Glossary_Foundations in Cybersecurity_C1 Flashcards
Adversarial artificial intelligence.
What is it?
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Antivirus software:
A software program used to prevent, detect, and eliminate malware and viruses
Asset:
An item perceived as having value to an organization
Business Email Compromise (BEC):
A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage
Cloud security:
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Compliance:
The process of adhering to internal standards and external regulations
Computer virus:
Malicious code written to interfere with computer operations and cause damage to data and software
Confidentiality, means?
Only authorized users can access specific assets or data
CIA triad: What is it and what are the 3 components?
Confidentiality, integrity, availability
A model that helps inform how organizations consider risk when setting up systems and security policies
Cryptographic attack:
An attack that affects secure forms of communication between a sender and intended recipient
Cybersecurity (or security):
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
Database:
An organized collection of information or data
Data point:
A specific piece of information
Hacker:
Any person who uses computers to gain access to computer systems, networks, or data
Hacktivist:
A person who uses hacking to achieve a political goal
HIPAA
Health Insurance Portability and Accountability Act
A U.S. federal law established to protect patients’ health information
Integrity
The idea that the data is correct, authentic, and reliable.
One of the CIA Triad components
Internal threat:
A current or former employee, external vendor, or trusted partner who poses a security risk
IDS
Intrusion Detection System
An application that monitors system activity and alerts on possible intrusions
Linux:
An open-source operating system
Malware:
Software designed to harm devices or networks
What does NIST stand for?
National Institute of Standards and Technology
NIST (CSF):
National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF):
A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
Network protocol analyser (packet sniffer):
A tool designed to capture and analyse data traffic within a network
Network security is the practice of:
The practice of keeping an organisation’s network infrastructure secure from unauthorized access
OWASP
Open Web Application Security Project
A non-profit organization focused on improving software security
Password attack:
An attempt to access password secured devices, systems, networks, or data
PII
Personally identifiable information
Any information used to infer an individual’s identity
Order of volatility:
A sequence outlining the order of data that must be preserved from first to last
Phishing
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
Physical attack:
A security incident that affects not only digital but also physical environments where the incident is deployed
Physical social engineering:
An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Privacy protection:
The act of safeguarding personal information from unauthorized use
Programming:
A process that can be used to create a specific set of instructions for a computer to execute tasks
PHI: Protected health information
Information that relates to the past, present, or future physical or mental health or condition of an individual
Protecting and preserving evidence:
The process of properly working with fragile and volatile digital evidence
Security architecture:
A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats
Security controls:
Safeguards designed to reduce specific security risks
Security ethics:
Guidelines for making appropriate decisions as a security professional
Security frameworks:
Guidelines used for building plans to help mitigate risk and threats to data and privacy
Security governance:
Practices that help support, define, and direct security efforts of an organization
SIEM
Security information and event management
An application that collects and analyzes log data to monitor critical activities in an organization
Security posture:
An organization’s ability to manage its defence of critical assets and data and react to change
SPII
Sensitive personally identifiable information
A specific type of PII that falls under stricter handling guidelines
Social engineering:
A manipulation technique that exploits human error to gain private information, access, or valuables
Social media phishing:
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
Spear phishing:
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
SQL (pronounced sequel)
(Structured Query Language): A programming language used to create, interact with, and request information from a database
Supply-chain attack:
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Threat:
Any circumstance or event that can negatively impact assets
Threat actor:
Any person or group who presents a security risk
USB baiting:
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Virus:
Malicious code written to interfere with computer operations and cause damage to data and software
Vishing:
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Watering hole attack:
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
