Security Plus Terms Flashcards
A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.
AAA (authentication, authorization, and accounting)
An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.
ABAC (attribute-based access control) .
A collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).
Account Policies
A collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read only, read/write, and so on).
ACL (Access Control List)
The practice of responding to a threat by destroying or deceiving a threat actor’s capabilities.
Active defense
Using AI to identify vulnerabilities and attack vectors to circumvent security systems.
Adversarial AI (adversarial artificial intelligence)
A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.
AES (Advanced Encryption Standard)
A software development model that focuses on iterative and incremental development to account for evolving requirements and expectations.
Agile model (Agile)
An IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks.
AH (authentication header)
A type of network isolation that physically separates a network from all other networks.
Air gap
Threat intelligence data feed operated by the (DHS), Department of Homeland Security.
AIS (Automated Indicator Sharing)
The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE, Single Loss Expectancy by the Annual Rate of Occurrence (ARO). SLE x ARO=ALE
ALE (annual loss expectancy)
A device that provides a connection between wireless devices and can connect to wired networks. Also known as wireless access point or WAP.
AP (access point)
A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system.
API (application programming interface)
A Layer 7 firewall technology that inspects packets at the Application layer of the OSI model.
Application aware firewall
Software designed to run on a server to protect a particular application such as a web server or SQL server.
Application firewall
An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.
APT (advanced persistent threat)
Producing programmable circuit boards for education and industrial prototyping.
Arduino Open-source platform
In risk calculation, an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur.
ARO (annual rate of occurrence)
An optional security feature of a switch that prevents excessive ARP replies from flooding a network segment.
ARP inspection
A network-based attack where an attacker with access to the target local network segment redirects an IP address to the MAC address of a computer that is not the intended recipient. This can be used to perform a variety of attacks, including DoS, spoofing, and Man-in-the-Middle.
ARP poisoning (ARP spoofing)
A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.
Also known as (Elliptic Curve Cryptography) or ECC.
Asymmetric algorithm (Public Key)
A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and procedures.
ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge)
The points at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor.
Attack surface
A specific path by which a threat actor gains unauthorized access to a system. Also known as vector.
Attack vector
A PNAC (Port-based network access control) switch or router that activates EAPoL and passes a supplicant’s authentication data to an authenticating server, such as a RADIUS server.
EAPoL (Extensible Authentication Protocol (EAP) over LAN (EAPoL Protocol) is a network port authentication protocol used in IEEE 802.1X (Port Based Network Access Control) developed to give a generic network sign-on to access network resource)
Authenticator
Using scripts and APIs to provision and deprovision systems without manual intervention.
Automation
The Sleuth Kit is an open source collection of command line and programming libraries for disk imaging and file analysis. Autopsy is a graphical frontend for these tools and also provides a case management/workflow tool. Also known as Sleuth Kit.
Autopsy
The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.
Availability
Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers.
BAS (building automation system)
The chip and firmware in a smartphone that acts as a cellular modem.
Baseband radio
A collection of security and configuration settings that are to be applied to a particular system or network in the organization.
Baseline configuration
A command shell and scripting language for Unix-like systems.
Bash (Bourne again shell)
A server typically found in a DMZ that is configured to provide a single service to reduce the possibility of compromise.
Bastion host
A network monitoring system that detects changes in normal operating data sequences and identifies abnormal sequences. Also known as behavior-based detection.
Behavioral analysis
A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.
BIA (business impact analysis)
A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.
Birthday Attack
A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.
Block Cipher
A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.
Blockchain
The defensive team in a penetration test or incident response exercise.
Blue team
Sending an unsolicited message or picture message using a Bluetooth connection.
Bluejacking
A wireless attack where an attacker gains access to unauthorized information on a device using a Bluetooth connection.
Bluesnarfing
Report of boot state integrity data that is signed by a tamper-proof TPM key and reported to a network server.
Boot Attestation
A set of hosts that has been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks. Also known as zombie.
Botnet
Agreement by two companies to work together closely, such as the partner agreements that large IT companies set up with resellers and solution providers.
BPA (business partnership agreement)
Switch port security feature that disables the port if it receives BPDU notifications related to spanning tree. This is configured on access ports where there any BPDU frames are likely to be malicious.
BPDU guard (Bridge Protocol Data Unit guard)
A type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.
Brute Force Attack
An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.
Buffer overflow
Reward scheme operated by software and web services vendors for reporting vulnerabilities.
Bug bounty
Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.
