Security + Flashcards
Information Security
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction
Information Systems Security
Act of protecting the systems that hold and process the critical data
C.I.A. Triad
Confidentiality, Integrity, Availability
Confidentiality
Ensures that information is only accessible to those with the appropriate authorization
Integrity
Ensure that the data remains accurate, unaltered, and trustworthy unless modifications required
Availability
Ensures that information and resources are accessible and functional when needed by authorized users
Non-repudiation
Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved
AAA Security
Authorization, Authentication, Accounting
Control Plane
The overarching framework and set of components are responsible for defining, managing, and enforcing the policies related to user and system access within an organization.
Consists of adaptive identity, threat scope reduction, policy-driven access control, and secured zones.
Data Plane
Ensures that the policies and procedures are properly executed.
Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points
Hashing
Process of converting data into a fixed-size value
Checksum
Method to verify the integrity of the data during transmission
Regular Audits
Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed
Digital Signature
Created first by hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user’s private key using asymmetric encryption
Managerial Controls
Involve the strategic planning and governance side of security
Operational Controls
Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions
Physical Controls
Tangible real-world measures taken to protect assets
Preventative Controls
Proactive measures implemented to thwart potential security threats or breaches
Deterrent Controls
Aim to discourage potential attackers by making the effort seem less appealing or more challenging
Detective Controls
Monitor and alert organizations to malicious activities as the occur or shortly thereafter
IDS
Intrusion Detection System
Corrective Controls
Mitigate any potential damage and restore the systems to their normal state
Compensating Controls
Alternative measures that are implemented when primary security controls are not feasible or effective
Directive Controls
Policies or procedures that dictate specific actions or behaviors by users or systems.
Often rooted in policy or documentation and set the standards for behavior within an organization
Gap Analysis
Process of evaluating the differences between an organization’s current performance and its desired performance
Technical Gap Analysis
Involves evaluating an organization’s current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions
Business Gap Analysis
Involves evaluating an organization’s current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions
POA&M- Plan of Action and Milestones
Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed
Control Plane
Adaptive Identity
Use adaptive identities that rely on real-time validation that takes into account the user’s behavior, device, location, and other factors like that
Threat Scope Reduction
Limit the users’ access to only what they need for their work tasks because this drastically reduces the network potential attack surface
Policy-Driven Access Controls
This entails developing, managing, and enforcing user access policies based on their roles and responsibilities
Secured Zones
Isolated environments within a network that are designed to house sensitive data
Subject/System
Refers to the individual or entity attempting to gain access
Policy Engine
Cross-references the access request with its pre-defined policies
Policy Administrator
Used to establish and manage the access policies
Policy Enforcement Point
Allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks
Threat Actor
An individual or entity responsible for incidents that impact security and data protection
Unskilled Attackers
Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
Hacktivists
Cyber attackers who carry out their activities are driven by political. social, or environmental ideologies who often want to draw attention to a specific cause
Organized Crime
Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud
Nation-state Actors
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation-states or specific targets in a variety of industries
Insider Threats
Security threats that originate from within the organization
Shadow IT
IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval
Honeypots
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques
Honeynets
Network of Honeypots to create a more complex system that is designed to mimic an entire network of systems, including servers, routers and switches
Creates an entire network of decoy systems to observe complex, multi-stage attacks
Honeyfiles
Decoy files placed within systems to detect unauthorized access or data breaches
Honey Tokens
Fake pieces of data, like a fabricated user credential, are inserted into databases or systems to alert administrators when they are accessed or used
National-State Actors
Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals
False Flag Attack
Attack that is orchestrated in such a way that it appears to originate from a different source or group to mislead organizations or groups
Attack Surface
Encompasses all the various points where an unauthorized user can try to enter data or extract data from an environment
Images- Threat Vectors
Image-based threat vectors involve the embedding of the malicious code inside of an image file by the threat actor
Files- Threat Vectors
File-based threat vectors involve the use of malicious files to deliver a cyber attack
Voice Calls- Threat Vectors
Voice call-based threat vectors involve the use of voice calls to trick victims into revealing their sensitive information
BlueBorne
Set of vulnerabilities in Bluetooth technology that can allow an attacker to take over devices or spread malware
Blue Smack
Type of Denial of service attack that targets Blue-tooth-enabled devices by sending a specially crafted Logical Link Control and Adaptation Protocol packet to a target device
Tactics, Techniques, and Procedures (TTPs)
Specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors
Port Triggering
Security mechanism where specific services or ports on a network device remain closed until a specific outbound traffic pattern is detected
FAR- False Acceptance Rate
The rate that the system authenticates a user as valid, even though that person should not have been granted access to the system
FRR- False Rejection Rate
Occurs when biometrics denies a user who should have access
EER- Equal Error Rate
More commonly called Crossover Error Rate (CER), it uses a measure of the effectiveness of a given biometrics system to achieve a balance
Typosquatting
A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of typographical error
Water Hole Attacks
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use
Threat Vector
Specific method used by an attacker to infiltrate a victims machine
Attack Vector
A means by which an attacker gains access to a computer to infect the system with malware
Macro Virus
A form of code that allows a virus to be embedded inside another document so that when that document is opened by the user, the virus is executed
Program Virus
Tries to find executables or application files to infect their malicious code
Multipartite Virus
A combination of a boot sector type virus and a program virus
Polymorphic Virus
Advanced version of an encrypted virus, but instead of just encrypting the contents, it will change the virus’s code each time it is executed by altering the decryption module for it to evade detection
Metamorphic Virus
Able to rewrite itself entirely before it attempts to infect a given file
Stealth Virus
A technique used to prevent the virus from being detected by the anti-virus software
Armored Virus
Have a layer of protection to confuse a program or person who’s trying to analyze it
Remote Access Trojan (RAT)
This type of Trojan is widely used by modern attackers because it provides the attacker with remote control of the victims machine
DLL Injection
A technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library
Logic Bomb
Malicious code that’s inserted into a program, and will only execute when certain conditions have been met
