Vocabulary 1 Flashcards
Security framework
Guidelines used for building plans to help mitigate risks and threats to data and privacy
Security controls
Safeguards designed to reduce specific security risks
Network security
The process of ensuring that assets stored in the cloud are properly configured and access is limited to authorized users
The cloud
A network made up of a collection of servers or computers, that stores resources and data in a remote, physical location known as data centers that can be accessed via the Internet
Programming
A process that creates a specific set of instructions for a computer to execute tasks
Phishing
The use of digital communications to trick people into revealing sensitive data
Business email compromise (BEC)
A threat actor sent an email that seems to be from a known source to make a similar legitimate request of information
Spear Phishing
Hey, malicious email attacked that targets a specific user or group of users
Whaling
A form of spear phishing, targeting company executives
Vishing
The exploitation of an electronic voice communication
Smishing
The use of texts to trick users
What does SMS stand for?
Short message service
Virus
Code written to interfere with computer operations and caused damage to data and software
Worms
Mower that can duplicate and spread itself across systems on its own
What are the seven social engineering principles?
-Authority
-Intimidation
-Consensus/ social proof
-scarcity
-Familiarity
-Trust
-Urgency
Watering hole attack
Attack on a website frequently visited by a specific group of people
Physical social engineering
Impersonating an employee customer or vendor to gain authorized access to a physical location
Social media phising
Collecting detailed information about the target from social media and initiating an attack
Adversarial artificial intelligence
A technique that manipulates AI and ML to conduct attacks more efficiently
Supply chain attack
Targets systems applications, hardware and software to locate a vulnerability where malware can be the point. Because the item goes through several third parties the bridge can occur at any point.
Advanced persistent threat
They have significant expertise accessing an organizations network without authorization. They research in advance and can remain detected for an extended period of time
What to two CISSP domains apply to adversity, artificial intelligence attacks?
- Communication and network security
-Identity and access management
What is three CISSP domains apply to a supply chain attack?
-security and risk management
-Security architecture and engineering
-Security operations
Crypto attack
Affects secure forms of communication between center and intended recipient
What domain do crypto attacks fall under?
Communication and network security
What are the four components of security frameworks?
1) identifying and documenting security goals
2) setting guidelines to achieve security goals
3) implementing strong, security processes
4) monitoring and communicating results
What are the three sides of the CIA triad?
-confidentiality
-integrity
-Availability
What is the CIA triad?
Hey, foundational model that helps inform how organizations consider risk when setting up systems and security policies
Confidentiality
Only authorized users can access specific assets or data
Integrity
That is correct authentic and reliable
Availability
Data is accessible to those who are authorized to access it
What is the NIST cyber security framework? (CSF)
A voluntary framework that consists of standards guidelines and best practices to manage manage cyber security risk
What does NIST stand for?
The national Institute of standards and technology
The national Institute of standards and technology (NIST)
A US based agency that develops multiple voluntary compliance framework that organizations worldwide can use to help manage cyber security risk
What does FERC-NERC STAND FOR?
The federal energy regulatory commission- north American electric reliability corporation
The federal energy regulatory commission- North American, electric reliability corporation (FERC-NERC)
Irregular elation that applies to organizations that work with electricity or are involved with the US and north American power grid. These types of organizations have an obligation to prepare for mitigate and report any potential security incident that can negatively affect the power grid.
What does CIP stand for?
Critical infrastructure protection
Who is legally required to adhere to the critical infrastructure protection (CIP) standards defined by FERC?
Any organization involved with the US or north American power grid.
What does FedRAMP stand for??
Federal risk and authorization management program
What is the federal risk and authorization management program (FedRAMP)?
A US federal government program that standardizes security assessment, authorization monitoring and handling of cloud services and product offerings. Its purpose is to provide consistency under the government sector and third-party cloud providers.
Center for Internet security (CIS)
A nonprofit of multiple areas of emphasis. It provides a certain amount of controls that can be used to safeguard systems and networks. Also provides actionable controls that security professionals may follow if a security incident occurs.
General data protection regulation (GDPR)
European Union general data regulation that protects the processing of EU residence and their right to privacy in and out of EU territory.
Payment card, industry, data security standard (PC IDSS)
An international security standard meant to ensure that we organization storing accepting processing and transmitting credit card information due so in a secure environment. The objective is to reduce credit card fraud.
The health insurance portability, and accountability act (HIPPA)
A federal law established in 1996 to protect patient’s health information. This law prohibits patient information from being shared without consent.
What does HIPAA stand for?
The health insurance portability, and accountability act
Protected health information( PHI)
Includes past future and present health information, including plan of care and payment
Health information trust alliance (HITRUST)
A security framework and assurance program that helps institutions meet HIPAA compliance
International organization for standardization (ISO)
Create a two establish international standards related to technology manufacturing and management across borders. It helps organizations improve their processes, procedures for staff retention ,planning and waste services.
Log
A record of events that occur within an organizations systems
What does SIEM stand for?
Security information and event management
SIEM Tool
An application that collects an analyzes log data to monitor critical activities in an organization
Playbook
Emmanuel that provides details about any operational action
A network protocol analyzer is also known as
A packet snipper
Network protocol analyzer/ package snipper
A tool designed to capture and analyze data traffic within a network
Chain of custody
The process of documenting evidence possession and control during an incident lifecycle
Order of volatility
A sequence outlining the order of data that must be preserved from first to last
What data does the order of volatility prioritize?
Volatile data, which may be lost if the device and question powers off
How can you preserve data?
By making copies and conducting investigations using the copies
How can you preserve data?
By making copies and conducting investigations using the copies
What does SQL stand for?
Structured query language
(SQL ) structured query language
A programming language used to create interact with and request information from database
Python
Used to perform tasks that are repetitive and time-consuming and require a high level of detail and accuracy
