Glossary Flashcards

1
Q

Assurance

A

A positive acknowledgement designed to provide confidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Asymmetric cryptography

A

A cryptographic system requiring two separate keys, one of which is private and one of which is public.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acceptable Use Policy (AUP)

A

A policy used to identify what personal use of company resources is acceptable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Accountability

A

The principle of holding individuals and entities responsible for their actions and decisions related to information security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Accredited

A

Accredited refers to the official recognition or certification given to an individual, organization, or program that meets specific standards or criteria set by a reputable accrediting body.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Active Content

A

Content on a website that is either interactive, such as internet polls, or dynamic, such as animated pictures, JavaScript applications or ActiveX applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Analysis

A

The detailed examination of the elements or structure of an entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Anti-Virus

A

Software designed to negate or destroy a computer virus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Assessment

A

An estimation of the nature or quality of an entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Asset

A

Something that has a value to an organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Audit

A

A formal inspection of an organisation’s processes or procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Authentication

A

The assurance that a person or entity is who they claim to be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authorisation

A

the process of granting or restricting access to resources, systems, or information based on the permissions and privileges assigned to individuals or entities, ensuring that only authorised users can perform certain actions or access specific data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Availability

A

The property of being accessible where and when required by an authorised person, entity, or process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Avoidance

A

Avoidance refers to the deliberate action of eliminating or staying away from a particular risk or situation to prevent its occurrence or potential negative impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Backdoor

A

A method of bypassing normal authentication methods, securing illegal remote access to a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Baseline controls

A

Standards that are used to define how systems should be configured, and managed securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Biometric

A

Biometric identifiers are the distinctive, measurable characteristics used to label, describe and identify individuals.
E.G. Face recognition, finger print, voice recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Bring your own device (BYOD)

A

A scheme adopted by some organisations that permits staff to use their own desktop and laptop, computers, tablets and smartphones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Business continuity (BC)

A

The ability of an organisation to continue to function in order to deliver its products or services at an acceptable level following a business disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Business Continuity and Disaster Recovery (BCDR)

A

BCDR focuses on maintaining critical business functions, processes, and infrastructure during and after disruptive events, such as natural disasters, cyber attacks, or system failures, to ensure the organization can continue operating and recover swiftly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Business impact analysis (BIA)

A

The process of analysing the consequences a business disruption might have upon the organisation’s assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Certification

A

A process confirming that a person has reached a predefined level of Achievement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Classification

A

The arrangement of items into taxonomic groups in the information security context, it labels information to identify any defined processing, handling, storage or transmission measures required to ensure appropriate security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Code of conduct

A

A policy that may apply to individuals to ensure that they behave in a certain way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Compliance

A

Acting in accordance with a set of rules or a policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Confidentiality

A

The principle of ensuring that sensitive information is only accessed or disclosed by authorized individuals and protected from unauthorized access or disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Corrective controls

A

Security measures and actions taken in response to identified security incidents, vulnerabilities, or non-compliance issues to mitigate risks, rectify the situation, and prevent future occurrences. (A form of Risk treatment)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Countermeasure

A

An action taken to counteract a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Cover time

A

The minimum time for which information must remain secret.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Cross site request forgery (CSRF)

A

Cross-Site Request Forgery (CSRF) is an attack where an attacker tricks a user’s browser into performing unwanted actions on a trusted website without the user’s knowledge or consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Cross-Site Scripting (XXS)

A

A type of web vulnerability that allows attackers to inject malicious scripts or code into web pages viewed by other users. Occurs when a website or web application does not properly validate or sanitize user input, such as input entered into input fields or parameters in URLs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Cryptanalysis

A

The practice of analysing and deciphering encrypted data or cryptographic systems with the goal of uncovering the original information, discovering weaknesses in the encryption algorithms, or finding methods to bypass or break the encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Cryptography

A

The art and science of encoding information to secure it from unauthorized access or modification during transmission or storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Data leakage (also known as data loss prevention)

