Key words Flashcards
What does CIA stand for and what is meant by each letter of the CIA?
Confidentiality, Integrity and Availability
What is the meaning of Non - Repudiation?
Non- repudiation is the idea that someone cannot deny the validity of something, or that they cannot dispute responsibility for an action. In information systems, thus can be achieved through hashing and digital signatures amongst other ways. An example of this is when someone sends data, that the third party can verify that it came from the sender.
What is confidentiality of information and how can it be achieved?
Prevent the disclosure of information to unauthorised individuals or systems - Certain information should only be known to certain people
Some of the ways in which this can be achieved are as follows:
Encryption - Encrypt data so only some certain people can read it
Access controls - Restrict access to a resource
MFA - An extra layer of security to prevent unauthorised access to a resource
What is integrity of information and how can it be achieved?
Data cannot be modified without detection - This is to ensure that data received is the data that was sent and that no changes were made - We should be able to identify any modification
Hashing - This involves mapping an arbitrary length of data to data of a fixed length - If data received is different to data sent then the hash of the data would be different
Digital Signature
Certificates
What is availability and how can it be achieved?
Systems & networks must be up and running
Fault tolerance
Redundancy
Patching - Adds stability and closes security holes
What is a digital signature, what is the purpose and how does it work?
This is a hash that has been encrypted with an asymmetrical encryption algorithm. The hash allows us to verify that the data that has been sent has not been changed and the encryption allows us to confirm the person who sent the data - Provides an additional level of integrity in comparison to hashing alone.
What is a Digital Certificate, what is the purpose and how does it work?
What does AAA stand for?
Authentication - Determines if a user, device, or system is allowed to access the network
Authorization - Determines what an authenticated entity can do within the network
Accounting - Measures what a user is doing within a system, what data is accessed, received or sent and the time of these actions - Think logs.
What is a Certificate Authority and provide the names of 3 Root CA’s?
A certificate authority is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.
A digital certificate provides:
Authentication, by serving as a credential to validate the identity of the entity that it is issued to.
Encryption, for secure communication over insecure networks such as the internet.
Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
These certificates allow secure, encrypted communication between two parties through public key cryptography. The CA verifies the certificate applicant’s identity and issues a certificate containing their public key. The CA will then digitally sign the issued certificate with their own private key which establishes trust in the certificate’s validity.
What is a GAP analysis and what is it used for?
A gap analysis is the process whereby a company examines their current performance/state vs their desired performance and state. This is then used to map out the required actions needed in order to reach that desired performance/state.
Allows you to work towards a baseline - Could be a cybersecurity framework like NIST CSF or the ISO 27001 or a regulatory requirement ie DORA for finance
What is the principle of Zero Trust?
Zero trust is a security model that treats all users, devices, and components as untrusted by default and requires strict identity authentication and authorization
What is meant by the principal of least privilege?
This is a cybersecurity concept that limits access of users, devices, applications and systems to only what they need to perform their job
What is change management, purpose of it and benefits?
Change management is a structure process that helps companies implement changes as smooth as possible and to ensure that any potential issues can be foreseen as best as possible and that employees are prepared for that change.
What is meant by redundancy?
Ensuring that your systems are redundant can improve availability of systems by ensuring systems can continue to function if something fails because there is a backup or alternative way of executing a specific function
Data redundancy - This would involve creating multiple copies of data to minimising the risk of data loss - Think backups and data replication
Geographic redundancy - Replicating data and applications across multiple locations to ensure systems remain available during a disaster.
Hardware redundancy - Provide backup for important and fault prone components to improve system reliability
Power redundancy - In the case that the main power goes down, main systems can be kept running by using a UPS (uninterruptible power supply)
Automatic Failover - Enable a backup system to automatically takeover if the main system goes down
Regular testing - testing backup systems in order to ensure that these systems can be relied upon if needed
What is the difference between Fault tolerance and redundancy?
Fault tolerance is when the overall system can tolerate the failure of a system whereas redundancy is where a particular function can be performed in more than one way - Redundancy is one way of achieving fault tolerance
What is data obfuscation?
Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access.
What is steganography?
the practice of concealing messages or information within other non-secret text or data.
What is a threat vector?
A method used by the attacker to gain access to your system - also called an attack vector
What is meant by adaptive identity?
It is an advanced form of authentication that goes beyond traditional methods such as passwords and PINs. Adaptive authentication takes into account contextual information such as location, device, behavior, and risk level to determine whether a user should be granted access or not.
What is PKI?
What is tokenisation and what are some use cases?
What is HIPS?
Host Intrusions Prevention System - A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Host-based intrusion prevention systems are typically used to protect endpoint devices. Once it detects malicious activity, the HIPS tool can take a variety of actions, including sending an alarm to the computer user, logging the malicious activity for future investigation, resetting the connection, dropping malicious packets and blocking subsequent traffic from the suspect IP address. Some host intrusion prevention systems allow users to send logs of malicious activity and suspicious code directly to the vendor for analysis and possible identification.
What is stateful inspection?
What is stateless inspection?
What is ACL?
An access control list is a security mechanism that controls access to data and resources in a network.
