Glossary Part 2 Flashcards
steganography
A technique for obscuring the presence of a message, often by embedding information within a file or other entity.
software as a service (SaaS)
A cloud service model that provisions fully developed application services to users.
Transport Layer Security virtual private network (TLS VPN)
Virtual private networking solution that uses digital certificates to identify, host, and establish secure tunnels for network traffic.
role-based access control (RBAC)
An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.
secure enclave
CPU extensions that protect data stored in system memory so that an untrusted process cannot read it.
sensor (alarms)
A component in an alarm system that identifies unauthorized entry via infrared-, ultrasonic-, microwave-, or pressure-based detection of thermal changes or movement.
self-signed certificate
A digital certificate that has been signed by the entity that issued it, rather than by a CA.
vulnerability
A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
vulnerability feed
A synchronizable list of data and scripts used to check for vulnerabilities. Also referred to as plug-ins or network vulnerability tests (NVTs).
risk mitigation
The response of reducing risk to fit within an organization’s willingness to accept risk.
sinkhole
A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.
system/process audit
An audit process with a wide scope, including assessment of supply chain, configuration, support, monitoring, and cybersecurity factors.
state table
Information about sessions between hosts that is gathered by a stateful firewall.
serverless
A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.
under-voltage event
When the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Under-voltage events are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from the electrical power station to a building.
subject alternative name (SAN)
A field in a digital certificate allowing a host to be identified by multiple host names/subdomains.
Trojan
A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.
risk deterrence
In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.
root certificate authority
In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.
service disruption
A type of attack that compromises the availability of an asset or business process.
SMiShing
A form of phishing that uses SMS text messages to trick a victim into revealing information.
serverless computing
Features and capabilities of a server without needing to perform server administration tasks. Serverless computing offloads infrastructure management to the cloud service provider—for example, configuring file storage capability without the requirement of first building and deploying a file server.
Temporal Key Integrity Protocol (TKIP)
The mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.
Sender Policy Framework (SPF)
A DNS record identifying hosts authorized to send mail for the domain.
Security-Enhanced Linux (SELinux)
The default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux.
software composition analysis (SCA)
Tools designed to assist with identification of third-party and open-source code during software development and deployment.
SYN flood
A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
risk identification
Within overall risk assessment, the specific process of listing sources of risk due to threats and vulnerabilities.
risk assessment
The process of identifying risks, analyzing them, developing a response strategy for them, and mitigating their future impact.
vertical privilege escalation
When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.
transparent proxy
A server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy.
Sarbanes-Oxley Act (SOX)
A law enacted in 2002 that dictates requirements for the storage and retention of documents relating to an organization’s financial and business operations.
threat
A potential for an entity to exercise a vulnerability (that is, to breach security).
screened subnet
A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.
warm site
An alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.
video surveillance
Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.
security key
Portable HSM with a computer interface, such as USB or NFC, used for multifactor authentication.
supply chain
The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.
risk transference
In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.
risk reporting
A periodic summary of relevant information about a project’s current risks. It provides a summarized overview of known risks, realized risks, and their impact on the organization.
sensor
A monitor that records (or “sniffs”) data from frames as they pass over network media, using methods such as a mirror port or TAP device.
web filter
A software application or gateway that filters client requests for various types of Internet content (web, FTP, IM, and so on).
resource consumption
A potential indicator of malicious activity where CPU, memory, storage, and/or network usage deviates from expected norms.
tokenization
A de-identification method where a unique token is substituted for real data.
secure baseline
Configuration guides, benchmarks, and best practices for deploying and maintaining a network device or application server in a secure state for its given role.
workforce multiplier
A tool or automation that increases employee productivity, enabling them to perform more tasks to the same standard per unit of time.
signature-based detection
A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.
risk owner
An individual who is accountable for developing and implementing a risk response strategy for a risk documented in a risk register.
server-side
In a web application, input data that is executed or validated as part of a script or process running on the server.
software-defined networking (SDN)
APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.
web application firewall (WAF)
A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.
security identifier (SID)
The value assigned to an account by Windows and that is used by the operating system to identify that account.