A

Measures taken to prevent the unauthorised extraction of data from an organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Decryption

A

The process of taking encrypted information and returning it to a state of Plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Defence in depth

A

A security strategy that involves implementing multiple layers of defence mechanisms and controls to protect against various types of threats and attacks. Rather than relying on a single security measure, defence in depth seeks to create overlapping layers of security that complement and reinforce one another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Deming Cycle

A

The Deming Cycle, also known as the Plan-Do-Check-Act (PDCA) cycle, is a continuous improvement model used to achieve quality control and process improvement. It involves four iterative steps: planning (identifying objectives and processes), doing (implementing the plan), checking (monitoring and evaluating the results), and acting (making necessary adjustments and standardizing improvements) in order to continually enhance performance and efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Denial of service (DoS)

A

A malicious attack or deliberate action that disrupts or overwhelms a computer system, network, or service, rendering it inaccessible or unusable for legitimate users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Directive controls

A

Security measures that use policies, procedures, and guidelines to provide explicit instructions and guidance to individuals or entities, ensuring compliance with security requirements and mitigating risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Disaster recovery (DR)

A

The process and strategies put in place to restore and recover critical systems, data, and infrastructure after a disruptive event or disaster, aiming to minimize downtime and resume normal operations as efficiently and effectively as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Distributed Denial of Service (DDoS)

A

A cyber attack where multiple compromised devices or systems flood a target network or server with a massive volume of traffic, rendering it inaccessible to legitimate users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Detective controls

A

A form of risk treatment, these are tactical controls that identify events while they are taking place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Digital certificate

A

An electronic document that uses a digital signature to bind a public key with an identity -information such as the name of a person or an organisation, their address and so forth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Digital signature

A

A mathematical scheme for demonstrating the authenticity of a digital message or document.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

DOM-based XSS (Document Object Model Cross site scripting)

A

The malicious script or code manipulates the Document Object Model (DOM) of a web page, affecting its behaviour and potentially compromising the security of the user’s session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Domain

A

A domain is a unique and recognizable name associated with a website or network that allows users to access resources on the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Encryption

A

The process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it but authorised parties can.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Evaluation

A

the systematic assessment and analysis of something to determine its effectiveness, quality, and value, providing insights for decision-making and improvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

False positive

A

An indication that something has been detected or has happened when in fact, it has not happened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Firewall

A

A technological barrier designed to prevent unauthorised or unwanted communications between computer networks or hosts.

52
Q

GDPR (General Data Protection Regulation)

A

The General Data Protection Regulation (GDPR) is a comprehensive EU law that regulates the processing and protection of personal data to ensure individuals’ privacy rights are upheld.

53
Q

General Data Protection Regulation (GDPR)

A

A comprehensive data protection and privacy regulation introduced by the European Union (EU) in 2018. It establishes rules and guidelines for the collection, processing, and storage of personal data of individuals within the EU, and grants them greater control and rights over their personal information, while imposing obligations on organizations that handle such data to ensure its protection and lawful use.

54
Q

Governance

A

Governance refers to the processes, policies, and practices implemented by an organization or governing body to ensure effective decision-making, accountability, and the proper management of resources. It involves establishing frameworks, structures, and controls to guide the actions and behaviours of individuals and entities within an organization, with the ultimate goal of achieving organizational objectives and fulfilling responsibilities to stakeholders.

55
Q

Hardening

A

Hardening refers to the process of strengthening and securing a computer system, network, or software application to reduce vulnerabilities and enhance resistance against potential threats and attacks. It involves implementing security measures, such as configuring system settings, removing unnecessary services, applying patches and updates, enforcing access controls, and implementing encryption, to minimize the attack surface and improve the overall security posture of the system. Hardening measures aim to protect against unauthorized access, data breaches, and other security risks.