BYOD (bring your own device)
An infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets. Also known as C2.
C&C (command and control), C2
A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
CA (certificate authority)
Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.
Cable lock
A smart card that provides certificate-based authentication and supports two-factor authentication. A CAC is produced for Department of Defense employees and contractors in response to a Homeland Security Directive.
CAC (common access card)
A serial network designed to allow communications between embedded programmable logic controllers.
CAN bus (controller area network bus)
An image of text characters or audio of some speech that is difficult for a computer to interpret. CAPTCHAs are used for purposes such as preventing bots from creating accounts on web forums and social media sites to spam them.
CAPTCHA (completely automated public turing test to tell computers and humans apart)
A web page or website to which a client is redirected before being granted full network access.
Captive portal
Training event where learners must identify a token within a live network environment.
Capture the flag
Duplicating a smart card by reading (skimming) the confidential data stored on it. Also known as skimming.
Card cloning/skimming
The process of extracting data from a computer when that data has no associated file system metadata.
Carving
Enterprise management software designed to mediate access to cloud services by users across all types of devices.
CASB (cloud access security broker)
Linux command to view and combine (concatenate) files.
Cat command
An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block.
CBC (cipher block chaining)
An encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.
CCMP (counter mode with cipher block chaining message authentication code protocol)
A method of sanitizing a self-encrypting drive by erasing the media encryption key.
CE (cryptographic erase)
The record of evidence history from collection, to presentation in court, to disposal.
Chain of custody
The process by which the need for change is recorded and approved.
Change Control
The process through which changes to the configuration of information systems are implemented, as part of the organization’s overall configuration management efforts.
Change Management
Developed for dial-up networks that uses an encrypted three-way handshake to authenticate the client to the server. The challenge-response is repeated throughout the connection (though transparently to the user) to guard against replay attacks.
CHAP (Challenge Handshake Authentication Protocol) Authentication scheme
The output of a hash function. chmod Linux command for managing file permissions.
Checksum
The three principles of security control and management. Also known as the information security triad. or AIC triad.
CIA triad (confidentiality, integrity, and availability)
A Layer 5 firewall technology that tracks the active state of a connection, and can make decisions based on the contents of network traffic as it relates to the state of the connection.
Circuit-level stateful inspection firewall
A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations).
CIS (Center for Internet Security)
An organizational policy that mandates employee work areas be free from potentially sensitive information; sensitive documents must not be left out where unauthorized personnel might see them.
Clean desk policy
Classifying the ownership and management of a cloud as public, private, community, or hybrid.
Cloud deployment model
Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix.
Cloud Security Alliance
Classifying the provision of cloud services and the limit of the cloud service provider’s responsibility as software, platform, infrastructure, and so on. clustering A load balancing technique where a group of servers are configured as a unit and work together to provide network services.
Cloud service model
An X500 attribute expressing a host or user name, also used as the subject identifier for a digital certificate.
CN (common name)
Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited.
COBO (corporate owned, business only)
Professional behavior depends on basic ethical standards, such as honesty and fairness. Some professions may have developed codes of ethics to cover difficult situations; some businesses may also have a code of ethics to communicate the values it expects its employees to practice. Also known as ethics.
Code of conduct
Potentially unsecure programming practice of using code originally written for a different context.
Code reuse
The method of using a digital signature to ensure the source and integrity of programming code.
Code signing
A predetermined alternate location where a network can be rebuilt after a disaster.
Cold site
A network appliance that gathers or receives log and/or state data from other network systems.
Collector
In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.
Collision
A cloud that is deployed for shared use by cooperating tenants.
Community cloud
A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
Compensating control
The fundamental security goal of keeping information and communications private and protecting them from unauthorized access. containerization A type of virtualization applied by a host operating system to provision an isolated execution environment for an application.
Confidentiality:
Information has not been disclosed to unauthorized people.
Integrity:
Information has not been modified or altered without proper authorization.
Availability:
Information is able to be stored, accessed, or protected at all times.
A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).
Content filter
An access control scheme that verifies an object’s identity based on various environmental factors, like time, location, and behavior.
Context-aware authentication
Software development method in which app and platform requirements are frequently tested and validated for immediate availability.
Continuous delivery
Software development method in which app and platform updates are committed to production rapidly.
Continuous deployment
Software development method in which code updates are tested and committed to a development or build server/code repository rapidly.
Continuous integration
The technique of constantly evaluating an environment for changes so that new risks may be more quickly detected and business operations improved upon. Also known as continuous security monitoring or CSM.
