Keywords from Luke Flashcards
CIA Triad
A security model focusing on Confidentiality, Integrity, and Availability.
Ethical Hacker
An individual who exploits systems legally and ethically to find vulnerabilities.
Cyber Security Researcher
Professionals studying digital threats and security measures.
Controls
Security measures to mitigate risk.
Internetworked Information Systems
Integrated systems that share data and resources.
TLA
Three-Letter Acronym, typically referring to security protocols.
Advanced Persistent Threats (APT)
Long-term targeted cyber attacks.
5 Eyes
An intelligence alliance comprising five Anglophone countries.
Google Dork
A search string for finding specific data using Google.
Operation Aurora
Google’s cybersecurity incident in 2009.
IR - Incident Responder
A professional dealing with cybersecurity incidents.
Playbook
A strategic outline for cybersecurity operations.
ACSC & JCSC
Australian Cyber Security Centre and Joint Cyber Security Centres respectively.
Zero Trust
Security model that does not inherently trust any entity.
Control
Mechanisms that enforce policy within systems.
Attribution
Identifying the origin of a cyberattack.
Sec Ops
Security Operations, often involved in maintaining day-to-day security.
Signal Intelligence (SigInt)
Collection and analysis of electronic signals and communications by other nations.
0-day
A software vulnerability that is unknown to those who should be interested in its mitigation.
C2 Servers (C & C)
Command and Control servers used by attackers to maintain communications with compromised systems.
Hack Back
Act of hacking against an entity that has attacked you first.
Systems of National Significance
Important infrastructures whose compromise can affect national security.
Ransomware
Malware that encrypts files and demands payment for their release.
Exfiltrate Data
Unauthorized copying, transfer or retrieval of data.
Confidentiality, Integrity, Availability (CIA Triad):
Three fundamental principles of information security.
DOS/DDOS Attacks
Denial of Service and Distributed Denial of Service attacks to make a machine or network resource unavailable.
Elastic Computing
The ability to acquire computing resources on demand and to scale.
TCP, UDP, SSL/TLS
Protocols for transmitting data over the Internet.
Personally Identifiable Information (PII)
Information that can be used to identify an individual.
NZISM
New Zealand Information Security Manual.
Hikvision / EUFY / Wyze
Brands associated with security surveillance technologies.
Control
Any measure used to help implement a security measure.
Scope
The extent to which cybersecurity measures are applied.
Cyber Extortion:
The act of demanding money by threatening to expose confidential information.
CellerBrite
A data extraction solution commonly used by law enforcement.
Patch Tuesday
The day Microsoft releases security patches.
Hide My Email
A feature that helps in protecting email privacy.
Confidentiality, Identification, Authentication, Authorization, and Accountability (IAAA)
Components essential for secure transactions.
User/Service Accounts
Accounts that have specific roles and privileges.
Insider Threat
Risks posed by individuals within the organization.
Defence in Depth
Layered security measures
Software Vulnerabilities and Misconfigurations
Weaknesses and incorrect settings in software.
AWS S3 Buckets
Cloud storage resources on Amazon Web Services.
API
Application Programming Interface for software interactions.
DLP
Data Loss Prevention, techniques to prevent unauthorized data access.
Deprecated
Marked for obsolescence.
Public/Private Keys, Plaintext, Ciphertext, Cipher, Brute Force
Elements and techniques in cryptography.
Confusing, Diffusion
Methods to complicate deciphering.
Security Through Obscurity, Information Wants to be Free
Philosophical stances in cybersecurity.
Glasswire
A network monitoring tool.
Random Numbers, Salts
Elements for cryptographic randomness
Symmetric and Asymmetric Encryption
Two main categories of encryption based on key usage.
Integer
A type of data that represents whole numbers.
ECC
Elliptic Curve Cryptography, a type of public-key cryptography.
Polymorphic Viruses
Viruses that can alter their code to evade traditional security measures.
Hugging Face
An AI research organization specializing in natural language processing
Kevin Mitnick
A renowned hacker-turned-security consultant.
KnowB4
A platform for security awareness training.
Script Kiddie
A pejorative term for individuals with limited understanding who use pre-written hacking tools.
Hashing
The process of converting data into a fixed-size string of characters.
MD5 Hashing
An older, commonly used hashing algorithm.
Avalanche Effect
A desirable property of cryptographic algorithms where a small change in input significantly changes the output.
SHA-2
A family of cryptographic hash functions.
Base64
An encoding scheme that converts binary data to ASCII string format.
Algorithm
A procedure for solving computational problems.
AES, DES, IDEA, Blowfish, RC4, RC5, RC6
Types of encryption algorithms.
Data at rest/in use
States of data storage during lifecycle.
Man in the Middle
A form of eavesdropping attack.
PCI DSS
Security standards for all organizations that handle credit card information.
NIST SP-800-39
A comprehensive guide for federal agencies to manage information security risk.