Key words Flashcards
What does CIA stand for and what is meant by each letter of the CIA?
Confidentiality, Integrity and Availability
What is the meaning of Non - Repudiation?
Non- repudiation is the idea that someone cannot deny the validity of something, or that they cannot dispute responsibility for an action. In information systems, thus can be achieved through hashing and digital signatures amongst other ways. An example of this is when someone sends data, that the third party can verify that it came from the sender.
What is confidentiality of information and how can it be achieved?
Prevent the disclosure of information to unauthorised individuals or systems - Certain information should only be known to certain people
Some of the ways in which this can be achieved are as follows:
Encryption - Encrypt data so only some certain people can read it
Access controls - Restrict access to a resource
MFA - An extra layer of security to prevent unauthorised access to a resource
What is integrity of information and how can it be achieved?
Data cannot be modified without detection - This is to ensure that data received is the data that was sent and that no changes were made - We should be able to identify any modification
Hashing - This involves mapping an arbitrary length of data to data of a fixed length - If data received is different to data sent then the hash of the data would be different
Digital Signature
Certificates
What is availability and how can it be achieved?
Systems & networks must be up and running
Fault tolerance
Redundancy
Patching - Adds stability and closes security holes
What is a digital signature, what is the purpose and how does it work?
This is a hash that has been encrypted with an asymmetrical encryption algorithm. The hash allows us to verify that the data that has been sent has not been changed and the encryption allows us to confirm the person who sent the data - Provides an additional level of integrity in comparison to hashing alone.
What is a Digital Certificate, what is the purpose and how does it work?
What does AAA stand for?
Authentication - Determines if a user, device, or system is allowed to access the network
Authorization - Determines what an authenticated entity can do within the network
Accounting - Measures what a user is doing within a system, what data is accessed, received or sent and the time of these actions - Think logs.
What is a Certificate Authority and provide the names of 3 Root CA’s?
A certificate authority is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.
A digital certificate provides:
Authentication, by serving as a credential to validate the identity of the entity that it is issued to.
Encryption, for secure communication over insecure networks such as the internet.
Integrity of documents signed with the certificate so that they cannot be altered by a third party in transit.
These certificates allow secure, encrypted communication between two parties through public key cryptography. The CA verifies the certificate applicant’s identity and issues a certificate containing their public key. The CA will then digitally sign the issued certificate with their own private key which establishes trust in the certificate’s validity.
What is a GAP analysis and what is it used for?
A gap analysis is the process whereby a company examines their current performance/state vs their desired performance and state. This is then used to map out the required actions needed in order to reach that desired performance/state.
Allows you to work towards a baseline - Could be a cybersecurity framework like NIST CSF or the ISO 27001 or a regulatory requirement ie DORA for finance
What is the principle of Zero Trust?
Zero trust is a security model that treats all users, devices, and components as untrusted by default and requires strict identity authentication and authorization
What is meant by the principal of least privilege?
This is a cybersecurity concept that limits access of users, devices, applications and systems to only what they need to perform their job
What is change management, purpose of it and benefits?
Change management is a structure process that helps companies implement changes as smooth as possible and to ensure that any potential issues can be foreseen as best as possible and that employees are prepared for that change.
What is meant by redundancy?
Ensuring that your systems are redundant can improve availability of systems by ensuring systems can continue to function if something fails because there is a backup or alternative way of executing a specific function
Data redundancy - This would involve creating multiple copies of data to minimising the risk of data loss - Think backups and data replication
Geographic redundancy - Replicating data and applications across multiple locations to ensure systems remain available during a disaster.
Hardware redundancy - Provide backup for important and fault prone components to improve system reliability
Power redundancy - In the case that the main power goes down, main systems can be kept running by using a UPS (uninterruptible power supply)
Automatic Failover - Enable a backup system to automatically takeover if the main system goes down
Regular testing - testing backup systems in order to ensure that these systems can be relied upon if needed
What is the difference between Fault tolerance and redundancy?
Fault tolerance is when the overall system can tolerate the failure of a system whereas redundancy is where a particular function can be performed in more than one way - Redundancy is one way of achieving fault tolerance
What is data obfuscation?
Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access.
What is steganography?
the practice of concealing messages or information within other non-secret text or data.
What is a threat vector?
A method used by the attacker to gain access to your system - also called an attack vector
What is meant by adaptive identity?
It is an advanced form of authentication that goes beyond traditional methods such as passwords and PINs. Adaptive authentication takes into account contextual information such as location, device, behavior, and risk level to determine whether a user should be granted access or not.
What is PKI?
What is tokenisation and what are some use cases?
What is HIPS?
Host Intrusions Prevention System - A host intrusion prevention system (HIPS) is an approach to security that relies on third-party software tools to identify and prevent malicious activities. Host-based intrusion prevention systems are typically used to protect endpoint devices. Once it detects malicious activity, the HIPS tool can take a variety of actions, including sending an alarm to the computer user, logging the malicious activity for future investigation, resetting the connection, dropping malicious packets and blocking subsequent traffic from the suspect IP address. Some host intrusion prevention systems allow users to send logs of malicious activity and suspicious code directly to the vendor for analysis and possible identification.
What is stateful inspection?
What is stateless inspection?
What is ACL?
An access control list is a security mechanism that controls access to data and resources in a network.
ACLS are made up of rules that determine which users or systems can access specific resources.
What is SDLC?
Software Development Lifecycle is the cost effective and time efficient process that development teams use to design and build high-quality software. The goal is to minimise project risks through forward planning.
The seven phases are:
Phase 1 - Planning
Phase 2 - Requirements analysis
Phase 3 - Design
Phase 4 - Coding
Phase 5 - Testing
Phase 6 - Deployment
Phase 7 - Maintenance
What is IDP?
Identity provider - A system that stores, manages and creates digital identities. They can directly authenticate users or provide authentication services to third party service providers.
What is UTM?
Unified threat management - is a network security solution that combines multiple security features into one device or service. UTM appliances typically include the following security functions:
Antivirus
Anti-spam - Tags or blocks unwanted e-mail traffic
Content filtering - Filters traffic based on file extension, mime type and protocol commans
Network Firewall - Protects against network-level attacks
Intrusion detection and prevention - Protcts against intrusion attempts
What is NGFW?
A traditional firewall provides stateful inspection of network traffic. It allows or blocks traffic based on state, port, and protocol, and filters traffic based on administrator-defined rules.
A next-generation firewall (NGFW) does this, and so much more. In addition to access control, NGFWs can block modern threats such as advanced malware and application-layer attacks. According to Gartner’s definition, a next-generation firewall must include:
Standard firewall capabilities like stateful inspection
Integrated intrusion prevention
Application awareness and control to see and block risky apps
Threat intelligence sources
Upgrade paths to include future information feeds
Techniques to address evolving security threats
What is SLE and how is it calculated?
Single loss expectancy - This is a risk assessment formula - Calculates the estimated financial loss that might occur if an asset is compromised - Asset value multiplied by exposure factor
What is ARO?
Annual rate of occurence - This is a risk assessment formula - Calculates the estimated probability that of how many time an incident may occur within a given year. Calculated by dividing the number of estimated incidents by the time frame - ARO = Incidents/year
ARO is often based on historical data or expert judgment. It can be used to: Understand and manage risk exposure, Prioritize security investments, and Prioritize mitigation strategies.
What is ALE?
Annual loss expectancy - a financial metric that estiamtes the yearly cost of a potential risk to an organisation. Its calculated by multiplying the annual rate of occurence (ARO) by the single loss expectancy (SLE)
What is SLA?
Service level agreement - A written contract that defines the level of service a provider will deliver. Typically between a client and service provider but can also be used between departments within a company.
SLA’s outline the following:
Services - services that will be delivered
Responsiveness - The level of responsiveness that can be expected
Performance metrics - how perfomance will be measured, such as uptime, delivery time, response time and resolution time
Course of action - What will happen if requirements are not met such as additional support or pricing discounts
What is MSA?
Master service agreement which is a legally binding contract that outlines the terms and conditions for a business relationship between two or more parties
What is BPA?
