The Language of Cybersecurity

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Key loggers

They are software programs or devices designed to secretly monitor and log all keystrokes.

Computer Emergency Response Team (CERT)

A computer emergency response team is a historic term for an expert group that handles computer security incidents.

Security Operations Center (SOC)

A security operations center is a centralized unit that deals with security issues on an organizational and technical level.

Internet Service Provider (ISP)

An Internet Service Provider (ISP) is the industry term for the company that is able to provide you with access to the Internet, typically from a computer.

MITRE Common Vulnerabilities and Exposures

CVE is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

CIA Triad

Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.

Disaster Recovery Plan

Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

Ethical hacking

Ethical hacking is a structured hacking performed to expose vulnerabilities in a system, using tools and techniques with the organization's' knowledge

Hacktivism

Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.

Cybersecurity Framework

Identify, Protect, Detect, Respond, Recover

Proxy server

In computer networking, a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources.

Vulnerability

It's a flaw in a system that can expose the system to attack.

PII and PHI

PII is personally identifiable information and PHI is personal health information

Smishing

Phishing through texting

Network segmentation

Segmentation divides a computer network into smaller parts. The purpose is to improve network performance and security.

Third parties

Threats that are created from third party systems. This could be supply chain attacks, third-party vendor errors, and regulation issues.

Hacker

a person who uses computers to gain unauthorized access to data.

Protocols

a system of rules that allow two or more entities of a communications system to transmit information via any kind of variation of a physical quantity.

Procedural control

incident response processes, management oversight, security awareness and training;

Data

unauthorized access and retrieval of sensitive information by an individual, group, or software system

Data breach

unauthorized access and retrieval of sensitive information by an individual, group, or software system

Faraday Cage - an EMP pulse-proof environment

A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields.

Botnet

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allows the attacker to access the device and its connection.

CISO

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Worm

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.

Cyber insurance policies

A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.

Denial of Service Attack

A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.

Master boot record

A master boot record is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond.

Digital device

A physical unit of equipment that contains a computer or microcontroller. Today, myriad devices are digital including a smartphone, tablet and smartwatch.

Port scanning

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

Risk Register

A risk register is a document used as a risk management tool and to fulfill regulatory compliance acting as a repository for all risks identified and includes additional information about each risk, e.g. nature of the risk, reference and owner, mitigation measures.

Router

A router is a networking device that forwards data packets between computer networks.

Signature

A signature, or digital signature, is a protocol showing that a message is authentic.

Vulnerability assessment

A vulnerability assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system

Zero-day

A zero-day vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.

Advanced Persistent Threats (APTs)

An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.

Electromagnetic pulse (EMP)

An electromagnetic pulse (EMP) and a geomagnetic disturbance (GMD) can damage significant portions of the Nation's critical infrastructure.

Intrusion Detection System (IDS)

An intrusion detection system is a device, or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.

Intrusion Prevention Systems (IPS)

An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.

Operating system

An operating system is system software that manages computer hardware, software resources, and provides common services for computer programs.

Authentication

Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity.

Business Continuity Plan

Business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.

Cyber risk

Cyber risk commonly refers to any risk of financial loss, disruption or damage to the reputation of an organization resulting from the failure of its information technology systems.

Disruption - realized risk

Cyber-attack and disruption is a hazardous threat arising from intentional or unintentional incidents that cause a breach in security, damage to digital devices and networks, or a network outage.

Control

Cybersecurity controls are the countermeasures that companies implement to detect, prevent, reduce, or counteract to security risks.

Cybersecurity

Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.

DMZ

In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet.

Honeypot

In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

Trojan

In computing, a Trojan horse, or trojan, is any malware which misleads users of its true intent.

Firewall

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Cipher

In cryptography, a cipher is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure.

Encryption

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.

Buffer overflow

In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.

Script Kiddies

In programming and hacking cultures, a script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites.

Incident Response

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

Industrial Control Systems

Industrial control system is a general term that encompasses several types of control systems and associated instrumentation used for industrial process control.

Kevin Mitnick

Kevin David Mitnick is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes.

Malware

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.

Multi-factor authentication

Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.

Operational resilience

Operational resilience is the ability of an organization to continue to provide business services in the face of adverse operational events by anticipating, preventing, recovering from, and adapting to such events.

Outsourcing

Outsourcing is an agreement in which one company hires another company to be responsible for a planned or existing activity that is or could be done internally, and sometimes involves transferring employees and assets from one firm to another.

Patches and patch management

Patch management is the process that helps acquire, test, and install multiple patches on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining what patches are the appropriate ones

Phishing

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Polymorphic malware

Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection.

Privileged Account or Access Management

Privileged access is a type of administrative or super-user access that allows for the full control of critical computer systems and applications anywhere, and at any time. It is a set of policies, processes and tools that protect, manage, and monitor privileged access, users, and credentials.

