Terminology Flashcards
Rainbow Table
contains hashes of common passwords to speed up brute force attacks. Defeated by salting the hashes differently for each user on a system.
https://haveibeenpwned.com
website to see if your password has been stolen by email address
skimming
stealing credit card information usually by adding hardware to a legitimate reader
evasion attacks
Cause an AI to misunderstand something like SPAM by changing your pattern
poisoning the training data
modify an AI’s training data to confuse it or cause it to act incorrectly.
downgrade attack
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages (Prof Messer considers this a downgrade attack even if the encryption version is moved to something insecure rather than completely plaintext)
risk register
A risk register is a document showing the results of risk assessments in a comprehensible format. The register may resemble the heat map risk matrix shown earlier with columns for impact and likelihood ratings, date of identification, description, countermeasures, owner/route for escalation, and status. Risk registers are also commonly depicted as scatterplot graphs, where impact and likelihood are each an axis, and the plot point is associated with a legend that includes more information about the nature of the plotted risk.
data owner
role with ultimate responsibility for maintaining confidentiality, integrity and availability of info asset
data steward
responsible for data quality, i.e. for ensuring data is labeled and identified with appropriate metadata and that data is collected and stored in a format and with values that comply with applicable laws and regulations
data custodian
manages the system on which the data is stored; enforces access control, encryption and backup/recovery measures.
Data Privacy Officer (DPO)
responsible for oversight of any personally identifiable information (PII) assets managed by the company. The privacy officer ensures that the processing, disclosure, and retention of PII complies with legal and regulatory frameworks.
Data controller
responsible for determining why and how data is stored, collected, and used and for ensuring that these purposes and means are lawful. The data controller has ultimate responsibility for privacy breaches, and is not permitted to transfer that responsibility.
Data processor
engaged by the data controller to assist with technical collection, storage, or analysis tasks. A data processor follows the instructions of a data controller with regard to collection or processing.
dns sinkhole
Temporary DNS record that redirects malicious traffic to a controlled IP address
hping
Open-source spoofing tool that provides a penetration tester with the ability to craft network packets to exploit vulnerable firewalls and IDSs.