Continuous monitoring
Risk that arises when a control does not provide the level of mitigation that was expected.
Control risk
Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted.
COPE (corporate owned, personally enabled)
A type of security control that acts after an incident to eliminate or minimize its impact. correlation Function of log analysis that links log and state data to identify a pattern that should be logged or alerted as an event.
Corrective control
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).
Counter mode (CTM)
Brute force attack in which stolen user account names and passwords are tested against multiple websites.
Credential stuffing
A list of certificates that were revoked before their expiration date.
CRL (certificate revocation list)
Biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.
Crossover error rate
A vendor offering public cloud service models, such as PaaS, IaaS, or SaaS.
CSP (cloud service provider)
A Base64 ASCII file that a subject sends to a CA to get a certificate.
CSR (certificate signing request)
The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. Also known as threat intelligence.
CTI (cyber threat intelligence)
Implementation of a sandbox for malware analysis.
Cuckoo
Utility for command-line manipulation of URL-based protocol requests.
Curl command
Scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.
CVE (Common Vulnerabilities and Exposures)
A risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information.
CVSS (Common Vulnerability Scoring System)
Enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.
CYOD (choose your own device)
Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).
DAC (discretionary access control)
Information that is primarily stored on specific media, rather than moving from one medium to another.
Data at rest
When confidential or private data is read, copied, or changed without authorization. Data breach events may have notification and reporting requirements.
Data breach
In privacy regulations, the entity that determines why and how personal data is collected, stored, and used.
Data controller
An individual who is responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures.
Data custodian
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
Data exfiltration
A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database.
Data exposure
The overall management of the availability, usability, and security of the information used in an organization.
Data governance
Information that is present in the volatile memory of a host, such as system memory or cache.
Data in processing
Information that is being transmitted between two hosts, such as over a private network or the Internet. Also known as data in motion.
Data in transit
A de-identification method where generic or placeholder labels are substituted for real data while preserving the structure or format of the original data.
Data masking
In data protection, the principle that only necessary and sufficient personal information can be collected and processed for the stated purpose.
Data minimization
A senior (executive) role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset.
Data owner
In privacy regulations, an entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector.
Data processor
Leftover information on a storage medium even after basic attempts have been made to remove that data. Also known as remnant.
Data remnant
In data protection, the principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction.
Data sovereignty
An individual who is primarily responsible for data quality, ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations.
Data steward
A configuration option that enables a switch to inspect DHCP traffic to prevent MAC spoofing.
DHCP snooping
Linux command that makes a bit-by-bit copy of an input file, typically used for disk imaging.
dd command
An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.
DDoS attack (distributed denial of service attack)
Code in an application that is redundant because it will never be called within the logic of the program flow.
Dead code
Spoofing frames to disconnect a wireless station to try to obtain authentication data to crack.
De-authentication/disassociation
Cybersecurity resilience tools and techniques to increase the cost of attack planning for the threat actor.
Deception and disruption
Default administrative and guest accounts configured on servers and network devices are possible points of unauthorized access.
Default account
A security strategy that positions the layers of network security as network traffic roadblocks; each layer is intended to slow an attack’s progress, rather than eliminating it outright.
Defense in depth
The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive’s magnetic charge.
Degaussing
In data protection, methods and technologies that remove identifying information from data before it is distributed.
De-identification
The process of removing an application from packages or instances.
Deprovisioning
The binary format used to structure the information in a digital certificate.
DER (distinguished encoding rules)
A type of security control that acts during an incident to identify or record that it is happening.
Detective control
A type of security control that discourages intrusion attempts.
Deterrent control
A cryptographic technique that provides secure key exchange.
DH (Diffie-Hellman)
An attack in which an attacker responds to a client requesting address assignment from a DHCP server.
DHCP spoofing (Dynamic Host Configuration Protocol spoofing)
A framework for analyzing cybersecurity incidents.
Diamond Model
A type of password attack that compares encrypted passwords against a predetermined list of possible password values.
Dictionary attack
A backup type in which all selected files that have changed since the last full backup are backed up.
Differential backup
The Differentiated Services Code Point (DSCP) field is used to indicate a priority value for a layer 3 (IP) packet to facilitate Quality of Service (QoS) or Class of Service (CoS) scheduling.
DiffServ
A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.
Digital signature
A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.
Directory service
An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory.
Directory traversal
Cybersecurity resilience strategy that increases attack costs by provisioning multiple types of controls, technologies, vendors, and crypto implementations.
