Vocabulary Flashcards
Threat
A potential danger to an asset
A threat can be latent or realized
Vulnerability
A weakness in the system design, implementation, software, code, or the lack of a mechanism
Exploit
A process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or FoS on a system
Threat intelligence
The knowledge about an existing or emerging threat to assets that can be exchanged between different parties
Wrapper
A program used to combine two or more executable into a single packaged program
Packers
A program that compresses files to obfuscate the activity of malware
Droppers
A software designed to install a malware payload on the victim’s system
Crypters
Functions to encrypt or obscure the code
Ransomware
A piece of malware designed to encrypt personal files on the victim’s system until a ransom is paid to the attacker
IaaS
Describes a cloud solution in which you rent infrastructure, pay for what you use
PaaS
Provides everything except applications
Tend to be proprietary
Saas
Designed to provide a complete packaged solution and rented out to the user
NIST Cybersecurity Framework
A blueprint to address and manage cybersecurity risk in a cost-effective way to protect critical infrastructure
STIX
Structured Threat Information eXpression
TAXII
Trusted Automated eXchange of Indicator Information
Transport mechanism