glossary of key terms Flashcards
The maintenance and verification of a desired level of
quality of software, a product, or service.
quality assurance (QA)
Policies that define the rules restricting how a computer, network, or other system may be used.
acceptable use policies
A list of permissions attached to an object specifying what level of access a user, users, or groups have to that object. When you’re
dealing with firewalls a set of rules that apply to a list of network
names, IP addresses, and port numbers
access control list (ACL)
A collection of policies to determine the level of access
that a subject (user or system) has on a resource (the system, application, or data
to be protected). There are four major types
access control model / Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).
In digital forensics, the process of collecting specific data related to
an attack, intrusion, or investigation, which can include computer media and other
devices that store electronic data.
acquisition
A Microsoft directory service that authenticates and authorizes
users and computers.
Active Directory
An attacker’s method that is carried out on a target mostly
by using network and vulnerability scanners.
active reconnaissance
Assessment that measures risk by using exact monetary values. It attempts to give an expected yearly loss in dollars for any given risk.
It also defines asset values to servers, routers, and other network equipment.
quantitative risk assessment
A load-balancing scenario in which each device performs work
simultaneously, thus sharing the load.
active/active
A load-balancing scenario in which one device actively performs
work while the other works in a standby mode.
active/passive
A programming method involving
random arrangement of different address spaces used by a program (or process). It
helps prevent the exploitation of buffer overflows, remote code execution, and memory corruption vulnerabilities. It also can aid in protecting mobile devices (and other
systems) from exploits caused by memory-management problems
address space layout randomization (ASLR)
Accounts on a system with higher-level privileges. They
are similar to root accounts on a Linux system.
administrator accounts
A sophisticated attack that can remain undetected for a long time. Also, a government (state actor) attack is often also referred
to
advanced persistent threat (APT)
The tactics, techniques,
and procedures used by attackers to compromise a system or a network.
adversary tactics, techniques, and procedures (TTPs)
A concept that refers to the gap or lack of connection between a computer
and other networks. Because the computer isn’t directly connected to the network, it
can’t be attacked through the network
air gap
A list of allowed applications or functions that are accessible to a specific
resource, such as another application, a system, or a user. The list is inclusive; if the
application is not listed, access is denied
allow list
A VPN client that immediately and automatically establishes a
VPN connection when an Internet connection is made.
always-on VPN
The total expected loss in dollars per year due
to a specific incident.
annualized loss expectancy (ALE)
The number of times per year that a
specific incident occurs.
annualized rate of occurrence (ARO)
A method of obfuscating data such that the data can be used for
legitimate purposes while not exposing the identity of the data owner.
anonymization
Software that protects against infections caused by many types of
malware, including all types of viruses, as well as rootkits, ransomware, and spyware.
antimalware
A computer program used to prevent, detect, and remove
malware.
antivirus software
Cloud-based services that don’t fall into SaaS, PaaS,
or IaaS. For example, when a large service provider integrates its security services
into the company/customer’s existing infrastructure, it is often referred to as Security as a service (SECaaS).
anything as a service (XaaS)
A capability available in all cloud computing
environments. It allows for better automation of workflow deployment. These integrations typically need to be enabled in the environment to utilize them.
API inspection and integration
An index of approved software applications or executable files that are permitted to be present and active on a computer system.
application approved list
An index or list of undesirable or unauthorized
programs used to prevent their execution.
application block list/deny list
Attacks that target the resources of Layer 7 applications and often leverage known vulnerabilities against specific software.
application DDoS attacks
A programmatic framework that
enables other systems to interact with an application; however, lack of adequate
controls and monitoring make effective security testing of _____ difficult to
automate, which makes them vulnerable targets.
application programming interface (API)
A process to adequately and securely deploy an application on-premises or in the cloud.
application provisioning
Devices used to assess application-specific vulnerabilities
and operate at the upper layers of the OSI model.
application scanners
When an attacker manipulates the ARP cache on a host to
redirect traffic and perform an on-path attack.
ARP cache poisoning
Remnants of an intrusion that can be identified on a host or network
artifacts
A policy for onboarding and offboarding devices; it specifies
how they are registered and activated and how they are later decommissioned.
asset management
A process that uses a public-key and private-key pair to
encrypt and decrypt messages when communicating.
asymmetric encryption
A set of matrices created by MITRE to document and explain the
adversarial tactics and techniques used by attackers to compromise systems and
networks.