ACLS are made up of rules that determine which users or systems can access specific resources.
What is SDLC?
Software Development Lifecycle is the cost effective and time efficient process that development teams use to design and build high-quality software. The goal is to minimise project risks through forward planning.
The seven phases are:
Phase 1 - Planning
Phase 2 - Requirements analysis
Phase 3 - Design
Phase 4 - Coding
Phase 5 - Testing
Phase 6 - Deployment
Phase 7 - Maintenance
What is IDP?
Identity provider - A system that stores, manages and creates digital identities. They can directly authenticate users or provide authentication services to third party service providers.
What is UTM?
Unified threat management - is a network security solution that combines multiple security features into one device or service. UTM appliances typically include the following security functions:
Antivirus
Anti-spam - Tags or blocks unwanted e-mail traffic
Content filtering - Filters traffic based on file extension, mime type and protocol commans
Network Firewall - Protects against network-level attacks
Intrusion detection and prevention - Protcts against intrusion attempts
What is NGFW?
A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules.
A next-generation firewall (NGFW) does this, and so much more. In addition to access control, NGFWs can block modern threats such as advanced malware and application-layer attacks. According to Gartner’s definition, a next-generation firewall must include:
Standard firewall capabilities like stateful inspection
Integrated intrusion prevention
Application awareness and control to see and block risky apps
Threat intelligence sources
Upgrade paths to include future information feeds
Techniques to address evolving security threats
What is SLE and how is it calculated?
Single loss expectancy - This is a risk assessment formula - Calculates the estimated financial loss that might occur if an asset is compromised - Asset value multiplied by exposure factor
What is ARO?
Annual rate of occurence - This is a risk assessment formula - Calculates the estimated probability that of how many time an incident may occur within a given year. Calculated by dividing the number of estimated incidents by the time frame - ARO = Incidents/year
ARO is often based on historical data or expert judgment. It can be used to: Understand and manage risk exposure, Prioritize security investments, and Prioritize mitigation strategies.
What is ALE?
Annual loss expectancy - a financial metric that estiamtes the yearly cost of a potential risk to an organisation. Its calculated by multiplying the annual rate of occurence (ARO) by the single loss expectancy (SLE)
What is SLA?
Service level agreement - A written contract that defines the level of service a provider will deliver. Typically between a client and service provider but can also be used between departments within a company.
SLA’s outline the following:
Services - services that will be delivered
Responsiveness - The level of responsiveness that can be expected
Performance metrics - how perfomance will be measured, such as uptime, delivery time, response time and resolution time
Course of action - What will happen if requirements are not met such as additional support or pricing discounts
What is MSA?
Master service agreement which is a legally binding contract that outlines the terms and conditions for a business relationship between two or more parties
What is BPA?
BPA stands for Best Practice Assessment, a tool that helps users evaluate their firewall configuration against best practices
What is MOA?
MOA is an acronym for Memorandum of Agreement, which is a document that clarifies the responsibilities of parties involved in a cybersecurity agreement. MOAs are often used to establish a smooth working relationship between parties.
What is PKI?
What is PII?
Personally Identifiable Information, which is any data that can be used to identify a specific person. PII is considered sensitive data and is often targeted by attackers in data breaches.
What is the role of a firewall?
A firewall’s primary role is to protect a network from unauthorized access and harmful data by monitoring and filtering network traffic:
Separates networks
A firewall acts as a barrier between a private network and the public internet. It prevents unauthorized users from accessing the private network.
Filters traffic
A firewall inspects and authenticates each data packet that passes through the network. It uses a set of security rules to determine whether to allow or block the packet.
Prevents threats
A firewall protects against a variety of threats, including malware, hackers, and spyware. It can also help ensure compliance with data protection and privacy regulations.
What is RBAC?
The role of role-based access control (RBAC) is to manage user access to systems, networks, and resources based on their role within an organization. RBAC helps to protect sensitive data from improper access, modification, addition, or deletion.
What is RuBac?
Rule-based access control (RuBAC) is an access control system that allows user access to network resources according to pre-defined rules. In rule-based systems, administrators define the conditions users must meet before gaining access.
What is AUP?
AUP stands for Acceptable Use Policy, which is a set of rules that outline how to use a network, website, or other technology resources. AUPs are like a code of conduct for the digital world, and are designed to ensure the responsible and secure use of these resources.
What is EULA?
EULA stands for End-User License Agreement, which is a legal contract between a software developer or vendor and the user of their software. The primary purpose of a EULA is to protect the developer’s intellectual property rights.
What is SED?
Self encrypting drive
What is EFS?
Encrypting file system
What is DRP?
Disaster recovery plan
What is BCP?
Business continuity plan
What is IRP?
Incident response plan
What is DLP?
Data loss prevention
What is NFS?
Network File System - is a file server standard that allows users to access files on a remote computer as if they were local
What is NTFS?
New technology file system
What is WPA?
Wi-FI protected access, a security protocol that protects wireless networks from unauthorized.
What is TKIP?
Temporal key integrity protocol - an encryption protocol for wireless lans that provide more secure encryption than WEP
What is WEP?
