Section 1 Overview to Security Flashcards

1
Q

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction.

A

Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Act of protecting the systems that hold and process our critical data.

A

Information Security Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Confidentiality, Integrity, Availability

A

CIA Trad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Information has not been disclosed to unauthorized people.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Information has not been modified or altered without proper authorization.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information is able to be stored, accessed, or protected at all times.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When a person’s identity is established with proof and confirmed by all systems. Example: Logging in

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Something you know
  2. Something you have
  3. Something you are
  4. Something you do
  5. Somewhere you are
A

Five methods of Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Occurs when a user is given access to a certain piece of data or certain areas of a building.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tracking of data, computer usage, and network resources. (Information is stored in a log file)

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Occurs when you have proof that someone has taken an action.

A

Non-Repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Short-hand term for malicious software.

A

Malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Occurs when a computers crashes or an individual application fails.

A

System Failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Occurs when access to a computer resources and data happens without the consent of the owner.

A

Unauthorized Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Act of manipulating users into revealing confidential information or performing other detrimental actions.

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Alarm systems, locks, surveillance, cameras, identification cars, and security guards.

A

Physical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Smart cords, encryption, access control list (ACL’s), intrusion detection systems, and network authentication.

A

Technical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Policies, procedures, security awareness training, contingency, planning, and disaster recovery plans. (Sometimes called Managerial Controls)

A

Administrative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The most effective security control to use.

A

User Training

20
Q
  1. White Hats
  2. Black Hats
  3. Grey Hats
  4. Blue Hats
  5. Elite
A

Five Types of Hackers

21
Q

Non-malicious hackers who attempt to break into a company’s systems at their request. (Ethical hackers and Pen Testers)

A

White Hats

22
Q

Malicious hackers who break into computer systems and networks without authorization or permission.

A

Black Hats

23
Q

Hackers without any affiliation to a company that attempts to break into a company’s network and risks breaking the law.

A

Grey Hats

24
Q

Hackers who attempt to hack into a network with permission of the company but are not employed by the company.

A

Blue Hats

25
Q

Hackers who find and exploit vulnerabilities before anyone else does. ( 1 in 10,000 hackers are elite)

A

Elite

26
Q

Have limited skills and only run other peoples exploits and tools.

A

Script Kiddies

27
Q

Hackers who are driven by a cause like social change, political agendas, or terrorism.

A

Hacktivists

28
Q

Hackers who are part of a crime group that is well funded and highly sophisticated.

A

Organized Crime

29
Q

Highly trained and funded groups hackers (often by nation states) with covert and open source intelligence at their disposal.

A

Advanced Persistent Threats

30
Q

Property of an intelligence source that ensures it is up to date.

A

Timeliness

31
Q

Property of an intelligence source that ensures it matches the use cases intended for it.

A

Relevancy

32
Q

Property of an intelligence source that ensures it produces effective results.

A

Accuracy

33
Q

Property of an intelligence source that ensures it produces qualified statements about reliability.

A

Confidence Levels

34
Q

Codifies the use of the admiralty scale for grading data and estimative language.

A

MISP Project

35
Q

Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subjected to a subscription fee.

A

Proprietary

36
Q

Data that is derived from the providers own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.

A

Closed-Source

37
Q

Data that is available to use without subscription, which may include threat feeds similar to the commercial providers and many contain reputation lists and malware signature databases.

A

Open-Source

38
Q

Methods of obtaining information about a person or organization through public records, websites, and social media.

A

Open-Source Intelligence (OSINT)

39
Q

A cybersecurity technique designed to detect presence of threats that have not been discovered by a normal security monitoring.

A

Threat Hunting

40
Q

A hypothesis is derived from the threat modeling and is based on potential events with higher likelihood and higher impact.

A

Establishing a Hypothesis

41
Q

Involves the creation of scenarios that show how a prospective attacker might attempt an intrusion and what their objectives might be.

A

Profiling Threat Actors and Activites

42
Q

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion.

A

Lockheed Martin Killchain

43
Q
  1. Reconnaissance
  2. Weaponization
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control (C2)
  7. Actions on Objectives
A

Seven stop Method for the Killchain

44
Q

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures.

A

MITRE Att&ck Framework

45
Q

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim.

A

Diamond Model of Intrusion Analysis