Transport Layer Security (TLS)
Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.
risk analysis
Process for qualifying or quantifying the likelihood and impact of a factor.
server-side request forgery (SSRF)
An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.
salt
A security countermeasure that mitigates the impact of precomputed hash table attacks by adding a random value to (“salting”) each plaintext input.
ticket granting ticket (TGT)
In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.
trade secrets
Intellectual property that gives a company a competitive advantage but hasn’t been registered with a copyright, trademark, or patent.
rule-based access control
A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.
spyware
Software that records information about a PC and its users, often installed without the user’s consent.
risk acceptance
The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.
trusted platform module (TPM)
Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.
virtual private cloud (VPC)
A private network segment made available to a single cloud consumer on a public cloud.
statement of work (SOW)
A document that defines the expectations for a specific business arrangement.
security information and event management (SIEM)
A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.
user and entity behavior analytics (UEBA)
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
service level agreement (SLA)
An agreement that sets the service requirements and expectations between a consumer and a provider.
Virtual Network Computing (VNC)
Remote access tool and protocol. VNC is the basis of macOS screen sharing.
static analysis
The process of reviewing uncompiled source code either manually or using automated tools.
simulation (testing)
A testing technique that replicates the conditions of a real-world disaster scenario or security incident.
resilience
The ability of a system or network to recover quickly from failure events with no or minimal manual intervention.
security log
A target for event data related to access control, such as user authentication and privilege use.
vulnerability scanner
Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application.
threat hunting
A cybersecurity technique designed to detect the presence of threats that have not been discovered by normal security monitoring.
Simultaneous Authentication of Equals (SAE)
Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.
risk threshold
Boundary for types and/or levels of risk that can be accepted.
watering hole attack
An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.
single sign-on (SSO)
Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.
responsibility matrix
Identifies that responsibility for the implementation of security as applications, data, and workloads are transitioned into a cloud platform are shared between the customer and the cloud service provider (CSP).
snapshot (backup)
Used to create the entire architectural instance/copy of an application, disk, or system. It is used in backup processes to restore the system or disk of a particular device at a specific time. A snapshot backup can also be referred to as image backup.
virtual private network (VPN)
A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).
worm
A type of malware that replicates between processes in system memory and can spread over client/server network connections.
risk register
A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.
risk exception
Category of risk management that uses alternate mitigating controls to control an accepted risk factor.
tunneling
The practice of encapsulating data from one protocol for safe transfer over another network such as the Internet.
vishing
Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
single loss expectancy (SLE)
The amount that would be lost in a single occurrence of a particular risk factor.
Secure Shell (SSH)
Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.
scalability
Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.
sandbox
A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.
uninterruptible power supply (UPS)
A battery-powered device that supplies AC power that an electronic device can use in the event of power failure.
transport/communication encryption
Encryption scheme applied to data-in-motion, such as WPA, IPsec, or TLS.
third-party risks
Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.
risk exemption
Category of risk management that accepts an unmitigated risk factor.
supervisory control and data acquisition (SCADA)
A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.
resource inaccessibility
A potential indicator of malicious activity where a file or service resource that should be available is inaccessible.
Secure File Transfer Protocol (SFTP)
A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.
self-encrypting drive (SED)
A disk drive where the controller can automatically encrypt data that is written to it.
write blocker
A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.
work recovery time (WRT)
In disaster recovery, time additional to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event.
Simple Network Management Protocol (SNMP)
Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.
Wired Equivalent Privacy (WEP)
A legacy mechanism for encrypting data sent over a wireless connection.
supplicant
In EAP architecture, the device requesting access to the network.
sanitization
The process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.
service set identifier (SSID)
A character string that identifies a particular wireless LAN (WLAN).
soft authentication token
OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.
responsiveness
The ability of a system to process a task or workload within an acceptable amount of time.
security control
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.
tabletop exercise
A discussion of simulated emergency situations and security incidents.
Simple Object Access Protocol (SOAP)
An XML-based web services protocol that is used to exchange messages.
time-of-day restrictions
Policies or configuration settings that limit a user’s access to resources.
third party CA
In PKI, a public CA that issues certificates for multiple domains and is widely trusted as a root trust by operating systems and browsers.
test access point (TAP)
A hardware device inserted into a cable run to copy frames for analysis.
threat actor
A person or entity responsible for an event that has been identified as a security incident or as a risk.
software bill of materials (SBOM)
Inventory of third-party and open-source code components used in an application or package.
risk
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.
tethering
Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).
timeline
In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.
shadow IT
Computer hardware, software, or services used on a private network without authorization from the system owner.
zero trust
The security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.
Wi-Fi Protected Access (WPA)
Standards for authenticating and encrypting access to Wi-Fi networks.
secure hash algorithm (SHA)
A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.
uniform resource locator (URL)
An application-level addressing scheme for TCP/IP, allowing for human-readable resource addressing. For example: protocol://server/file, where “protocol” is the type of resource (HTTP, FTP), “server” is the name of the computer (www.microsoft.com), and “file” is the name of the resource you wish to access.
security assertion markup language (SAML)
An XML-based data format used to exchange authentication information between a client and a service.
social engineering
An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
virtualization
A computing environment where multiple independent operating systems can be installed to a single hardware platform and run simultaneously.
rooting
Gaining superuser-level access over an Android-based mobile device.
