Comp Security: Module 2
ISO 27002
A "code of practice" for information security management within an organization and contains 114 different control recommendations
Payment Card Industry Data Security Standard (PCI DSS)
A compliance standard to provide a minimum degree of security for handling customer card information
Adversary Tactics, Techniques, and Procedures (TTP)
A database of the behavior of threat actors and how they orchestrate and manage attacks
Standard
A document approved through consensus by a recognized standardization body
Fusion Center
A formal repository of information from enterprises and the government used to share information on the latest attacks
Vulnerability Scan
A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress
NIST Risk Management Framework (RMF)
A guidance document designed to help organizations assess and manage risks to their information and systems
NIST Cybersecurity Framework (CSF)
A measuring stick against which companies can compare their cybersecurity practices relative to the threats they face
Bug Bounty
A monetary reward given for uncovering a software vulnerability
Center for Internet Security (CIS)
A nonprofit community-driven organization.
Common Vulnerability Scoring System (CVSS)
A numeric rating system of the impact of a vulnerability
White Box
A penetration testing level in which the testers are given full knowledge of the network and the source code of applications
Gray Box
A penetration testing level in which the testers are given limited knowledge of the network and some elevated privileges
Black Box
A penetration testing level in which the testers have no knowledge of the network and no special privileges
White Team
A penetration testing team that enforces the rules of the penetration testing
Blue Team
A penetration testing team that monitors for Red Team attacks and shores up defenses as necessary.
Purple Team
A penetration testing team that provides real-time feedback between the Red and Blue Teams to enhance the testing.
Red Team
A penetration testing team that scans for vulnerabilities and then exploits them
Persistence
A process in which a load balancer creates a link between an endpoint and a specific network server for the duration of a session
Log
A record of events that occur.
European Union General Data Protection Directive (GDPR)
A regulation regarding data protection and privacy in the European Union and the European Economic Area (EEA).
Credentialed Scan
A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials
Framework
A series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment
Cloud Controls Matrix (CCM)
A specialized framework of cloud-specific security controls
SSAE SOC 2 Type II
A standard for reports on internal controls report that reviews how a company safeguards customer data and how well those controls are operating
SSAE SOC 2 Type III
A standard for reports on internal controls that can be freely distributed
ISO 31000
A standard that contains controls for managing and controlling risk
ISO 27001
A standard that provides requirements for an information security management system (ISMS)
Security Orchestration, Automation and Response (soar)
A tool designed to help security teams manage and respond to the very high number of security warnings and alarms by combining comprehensive data gathering and analytics in order to automate incident response
Security Information and Event Management (SIEM)
A tool that consolidates real-time security monitoring and management of security information with analysis and reporting of security events
Common Vulnerabilities and Exposures (CVE)
A tool that identifies vulnerabilities in operating systems and application software
Penetration Testing
A type of test that attempts to exploit vulnerabilities just as a threat actor would
Intrusive Scan
A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would
Nonintrusive Scan
A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered
Non-credentialed Scan
A vulnerability scan that provides no authentication information to the tester
Unmanned Aerial Vehicle (UAV)
An aircraft without a human pilot on board to control its flight
Log Reviews
An analysis of log data
Reference Architecture
An authoritative source of information
War Flying
An efficient means of discovering a Wi-Fi signal using drones
Configuration Review
An examination of the software settings for a vulnerability scan
ISO 27701
An extension to ISO 27001 and is a framework for managing privacy controls to reduce the risk of privacy breach to the privacy of individuals
Cloud Security Alliance (CSA)
An organization whose goal is to define and raise awareness of best practices to help secure cloud computing environments.
Drone
An unmanned aerial vehicle (UAV) without a human pilot on board to control its flight
Maneuvering
Conducting unusual behavior when threat hunting
Vulnerability Feeds
Cybersecurity data feeds include that provide information on the latest vulnerabilities
Threat Feeds
Cybersecurity data feeds that provide information on the latest threats
Request for Comments (RFC)
Documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas
False Negative
Failure to raise an alarm when there is a problem.
Footprinting
Gathering information from outside the organization
Benchmark/Secure Configuration Guides
Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers
Platform/Vendor specific guides
Guidelines that only apply to specific products.
Rules of Engagement
Limitations or parameters in a penetration test
User Behavior Analytics
Looking at the normal behavior of users and how they interact with systems to create a picture of typical activity
Lateral Movement
Moving through a network looking for additional systems threat actors can access from their elevated position
Privilege Escalation
Moving to more advanced resources that are normally protected from an application or user
Threat Hunting
Proactively searching for cyber threats that thus far have gone undetected in a network
Open-Source Intelligence (OSINT)
Publicly accessible information
False Positive
Raising an alarm when there is no problem
Cleanup
Returning all systems back to normal following a penetration test
War Driving
Searching for wireless signals from an automobile or on foot while using a portable computing device
Passive Reconnaissance
Searching online for publicly accessible information
Regulations
Standards typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals
Sentiment Analysis
The process of computationally identifying and categorizing opinions, usually expressed in response to textual data, in order to determine the writer's attitude toward a particular topic
Pivot
Turning to other systems to be compromised
