Security Operations Flashcards
Identifies any unacceptable deviation from expected behavior based on actual traffic structure.
Traffic Anomaly-based IDS
Science of hiding information
Steganography
Analyzes event data by comparing it to typical, known, or predicted traffic profiles in an effort to find potential security breaches.
Statistical Anomaly-based IDS
Credential cards with one or more microchip processing that accepts or processes information & can be contact or contactless.
Smart Cards
Accounts used to provide privileged access used by system services & core applications.
Service Accounts
Group of technologies which aggregate information about access controls & selected system activity to store for analysis & correlation.
Security Information & Event Management (SIEM)
A form of software virtualization that lets programs & processes run in their own isolated virtual environment.
Sandboxing
Lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock.
Rim Lock
Measure of the existing magnetic field on the media after degaussing
Remanence
A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise.
Data Loss Prevention (DLP)
Discipline for evaluating, coordinating, approving or disapproving, & implementing changes in artifacts that are used to construct & maintain software systems.
Configuration Management
Lock controlled by touch screen, typically 5-10 digits that when pushed in the right combination the lock will release & allows entry.
Cipher Lock
The who, what, when, where, and how the evidence was handled - from its identification through its entire life cycle, which ends with destruction, permanent archiving, or returning to owner.
Chain of Custody
Devices that use a magnetic field or mechanical contact to determine if an alarm signal is initiated.
Balanced Magnetic Switch (BMS)
Accounts that are assigned only to named individuals that require Admin access to the system to perform maintenance activities, & should be different & separate from a user’s normal account.
Admin Accounts
Device that uses passive listening devices
Acoustic Sensors
Technology that alerts organizations to adverse or unwanted activity.
Intrusion Detection Systems (IDS)
Provide a quick way to disable a key by permitting one turn of the master key to change a lock
Instant Keys
A focused Infrared (IR) light beam is projected from an emitter & bounced off of a reflector that is placed at the other side of the detection area.
Infrared Linear Beam Sensors
Practice of monitoring & potentially restricting the flow of information outbound from one network to another.
Egress Filtering
States that when a crime is committed, the perpetrators leave something behind & take something with them, hence the exchange.
Locard’s Exchange Principle
Data that are dynamic & exist in running processes or other volatile locations (RAM) that disappear in a relatively short time once the system is powered down.
Live Evidence
Two or more honeypots on a network
Honeynet
A centralized collection of honeypots & analysis tools
Honeyfarm
