Bus 399 Harrison Final
BCP
Business continuity plan. Prioritizes the functions an organization needs to keep going.
National Institute of Standards and Technology (NIST)
A US agency whose mission is to "promote US innovation by advancing measurement science, standards, and tech in ways that enhance economic security and improve our quality of life."
White-box testing
Test methods based on existing knowledge of the application's and source code.
AWS Root user credentials
The AWS Root user is the initial user account created when an AWS account is first set up. This user has complete access to all AWS services and resources in the account. Root user credentials consist of an email address and password used to sign in to the AWS Management Console. The Root user has full administrative privileges, which means they have access to all AWS resources and services.
Screened subnet (DMZ)
The DMZ is a semiprivate network used to host services that the public can access. Thus, users are allowed limited access from the internet to systems in the DMZ but are blocked from gaining direct access from the internet to the private network by a secure network.
Decryption
The act of unscrambling ciphertext into plaintext
Chain of Custody
The continuity of control of evidence that makes it possible to account for all that has happened to evidence between collection and appearance in court.
False negative
The other type of monitoring error is a failure of the control to catch suspicious behavior. Results from the failure of an alarm system to detect a serious event.
Crossover error rate (CER)
The point where a biometric devices sensitivity returns false rejections and false acceptance equally
DRP
Dr.Pepper. Disaster recovery plan - based on the BCP. What must be done to recover in event of a failure.
EC2
Elastic Compute Cloud allows users to rent virtual servers, known as instances, in the cloud. It provides scalable computing capacity in the cloud and enables users to quickly launch, manage, and terminate virtual servers based on their computing needs.
Zero trust
Emphasizes the need to verify anyone and anything trying to connect to resources before granting access. In a Zero Trust model, no entity, whether inside or outside the network, is trusted by default.
AWS Client VPN
Enables users to securely access resources and applications in their AWS Virtual Private Cloud (VPC) or on-premises networks. It allows remote users to establish encrypted VPN connections to their AWS environment using VPN clients.
Virus
Executable computer program written to cause damage to a system, an application, or data. Replicates and generally involves a user action, some damage but all replicate.
Digital forensics
Focuses on the use of tech to investigate the facts leading up to and surround computer security incidents.
Microservices
Microservices is an architectural style and approach to software development where an application is built as a collection of small, independent, and loosely coupled services. Each service is designed to perform a specific function or task and communicates with other services through well-defined APIs (Application Programming Interfaces). This approach contrasts with the traditional monolithic architecture, where an entire application is built as a single, tightly integrated unit.
BIA
Part of the Business continuity plan. Stands for business impact analysis, and decides which computer uses are most important.
Open Systems Interconnection (OSI) Reference Model
Physical, DataLink, Network, Transport, Session, Presentation, Application
Infrastructure as a Service (IaaS)
Provides users with physical or virtual machines, to which users load their own OS's.
Risk management strategy
Reduce Reduce : Reduction/Mitigation or Risk Transfer Transfer : Transference/Assignment of Risk Accept Accept : Acceptance of Risk Avoid Avoid : Avoidance of Risk
Sarbanes-Oxley Act (SOX)
Requires publicly traded companies to submit accurate and reliable financial reporting, requiring security controls to protect the reporting itself.
Botnet
Robotically controlled networks. Infected vulnerable machines that agents use to attack or disrupt networks and users.
SIEM
Security information and event management system. Helps organizations manage the explosive growth of their log files by providing a common platform to capture and analyze entries.
Worm
Self contained programs designed to propagate from one host machine to another using the network communication protocols. Do NOT need a host program to survive and replicate, unlike viruses.
CBF
Critical business function. If a CBF fails, normal operation ceases.
Types of authentications
1. Knowledge 2.Ownership 3.Characteristics 4.Action/Performance 5.Behavior 6.Location 7.Relationship
Penetration testing
A focused attack to exploit a discovered vulnerability. Identifies threats, bypassing controls, and exploiting vulnerabilities.
Media Access Control (MAC) address filtering
A means of restricting access to an object based on the object's classification and the user's security clearance.
Legal hold
A process that requires an organization to preserve and not alter evidence that may be used in court.
Reverse shell
A reverse shell attack is a type of cyber attack where an attacker establishes a connection from a victim's compromised system to an external command and control server controlled by the attacker. In this attack scenario, the attacker's machine acts as the server, and the compromised victim's machine acts as the client, hence the term "reverse shell."
Security policy and Security strategy
A security strategy is a comprehensive plan developed by an organization to proactively address its security needs and align security initiatives with its business objectives. Unlike a security policy, which provides specific guidelines and rules, a security strategy is more holistic and forward-looking. It encompasses the organization's overall approach to security
Payment Card Industry Data Security Standard (PCI DSS)
A standard for merchants and service providers regarding safeguarding the processing storage and transmission of cardholder data
Tripwire
A system that enables a user to watch computer systems of unauthorized changes and report them to administrations in real time.
Vulnerability
A weakness that allows a threat to be realized or to have an effect on an asset.
Federated identity
AWS Federated Identity allows users to access AWS resources securely without needing to create an IAM user for each person or system. It enables users to access AWS services using existing credentials from identity providers (IdPs) such as Active Directory, Facebook, Google, or an in-house identity system.
AWS User
AWS users are created by the Root user or other IAM administrators within the AWS account. AWS IAM users have specific and granular permissions assigned to them based on the principle of least privilege.
