively impact assets
Threat actor
Any person or group who presents a security risk
Transferable skills
Skills from other areas that can apply to different careers
Adversarial artificial intelligence (AI):
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Business Email Compromise (BEC):
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
CISSP
Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium
Computer Virus
Malicious code written to interfere with computer operations and cause damage to data and software
Cryptographic attack
An attack that affects secure forms of communication between a sender and intended recipient
Hacker
Any person who uses computers to gain access to computer systems, networks, or data
Malware
Software designed to harm devices or networks
Password attack
An attempt to access password secured devices, systems, networks, or data
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Physical attack
A security incident that affects not only digital but also physical environments where the incident is deployed
Physical social engineering
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Social Media Phishing
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Spear Phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Supply-Chain attack
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
USB baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Virus
refer to “computer virus”
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Watering hole attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Asset
An item perceived as having value to an organization
Availability
The idea that data is accessible to those who are authorized to access it
Compliance
The process of adhering to internal standards and external regulations
Confidentiality
The idea that only authorized users can access specific assets or data
Confidentiality, integrity, availability (CIA) triad
A model that helps inform how organizations consider risk when setting up systems and security policies
Hacktivist
A person who uses hacking to achieve a political goal
Health Insurance Portability and Accountability Act (HIPPA)
A U.S. federal law established to protect patients’ health information
Integrity
The idea that the data is correct, authentic, and reliable
National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
Privacy Protection
The act of safeguarding personal information from unauthorized use
Security architecture
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
Security ethics
Guidelines for making appropriate decisions as a security professional
Security controls
Safeguards designed to reduce specific security risks
Protected health information (PHI)
Information that relates to the past, present, or future physical or mental health or condition of an individual
Security frameworks
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security governance
Practices that help support, define, and direct security efforts of an organization
Sensitive personally identifiable information (SPII)
A specific type of PII that falls under stricter handling guidelines
Antivirus software
A software program used to prevent, detect, and eliminate malware and viruses
Database
An organized collection of information or data
Data point
A specific piece of information
Intrusion detection system (IDS)
An application that monitors system activity and alerts on possible intrusions
Linux
An open-source operating system
Log
A record of events that occur within an organization’s systems
Network protocol analyzer (packet sniffer)
A tool designed to capture and analyze data traffic within a network
Order of volatility
A sequence outlining the order of data that must be preserved from first to last
Programming
A process that can be used to create a specific set of instructions for a computer to execute tasks
Protecting and preserving evidence
The process of properly working with fragile and volatile digital evidence
Security information and event management (SIEM)
An application that collects and analyzes log data to monitor critical activities in an organization
SQL (Structured Query Language)
A query language used to create, interact with, and request information from a database
_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Cybersecurity
_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Cloud Security
A current or former employee, external vendor, or trusted partner who poses a security risk
Internal threat
The practice of keeping an organization’s network infrastructure secure from unauthorized access
Network Security
Any information used to infer an individual’s identity
Personally identifiable information (PII)
An organization’s ability to manage its defense of critical assets and data and react to change
Security posture
A specific type of PII that falls under stricter handling guidelines
Sensitive personally identifiable information (SPII)
Skills that require knowledge of specific tools, procedures, and policies
Technical skills
Any circumstance or event that can negatively impact assets
Threat
Any person or group who presents a security risk
Threat actor
Skills from other areas that can apply to different careers
Transferable skills
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Adversarial artificial intelligence (AI):
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
Business Email Compromise (BEC):
Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium
CISSP
Malicious code written to interfere with computer operations and cause damage to data and software
Computer Virus
An attack that affects secure forms of communication between a sender and intended recipient
Cryptographic attack
Any person who uses computers to gain access to computer systems, networks, or data
Hacker
Software designed to harm devices or networks
Malware
An attempt to access password secured devices, systems, networks, or data
Password attack
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Phishing
A security incident that affects not only digital but also physical environments where the incident is deployed
Physical attack
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Physical social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables
Social engineering
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Social Media Phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Spear Phishing
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Supply-Chain attack
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
USB baiting
refer to “computer virus”
Virus
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Vishing
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Watering hole attack
An item perceived as having value to an organization
Asset
The idea that data is accessible to those who are authorized to access it
Availability
The process of adhering to internal standards and external regulations
Compliance
The idea that only authorized users can access specific assets or data
Confidentiality
A model that helps inform how organizations consider risk when setting up systems and security policies
Confidentiality, integrity, availability (CIA) triad
A person who uses hacking to achieve a political goal
Hacktivist
A U.S. federal law established to protect patients’ health information
Health Insurance Portability and Accountability Act (HIPPA)
The idea that the data is correct, authentic, and reliable
Integrity
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
The act of safeguarding personal information from unauthorized use
Privacy Protection
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
Security architecture
Guidelines for making appropriate decisions as a security professional
Security ethics
Safeguards designed to reduce specific security risks
Security controls
Information that relates to the past, present, or future physical or mental health or condition of an individual
Protected health information (PHI)
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security frameworks
Practices that help support, define, and direct security efforts of an organization
Security governance
A specific type of PII that falls under stricter handling guidelines
Sensitive personally identifiable information (SPII)
A software program used to prevent, detect, and eliminate malware and viruses
Antivirus software
An organized collection of information or data
Database
A specific piece of information
Data point
An application that monitors system activity and alerts on possible intrusions
Intrusion detection system (IDS)
An open-source operating system
Linux
A record of events that occur within an organization’s systems
Log
A tool designed to capture and analyze data traffic within a network
Network protocol analyzer (packet sniffer)
A sequence outlining the order of data that must be preserved from first to last
Order of volatility
A process that can be used to create a specific set of instructions for a computer to execute tasks
Programming
The process of properly working with fragile and volatile digital evidence
Protecting and preserving evidence
An application that collects and analyzes log data to monitor critical activities in an organization
Security information and event management (SIEM)
A query language used to create, interact with, and request information from a database
SQL (Structured Query Language)
