Specialized Technology Flashcards
A security policy set by a company that allows employees to use their personal
smartphones, laptops, and tablets for work and connection to the corporate
network
Bring Your Own Device (BYOD)
The process and supporting technologies for tracking, controlling, and securing
the organization’s mobile infrastructure
Mobile Device Management (MDM)
A mobile device management suite with broader capabilities, such as identity and
application management
Enterprise Mobility Management (EMM)
A group of objects (electronic or not) that are connected to the wider Internet by using
embedded electronic components
IoT Vulnerabilities
A computer system that is designed to perform a specific, dedicated function
Embedded System Vulnerabilities
A type of computer designed for deployment in an industrial or outdoor setting
that can automate and monitor mechanical systems
Programmable Logic Controller (PLC)
A processor that integrates the platform functionality of multiple logical
controllers onto a single chip
System-on-Chip (SoC)
A type of OS that prioritizes deterministic execution of operations to ensure
consistent response for time-critical tasks
Real-Time Operating System (RTOS)
A processor that can be programmed to perform a specific function by a customer
rather than at the time of manufacture
Field Programmable Gate Array (FPGA)
A communications network designed to implement an industrial control system
rather than data networking
Operational Technology (OT)
A network that manages embedded devices
Industrial Control Systems (ICS)
Digital serial data communications used in operational technology networks to
link PLCs
Fieldbus
Input and output controls on a PLC to allow a user to configure and monitor the
system
Human-Machine Interface (HMI)
Software that aggregates and catalogs data from multiple sources within an
industrial control system
Data Historian
A type of industrial control system that manages large-scale, multiple-site devices
and equipment spread over geographic region
Supervisory Control and Data Acquisition (SCADA)
A communications protocol used in operational technology networks
Modbus
Four key controls for mitigating vulnerabilities in specialized systems
o Establish administrative control over Operational Technology networks by
recruiting staff with relevant expertise
o Implement the minimum network links by disabling unnecessary links, services,
and protocols
o Develop and test a patch management program for Operational Technology
networks
o Perform regular audits of logical and physical access to systems to detect possible
vulnerabilities and intrusions
Mitigating Vulnerabilities
Systems used for building automation and physical access security
Premise Systems
Components and protocols that facilitate the centralized configuration and
monitoring of mechanical and electrical systems within offices and data centers
▪ Process and memory vulnerabilities in PLC
▪ Plaintext credentials or keys in application code
▪ Code injection via web user interface
Building Automation System (BAS)
Components and protocols that facilitate the centralized configuration and
monitoring of security mechanisms within offices and data centers
Physical Access Control System (PACS)
Vehicles connect numerous subsystems over a controller area network (CAN)
Vehicular Vulnerabilities
A digital serial data communications network used within vehicles
Controller Area Network (CAN)