BPA stands for Best Practice Assessment, a tool that helps users evaluate their firewall configuration against best practices
What is MOA?
MOA is an acronym for Memorandum of Agreement, which is a document that clarifies the responsibilities of parties involved in a cybersecurity agreement. MOAs are often used to establish a smooth working relationship between parties.
What is PKI?
What is PII?
Personally Identifiable Information, which is any data that can be used to identify a specific person. PII is considered sensitive data and is often targeted by attackers in data breaches.
What is the role of a firewall?
A firewall’s primary role is to protect a network from unauthorized access and harmful data by monitoring and filtering network traffic:
Separates networks
A firewall acts as a barrier between a private network and the public internet. It prevents unauthorized users from accessing the private network.
Filters traffic
A firewall inspects and authenticates each data packet that passes through the network. It uses a set of security rules to determine whether to allow or block the packet.
Prevents threats
A firewall protects against a variety of threats, including malware, hackers, and spyware. It can also help ensure compliance with data protection and privacy regulations.
What is RBAC?
The role of role-based access control (RBAC) is to manage user access to systems, networks, and resources based on their role within an organization. RBAC helps to protect sensitive data from improper access, modification, addition, or deletion.
What is RuBac?
Rule-based access control (RuBAC) is an access control system that allows user access to network resources according to pre-defined rules. In rule-based systems, administrators define the conditions users must meet before gaining access.
What is AUP?
AUP stands for Acceptable Use Policy, which is a set of rules that outline how to use a network, website, or other technology resources. AUPs are like a code of conduct for the digital world, and are designed to ensure the responsible and secure use of these resources.
What is EULA?
EULA stands for End-User License Agreement, which is a legal contract between a software developer or vendor and the user of their software. The primary purpose of a EULA is to protect the developer’s intellectual property rights.
What is SED?
Self encrypting drive
What is EFS?
Encrypting file system
What is DRP?
Disaster recovery plan
What is BCP?
Business continuity plan
What is IRP?
Incident response plan
What is DLP?
Data loss prevention
What is NFS?
Network File System - is a file server standard that allows users to access files on a remote computer as if they were local
What is NTFS?
New technology file system
What is WPA?
Wi-FI protected access, a security protocol that protects wireless networks from unauthorized.
What is TKIP?
Temporal key integrity protocol - an encryption protocol for wireless lans that provide more secure encryption than WEP
What is WEP?
What is meant by the term KEK?
Key Encryption Key, which is a cryptographic key that protects other keys
What is POP3 used for?
What is SAAS?
Software-as-a-service (SaaS) applications run in the cloud. Users subscribe to SaaS applications instead of purchasing them, and they access them over the Internet.
What is PAAS?
Platform as a service
What is IAAS?
Infrastructure as a service
What is FAAS?
Function as a service
What is GDPR?
GDPR stands for General Data Protection Regulation, which is a European Union (EU) law that governs how personal data can be processed and transferred. The GDPR is considered the world’s strongest privacy and security law.
What is HIPPA?
HIPAA, or the Health Insurance Portability and Accountability Act, is a US federal law that protects sensitive patient health information (PHI)
What is PCI DSS?
PCI DSS stands for Payment Card Industry Data Security Standard, a set of rules and guidelines that protect cardholder data and authentication information. It’s a global requirement for any business that processes credit, debit, or prepaid cards, including those that use a third party for transactions.
What is PII?
Personally Identifiable Information (PII) is any data that can be used to identify a person, either directly or indirectly. PII is considered sensitive data and is often used in identity theft.
What is SCADA?
SCADA stands for Supervisory Control and Data Acquisition, and it’s a computerized system that monitors, controls, and manages industrial processes. SCADA systems are used in a variety of industries.
What is HVAC?
HVAC stands for heating, ventilation, and air conditioning. It’s a system that controls the temperature, humidity, and air quality of indoor spaces. HVAC systems are used in residential, commercial, and industrial settings.
What is 802.1x?
802.1X is an IEEE standard that controls network access for devices and users on wired and wireless networks. It’s designed to increase the security of local area networks (LANs) by authenticating devices before they can access the network.
What is PSK?
What is SPIM?
