NS Module 1
Authentication
A method for confirming users' identities
Advanced Persistent Threat (APT)
A network attack in which an intruder gains access to a network and stays there undetected with the intention of stealing data over a long period of time.
Serafina is studying to take the Security+ certification exam. Which of the following of the CIA elements ensures that only authorized parties can view protected information? A. Confidentiality B. Integrity C. Availability D. Credentiality
A. Confidentiality Explanation: Confidentiality ensures that only authorizedparties can view the information. Providing confidentiality caninvolve several different security tools, ranging from softwareto encrypt the credit card number stored on the web server todoor locks to prevent access to those servers.
Threat Actor
An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.
Cyberterrorists
Attack a nation's network and computer infrastructure to cause disruption and panic among citizens
zero-day attack
Attack between the time a software vulnerability is discovered and a patch to fix the problem is released.
What is another name for "attack surface"? A. Vulnerability exposure B. Threat vector C. Legacy platform D. Attack floor
B. Threat vector Explanation: An attack surface, also called a threat vector, is a digital platform that threat actors target for their exploits.
What is considered the motivation of an employee who practices shadow IT? A. Deception B. Ignorance C. Ethical D. Malicious
C. Ethical Explanation: The process of bypassing corporate approval for technology purchases is known as shadow IT. The employee's motivation is often ethical (it has sound moral principles) but nevertheless weakens security.
operational
Controls implemented and executed by people
Technical
Controls incorporated as part of hardware, software, or firmware
Physical
Controls that implement security in a defined structure and location
Managerial
Controls that use administrative methods
Insider Threats
Current or former employee, contractor or other partner that has or had authorized access and intentionally misused that access
Nation-State Actors
Government-sponsored attacker that launches computer attacks against their enemies.
Hacktivists
Hackers who are driven by a cause like social change, political agendas, or terrorism
Competitors
Launch attack against an opponent's system to steal classified information
Brokers
Sell their knowledge of a weakness to other attackers or governments
Data breach
Stealing data to disclose it in an unauthorized fashion
Data Exfiltration
Stealing data to distribute it to other parties.
Identity theft
Taking personally identifiable information to impersonate someone
Shadow IT
The process of bypassing corporate approval for technology purchases
Information security
The protection of information from accidental or intentional misuse by persons inside or outside an organization
Organized Crime
The work of a group that regulates relations among criminal enterprises involved in illegal activities, including prostitution, gambling, and the smuggling and sale of illegal drugs.
Data feeds
are continually maintained databases of the latest cybersecurity incidences
Requests for comments
are document "white papers" that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas
Benchmarks/secure configuration guides
are usually distributed by hardware manufacturers and software developers
Accounting
creates a record that is preserved of who accessed the network, what resources they accessed, and when they disconnected from the network
Integrity
ensures that information is correct and unaltered
Unskilled Attackers
individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
Attack surface
is a digital platform that threat actors target for their exploits
supply chain
is a network that moves a product from its creationto the end-user
framework
is a series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment
vulnerability
is the state of being exposed to the possibility of being attacked or harmed
Data loss
occurs when information on a storage device is damaged or made unusable
Availability
security actions that ensure that data is accessible to authorized users.
Confidentiality
the assurance that messages and information are available only to those who are authorized to view them
Authorization
the process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space
Security
the state of being free from danger or threat
Cybersecurity
the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.
Open Source Software (OSS)
which is software where the source code is available for anyone to freely use without restrictions