Diversity
A software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.
DLP (data loss/leak prevention)
A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.
DMZ (demilitarized zone)
NAT service where private internal addresses are mapped to one or more public addresses to facilitate Internet connectivity for hosts on a local network via a router.
DNAT (destination network address translation)
An attack in which an attacker modifies a computer’s DNS configurations to point to a malicious DNS server.
DNS hijacking (Domain Name System hijacking)
A network-based attack where an attacker exploits the traditionally open nature of the DNS system to redirect a domain name to an IP address of the attacker’s choosing.
DNS poisoning (Domain Name System poisoning)
A security protocol that provides authentication of DNS data and upholds DNS data integrity.
DNSSEC (Domain Name System Security Extensions)
A type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Sometimes referred to as brandjacking.
Domain hijacking
Any type of physical, application, or network attack that affects the availability of a managed resource.
DoS attack (denial of service attack)
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.
Downgrade attack
Institutional data governance role with responsibility for compliant collection and processing of personal and sensitive data.
DPO (data privacy officer)
A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.
DRP (disaster recovery plan)
Public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.
DSA (Digital Signature Algorithm)
File containing data captured from system memory.
Dump file
The social engineering technique of discovering things about an organization (or person) based on what it throws away.
Dumpster diving (Dumpster)
Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication.
EAP (Extensible Authentication Protocol)
An EAP method that is expected to address the shortcomings of LEAP.
EAP-FAST (EAP Flexible Authentication via Secure Tunneling)
A port-based network access control (PNAC) mechanism that allows the use of EAP authentication when a host connects to an Ethernet switch.
EAPoL (Extensible Authentication Protocol over LAN)
An EAP method that requires server-side and client-side certificates for authentication using SSL/ TLS.
EAP-TLS (EAP Transport Layer Security)
An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate.
EAP-TTLS (EAP Tunneled Transport Layer Security)
Design paradigm accounting for the fact that data center traffic between servers is greater than that passing in and out (north-south).
East-west traffic
An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.
ECC (Elliptic Curve Cryptography)
Provisioning processing resource close to the network edge of IoT devices to reduce latency.
Edge Computing
Procedures and tools to collect, preserve, and analyze digital evidence.
E-discovery
A software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.
EDR (Endpoint Detection and Response)
In risk calculation, the percentage of an asset’s value that would be lost during a security incident or disaster scenario.
EF (exposure factor)
The property by which a computing environment can instantly react to both increasing and decreasing demands in workload.
Elasticity
A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.
Entropy
Product life cycle phase where sales are discontinued and support options reduced over time.
EOL (End of Life)
Product life cycle phase where support is no longer available from the vendor.
EOSL (End of Service Life)
A software agent and monitoring system that performs multiple security tasks.
EPP (Endpoint Protection Platform)
The comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization.
ERM (Enterprise Risk Management)
Coding methods to anticipate and deal with exceptions thrown during execution of a process.
Error handling
In key management, the storage of a backup key with a third party.
Escrow
IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet.
ESP (Encapsulating Security Protocol)
A wireless access point that deceives users into believing that it is a legitimate network access point.
Evil twin
The process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.
Execution control
Suite of tools designed to automate delivery of exploits against common software and firmware vulnerabilities.
Exploitation framework
A private network that provides some access to outside parties, particularly vendors, partners, and select customers.
Extranet
A technique that ensures a redundant component, device, or application can quickly and efficiently take over the functionality of an asset that has failed.
Failover
Deception strategy that returns spoofed data in response to network probes.
Fake telemetry
In security scanning, a case that is not reported when it should be.
False negative
In security scanning, a case that is reported when it should not be.
False positive
Biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.
FAR (False Acceptance Rate)
A wire mesh container that blocks external electromagnetic fields from entering into the container.
Faraday cage
High speed network communications protocol used to implement SANs.
FC (Fibre Channel)
Encryption of all data on a disk (including system files, temporary files, and the pagefile) can be accomplished via a supported OS, third-party software, or at the controller level by the disk device itself.
FDE (Full Disk Encryption)
A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.
Federation
A type of software that reviews system files to ensure that they have not been tampered with.
FIM (File Integrity Monitoring)
Biometric authentication device that can produce a template signature of a user’s fingerprint then subsequently compare the template to the digit submitted for authentication.
Fingerprint scanner
The first experienced person or team to arrive at the scene of an incident.
First responder
Provisioning processing resource between the network edge of IoT devices and the data center to reduce latency.