SPIM stands for “spam over instant messaging” and is a type of spam that targets users of instant messaging (IM) services, SMS, or private messages within websites. SPIM messages are similar to email spam, but they appear on your screen as soon as they are sent, making them harder to filter and block.
What is OSINT?
Open-source intelligence (OSINT) is the process of gathering and analyzing information from publicly available sources to gain insight. OSINT can be used for many purposes
What is IoC?
Indicators of compromise
What is IPsec?
IPsec is a group of protocols for securing connections between devices. IPsec helps keep data sent over public networks secure
What is SOW?
SOW is an acronym for Statement of Work, a legally binding document that outlines the details of a project. It’s a crucial document that serves as a roadmap for a project, and is typically created and agreed upon before a more detailed scope of work is drafted.
What is MOU?
A memorandum of understanding is an agreement between two or more parties outlined in a formal document. It is not necessarily legally binding, which depends on the signatories’ intent and the language in the agreement, but signals the willingness of the parties to move forward with a contract.
What is RPO?
The maximum amount of data loss that is acceptable after an unplanned data loss incident. RPO is expressed as a time frame, which is usually the point before the incident when data can be recovered.
What is MTTR?
mean time to repair, which is a metric that measures the average time it takes to fix a system or piece of equipment after it has failed. It includes the time it takes to repair the system, as well as any testing time, until the system is fully functional again.
What is RTO?
RTO stands for Recovery Time Objective, which is the maximum amount of time that a system, network, application, or computer can be down after a failure or disaster. It’s a key part of business continuity and disaster recovery planning, and it helps determine how quickly a company needs to restore operations to avoid significant impact.
What is MTTF?
Mean Time to Failure
What is S/MIME?
What is TACACS+?
What is RADIUS?
What is CRL?
Certificate Revocation List
What is a PED?
Portable Electronic Device
What is SRTP?
What is WIPS?
What is ESP?
Encapsulating Security Payload
What is EAP?
What is CHAP?
What is MS-CHAP?
What is PAP?
What is ATT&CK?
What is ECC?
What is ASLR?
What is the role of RA in PKI?
What is URI?
What is Oauth?
What is SAML?
What is SQLI?
What is APT?
What is STIX?
What is CVE?
CVE stands for common vulnerabilities and exposures, a publicly available list of known computer security vulnerabilities. Each vulnerability is assigned a unique identifier
What is CVSS?
Common vulnerability scoring system - Used to help organisations prioritise their responses to different security threats
What is a WAF?
Web application firewall
What is UEM?
Unified endpoint management
What is OSPF?
Open shortest path first is a routing protocol thats used to direct traffic on IP networks
What is BGP?
Border gateway protocol
What is SIEM?
Security information and event management
What is SOAR?
Security orchestration, automation and response
What is SWG?
Secure web gateway
What is RDP?
Remote desktop protocol
What is VNC?
Virtual Network Computing (VNC) is a cross-platform system that allows a user to remotely control another computer’s screen, keyboard, and mouse
What is MAC?
What is FACL?
File access control list
What is TTP?
Tactics, Techniques, and Procedures (TTPs) are a cybersecurity framework that describes how cybercriminals plan and execute attacks. TTPs are a key concept in cybersecurity and threat intelligence, and are used to identify patterns of behavior that can be used to defend against attacks.
What is FDE?
Full disk encryption
What is RIP?
What is RAS?
What is ECDSA?
What is HMAC?
What is ECDHE?
What is TAXII?
What is ICS?
What is RFID?
What is NFC?
What is L2TP?
What is PGP?
What is OTA?
What is a PUP?
Potentially unwanted program
what is IKE?
What is FRR?
False reject rate
What is SCAP?
What is DEP?
Data execution prevention
What is API?
APIs are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols. For example, the weather bureau’s software system contains daily weather data. The weather app on your phone “talks” to this system via APIs and shows you daily weather updates on your phone.
API stands for Application Programming Interface. In the context of APIs, the word Application refers to any software with a distinct function. Interface can be thought of as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses.
What is ICS?
Industrial Control System
What is SDLM?
What is CASB?
What is RAD?
