CompTIA Security+ (SYO=0-701)

Honeyfiles

decoy files placed within systems to detect unauthorized access or data breaches

Virus

malicious software that attaches to clean files and spreads into a computer system

Social Engineering

manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces

Security Controls

measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data

Checksums

method to verify the integrity of data during transmission

Corrective controls

mitigate any potential damage and restore the systems to their normal state

Technical Controls

the technologies, hardware, and software mechanisms that are implemented to manage and reduce risks - firewalls, encryption processes, intrusion detection systems

Shadow IT

the use of information technology systems, devices, software, applications, and services w/o explicit organizational approval

Adaptive Identity

use adaptive identities that rely on real time validation that takes into account the user's behavior, device, location, and more

digital signatures

use encryption to ensure integrity and authenticity - created by first hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user's private key using asymmetric encryption

Spear Phishing

used by cybercriminals who are more tightly focused on a specific group of individuals or organizations

Organized Crime

well-structured groups that execute cyber-attacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud

Gap analysis steps

1. define the scope of the analysis 2. gather data on the current state of the organization 3. analyze the data to identify gaps 4. Develop a plan to bridge the gap

Malware

Any software that is designed to infiltrate a computer system without the user's knowledge

Smishing (SMS Phishing)

Attack that uses text messages to deceive individuals into sharing their personal information

Brute Force

Attack where access to a system is gained by trying all of the possibilities until breaking through

Triple A's of Security

Authentication, Authorization, and Accounting

C.I.A Triad

Confidentiality, Integrity, Availability - 3 pillars of security

Hacktivists

Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause

Logic Bombs

Embed code placed in legitimate programs that executes a malicious action when a specific condition or trigger occurs

Policy-Driven Access Control

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities

Data Controller

Entity that holds responsibility for deciding the purposes and methods of data storage, collection, and usage, and for guaranteeing the legality of processes

Honeytokens

Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used

Data Steward

Focused on the quality of the data and the associated metadata

Phishing

Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers

Nation-State Actors

Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries

Data Sovereignty

Information is subject to the laws and governance structures within the nation it is collected

Threat Scope Reduction

Limit the users' access to only what they need for their work tasks

Hoax

Malicious deception that is often spread through social media, email, or other communication channels

Backdoors

Malicious means of bypassing normal authentication processes to gain unauthorized access to a system

Trojans

Malicious programs which appear to be legitimate software that allow unauthorized access to a victim's system when executed

Rootkits

Malicious tools that hide their activities and operate at the OS level to allow for ongoing privileged access

Botnet

Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining

Service Disruption

Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users

Vishing (Voice Phishing)

Phone based attack in which the attacker deceives victims into divulging, personal or financial information

Baiting

Planting a malware infected device for victim to find an unintentionally introduced malware to their organizations system

Internet Protocol Security (IPSec)

Protocol suite used to secure IP communications by authenticating and encrypting each IP packet in a data stream

Social Proof

Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations

Keyloggers

Record a user's keystrokes and are used to capture passwords or other sensitive information

Data at rest

Refers to any data stored in databases, file systems, or other storage systems

Data in use

Refers to data in the process of being created, retrieved, updated, or deleted

Spyware

Secretly monitors and gathers user information or activities and sends data to third parties

Brand impersonation

Specific form of impersonation where an attacker pretends to represent a legitimate company or brand

Watering Hole Attacks

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

Categories of security controls

Technical, Managerial, Operational, and Physical

DLL Injection

Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library

Virtual Private Network

Technology that creates a secure connection over a less secure network (Internet)

Control Plane

The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization

Data Exfiltration

Unauthorized transfer of data from a computer

Bloatware

Unnecessary or preinstalled software that consumes system resources in space, without offering any value to the user

Policy Administrator

Used to establish and manage the access policies

Typosquatting

a form of cyber-attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical errors - also known as URL hijacking or cyber-squatting

Ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

Information Security

act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction - the data the systems are holding, not the systems themselves

Information Systems Security

act of protecting the systems that hold and process the critical data - computer. a server, a network device - devices that hold the data

Policy Enforcement Point

allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks

Compensating Controls

alternative measures that are implemented when primary security controls are not feasible or effective

Threat Actors

an Indvidual or entity responsible for incidents that impact security and data protection

Zombies

compromised computers that are remotely controlled by attackers and used in coordination to form a botnet

Control Plane

consists of adaptive identity, threat scope reduction, policy-driven access control, and secured zones

Honeynets

creates an entire network of decoy systems to observe complex, multi-stage attacks

Intellectual Property

creations of the mind, such as inventions; literary and artistic works; designs; and symbols

Policy Engine

cross references the access request with its pre defined policies

Honeypots

decoy systems or services designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques

5 methods to ensure conidentiality

encryption, access controls, data masking, physical security measures, training and awareness

Ransomware

encrypts a user's data and holds it hostage until a ransom is paid to the attacker for decryption

Data plane

ensures that policies and procedures are properly executed

Data Plane

focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points

Whaling

form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Data Processor

group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data

non-repudiation

guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved - focused on providing undeniable proof in digital transactions

5 methods to ensure data integrity

hashing, digital signatures, checksums, access controls, regular audits

Integrity

helps to ensure information and data remain accurate and unchanged from their original state unless intentionally modified by an authorized individual

Unskilled attackers

individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks

Managerial Controls

involve the strategic planning and governance side of security - security policies, training programs, and incident response strategies

Espionage

involves spying on individuals, organizations, or nations to gather sensitive information or classified information

Piggybacking

involves two people, with and without access, entering a secure area

detective controls

monitor and alert organizations to malicious activities as they occur or shortly thereafter

Directive controls

often rooted in policy or documentation and set the standards for behavior within an organization

Preventive controls

proactive measures implemented to thwart potential security threats or breaches

Operational Controls

procedures and measure that are designed to protect data on day-to-day basis and are mainly governed by internal processes and human actions - backup procedures, account reviews, user training programs

Hashing

process of converting data into a fixed-size value

Gap analysis

process of evaluating the differences between an organization's current performance and its desired performance

Data in Transit/Data in Motion

refers to data actively moving from one location to another, such as across the internet or through a private network

Data Soverignty

refers to the concept that digital information is subject to the laws of the country in which it is located

Subject/System

refers to the individual or entity attempting to gain access to

Bollards

short, sturdy vertical posts designed to control or prevent access to an area or structure

Worms

standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities

Physical Controls

tangible, real-world measures taken to protect assets

Hashing

technique that converts data into a fixed size of numerical or alphanumeric characters, known as a hash value

Blackmail

the attacker obtains sensitive or compromising information about an Indvidual or an organization and threatens to release this info to the public unless certain demands are met

Doxxing

the public release of private information about an individual or organization

C.I.A.N.A

Confidentiality Integrity Availability Non-repudiation Authentication

Transport Layer Security (TLS)

Cryptographic protocols designed to provide secure communication over a computer network

GDPR

General Data Protection Regulation

Secured Zones

Isolated environments within a network that are designed to house sensitive data

Data Ownership

Process of identifying the person responsible for the confidentiality, integrity, availability, and privacy of the information assets

accounting

act of tracking user activities and resource usage, typically for audit or billing purposes

Business Email Compromise (BEC)

advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker

Deterrent Controls

aim to discourage potential attackers by making the effort seem less appealing or more challenging