56
Q

Hash digest or hash function

A

A hash digest, also known as a hash value or hash code, is the output generated by a hash function when it processes input data. A hash function is a mathematical algorithm that takes an input (such as a file, message, or data) and produces a fixed-size alphanumeric string, which represents a unique “digest” of the input. The hash function processes the input in a way that any slight change in the input will result in a significantly different hash value. Hash functions are commonly used in cryptography, data integrity verification, password storage, and digital signatures.

57
Q

Hashing

A

Hashing is the process of applying a hash function to input data in order to generate a fixed-size output, known as a hash value or hash code. The hash function takes the input and applies a mathematical algorithm to produce a unique and representative hash value. The resulting hash value is typically used to verify the integrity of data, compare files or messages for similarity, store passwords securely, and provide quick data retrieval in data structures like hash tables

58
Q

Identification

A

The process of confirming the identity of an individual or entity.

59
Q

integrity

A

Integrity refers to the quality or state of information or data being complete, accurate, and unaltered throughout its lifecycle.

60
Q

Mitigation

A

Mitigation is the process of implementing measures to reduce the potential impact or severity of a threat or risk.

61
Q

Acceptance

A

Acceptance is the conscious decision to tolerate a risk without implementing additional measures to mitigate or control it.

62
Q

MTD (Maximum Tolerable Downtime)

A

MTD refers to the maximum duration of time that an organization can tolerate being without its critical business functions or IT systems after a disruption or disaster occurs. It represents the upper limit of acceptable downtime beyond which the organization’s viability and objectives may be seriously compromised.

63
Q

Non-Repudiation

A

Non-repudiation is the assurance that the originator of a message cannot deny their involvement or the authenticity of the message sent.

64
Q

OSA Framework

A

The Open Security Architecture (OSA) is a framework related to technical and functional security controls. OSA offers a comprehensive overview of crucial security components, principles, issues, and concepts that underlie architectural decisions involved in designing effective security architectures. However, OSA can only be used if the security architecture has already been designed.

65
Q

Penetration testing

A

Penetration testing, often referred to as pen testing, is a systematic process of evaluating the security of a computer system, network, or application by simulating real-world attacks. It involves authorized attempts to exploit vulnerabilities and identify weaknesses in order to assess the overall security posture and potential risks.

66
Q

Privileged User Management (PUM)

A

The processes, controls, and technologies implemented to manage and secure the access and activities of privileged users within an organization. It involves identifying and managing accounts with elevated privileges, such as system administrators or IT administrators, and implementing measures to control and monitor their access to sensitive systems, data, and resources. PUM aims to mitigate the risks associated with privileged access, ensure accountability, and protect against unauthorized or malicious actions by privileged users.

67
Q

Reflected XSS (Reflected Cross-Site Scripting)

A

The malicious script or code is embedded in a URL or input field and is then reflected back to the user in the website’s response. The script is executed when the user clicks on the manipulated link or interacts with the vulnerable input field.

68
Q

Repository

A

a central location in which data is stored and managed.

69
Q

RPO (Recovery Point Objective)

A

RPO represents the maximum tolerable amount of data loss that an organization can afford during a disruption or disaster. It defines the point in time to which data must be recovered in order to resume operations with an acceptable level of data integrity. RPO is often measured in terms of time, indicating the maximum acceptable time gap between the last data backup and the occurrence of the disruption.

70
Q

RTO (Recovery Time Objective)

A

RTO is the targeted duration of time within which a business process, system, or service needs to be restored after a disruption. It defines the time frame within which the organization aims to recover its critical functions and resume normal operations following a disaster. RTO typically includes the time required for incident response, recovery procedures, and restoration activities.

71
Q

SABSA Framework

A

The Sherwood Applied Business Security Architecture, is a policy-driven framework. It helps define the critical questions that security architecture can only answer: what, why, when, and who. The goal of SABSA is to ensure that after the design of security services, they are then delivered and supported as an integral part of the enterprise’s IT management. One downside, however, is that SABSA doesn’t get into specifics regarding technical implementation.

72
Q

Security Architecture Framework

A

is a structured approach or model that provides guidelines and principles for designing and implementing effective security measures within an organization’s infrastructure and systems.
Examples: TOGAF, SABSA, OSA.

