Terms C Flashcards
Categorize
The second step of the NIST RMF that is used to develop risk management processes and tasks
CentOS
An open-source distribution that is closely related to Red Hat
Central Processing Unit (CPU)
A computer’s main processor, which is used to perform general computing tasks on a computer
Chain of custody
The process of documenting evidence possession and control during an incident lifecycle
Chronicle
A cloud-native tool designed to retain, analyze, and search data
Cipher
An algorithm that encrypts information
Cloud-based firewalls
Software firewalls that are hosted by the cloud service provider
Cloud computing
The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Cloud network
A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
Cloud Security
The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users
Command
An instruction telling the computer to do something
Command and control (C2)
The techniques used by malicious actors to maintain communications with compromised systems
Command-line interface (CLI)
A text-based user interface that uses commands to interact with the computer
Comment
A note programmers make about the intention behind their code
Common Event Format (CEF)
A log format that uses key-value pairs to structure data and identify fields and their corresponding values
Common Vulnerabilities and Exposures (CVE®) list
An openly accessible dictionary
of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS)
A measurement system that scores
the severity of a vulnerability
Compliance
Compliance: The process of adhering to internal standards and external regulations
Computer Security Incident Response Teams (CSIRT)
A specialized group of security professionals that are trained in incident management and response
Computer virus
Malicious code written to interfere with computer operations and cause damage to data and software
Conditional statement
A statement that evaluates code to determine if it meets a specified set of conditions
Confidentiality
The idea that only authorized users can access specific assets or data
Confidential data
Data that often has limits on the number of people who have
access to it
Configuration file
A file used to configure the settings of an application
Confidentiality, integrity, availability (CIA) triad
A model that helps inform how
organizations consider risk when setting up systems and security policies
Containment
The act of limiting and preventing additional damage caused by an
incident
Controlled zone
A subnet that protects the internal network from the uncontrolled
zone
Crowdsourcing
The practice of gathering information using public input and collaboration
Cross-site scripting (XSS)
An injection attack that inserts code into a vulnerable website or web application
Cryptographic attack
An attack that affects secure forms of communication between a sender and intended recipient
Cryptographic key
A mechanism that decrypts ciphertext
Cryptography
The process of transforming information into a form that unintended readers can’t understand
CVE Numbering Authority (CNA)
An organization that volunteers to analyze and distribute information on eligible CVEs
Cryptojacking
A form of malware that installs software to illegally mine cryptocurrencies
Cybersecurity (or security)
The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation
