Foundations of Cyber Security Flashcards by Alicia Fanning

Cybersecurity

_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

How well did you know this?

Not at all

Perfectly

Cloud Security

_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

How well did you know this?

Not at all

Perfectly

Internal threat

A current or former employee, external vendor, or trusted partner who poses a security risk

How well did you know this?

Not at all

Perfectly

Network Security

The practice of keeping an organization’s network infrastructure secure from unauthorized access

How well did you know this?

Not at all

Perfectly

Personally identifiable information (PII)

Any information used to infer an individual’s identity

How well did you know this?

Not at all

Perfectly

Security posture

An organization’s ability to manage its defense of critical assets and data and react to change

How well did you know this?

Not at all

Perfectly

Sensitive personally identifiable information (SPII)

A specific type of PII that falls under stricter handling guidelines

How well did you know this?

Not at all

Perfectly

Technical skills

Skills that require knowledge of specific tools, procedures, and policies

How well did you know this?

Not at all

Perfectly

Threat

Any circumstance or event that can negatively impact assets

How well did you know this?

Not at all

Perfectly

Threat actor

Any person or group who presents a security risk

How well did you know this?

Not at all

Perfectly

Transferable skills

Skills from other areas that can apply to different careers

How well did you know this?

Not at all

Perfectly

Adversarial artificial intelligence (AI):

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

How well did you know this?

Not at all

Perfectly

Business Email Compromise (BEC):

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

How well did you know this?

Not at all

Perfectly

CISSP

Certified Information Systems Security Professional is a globally recognized and highly sought-after information security certification, awarded by the International Information Systems Security Certification Consortium

How well did you know this?

Not at all

Perfectly

Computer Virus

Malicious code written to interfere with computer operations and cause damage to data and software

How well did you know this?

Not at all

Perfectly

Cryptographic attack

An attack that affects secure forms of communication between a sender and intended recipient

How well did you know this?

Not at all

Perfectly

Hacker

Any person who uses computers to gain access to computer systems, networks, or data

How well did you know this?

Not at all

Perfectly

Malware

Software designed to harm devices or networks

How well did you know this?

Not at all

Perfectly

Password attack

An attempt to access password secured devices, systems, networks, or data

How well did you know this?

Not at all

Perfectly

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

How well did you know this?

Not at all

Perfectly

Physical attack

A security incident that affects not only digital but also physical environments where the incident is deployed

How well did you know this?

Not at all

Perfectly

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

How well did you know this?

Not at all

Perfectly

Social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

How well did you know this?

Not at all

Perfectly

Social Media Phishing

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

How well did you know this?

Not at all

Perfectly

Spear Phishing

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Supply-Chain attack

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

USB baiting

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus

refer to “computer virus”

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Asset

An item perceived as having value to an organization

Availability

The idea that data is accessible to those who are authorized to access it

Compliance

The process of adhering to internal standards and external regulations

Confidentiality

The idea that only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad

A model that helps inform how organizations consider risk when setting up systems and security policies

Hacktivist

A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPPA)

A U.S. federal law established to protect patients' health information

Integrity

The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Privacy Protection

The act of safeguarding personal information from unauthorized use

Security architecture

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security ethics

Guidelines for making appropriate decisions as a security professional

Security controls

Safeguards designed to reduce specific security risks

Protected health information (PHI)

Information that relates to the past, present, or future physical or mental health or condition of an individual

Security frameworks

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security governance

Practices that help support, define, and direct security efforts of an organization

Sensitive personally identifiable information (SPII)

A specific type of PII that falls under stricter handling guidelines

Antivirus software

A software program used to prevent, detect, and eliminate malware and viruses

Database

An organized collection of information or data

Data point

A specific piece of information

Intrusion detection system (IDS)

An application that monitors system activity and alerts on possible intrusions

Linux

An open-source operating system

Log

A record of events that occur within an organization’s systems

Network protocol analyzer (packet sniffer)

A tool designed to capture and analyze data traffic within a network

Order of volatility

A sequence outlining the order of data that must be preserved from first to last

Programming

A process that can be used to create a specific set of instructions for a computer to execute tasks

Protecting and preserving evidence

The process of properly working with fragile and volatile digital evidence

Security information and event management (SIEM)

An application that collects and analyzes log data to monitor critical activities in an organization

SQL (Structured Query Language)

A query language used to create, interact with, and request information from a database

_____ is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Cybersecurity

_____ is the process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Cloud Security

A current or former employee, external vendor, or trusted partner who poses a security risk

Internal threat

The practice of keeping an organization's network infrastructure secure from unauthorized access

Network Security

Any information used to infer an individual’s identity

Personally identifiable information (PII)

An organization’s ability to manage its defense of critical assets and data and react to change

Security posture

A specific type of PII that falls under stricter handling guidelines

Sensitive personally identifiable information (SPII)

Skills that require knowledge of specific tools, procedures, and policies

Technical skills

Any circumstance or event that can negatively impact assets

Threat

Any person or group who presents a security risk

Threat actor

Skills from other areas that can apply to different careers

Transferable skills

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Adversarial artificial intelligence (AI):

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Business Email Compromise (BEC):

CISSP

Malicious code written to interfere with computer operations and cause damage to data and software

Computer Virus

An attack that affects secure forms of communication between a sender and intended recipient

Cryptographic attack

Any person who uses computers to gain access to computer systems, networks, or data

Hacker

Software designed to harm devices or networks

Malware

An attempt to access password secured devices, systems, networks, or data

Password attack

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Phishing

A security incident that affects not only digital but also physical environments where the incident is deployed

Physical attack

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Physical social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

Social engineering

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Social Media Phishing

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Spear Phishing

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Supply-Chain attack

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

USB baiting

refer to “computer virus”

Virus

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Vishing

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Watering hole attack

An item perceived as having value to an organization

Asset

The idea that data is accessible to those who are authorized to access it

Availability

The process of adhering to internal standards and external regulations

Compliance

The idea that only authorized users can access specific assets or data

Confidentiality

A model that helps inform how organizations consider risk when setting up systems and security policies

Confidentiality, integrity, availability (CIA) triad

A person who uses hacking to achieve a political goal

Hacktivist

A U.S. federal law established to protect patients' health information

Health Insurance Portability and Accountability Act (HIPPA)

The idea that the data is correct, authentic, and reliable

Integrity

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

The act of safeguarding personal information from unauthorized use

Privacy Protection

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security architecture

Guidelines for making appropriate decisions as a security professional

Security ethics

Safeguards designed to reduce specific security risks

Security controls

Information that relates to the past, present, or future physical or mental health or condition of an individual

Protected health information (PHI)

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security frameworks

Practices that help support, define, and direct security efforts of an organization

Security governance

A specific type of PII that falls under stricter handling guidelines

Sensitive personally identifiable information (SPII)

A software program used to prevent, detect, and eliminate malware and viruses

Antivirus software

An organized collection of information or data

Database

A specific piece of information

Data point

An application that monitors system activity and alerts on possible intrusions

Intrusion detection system (IDS)

An open-source operating system

Linux

A record of events that occur within an organization’s systems

Log

A tool designed to capture and analyze data traffic within a network

Network protocol analyzer (packet sniffer)

A sequence outlining the order of data that must be preserved from first to last

Order of volatility

A process that can be used to create a specific set of instructions for a computer to execute tasks

Programming

The process of properly working with fragile and volatile digital evidence

Protecting and preserving evidence

An application that collects and analyzes log data to monitor critical activities in an organization

Security information and event management (SIEM)

A query language used to create, interact with, and request information from a database

SQL (Structured Query Language)