ATT&CK
A process that serves to bear witness and to confirm, authenticate,
verify, and document.
attestation
An access model that is dynamic and
context-aware. Access rights are granted to users through the use of multiple policies
that can combine various user, group, and resource attributes together.
attribute-based access control (ABAC)
An assessment that assigns numeric values to the
probability of a risk and the impact it can have on the system or network.
qualitative risk assessment
Characteristics that authenticate a user in either a physical or behavioral manner
attributes
A technique used to transmit hidden information by modifying an audio signal in an imperceptible manner.
audio steganography
The process or action of proving something to be true or valid,
verifying the identity of a user or process.
authentication
A program that generates security codes for signing
into assets.
authentication application
As specified in RFC 4302, a protocol that defines
an optional packet header to be used to guarantee connectionless integrity and data
origin authentication for IP packets and to protect against replays.
Authentication Header (AH)
A nonmalicious hacker—for example, an IT person who
attempts to “hack” into a computer system before it goes live to test the system.
authorized hacker
A DevOps environment component for secure
provisioning and deprovisioning of software, services, and infrastructure.
automated courses of action
An automated way to share indicators of
compromise (IOCs) and threat intelligence information
automated indicator sharing (AIS)
The technology and processes of executing a task without human
intervention.
automation
A digital forensics platform and graphical interface to The Sleuth Kit and
other digital forensics tools. It is used by law enforcement, military, and corporate
examiners to investigate what happened on a computer.
Autopsy
A method used in computer programs to bypass normal authentication
and other security mechanisms in place.
backdoor
A Common Vulnerability Scoring System (CVSS) group that represents the intrinsic characteristics of a vulnerability that are constant over time and
do not depend on a user-specific environment.
base group
The original frequency range of transmission signal before it is
modulated. It can also refer to the type of data transmission in which analog data is
sent over a single nonmultiplex channel.
baseband radio
A method used to assess the current security state of computers, servers, network devices, and the network in general after a
minimum desired state of security is defined.
baseline configuration (baselining)
The process of reporting the security state of computers, servers, network devices, and the network after a baseline has been determined.
baseline reporting
A Linux/UNIX-based scripting shell and framework.
Bash
Security controls that provide a unique way of making sure that people
are who they say they are by monitoring/matching human characteristics such as a
fingerprint, retina, or voice.
biometrics
An attack on a hashing system that attempts to send two different
messages with the same hash function, causing a collision.
birthday attack
A way of testing the internal workings of an application or
system where the tester has no knowledge of the system being tested.
black-box testing
An encryption method that applies a deterministic algorithm along
with a symmetric key to encrypt a block of text instead of encrypting one bit at a
time as in stream ciphers.
block cipher
A list used to deny individual application access—a common
method used when working with email, and by antivirus and HIDS programs
block list/deny list
A term used to identity the defenders of an organization. ____ _____ typically include the computer security incident response team (CSIRT) and information security (InfoSec) team.
blue team
Sending unsolicited messages to Bluetooth-enabled devices such as
mobile phones and tablets.
bluejacking
Accessing information without authorization from a wireless device
through a Bluetooth connection.
bluesnarfing
A standalone post used for physical security purposes. It is typically steel,
short, and sturdy, and anchored in a hard surface such as concrete.
bollard
A process that allows a remote platform to measure and report
its system state in a secure way to a third party
boot attestation
The reliability of the operating system and loading mechanism
during the booting process; it can be checked using a secure method
boot integrity
A large group of compromised systems known as robots or simply bots
botnet
Compromised computers (also known as zombies) that are part of a larger group called a botnet. They are used to distribute malware across the Internet.
bots
A password attack where every possible password is attempted.
brute-force attack
A situation that occurs when a process stores data outside the
memory that the developer intended.
buffer overflow
The recognition and compensation provided by an organization to
security researchers for reporting security vulnerabilities (which are basically bugs in
code or hardware).
bug bounties
A current, tested plan in the hands of all personnel responsible for carrying out any part of that plan for the purpose of giving your
organization the best shot at success during a disaster
business continuity plan (BCP)
Enacted in 2003, a law that requires California businesses
that store computerized personal information to immediately disclose breaches of
security.