73
Q

Security Operations Centre (SOC)

A

It is a centralized facility or team within an organization that is responsible for monitoring, detecting, analysing, and responding to cybersecurity incidents and threats. The primary function of a SOC is to maintain the security of an organization’s systems, networks, and data by actively monitoring and managing security events and incidents in real-time.

74
Q

SOC 1 (Statement on Standards for Attestation Engagements No. 18, SSAE 18)

A

Is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It focuses on evaluating the effectiveness of internal controls over financial reporting (ICFR) within a service organization. This report assesses the design effectiveness of the controls at a specific point in time.

75
Q

SOC 2 (Service Organization Control 2)

A

is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It focuses on evaluating and reporting on the controls implemented by service organizations related to security, availability, processing integrity, confidentiality, and privacy of customer data. This report assesses the design effectiveness as well as the operating effectiveness of the controls over a specified period (generally six to twelve months).

76
Q

SQL (Structured Query Language)

A

It is a programming language used for managing and manipulating relational databases. SQL is commonly used to create, retrieve, update, and delete data stored in databases, as well as to define database schemas, create tables, and establish relationships between tables. It is widely used in the field of database management systems and plays a crucial role in interacting with and managing data in relational databases.

77
Q

SQL injection

A

SQL (Structured Query Language) injection is a web security vulnerability that allows an attacker to insert malicious SQL code into a web application’s database query, potentially gaining unauthorized access, manipulating data, or executing arbitrary commands.

78
Q

Stored XSS (Stored Cross-Site Scripting)

A

The malicious script or code is permanently stored on the target website or web application. Whenever a user accesses the affected page, the script is executed.

For example, let’s say there is a vulnerability in the platform’s comment system that does not properly sanitize user input. The attacker takes advantage of this vulnerability by posting a comment containing a malicious script. The script is stored on the platform’s server and becomes part of the comment’s content.

When other users view the affected comment, their web browsers execute the malicious script unknowingly. The script can perform various actions, such as stealing sensitive information (like login credentials or personal data), redirecting users to malicious websites, or even initiating unauthorized actions on behalf of the user.

79
Q

symmetric

A

Symmetric refers to a cryptographic system or algorithm that uses the same key for both encryption and decryption processes.

80
Q

Threat

A

A threat is a potential event or circumstance that can cause harm, damage, or compromise to an organization’s assets, operations, or information systems.

81
Q

TOGAF Framework

A

The Open Group Architecture Framework, helps determine which problems need to be solved within the security infrastructure in a business. Its primary focus is on the organization’s goal and scope, as well as the preliminary phases of security architecture. TOGAF does not, however, give specific guidance on ways to address security issues.

82
Q

Trojan (Trojan Horse)

A

A type of malicious software (malware) that disguises itself as a legitimate or harmless program, file, or attachment to deceive users and gain unauthorized access to their computer systems or networks.

83
Q

Zero-Day

A

A type of cyber attack that takes advantage of a previously unknown vulnerability or weakness in software, hardware, or a computer system. It occurs before the vulnerability is discovered or a patch is released, making it challenging to defend against and potentially causing significant damage.

84
Q

Administrative

A

Administrative controls are policies, procedures, or rules implemented to manage and regulate behaviours, actions, and responsibilities within an organization, aiming to ensure compliance, accountability, and effective security management.

85
Q

Security practitioner

A

A security practitioner is an individual who specializes in the field of security and is responsible for implementing and managing various security measures to protect information, systems, networks, or physical assets from threats and risks.

86
Q

Policy

A

A policy is a formal document that outlines the rules, guidelines, and principles that govern the behavior, decisions, and actions within an organization to achieve specific objectives or address specific concerns

87
Q

Procedure

A

A procedure is a documented sequence of steps or actions that provides specific instructions for carrying out a particular task, process, or activity within an organization.

88
Q

Law

A

A law is a binding and enforceable rule or regulation established by a governing authority to govern the behaviour of individuals or groups within a society.

