Key Words for Cyber Security
Spear phishing
A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source
Security Assessment and testing domain
A security professional is auditing user permissions at their organization in order to ensure employees have the correct access levels. Which domain does this scenario describe?
Adversarial artificial intelligence (AI)Adversarial artificial intelligence (AI)
A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently
Watering hole attack
A type of attack when a threat actor compromises a website frequently visited by a specific group of users
Social media phishing
A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack
USB baiting
An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network
Cryptographic attack
An attack that affects secure forms of communication between a sender and intended recipient
Supply-chain attack:
An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed
Hacktivists
Hacktivists are threat actors that are driven by a political agenda. They abuse digital technology to accomplish their goals, which may include: Demonstrations Propaganda Social change campaigns Fame
Insider threats
Insider threats abuse their authorized access to obtain data that may harm an organization. Their intentions and motivations can include: Sabotage Corruption Espionage Unauthorized data access or leaks
Computer virus:
Malicious code written to interfere with computer operations and cause damage to data and software
internal security audit is communication.
Once the internal security audit is complete, results and recommendations need to be communicated to stakeholders. In general, this type of communication summarizes the scope and goals of the audit. Then, it lists existing risks and notes how quickly those risks need to be addressed. Additionally, it identifies compliance regulations the organization needs to adhere to and provides recommendations for improving the organization's security posture.
Malware
Software designed to harm devices or networks
NIST Cybersecurity Framework, or CSF.
The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk
Phishing:
The use of digital communications to trick people into revealing sensitive data or deploying malicious software
common elements of internal audits.
These include establishing the scope and goals of the audit, conducting a risk assessment of the organization's assets, completing a controls assessment, assessing compliance, and communicating results to stakeholders.
Morris Worm
What historical event used a malware attachment to steal user information and passwords?
Social Engineering
a manipulation technique that exploits human error to gain private information, access, or valuables.
NIST special publication, or SP 800-53.
a unified framework for protecting the security of information systems within the federal government, including the systems provided by private companies for federal government use.
cryptographic attack
affects secure forms of communication between a sender and intended recipient. Some forms of cryptographic attacks are: Birthday Collision Downgrade
password attack
an attempt to access password-secured devices, systems, networks, or data.
Goals
are an outline of the organization's security objectives, or what they want to achieve in order to improve their security posture.
Security frameworks
are guidelines used for building plans to help mitigate risks and threats to data and privacy, such as social engineering attacks and ransomware.
Technical controls
are hardware and software solutions used to protect assets, such as the use of intrusion detection systems, or IDS's, and encryption.
compliance regulations
are laws that organizations must follow to ensure private data remains secure
Administrative controls
are related to the human component of cybersecurity. They include policies and procedures that define how an organization manages data, such as the implementation of password policies.
Security controls
are safeguards designed to reduce specific security risks.
frameworks
are used to create plans to address security risks, threats, and vulnerabilities,
Controls
are used to reduce specific risks
controls assessment involves
closely reviewing an organization's existing assets, then evaluating potential risks to those assets, to ensure internal controls and processes are effective. To do this, entry-level analysts might be tasked with classifying controls into the following categories: administrative controls, technical controls, and physical controls.
CIA triad is
essential for establishing an organization's security posture. Knowing what it is and how it's applied can help you better understand how security teams work to protect organizations and the people they serve.
Authorization
fers to the concept of granting access to specific resources within a system
The CSF consists of five important core functions,
identify, protect, detect, respond, and recover,
NIST CSF focuses on five core function
identify, protect, detect, respond, and recover. These core functions help organizations manage cybersecurity risks
A security audit
is a review of an organization's security controls, policies, and procedures against a set of expectations.
physical attack
is a security incident that affects not only digital but also physical environments where the incident is deployed.
Adversarial artificial intelligence
is a technique that manipulates artificial intelligence and machine learning technology to conduct attacks more efficiently.
hacker
is any person who uses computers to gain access to computer systems, networks, or data.
Vishing
is the exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Authentication
is the process of verifying who someone or something is. A real-world example of authentication is logging into a website with your username and password.
Encryption
is the process of converting data from a readable format to an encoded format.
Physical controls
refer to measures put in place to prevent physical access to protected assets, such as surveillance cameras and locks.
Scope
requires organizations to identify people, assets, policies, procedures, and technologies that might impact an organization's security posture
Examples of security domains include
security and risk management and security architecture and engineering.
The morris worm
spread globally within a couple of months due to users inserting a disk into their computers that was meant to track illegal copies of medical software. 0 / 1 point
supply-chain attack
targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed.
. Defense in depth means
that an organization should have multiple security controls that address risks and threats in different ways.
Biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
Web Application Security Project, or OWASP,
to minimize the attack surface area. An attack surface refers to all the potential vulnerabilities that a threat actor could exploit, like attack vectors, which are pathways attackers use to penetrate security defenses
Keep security simple
when implementing security controls, unnecessarily complicated solutions should be avoided because they can become unmanageable.
detect
which means identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections.
separation of duties,
which can be used to prevent individuals from carrying out fraudulent or illegal activities.
security operations domain
which is focused on conducting investigations and implementing preventative measures. In this scenario, following company policies and procedures to stop the potential threat is an example of taking preventative measures.
risk assessment,
which is focused on identifying potential threats, risks, and vulnerabilities.
identify
which is related to the management of cybersecurity risk and its effect on an organization's people and assets
recover,
which is the process of returning affected systems back to normal operation.
protect
which is the strategy used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats.
respond
which means making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.
Security assessment and testing
which often involves regular audits of user permissions to make sure employees and teams have the correct level of access.