California SB 1386
The complicating of source code to make it more difficult for people
to understand. See also obfuscation.
camouflage
A method used by hotels, coffee shops, etc., that directs users to a
web page for authentication (typically through email) prior to normal Internet use.
The whole point of the technology is to be able to track users who access the free
wireless network. If the user performs any suspect actions, that user can be traced
by way of email address, IP address, and MAC address, in addition to other means if
multifactor authentication is used.
captive portal
A method of user awareness training where students play in a red
team/blue team scenario.
capture the flag
An attack method where the attacker clones a credit card, a
smartphone SIM card, or a building access badge or card.
card cloning attack
A Linux command that copies standard input to standard output
cat
an encryption protocol used with WPA2 that addresses
the vulnerabilities of TKIP and meets the requirements of IEEE 802.11i.
CCMP Counter Mode with Cipher Block Chaining Message Authentication
Code (CBC-MAC) Protocol
An entity (usually a server) that issues certificates to users.
certificate authority (CA)
A list of digitally signed certificates revoked
by the certificate authority for security purposes. If a certificate is compromised,
it is revoked and placed on the ____. ____ are later generated and published
periodically.
certificate revocation list (CRL)
Digitally signed electronic documents that bind a public key with a
user identity.
certificates
A process that provides assurances that evidence has been controlled and handled properly after collection.
chain of custody
An authentication
scheme used by the Point-to-Point Protocol (PPP), which in turn is the standard
for dial-up connections. It uses a challenge-response mechanism with one-way
encryption.
Challenge-Handshake Authentication Protocol (CHAP)
The process that is put in place to handle requests to make
changes to a system in a more efficient and coordinated manner.
change control
A structured way of changing the state of a computer
system, network, or IT procedure.
change management
The Linux command and system call that is used to change the access
permissions of file system objects.
chmod
A device policy where employees select a
device from a company-approved list.
choose your own device (CYOD)
A set of algorithms that help secure a network connection that uses
Transport Layer Security (TLS). The set of algorithms that _____ _____ usually
contain include a key exchange algorithm, bulk encryption algorithm, and message
authentication code (MAC) algorithm.
cipher suite
The process of completely removing any residual files or data from target
systems after the testing phases of a penetration testing engagement are complete.
cleanup
Anything that is being performed (a command, script,
or otherwise) at the client end of the communication. Typically executed on the
client’s browser rather than on the web server, it allows for more responsive web
applications.
client-side execution
The ability to properly handle application and user input to
prevent a security vulnerability and client-side execution.
client-side validation
A tool that is utilized in organizations to
control access to and use of cloud-based computing environments.
cloud access security broker (CASB)
A framework established by the Cloud Security Alliance
for cloud computing.
Cloud Controls Matrix
The act of reusing third-party, open-source software, or code developed internally by an organization.
code reuse
A location belonging to an organization that has tables, chairs, bathrooms, and possibly some technical setup—for example, basic phone, data, and
electric lines. Otherwise, a lot of configuration of computers and data restoration is
necessary before the site can be properly utilized. This type of site is used only if a
company can handle the stress of being nonproductive for a week or more.
cold site
A situation that occurs when two different files end up using the same
hash, which is possible with less secure hashing algorithms.
collision
The controlling master computer directing the actions of
a botnet, which distributes Internet malware.
command and control
A standard that enables different stakeholders across different organizations to share critical security-related
information in a single format, speeding up information exchange and digestion.
Common Security Advisory Framework (CSAF)
A standard created by MITRE
(www.mitre.org) that provides a mechanism to assign an identifier to vulnerabilities
so that you can correlate the reports of those vulnerabilities among sites, tools, and
feeds.