Public key encryption

Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.

Quantum computing

Quantum computing is the use of quantum phenomena such as superposition and entanglement to perform computation. Computers that perform quantum computations are known as quantum computers.

Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.

Cybersecurity Attack Stages

Reconnaissance: Hackers begin by researching you or your company online—gathering names, titles, and email addresses of people who work for the organization. Weaponization: In this phase, the hacker uses the information that they gathered in the previous phase to create the things they will need to get into the network. Delivery: Phishing e-mails are sent to the people researched, or Watering Hole web pages are posted to the Internet and the attacker waits for all the data they need to start rolling in. Exploitation: As usernames and passwords arrive, the hacker tries them against web-based e-mail systems or VPN connections to the company network. Installation: If someone were to click on a link to a phishing email, the malicious software takes root or the malware inadvertently downloads. Command & Control: Once the malicious code has been installed, the hacker now has access to the entire network or administrator accounts. Action on objective: Now that the hacker is in control, they can extract whatever information they've been targeting.

Risk Analysis

Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. This process is done in order to help organizations avoid or mitigate those risks.

Risk Management

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Secure Configuration

Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.

Tailgating

Social engineering attack where hackers trick employees into giving them unauthorized access to their systems - can be online and in-person

Spear Phishing

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.

STRIDE threat model (Microsoft)

Spoofing (impersonating something or someone else), Tampering (modifying data or code), Repudiation (claiming to have not performed an action), Information Disclosure (exposing information to someone not authorized to see it), Denial of Service (deny or degrade service to users), Elevation of Privilege (gain capabilities without proper authorization)

Spoofing

Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.

Spyware

Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user

Cybersecurity and Infrastructure Security Agency (CISA)

The CISA is a standalone U.S. federal agency, an operational component under Department of Homeland Security oversight. It was established recently in November 2018, when President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act The CISA leads the effort to enhance the security, resiliency, and reliability of the Nation's cybersecurity and communications infrastructure. It is essentially the Nation's risk advisor, working with partners to defend against today's threats, while collaborating to build more secure and resilient infrastructure for the future.

FAIR risk management

The FAIRTM quantitative risk analysis model defines the necessary building blocks for implementing effective cyber risk management programs. Being able to quantify cyber risk is at the core of any such program.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

Internet protocol (IP)

The Internet Protocol (IP) is a protocol, or set of rules, for routing and addressing packets of data so that they can travel across networks and arrive at the correct destination.

Internet of Things (IOT)

The Internet of Things describes the network of physical objects—"things"—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.

NIST

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. FRAMEWORK: identify, protect, detect, respond, recover

Attack surface

The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment.

Attack vector

The path of the threat in impacting an asset.

Perimeter test

The perimeter is the border between one network and another. A security perimeter can be defined as placing the necessary safeguards at the end of a privately owned network to secure it from hackers

Social engineering

The practice of gaining access to a secure system by tricking insiders into giving away access. Often the first step in a social-engineering-driven attack is sending fake emails that appear to be very real (phishing).

Technical controls

The security controls for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Risk

The term business risks refers to the possibility of a commercial business making inadequate profits due to uncertainties

Single point of accountability

This concept is that the person who has the authority to delegate something will hold one single individual accountable for the results.

Transport Layer Security (TLS) protocol

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.

Vishing

Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. It is sometimes referred to as 'vishing' - a portmanteau of "voice" and phishing.

Dark web

Websites that are not indexed by search engines like Google and can only be accessed covertly. The Dark Web is usually used by individuals who want their dealings to remain purely anonymous. Also known as the Deep Web.

Default accounts

When an organization gives a user a temporary password/login that is often very simple and unsecure.

Host-based versus Network-based defense

While Network Based Firewall filters traffic going from Internet to secured LAN and vice versa, a host based firewall is a software application or suite of applications installed on a single computer and provides protection to the host.

Virus

a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.

Defense in depth

a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.

Data loss prevention (DLP)

a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users

Red Teams, Blue Teams, and Black and White Hats

black hat: a hacker who hacks for personal gain and engages in illegal activities in the process. Often black hats sell information about security flaws they discover to the highest bidder; white hat: a hacker who hacks with the aim of patching vulnerabilities and protecting secure systems. White hats often hand over information about week spots in companies' defenses and software to the companies themselves so they can be fixed.

Singularity

is a hypothetical point in time at which technological growth becomes uncontrollable and irreversible, resulting in unforeseeable changes to human civilization.

Threat actors

is a participant (person or group) in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks.

Nonrepudiation

is the assurance that someone cannot deny the validity in something. It is widely used in information security to refer to a service, which provides proof of the origin and integrity of the data.


Set pelajaran terkait

Abdominal Sonography Mock Registry Exam D19

View Set

A&P: ch.9 Endocrine system Study module

View Set

Ch 29: Growth and Development of the Adolescent

View Set