Foundations of Cybersecurity Flashcards
Compliance
The process of adhering to internal standards and external regulations and enables organizations to avoid fines and security breaches.
Security frameworks
Guidelines used for building plans to help mitigate risks and threats to data and privacy.
Security controls
Safeguards designed to reduce specific security risks. They are used with security frameworks to establish a strong security posture.
Security posture
An organization’s ability to manage its defense of critical assets and data and react to change. A strong security posture leads to lower risk for the organization.
Threat actor
Aka, a malicious attacker. Any person or group who presents a security risk.
Internal threat
A current or former employee, an external vendor, or a trusted partner who poses a security risk. At times, this threat is accidental.
Network security
The practice of keeping an organization’s network infrastructure secure from unauthorized access. This includes data, services, systems, and devices that are stored in an organization’s network.
Cloud security
The process of ensuring that assets stored in the cloud are properly configured, or set up correctly, and access to those assets is limited to authorized users.
Programming
A process that can be used to create a specific set of instructions for a computer to execute tasks.
Cybersecurity (or security)
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation.
Personally identifiable information (PII)
Any information used to infer an individual’s identity.
Sensitive personally identifiable information (SPII)
A specific type of PII that falls under stricter handling guidelines. E.g. SS # or credit card information.
Technical skills
Skills that require knowledge of specific tools, procedures, and policies.
Threat
Any circumstance or event that can negatively impact assets.
Transferable skills
Skills from other areas that can apply to different careers.
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software.
What are the most common types of phishing attacks?
Business Email Compromise (BEC), Spear phishing, Whaling, Vishing, and Smishing
Business Email Compromise (BEC)
A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
Spear phishing
A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Smishing
The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.
Malware
Software designed to harm devices or networks.
What are the most common types of malware?
Viruses, Worms, Ransomware, and Spyware
Viruses
Malicious code written to interfere with computer operations and cause damage to data and software.
Worms
Malware that can duplicate and spread itself across systems on its own.
Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
Spyware
Malware that’s used to gather and sell information without consent. This type of malware can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings, and locations.
Social engineering
A manipulation technique that exploits human error to gain private information, access, or valuables.
Phishing, Smishing, Vishing, Spear phishing, Whaling, Social media phishing, Business Email Compromise (BEC), Watering hole attack, USB (Universal Serial Bus) baiting, and Physical social engineering.
What are the most common types of social engineering attacks?
What does CISSP stand for?
Certified Information Systems Security Professional
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
What are the eight CISSP security domains?
Password attack
An attempt to access password-secured devices, systems, networks, or data.
What are the two common forms of password attacks?
Brute force and Rainbow table
Physical attack
A security incident that affects not only digital but also physical environments where the incident is deployed.
What are some of the most common examples of physical attacks?
Malicious USB cable, Malicious flash drive, and Card cloning and skimming
Adversarial artificial intelligence
A technique that manipulates
artificial intelligence and machine learning technology to conduct attacks more efficiently.
Supply-chain attack
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.
Cryptographic attack
An attack that affects secure forms of communication between a sender and intended recipient.
What are some forms of cryptographic attacks?
Birthday, Collision, and Downgrade
Insider threats
Those who abuse their authorized access to obtain data that may harm an organization.
Sabotage, Corruption, Espionage, and Unauthorized data access or leaks
What are 4 potential intentions and motivations of Insider Threats?
Hacktivist
A person who uses hacking to achieve a political goal.
What are 4 potential goals of a hacktivist?
Demonstrations, Propaganda, Social change campaigns, Fame
Hacker
Any person who uses computers to gain access to computer systems, networks, or data.
What does the CIA triad stand for?
Confidentiality, Integrity, and Availability
Protected Health Information (PHI)
Relates to the past, present, or future physical or mental health or condition of an individual, whether it’s a plan of care or payments for care.
Security ethics
Guidelines for making appropriate decisions as a security professional.
Confidentiality
The idea that only authorized users can access specific assets or data.
Privacy protection
Safeguarding personal information from unauthorized use.
Laws
Rules that are recognized by a community and enforced by a governing entity.
Health Insurance Portability and Accountability Act (HIPAA)
A U.S. federal law established to protect patients’ health information, also known as PHI, or protected health information.
Asset
An item perceived as having value to an organization.
Availability
The idea that data is accessible to those who are authorized to access it.
Confidentiality, integrity, availability (CIA) triad
A model that helps inform how organizations consider risk when setting up systems and security policies.
Integrity
The idea that the data is correct, authentic, and reliable.
What does NIST CSF stand for?
National Institute of Standards and Technology Cyber Security Framework
National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.
Security architecture
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats.
Security governance
Practices that help support, define, and direct security efforts of an organization.
Security information and event management (SIEM) tool
An application that collects and analyzes log data to monitor critical activities in an organization.
Log
A record of events that occur within an organization’s systems.
Network protocol analyzer
Aka packet sniffer. A tool designed to capture and analyze data traffic in a network.
Playbook
A manual that provides details about any operational action, such as how to respond to a security incident.
What are two types of playbooks?
Chain of Custody and Protecting and Preserving Evidence playbooks
Order of volatility
A sequence outlining the order of data that must be preserved from first to last.
Automation
The use of technology to reduce human and manual effort in performing common and repetitive tasks.
Structured Query Language (SQL)
Used to create, interact with, and request information from a database.
Database
An organized collection of information or data.
Data point
A specific piece of information.
Operating system
The interface between computer hardware and the user.
Linux
An open-source operating system.
Command
An instruction telling the computer to do something.
Command-line interface (CLI)
A text-based user interface that uses commands to interact with the computer.
Web vulnerability
A unique flaw in a web application that a threat actor could exploit by using malicious code or behavior, to allow unauthorized access, data theft, and malware deployment.
Antivirus software
A software program used to prevent, detect, and eliminate malware and viruses.
Intrusion detection system (IDS)
An application that monitors system activity and alerts on possible intrusions.
Encryption
The process of converting data from a readable format to a cryptographically encoded format.
Cryptographic encoding
Converting plaintext into secure ciphertext.
Plaintext
Unencrypted information.
Secure ciphertext
The result of encryption
Penetration testing
Aka, pen testing. The act of participating in a simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes.
Protecting and preserving evidence
The process of properly working with fragile and volatile digital evidence.
Active packet sniffing
A type of attack where data packets are manipulated in transit.
Botnet
A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder”.
Denial of service (DoS) attack
An attack that targets a network or server and floods it with network traffic.
Distributed denial of service (DDoS) attack
A type of denial of service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic.
Internet Control Message Protocol (ICMP)
An internet protocol used by devices to tell each other about data transmission errors across the network.
Internet Control Message Protocol (ICMP) flood
A type of DoS attack performed by an attacker repeatedly sending ICMP request packets to a network server.
IP spoofing
A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.
On-path attack
An attack where a malicious actor places themselves in the middle of an authorized connection and intercepts or alters the data in transit.
Packet sniffing
The practice of capturing and inspecting data packets across a network.
Passive packet sniffing
A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network.
Ping of death
A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is larger than 64KB.
Replay attack
A network attack performed when a malicious actor intercepts a data packet in transit and delays it or repeats it at another time.
Smurf attack
A network attack performed when an attacker sniffs an authorized user’s IP address and floods it with ICMP packets.
Synchronize (SYN) flood attack
A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets.
Backdoor attack
Weaknesses intentionally left by programmers or system and network administrators that bypass normal access control mechanisms.
