Lesson 1 Flashcards
CISSP
Certified information systems security professional
CIA triad
Confidentiality, Integrity, Availability
Domains of CISSP (1/8)
Security and risk management
Domains of CISSP (2/8)
Asset security
Domains of CISSP (3/8)
Security architecture/engineering
Domains of CISSP (4/8)
Communication network security
Domains of CISSP (5/8)
Identify access management
Domains of CISSP (6/8)
Security assessment and testing
Domains of CISSP (7/8)
Security operations
Domains of CISSP (8/8)
Software development
Password attack
Brute force
Rainbow table
Threat actor
Anyone that presents a security risk
BEC
Business email compromise
(Type of phishing attack)
Phishing
A security incident that affects not only digital but also physical environments
Morris worm
The worm exploited weak passwords. Morris’s exploits became generally obsolete due to decommissioning rsh (normally disabled on untrusted networks), fixes to sendmail and finger, widespread network filtering, and improved awareness of weak passwords
The 3 layers of the web
- The surface
- The deep
- The dark
Define security and risk management
Security goals and objectives. Risk mitigations (procedures and rules in place). Compliance (policies). Business continuity (maintaining). Legal legislations (laws, rules, ethics).
GDPR
General data protection regulation
PII
Personally identifiable information
Asset security
Securing personal identifiable information (PII)
IAM
Identity and access management
(Users following policies to maintain control)
Security assessment and testing
Control testing, Audits, collection of data
Security operations
Investigations implementation
Software development security
Coding, secure apps
Define Asset security
Storage, maintenance, retention, and destruction of both physical and virtual data.
SIEM
System information and event management
Define: Communication and network security
Focusing on managing and securing physical networks and wireless communications
