Terms Flashcards
Advanced persistent threats
Sophisticated hacker attack that leaves behind malware. Goal is to remain in the system as long as possible before being detected
Black hat
Person who attempts to gain access to a computer system with criminal intent.
Penetration Testing
White Box - Tester has been provided range info
Black Box -No information has been given to the testers
Grey Box - Tester has been provided some limited info
Bleeding edge tech
Tech so new they are likely to cause damage and become unstable
Bot
Computer program designed for a specific task. Hacker using a bot is called a bot herder.
Dark web
Websites that hide their server location
DDos
Distributed denial of service. Cyber attacks designed to disrupt people’s use of computer systems
Ethical hacking
Use of white hats to test venerability of computer systems.
Exfiltrate
Move data with a degree of secrecy
Internet of things
Incorporation of everyday items into a network. Lights
Kill chain
Defense model that uses structure of attack to build a defense strategy
Malware
Malicious software used by hackers
Moore’s law
Over the history of computing, the processing power of computer doubles every 2 years
Polymorphic malware
Malware that can change attributes to help avoid detection.
Ransomware
Malware that holds data hostage until money is paid to hacker
Residual risk
Risk remaining after controls are put in place
Resilience
The ability to remain functional in the face of a threat
Spear phishing
Email that targets a specific person or group that pretends to come from a legit source, i.e. boss to staff
Spoofing
Concealing the true space of information by impersonation
Spyware
Malware that gathers information and transmits data to hacker
White hat
Security specialist who breaks into system by invitation
SLAM
Simultaneous localization and mapping
Kinect
Sensing device that could be used to solve the Slam issue in robots
Waze
Uses social networking to provide real time traffic information
Fin tech
Financial technology (Venmo, cash app, Apple Pay)
Reg tech
Technology that automates compliance with regulations or identifies potential violations
Block chain
Distributed open ledger
Digital risk
Digital connectedness increase risk
Risk Mgt Framework
Essential steps in the implementation and support of rm process
Risk architecture
Communications and reporting structure
Risk identification
What might happen
Risk analysis
How might risk happen
Risk appetite
Determining the acceptable level of risk for the org
Risk tolerance
Line in the sand, level of risk past what can be absorbed by the org
Business continuity
Plan to continue operations after an incident
Loss control
Range of activities to reduce potential of risk
Organizational resilience
Ability to deal with risk
General purpose technology
GPT- Tech that is pervasive, improves over time, able to span new innovation
Example autonomous cars (combustion engine with digital tech)
Recombinant innovation
Combine or recombine ideas to come up with a new tech
Waze
Internet of things
Network of manufactured good that can send and receive data over the internet. (Appliances)
RASP
Risk Architecture, risk Strategy, risk Protocols
Risk
The effect of uncertainty on objectives
Loss Prevention
identify treatments that help prevent hazards, reduce the likelihood.
Digitization Risk
Risk of digitizing business
Cyber Risk
Risk of protecting digitized data
Red Team
Group of penetration testers by ethical hackers
Hacker
Person who engages in unauthorized access of data
Malware
Malicious software than can be inserted into digital devices
Patch Management
Controlled process used to deploy critical software updates
BYOD
Bring your own devices - increase risk of data
Threat Actors
Hacker type - whistle blowers/anti business groups, more interested in control than money
Zero-Day attack
First attack with a new malware, anti-malware are not equipped to identify this exploit
EGGE Cyber Security Team
Design for a good cyber security team
1) ethically diverse
2) geographically diverse
3) gender diverse
4) educationally diverse
Containerization
Isolate sections of a device
Cyber Defense Points
digital locations where cyber security controls can be added
Single point of accountability
All critical data processes that have a single point of accountability
Social Engineering
Manipulating people through personal interaction to gain access
Decapitation
Prevents device from communicating
DLP
Data Loss Prevention
IDS
Intrusion detection system - monitors data passing
Defense In Depth Strategy
multiple layers, check and balances
Honey pot
Trap (danger as the victim needs to engage with the hacker)
Polymorphic
Malware that can change to avoid detection
SSL
Secure Socket layers - secure encrypted protocol to prevent content from being intercepted
Drive by download
unintended download of virus through the internet
Mobile Device Management
MDM - Tech used to secure devices, remote wipe
SIEM
Security Incident & Event Mgt (process and capabilities required to clean up security incident)
Security Incident vs Security Event
Incident is major and event is a minor disruption
Augmented Reality
Overlaying of a virtual digital layer onto a view of the real world.
Corporate Governance
Set of relationships between an company, management, the board, shareholders, and other stakeholders
