Sec+ - Mod02 - Threat Management and Cyber Security Resources
Cloud Controls Matrix
is a specialized framework of cloud-specific security controls.
ISO 27002
A "code of practice" for information security management within an organization and contains 114 different control recommendations.
Payment Card Industry Data Security Standard (PCI DSS)
A compliance standard to provide a minimum degree of security for handling customer card information.
adversary tactics, techniques, and procedures (TTP)
A database of the behavior of threat actors and how they orchestrate and manage attacks.
Standard
A document approved through consensus by a recognized standardization body.
fusion center
A formal repository of information from enterprises and the government used to share information on the latest attacks.
vulnerability scan
A frequent and ongoing process, often automated, that continuously identifies vulnerabilities and monitors cybersecurity progress.
NIST Risk Management Framework (RMF)
A guidance document designed to help organizations assess and manage risks to their information and systems.
NIST Cybersecurity Framework (CSF)
A measuring stick against which companies can compare their cybersecurity practices relative to the threats they face.
bug bounty
A monetary reward given for uncovering a software vulnerability.
Center for Internet Security (CIS)
A nonprofit community-driven organization.
Common Vulnerability Scoring System (CVSS)
A numeric rating system of the impact of a vulnerability.
White box
A penetration testing level in which the testers are given full knowledge of the network and the source code of applications.
Gray box
A penetration testing level in which the testers are given limited knowledge of the network and some elevated privileges.
Black box
A penetration testing level in which the testers have no knowledge of the network and no special privileges.
White Team
A penetration testing team that enforces the rules of the penetration testing.
Blue Team
A penetration testing team that monitors for Red Team attacks and shores up defenses as necessary.
Purple Team
A penetration testing team that provides real-time feedback between the Red and Blue Teams to enhance the testing.
Red Team
A penetration testing team that scans for vulnerabilities and then exploits them.
Log
A record of events that occur.
European Union General Data Protection Directive (GDPR)
A regulation regarding data protection and privacy in the European Union and the European Economic Area (EEA).
credentialed scan
A scan in which valid authentication credentials, such as usernames and passwords, are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials.
framework
A series of documented processes used to define policies and procedures for implementation and management of security controls in an enterprise environment.
SSAE SOC 2 Type II
A standard for reports on internal controls report that reviews how a company safeguards customer data and how well those controls are operating.
SSAE SOC 2 Type III
A standard for reports on internal controls that can be freely distributed.
ISO 31000
A standard that contains controls for managing and controlling risk.
ISO 27001
A standard that provides requirements for an information security management system (ISMS).
Security Orchestration, Automation and Response (SOAR)
A tool designed to help security teams manage and respond to the very high number of security warnings and alarms by combining comprehensive data gathering and analytics in order to automate incident response.
Security Information and Event Management (SIEM)
A tool that consolidates real-time security monitoring and management of security information with analysis and reporting of security events.
Common Vulnerabilities and Exposures (CVE)
A tool that identifies vulnerabilities in operating systems and application software.
penetration testing
A type of test that attempts to exploit vulnerabilities just as a threat actor would.
intrusive scan
A vulnerability scan that attempts to employ any vulnerabilities which it finds, much like a threat actor would.
nonintrusive scan
A vulnerability scan that does not attempt to exploit the vulnerability but only records that it was discovered.
non-credentialed scan
A vulnerability scan that provides no authentication information to the tester.
zero day
A vulnerability that is exploited by attackers before anyone else even knows it exists.
unmanned aerial vehicle
An aircraft piloted by remote control or onboard computers.
log reviews
An analysis of log data.
reference architecture
An authoritative source of information.
war flying
An efficient means of discovering a Wi-Fi signal using drones.
configuration review
An examination of the software settings for a vulnerability scan.
ISO 27701
An extension to ISO 27001 and is a framework for managing privacy controls to reduce the risk of privacy breach to the privacy of individuals.
Cloud Security Alliance (CSA)
An organization whose goal is to define and raise awareness of best practices to help secure cloud computing environments.
Drone
An unmanned aerial vehicle (UAV).
Maneuvering
Conducting unusual behavior when threat hunting.
vulnerability feeds
Cybersecurity data feeds include that provide information on the latest vulnerabilities.
threat feeds
Cybersecurity data feeds that provide information on the latest threats.
active reconnaissance
Directly probing for vulnerabilities and useful information.
request for comments (RFC)
Documents that are authored by technology bodies employing specialists, engineers, and scientists who are experts in those areas.
false negative
Failure to raise an alarm when there is a problem.
footprinting
Gathering information from outside the organization.
benchmark/secure configuration guides
Guidelines for configuring a device or software usually distributed by hardware manufacturers and software developers.
platform/vendor-specific guides
Guidelines that only apply to specific products.
rules of engagement
Limitations or parameters in a penetration test.
user behavior analysis
Looking at the normal behavior of users and how they interact with systems to create a picture of typical activity.
lateral movement
Moving through a network looking for additional systems threat actors can access from their elevated position.
privilege escalation
Moving to more advanced resources that are normally protected from an application or user.
threat hunting
Proactively searching for cyber threats that thus far have gone undetected in a network.
open source intelligence (OSINT)
Publicly accessible information.
false positive
Raising an alarm raised when there is no problem.
Cleanup
Returning all systems back to normal following a penetration test.
war driving
Searching for wireless signals from an automobile or on foot while using a portable computing device.
passive reconnaissance
Searching online for publicly accessible information.
Regulations
Standards typically developed by established professional organizations or government agencies using the expertise of seasoned security professionals.
Persistence
The determination, resolve, and perseverance necessary for performing a successful penetration test.
sentiment analysis
The process of computationally identifying and categorizing opinions, usually expressed in response to textual data, in order to determine the writer's attitude toward a particular topic.
Pivot
Turning to other systems to be compromised.