Common Vulnerabilities and Exposures (CVE)
A mix of public and private cloud deployments where multiple
organizations can share the public portion
community cloud
Mechanisms put in place to satisfy security requirements
that are either impractical or too difficult to implement. For example, instead of
using expensive hardware-based encryption modules, an organization might opt to
use network access control (NAC), data loss prevention (DLP), and other security
methods. Or, on the personnel side, instead of implementing segregation of duties,
an organization might opt to do additional logging and auditing. Also known as
alternative controls.
compensating controls
A program that translates, verifies, and processes source code created
in a specific programming language.
compiler
Program errors that occur while the program is being
compiled.
compile-time errors
An access control model where access is granted based on specific criteria requirements.
conditional access
A classification of information where unauthorized access to the
information would cause damage to national security.
confidentia
An ongoing process created with the goal of maintaining computer systems, servers, network infrastructure, and software in a desired,
consistent state.
configuration management
The process of reviewing system configurations to reveal
potential security problems.
configuration reviews
The use of various tools for securing containerized cloud computing environments. Some of these tools are native to the actual cloud computing
environment, and some are third-party solutions and run on those environments.
container security
Logical units of software that package applications and all the dependencies needed to run it. ______ are lightweight, standalone executable software
packages that include code, runtime environments, system tools, and related software libraries. Two of the most popular examples of ______ solutions are Docker
and Linux LXC
containers
The methodology whereby access to information, files, systems or
networks is controlled.
containment
Using a program to screen and/or exclude access to web
pages, URLs, or email deemed objectionable.
content URL/filtering
A federal initiative to encourage
people and departments to plan to address how critical operations will continue
under a broad range of circumstances.
continuity of operations planning (COOP)
A software development process in which developers produce
software in short cycles while making sure that the software is reliable and secure.
continuous delivery
The automation of the application deployment, provisioning, and underlying network components and infrastructure.
continuous deployment
A software development practice in which programmers
merge, test, and deploy code changes in a central repository multiple times a day or
several times per week.
continuous integration
A DevOps environment component that ensures applications and systems are operating correctly and securely.
continuous monitoring
A DevOps environment component where applications
and code must be validated in an automated fashion.
continuous validation
A device policy in which the company supplies employees with a phone that can also be used for personal activities.
corporate-owned, personally enabled (COPE)
Controls used after an event. They limit the extent of damage and help the company recover from damage quickly. Tape backup, hot sites, and
other fault tolerance and disaster recovery methods are also included here. They are
sometimes referred to as compensating controls.
corrective controls
An encryption mode that uses an arbitrary number that changes with each block of text encrypted. The ______ is encrypted with the
cipher, and the result is XOR’d (exclusive OR’d) into ciphertext. Because the _____ changes for each block, the problem of repeating ciphertext that results from the
Electronic Code Book method is avoided.
counter mode
Information gathered and activities conducted to protect
against espionage, other intelligence activities, or sabotage conducted by or on
behalf of other elements.
counterintelligence
The attacking technique or activities of grabbing legitimate
usernames and even passwords to gain access to systems to steal information or to
use them for malicious purposes.
credential harvesting
Centralized enterprises run by people motivated mainly by
money (organized crime).
criminal syndicates
The point where the false rejection rate (FRR) and
the false acceptance rate (FAR) are equal.
Crossover Error Rate (CER)
A type of vulnerability where an attacker lures
the targeted user to execute unwanted actions on a web application. Threat-performing _____ attacks leverage the trust that the application has in the targeted user.
cross-site request forgery (XSRF)
A web application vulnerability where an attacker
can redirect a user to a malicious site, steal session cookies, or steal other sensitive
information.
cross-site scripting (XSS)
Attacks against cryptographic implementations or against
crypto algorithms.
cryptographic attacks
An advanced form of ransomware that leverages advanced encryption techniques to prevent files from being decrypted without a unique key
cryptomalware
Open-source software/sandbox for automating analysis of suspicious
files.
Cuckoo
A Linux command-line tool to transfer data to or from a server, using any
of the supported protocols: HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP,
TELNET, LDAP, or FILE
curl
an industry standard used to
convey information about the severity of vulnerabilities.