89
Q

Standard

A

A standard is a documented set of criteria, guidelines, or specifications that provide a reference for consistent and reliable practices, processes, or products in a specific industry or field.

90
Q

Role-Based Access Control (RBAC)

A

It is an access control model where access permissions are based on the roles assigned to users.

91
Q

Mandatory Access Control (MAC)

A

It is a security model where access to resources is based on set policies and rules defined by a central authority or system administrator.

92
Q

Discretionary Access Control (DAC)

A

It is an access control model where access to resources is determined by the discretion of the resource owner or manager.

93
Q

Redundancy

A

Redundancy is the duplication or backup of critical resources to ensure continuous operation and minimize the impact of failures or disruptions.

94
Q

Intrusion Prevention System (IPS)

A

Intrusion Prevention System (IPS) is a security technology that actively monitors and analyses network traffic to detect and block potential threats or malicious activities in real-time.

95
Q

Intrusion Detection System (IDS)

A

Intrusion Detection System (IDS) is a security technology that passively monitors and analyses network traffic to identify and alert about potential security breaches or unauthorized activities.

96
Q

Quality Assurance and Control (QA/QC)

A

refers to the set of processes and activities undertaken to ensure that a product or service meets specified quality standards. It involves monitoring and evaluating the development or production process, identifying defects or deviations from requirements, and implementing corrective actions to improve quality and prevent issues.

97
Q

Source code analysis

A

Source code analysis is the process of examining the source code of a software application to identify programming errors, security vulnerabilities, and adherence to coding standards.

98
Q

Packet sniffing

A

Packet sniffing, also known as network sniffing or packet analysis, is the practice of capturing and inspecting network traffic in order to gather information or analyse its contents. It involves intercepting and examining the packets of data that are transmitted over a network, allowing an attacker to potentially access sensitive information, such as usernames, passwords, or other confidential data.

99
Q

White noise generation

A

White noise generation is a technique used to create a random, non-stop, and uniform sound signal that covers a wide range of frequencies. It is often used as a physical security control to mask or interfere with the detection of genuine electromagnetic emanations from computing equipment. The purpose is to confuse or prevent eavesdropping or unauthorized interception of sensitive information.

100
Q

Quantitative

A

Quantitative refers to a type of analysis or measurement that involves the use of numerical data and mathematical models to assess and quantify risks, impacts, probabilities, or other factors related to a particular subject or situation. It involves the use of quantitative methods and techniques to derive objective and measurable results.

101
Q

Qualitative

A

Qualitative refers to a type of analysis or assessment that focuses on non-numerical data and subjective factors to understand and evaluate a subject or situation. It involves gathering and interpreting qualitative data such as observations, opinions, interviews, and descriptions to gain insights, identify patterns, and make subjective judgments. Qualitative analysis often involves a more subjective and interpretive approach compared to quantitative analysis.

102
Q

Static Testing

A

Static testing is a software testing technique that is performed without executing the code. It involves analysing the software artifacts such as requirements, design documents, and source code to identify defects, compliance issues, and other quality concerns. Static testing techniques include code reviews, walkthroughs, inspections, and other forms of manual or automated analysis. The objective of static testing is to improve the quality of the software by identifying and addressing issues early in the development process.

103
Q

Dynamic Testing

A

Dynamic testing is a software testing technique that involves executing the software and observing its behaviour to evaluate its performance, functionality, and other dynamic characteristics. It is performed by running the software with various inputs and verifying if the actual output matches the expected output. Dynamic testing can include activities such as functional testing, integration testing, system testing, performance testing, and security testing. The goal of dynamic testing is to ensure that the software functions correctly and meets the specified requirements.

104
Q

Systems Security Engineering Capability Maturity Model (SSE-CMM)

A

The Systems Security Engineering Capability Maturity Model (SSE-CMM) is a process-oriented information system evaluation method. It focuses on assessing and improving the capability of an organization’s security engineering processes. It provides a framework for evaluating and improving an organization’s ability to manage and secure its information systems throughout their lifecycle. The SSE-CMM emphasizes the process aspects of security engineering rather than assurance aspects.

