Foundations Of Cybersecurity Flashcards
Cybersecurity
The practice of ensuring confidentiality, integrity and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Threat Actor
Any person or group who presents a security risk
Playbook
A list of how to go through a certain detection, and what the analyst needs to look at in order to investigate those incidents
Compliance
The process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches
Security Frameworks
Guidelines used for building plans to help mitigate risks and threats to data and privacy
Security Controls
Safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture
Security Posture
An organizations ability to manage its defense of critical assets and data and react to change.
Internal Threat
A current or former employee, an external vendor or a trusted partner who poses a security risk.
Network Security
The practice of keeping an organizations network infrastructure secure from unauthorized access.
Cloud Security
The process of ensuring that assets stored in the cloud are properly configured or set up correctly, and access to those assets is limited to authorized users.
Cloud
A network made up of a collection of servers or computers that store resources and data in remote physical locations known as data centers that can be accessed via the internet.
Programming
A process that can be used to create a specific set of instructions for a computer to execute tasks.
Transferable Skills
Communication, collaboration, analysis and problem solving
Technical Skills
Programming languages, Security Information and Event Management (SIEM) tools, and computer forensics
Security Information and Event Management (SIEM) Tools
Tools which collect and analyze log data or records of events such as unusual login behavior and support analysts ability to monitor critical activities in an organization.
Intrusion Detection Systems (IDSs)
Used to monitor system activity and alerts for possible intrusions.
Personally Identifiable Information (PII)
Any information used to infer an individuals identity. (Ex- full name, D.O.B., address, phone number, email, IP)
Sensitive Personally Identifiable Information (SPII)
A specific type of PII that falls under stricter handling guidelines. (Ex- SSN, medical or financial information, biometric data)
Computer Virus
Malicious code written to interfere with computer operations and cause damage to data and software.
Malware
Software designed to harm devices or network.
Social Engineering
A manipulation technique that exploits human error to gain private information, access, or valuables.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
CSIRTs
Computer Security Incident Response Teams
Business Email Compromise (BEC)
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information in order to obtain a financial advantage.
Spear Phishing
A malicious email attack that targets a specific user or group of users.
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Smishing
The use of text messages to trick users in order to obtain sensitive information or to impersonate a known source.
Worms
Malware that can duplicate and spread itself across system on its own.
Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
Spyware
Malware that’s used to gather and sell information without consent.
Social Media Phishing
A threat actor collects detailed information about their target from social media sites.
Watering Hole Attack
A threat actor attacks a website frequently visited by a specific group of users.
USB Baiting
A threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network.
Physical Social Engineering
A threat actor impersonates an employee, customer or vendor to obtain unauthorized access to a physical location.
Reasons Social Engineering Is Effective
Authority, intimidation, consensus/ social proof, scarcity, familiarity, trust or urgency
CISSP
Certified Information Systems Security Professional
Name The 8 CISSP Security Domains
Security and Risk Management, Asset Security, Security Architecture and Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security
Security and Risk Management
Defines security goals and objectives, risk mitigation, compliance, business continuity, and the law.
Asset Security
Secures digital and physical assets. Related to the storage, maintenance, retention, and destruction of data.
Security Architecture and Engineering
Optimizes data security by ensuring effective tools, systems, and processes are in place. Ex- firewall
Communication and Network Security
Manage and secure physical networks and wireless communications.
Identity and Access Management
Keeps data secure by ensuring users follow established policies to control and manage physical assets, like office spaces and logical assets, such as networks and applications. Ex- validating employees or setting up keycard access.
Security Assessment and Testing
Conducting security control testing, collecting and analyzing data, and conducting security audits to monitor for risks, threats, and vulnerabilities.
Security Operations
Conducting investigations and implementing preventative measures. Ex- unknown device connects to the network
Software Development Security
Uses secure coding practices, which are a set of recommended guidelines that are used to create secure applications and services.
Password Attack
An attempt to access password secured devices, systems, networks, or data. Ex- Brute Force or Rainbow Table
Physical Attack
A security incident that affects not only digital but also physical environments where the incident is deployed.
Adversarial Artifical Intelligence
A technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently.
Supply Chain Attack
Targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.
Cryptographic Attack
Affects secure forms of communication between a sender and intended recipient.
Advanced Persistent Threats (APTs)
Have significant expertise accessing an organizations network without authorization. Tend to research their targets in advance and can remain undetected for an extended period of time.
Insider Threats
Abuse of their authorized access to obtain data that may harm an organization.
Hacktivists
Threat actors that are driven by a political agenda.
Hacker
Any person who uses a computer to gain access to computer systems, networks, or data.
Authorized Hackers (Ethical Hackers)
Follow a code of ethics and adhere to the law to conduct organizational risk evaluations.
Semi-Authorized Hackers (Researchers)
Search for vulnerabilities but don’t take advantage of the vulnerabilities they find.
Unauthorized Hackers (Unethical Hackers)
Malicious threat actors who don’t follow or respect the law.
Security Life Cycle
A constantly evolving set of policies and standards that define how an organization manages risks, follows established guidelines and meets regulatory compliance laws
Purposes of Security Frameworks
Protecting PII, Securing Financial Information, Identifying Security weaknesses, managing organizational risks, aligning Security with business goals
Components of Security Frameworks
Identifying and documenting security goals, setting guidelines to achieve security goals, implementing strong security processes, and monitoring and communicating results
General Data Protection Regulation (GDPR)
A data protection law established to grant European citizens more control over their personal data
CIA Triad
A foundational model that helps inform how organizations consider risk when setting up systems and security policies
Confidentiality
Only authorized users can access specific assets or data
Integrity
Data is correct, authentic and reliable
Availability
Data is accessible to those who are authorized to access it
Asset
An item perceived as having value to an organization
NIST
National Institute of Standards and Technology
NIST Cybersecurity Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk (Baseline to manage short and long term risks)
Security Ethics
Guidelines for making appropriate decisions as a security professional
Ethical Principles In Security
Confidentiality, Privacy Protections, and Laws
Privacy Protection
Safeguarding personal information from unauthorized use
Log
A record of events that occur within an organizations systems
Network Protocol Analyzer (Packet Sniffers)
A tool designed to capture and analyze data traffic within a network
Chain of Custody Playbook
The process of documenting evidence possession and control during an incident life cycle. (Who, what, where and why evidence was collected)
Protecting and Preserving Evidence Playbook
The process of properly working with fragile and volatile digital evidence
Order of Volatility
A sequence outlining the order of data that must be preserved from first to last
Volatile Data
Data that may be lost if the device in question powers off
Dashboard
A tool used to visually communicate information or data
Linux
An open source operating system (publicly available)
Structured Query Language (SQL)
A programming language used to create, interact with, and request information from a database
Database
An organized collection of information or data
Python
Used to perform tasks that are repetitive and time consuming and that require a high level of detail and accuracy
Data Point
A specific piece of information
Operating System
The interface between computer hardware and the user. Ex- Linux, macOS, Windows
Command
An instruction telling the computer to do something
Command Line
A text based user interface that uses commands to interact with the computers
Web Vulnerability
A unique flaw in a web application that a threat actor could exploit
Antivirus Software
A software program used to prevent, detect and eliminate malware and viruses (also called anti malware)
Encryption
The process of converting data from a readable format to a cryptographically encoded format
Cryptographic Encoding
Converting plaintext into secure ciphertext
Plaintext
Unencrypted information
Penetration Testing
The act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications and processes.