CVSS Common Vulnerability Scoring System
A series of steps that trace stages of a cyber attack from the early
reconnaissance stages to the exfiltration of data. The ____ _____ allows you to understand and combat ransomware, security breaches, and advanced persistent threats
(APTs).
cyber kill chain
A type of risk transference (also known as risk sharing)
that an organization can purchase to protect, for example, a group of servers in a
data center.
cybersecurity insurance
A subset of the deep web where many threat actors perform malicious
activities, such as selling stolen credit card numbers, health records, and other personal information.
dark web
Inactive data that is archived—backed up or stored in cloud storage
services.
data at rest
The individual who has the greatest responsibility for data privacy
protection. This person’s main responsibility is to control how the data is used by
applying specific procedures for the data processes.
data controller
The individual who performs day-to-day tasks on behalf
of the data owner. This person’s main responsibility is to ensure that the information
is available to the end user and that security policies, standards, and guidelines are
followed.
data custodian/steward
Data that crosses the network or data that currently
resides in computer memory. Also known as data in motion.
data in transit/motion
Actively used data undergoing constant change; for example, it could be stored in databases or spreadsheets.
data in use/processing
A system that performs content inspection and is
designed to prevent unauthorized use of data as well as prevent the leakage of data
outside the computer (or network) in which it resides.
data loss prevention (DLP)
A privacy enhancing technology designed to protect or obfuscate
sensitive data
data masking
A method of minimizing the amount of personal information
that is consumed by online entities.
data minimization
Also called the information owner; a person who is usually part of
the management team and maintains ownership of and responsibility over a specific
piece or subset of data.
data owner
The organizational leadership role that is responsible for the overall protection and adherence to data protection processes within
the organization.
data protection officer (DPO)
The process of restoring lost data, such as restoring a corrupt file
from a backup.
data recovery
A policy that states how long data must be stored by an
organization.
data retention
The process of irreversibly removing or destroying data stored
on a memory device (hard drives, flash memory/SSDs, mobile devices, CDs, DVDs,
and so on) or in hard copy form
data sanitization
A concept that refers to any information (data) that has been
converted and stored in a digital form.
data sovereignty
A command-line utility for Linux operating systems whose primary purpose is
to convert and copy files.
dd
Software that is no longer in use, but the source code or binary for it
still exists in the system and has not been removed appropriately.
dead code
A data destruction method involving the reduction or elimination of a magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes, and cartridge tapes.
degaussing
To adequately and securely remove, decommission, and purge an
application and related data on-premises or in the cloud.
deprovision
Controls aimed at monitoring and detecting any unauthorized
behavior or hazard. These types of controls are generally used to alert to a failure in
other types of controls such as preventive, deterrent, and compensating controls.
detective controls
A control that is used by an organization to try to deter a
threat actor from executing an offensive assault on its environment.
deterrent controls
The environment where you create code on your computer or in
the cloud.
development
A security feature that protects against Layer 2 attacks such as
DHCP spoofing and abuse.
DHCP snooping
A cybersecurity/threat intelligence model
used to analyze and track the characteristics of cyber intrusions by advanced threat
actors that emphasizes the relationships and characteristics of the adversary, capabilities, infrastructure, and victims.
Diamond Model of Intrusion Analysis
A password attack that uses a prearranged list of likely
words, trying each of them one at a time.
dictionary-based attack
Data backups that preserve data, saving only the difference
in the data since the last full backup.
differential backups
A Linux tool for querying DNS nameservers for information about host
addresses, mail exchanges, nameservers, and related information.
dig
The name given to a set of access control
technologies that are used to control the use of proprietary hardware, software, and
copyrighted works. ____ solutions are used to restrict the use, modification, and
distribution of copyrighted works and the underlying systems used to enforce such
policies.
digital rights management (DRM)
Mathematical schemes for verifying the authenticity of digital
messages or documents.
digital signatures
A method of accessing unauthorized parent (or worse, root)
directories. It is often used on web servers that have PHP files and are Linux- or
UNIX-based, but it can also be perpetrated on Microsoft operating systems. This
attack is designed to get access to files such as ones that contain passwords. Also
known as the ../ (dot-dot-slash) attack.
directory traversal
A formal document created by organizations that
contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks, or other disruptive events.
disaster recovery plan (DRP)
An access control policy generally determined by the owner. Objects such as files and printers can be created and accessed
by the owner. Also, the owner decides which users are allowed to have access to the
objects, and what level of access they may have. The levels of access, or permissions,
are stored in access control lists (ACLs).
discretionary access control (DAC)