105
Q

User input validation

A

User input validation is a security countermeasure that involves validating and sanitizing user input to ensure it adheres to expected formats and does not contain malicious code or characters. By implementing proper input validation techniques, such as parameterized queries or prepared statements, an application can effectively prevent SQL injection attacks by ensuring that user input is treated as data rather than executable code.

106
Q

Hexadecimals

A

Hexadecimal is a number system commonly used in computing and digital systems. It is a base-16 numbering system that uses digits from 0 to 9 and letters A to F to represent values from 0 to 15. In hexadecimal, each digit represents a four-bit binary value, making it a convenient way to represent and manipulate binary data. Hexadecimal numbers are often used to represent memory addresses, colour values, and binary data in programming and computer systems

107
Q

Virus

A

A virus is a type of malicious software that replicates itself and infects computer systems, causing damage and spreading to other computers.

108
Q

Worm

A

A worm is a type of malicious software that can self-replicate and spread across computer networks without requiring user interaction, often causing harm to the network or consuming system resources.

109
Q

Repudiation Attack

A

A repudiation attack refers to an unauthorized attempt to deny or reject the validity or involvement in a transaction, communication, or action. In other words, it involves one party falsely denying their participation or responsibility in an event, transaction, or communication. This type of attack can have serious consequences in various domains, such as e-commerce, digital signatures, legal agreements, and financial transactions, where proof of authenticity and accountability is crucial.

110
Q

Attribute-Based Access Control (ABAC)

A

It is an access control model that determines access to resources based on attributes associated with users, objects, and the environment. In ABAC, access decisions are made by evaluating the attributes of the requesting entity, the attributes of the resource being accessed, and the environmental conditions. This model allows for more fine-grained access control, as access decisions can be based on multiple attributes and conditions rather than relying solely on roles or permissions. ABAC offers flexibility and adaptability in managing access control policies, making it suitable for complex and dynamic environments.

111
Q

script kiddie

A

a person who uses existing computer scripts or codes to hack into computers, lacking the expertise to write their own.

112
Q

Information Security Management System (ISMS)

A

It is a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. An ISMS typically involves a set of policies, procedures, processes, and controls designed to manage risks and protect information assets. The implementation of an ISMS helps organizations establish a framework for identifying, assessing, and managing information security risks, as well as defining and implementing security controls to mitigate those risks. The goal of an ISMS is to ensure the confidentiality, integrity, and availability of information assets while meeting legal, regulatory, and business requirements. It often follows international standards such as ISO/IEC 27001 for establishing and maintaining an effective information security management system.

113
Q

Tangible

A

Tangible assets are the physical assets of an organization, the assets that can be seen and touched. Examples of tangible assets include computers, desks, and buildings.

114
Q

Intangible

A

An intangible asset is a non-monetary asset that cannot be seen or touched.

115
Q

Enabling

A

give (someone) the authority or means to do something; make it possible for.

116
Q

Corrective Action

A

Corrective action refers to the steps taken to address and resolve identified problems, errors, or non-conformities in order to prevent their recurrence and improve overall performance or compliance.

117
Q

Honeypot

A

A honeypot is a security mechanism designed to attract and deceive potential attackers, allowing organizations to observe and analyse their tactics, techniques, and behaviours.

118
Q

Trapdoor

A

A trapdoor is a hidden and deliberate vulnerability or backdoor intentionally built into a system or software, allowing unauthorized access or bypassing of security measures.

119
Q

PKI

A

PKI stands for Public Key Infrastructure, which is a system of technologies, policies, and procedures that enables the creation, distribution, and management of digital certificates and cryptographic keys to secure communication and verify the authenticity of users, devices, and data.

120
Q

Modem

A
121
Q

Router

A
122
Q

Switch

A
123
Q

Access Point

A
124
Q

Home Router

A
125
Q

IP

A
126
Q
A