System Monitor
Software that tracks the health of a computer’s subsystems using metrics reported by system hardware or sensors. This provides an alerting service for faults such as high temperature, chassis intrusion, and so on.
reverse proxy
A type of proxy server that protects servers from direct contact with client requests.
resources/funding
The ability of threat actors to draw upon funding to acquire personnel, tools, and to develop novel attack types.
visualization
A widget showing records or metrics in a visual format, such as a graph or table.
site survey
Documentation about a location for the purposes of building an ideal wireless infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identify sources of interference.
Security Content Automation Protocol (SCAP)
A NIST framework that outlines various accepted practices for automating vulnerability scanning.
syslog
Application protocol and event-logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.
standards
Expected outcome or state of a task that has been performed in accordance with policies and procedures. Standards can be determined internally or measured against external frameworks.
risk appetite
A strategic assessment of what level of residual risk is acceptable for an organization.
stateful inspection
A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.
rules of engagement (ROE)
A definition of how a pen test will be executed and what constraints will be in place. This provides the pen tester with guidelines to consult as they conduct their tests so that they don’t have to constantly ask management for permission to do something.
Simple Mail Transfer Protocol (SMTP)
Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.
risk avoidance
In risk mitigation, the practice of ceasing activity that presents risk.
security zone
An area of the network (or of a connected network) where the security configuration is the same for all hosts within it. In physical security, an area separated by barriers that control entry and exit points.
Structured Query Language injection (SQL injection)
An attack that injects a database query into the input data directed at a server by accessing the client side of the application.
software defined WAN (SD-WAN)
Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.
Snort
An open source NIDS. A subscription (“oinkcode”) is required to obtain up-to-date rulesets, which allow the detection engine to identify the very latest threats. Non-subscribers can obtain community-authored rulesets.
standard configurations
In an IaC architecture, the property that an automation or orchestration action always produces the same result, regardless of the component’s previous state.
root cause analysis
A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.
selection of effective controls
The process of choosing the type and placement of security controls to ensure the goals of the CIA triad and compliance with any framework requirements.
sideloading
Installing an app to a mobile device without using an app store.
risk tolerance
Determines the thresholds that separate different levels of risk.
smart card
A security device similar to a credit card that can store authentication information, such as a user’s private key, on an embedded cryptoprocessor.
single point of failure (SPoF)
A component or system that would cause a complete interruption of a service if it failed.
wildcard domain
In PKI, a digital certificate that will match multiple subdomains of a parent domain.
Wi-Fi Protected Setup (WPS)
A feature of WPA and WPA2 that allows enrollment in a wireless network based on an eight-digit PIN.
unsecure network
Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.
version control
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes.
shellcode
A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.
virus
Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.
session affinity
A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question.
risk management
The cyclical process of identifying, assessing, analyzing, and responding to risks.
trend analysis
The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or to better understand past events.
unified threat management (UTM)
All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data-loss prevention, content filtering, and so on.
typosquatting
An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker’s website.
responsible disclosure program
A process that allows researchers and reviewers to safely disclose vulnerabilities to a software developer.
tactics, techniques, and procedures (TTP)
Analysis of historical cyberattacks and adversary actions.
structured exception handler (SEH)
A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited.
technical debt
Costs accrued by keeping an ineffective system or product in place, rather than replacing it with a better-engineered one.
router firewall
A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.
threat feed
Signatures and pattern-matching rules supplied to analysis platforms as an automated feed.
software development life cycle (SDLC)
The processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development.
time-of-check to time-of-use (TOCTOU)
The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.
unintentional insider threat
A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.
right to be forgotten
Principle of regulated privacy data that protects the data subject’s ability to request its deletion.
type-safe programming language
A program that enforces strict type-checking during compilation and ensures variables and data are used correctly. It prevents memory-related vulnerabilities and injection attacks.
virtual local area network (VLAN)
A logical network segment comprising a broadcast domain established using a feature of managed switches to assign each port a VLAN ID. Even though hosts on two VLANs may be physically connected to the same switch, local traffic is isolated to each VLAN, so they must use a router to communicate.
Secure Access Service Edge (SASE)
A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. It combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN.
zero-day
A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.
skimming
Making a duplicate of a contactless access card by copying its access token and programming a new card with the same data.