Fog computing
A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture.
FPGA (field Programmable Gate Array)
Biometric assessment metric that measures the number of valid subjects who are denied access.
FRR (False Rejection Rate)
A commercial digital forensics investigation management and utilities suite, published by AccessData.
FTK (Forensic Toolkit)
A type of FTP using TLS for confidentiality.
FTPS (also known as FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols.
FTPS
A backup type in which all selected files, regardless of prior state, are backed up. full tunnel VPN configuration where all traffic is routed via the VPN gateway.
Full backup
A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.
Fuzzing
Biometric mechanism that identifies a subject based on movement pattern.
Gait analysis
A mode of block chained encryption that provides message authenticity for each block.
GCM (Galois/Counter Mode)
Provisions and requirements protecting the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US’s Privacy Shield requirements.
GDPR (General Data Protection Regulation)
The practice of creating a virtual boundary based on real-world geography.
Geofencing
The identification or estimation of the physical location of an object, such as a radar source, mobile phone, or Internet-connected computing device.
Geolocation
On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.
GPO (Group Policy Object)
Linux command for searching and filtering input. This can be used as a file search tool when combined with ls.
Grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command g/re/p (globally search for a regular expression and print matching lines), which has the same effect. Grep was originally developed for the Unix operating system, but later available for all Unix-like systems and some others such as OS-9.
Grep command
A group account is a collection of user accounts that are useful when establishing file permissions and user rights because when many individuals need the same level of access, a group could be established containing all the relevant users.
Group account
The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.
HA (high availability)
The process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits.
Hardening
Command-line tool used to perform brute force and dictionary attacks against password hashes.
Hashcat is a password recovery tool.
It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows. Examples of hashcat-supported hashing algorithms are LM hashes, MD4, MD5, SHA-family and Unix Crypt formats as well as algorithms used in MySQL and Cisco PIX.
Hashcat
A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output. Also known as Message Digest.
Hashing
Linux utility for showing the first lines in a file.
“Head” is a program on Unix and Unix-like operating systems used to display the beginning of a text file or piped data.
Syntax
The command syntax is:
head [options] <file_name></file_name>
By default, head will print the first 10 lines of its input to the standard output. The number of lines printed may be changed with a command line option. The following example shows the first 20 lines of filename:
head -n 20 filename
This displays the first 5 lines of all files starting with foo:
head -n 5 foo*
Head command
In a Wi-Fi site survey, a diagram showing signal strength at different locations.
Heat map
A method that uses feature comparisons and likenesses rather than specific signature matching to identify whether the target of observation is malicious.
Heuristic analysis (heuristic)
A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.
HMAC (hash-based message authentication code)
Method that allows computation of certain fields in a dataset without decrypting it.
Homomorphic encryption is a form of encryption that allows computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output that is identical to that produced had the operations been performed on the unencrypted data. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This allows data to be encrypted and out-sourced to commercial cloud environments for processing, all while encrypted.
For sensitive data, such as health care information, homomorphic encryption can be used to enable new services by removing privacy barriers inhibiting data sharing or increase security to existing services. For example, predictive analytics in health care can be hard to apply via a third party service provider due to medical data privacy concerns, but if the predictive analytics service provider can operate on encrypted data instead, these privacy concerns are diminished. Moreover, even if the service provider’s system is compromised, the data would remain secure.
Homomorphic encryption
A host, network, or file set up with the purpose of luring attackers away from assets of actual value and/or discovering attack strategies and weaknesses in the security configuration. Also known as honeyfile.
Honeypot (honeynet)
When a user accesses or modifies specific resources that they are not entitled to.
Horizontal privilege escalation
A software application running on a single host and designed to protect only that host. Also known as personal firewall.
Host-based firewall
A fully configured alternate network that can be online quickly after a disaster.
Hot site
Arrangement of server racks to maximize the efficiency of cooling systems. Also known as cold/hot aisle.
Hot/cold aisle
An algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message.
HOTP (HMAC-based One-time Password)
An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.
HSM (hardware security module)
Using features of HTML5 to implement remote desktop/VPN connections via browser software (clientless).
HTML5 VPN
A cloud deployment that uses both private and public elements.
Hybrid cloud
A computing method that uses the cloud to provide any or all infrastructure needs.
IaaS (Infrastructure as a Service)
A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration.
IaC (Infrastructure as code)
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.
IAM (Identity and Access Management)
A network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).
ICS (Industrial Control System)