S3
Amazon S3 (Simple Storage Service) is a highly scalable, secure, and durable object storage service. It is designed to store and retrieve any amount of data from anywhere on the web.
Alert overload
An "alert overload" refers to a situation in which a system is flooded with a large number of alerts or notifications, often from various security or monitoring systems. This flood of alerts can overwhelm security teams or system administrators, making it challenging to identify and respond to genuine security incidents or critical events.
two-factor authentication (2FA)
An authentication method that uses two types of authentication credentials.
International Organization for Standardization (ISO)
An international, non-governmental organization with the goal of developing and publishing international standards.
Spyware
Any unsolicited background process that installs itself on a user's computer and collects information about the user's browsing habits and website activities.
Ransomware
Attacks and limits users to access important stored data and is encrypted.
Confidentiality, Integrity, Availability (CIA)
C : keeps info secret from unauthorized users, I : ensures that one one, even the sender, changes information after transmitting it, A : confirms the identity of the entity
Spam
Can contain viruses, congested networks and mail servers, wasting user time and productivity
hash functions
Checksum : summary information appended to a message to ensure that the values of the message have not changed Hash : like a checksum but operates so that a ford message will not result in the same hash as a legitimate message. Is usually a fixed size, acts like a fingerprint for data.
AWS CLI
Command Line Interface is a unified tool that allows users to interact with AWS services and manage their resources from the command line. It provides a set of commands for performing various tasks such as launching EC2 instances, managing S3 buckets, configuring IAM policies, and more, all without needing to use the AWS Management Console.
logical access control
Control access to a computer system or network. As an example, a username and password allow personnel to use an organization's computer system and network resources.
SOAR
Helps organizations respond to identified incidents and extends SIEM functionality. Security Orchestration, Automation, and Response System.
IAM Roles
IAM Roles are entities within AWS that define a set of permissions for making AWS service requests. Unlike IAM users, roles are not associated with a specific user or group; instead, they are assumed by trusted entities such as AWS services, applications, or external users. Roles are temporary and can be assumed by different entities, providing a way to delegate access across AWS accounts or services securely.
IAM Groups
Identity and Access Management Groups in AWS are logical collections of IAM users. They allow you to manage permissions for multiple users collectively, rather than assigning permissions to individual users one by one.
IAM
Identity and Access Management allows users to securely control access to AWS services and resources. IAM enables you to manage users, groups, roles, and their corresponding permissions within your AWS environment.
Least-privilege
It is the practice of granting users the minimum level of access or permissions they need to perform their job functions, and no more. This principle aims to reduce the risk of unauthorized access, data breaches, and accidental misuse of privileges within an organization's systems.
E-discovery
Iterative process of examining storage media, searching for items of interest, identifying likely items that may have value as evidence.
Log file
Journaled entries that provide info, such as who logged in, when, and what they accessed.
Trojan
Largest class of malware. Program that masquerades as a useful program while hiding malicious intent. Uses social engineering to get users to run the program.
Defense in Depth
Layered security defense into zones to increase the overall protection level and provide more reaction time to respond to incidents.
Load balancing for a website
Load balancing for a website is a technique used to distribute incoming network traffic across multiple servers or resources to ensure optimal performance, reliability, and availability of the website.
Malware
Malicious Software. A program that contains instructions that run on a computer system and perform operations that the user does not intend.
Rootkit
Malware that modifies or replaces one or more existing programs to hide the computer's compromised status. Often modifies the Operating System
MTD
Maximum Tolerable Downtime. The most time a business can survive without a specific core business function.
Hardened configuration
The state of a computer or device where you have turned off or disabled any unnecessary services and protect the running ones.
Evidence
Trails of damage or artifacts of what happened.
Functional Security policies
Unlike a comprehensive security policy that covers all aspects of security, a functional security policy focuses on specific areas or functions within the organization
SYN flood attack
Used as a form of DoS attacks. Uses IP Spoofing to send a large number of packets requesting connections - must reserve a place for each location in memory, which then never gets resolved, permanently taking up the memory as the ACK is never sent back.
STRIDE
Used in the field of computer security to categorize and understand different types of security threats or attacks that can affect software systems. Each letter in STRIDE represents a category of threat: S - Spoofing T - Tampering R - Repudiation I - Information Disclosure D - Denial of Service E - Elevation of privilege
7 Domains of IT Infrastructure
User, Workstation, LAN, LAN-WAN, WAN, Remote Access, System/Application
Black-box testing
Uses test methods that are not based directly on knowledge of a program's architecture or design.
VPC
Virtual Private Cloud. It allows users to create a logically isolated section of the AWS cloud where they can launch resources such as virtual machines (EC2 instances), databases, and storage solutions.
wireless encryption protocols
WPA, WPA2, WPA3. All require entering a shared secret key into the network configuration for every computer on the network in basic form. In advanced form you can replace the shared secret key by giving each user a unique username and password.
Reconnaissance
When an attacker gathers info about a network for use in a future attack
annualized loss expectancy (ALE)
annualized loss expectancy (ALE) : ALE = SLE (the loss when an incident happens) x ARO (likelihood)
exposure factor (EF)
exposure factor (EF) : percentage of the asset value that would be lost if an incident were to occur.
False acceptance rate
rate at which invalid subjects are accepted
False rejection rate
the rate at which valid subjects are rejected.
