Vocabulary 1 Flashcards
Security framework
Guidelines used for building plans to help mitigate risks and threats to data and privacy
Security controls
Safeguards designed to reduce specific security risks
Network security
The process of ensuring that assets stored in the cloud are properly configured and access is limited to authorized users
The cloud
A network made up of a collection of servers or computers, that stores resources and data in a remote, physical location known as data centers that can be accessed via the Internet
Programming
A process that creates a specific set of instructions for a computer to execute tasks
Phishing
The use of digital communications to trick people into revealing sensitive data
Business email compromise (BEC)
A threat actor sent an email that seems to be from a known source to make a similar legitimate request of information
Spear Phishing
Hey, malicious email attacked that targets a specific user or group of users
Whaling
A form of spear phishing, targeting company executives
Vishing
The exploitation of an electronic voice communication
Smishing
The use of texts to trick users
What does SMS stand for?
Short message service
Virus
Code written to interfere with computer operations and caused damage to data and software
Worms
Mower that can duplicate and spread itself across systems on its own
What are the seven social engineering principles?
-Authority
-Intimidation
-Consensus/ social proof
-scarcity
-Familiarity
-Trust
-Urgency
Watering hole attack
Attack on a website frequently visited by a specific group of people
Physical social engineering
Impersonating an employee customer or vendor to gain authorized access to a physical location
Social media phising
Collecting detailed information about the target from social media and initiating an attack
Adversarial artificial intelligence
A technique that manipulates AI and ML to conduct attacks more efficiently
Supply chain attack
Targets systems applications, hardware and software to locate a vulnerability where malware can be the point. Because the item goes through several third parties the bridge can occur at any point.
Advanced persistent threat
They have significant expertise accessing an organizations network without authorization. They research in advance and can remain detected for an extended period of time
What to two CISSP domains apply to adversity, artificial intelligence attacks?
- Communication and network security
-Identity and access management
What is three CISSP domains apply to a supply chain attack?
-security and risk management
-Security architecture and engineering
-Security operations
Crypto attack
Affects secure forms of communication between center and intended recipient