CompTIA Security+ (SYO=0-701)
Honeyfiles
decoy files placed within systems to detect unauthorized access or data breaches
Virus
malicious software that attaches to clean files and spreads into a computer system
Social Engineering
manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces
Security Controls
measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data
Checksums
method to verify the integrity of data during transmission
Corrective controls
mitigate any potential damage and restore the systems to their normal state
Technical Controls
the technologies, hardware, and software mechanisms that are implemented to manage and reduce risks - firewalls, encryption processes, intrusion detection systems
Shadow IT
the use of information technology systems, devices, software, applications, and services w/o explicit organizational approval
Adaptive Identity
use adaptive identities that rely on real time validation that takes into account the user's behavior, device, location, and more
digital signatures
use encryption to ensure integrity and authenticity - created by first hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user's private key using asymmetric encryption
Spear Phishing
used by cybercriminals who are more tightly focused on a specific group of individuals or organizations
Organized Crime
well-structured groups that execute cyber-attacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud
Gap analysis steps
1. define the scope of the analysis 2. gather data on the current state of the organization 3. analyze the data to identify gaps 4. Develop a plan to bridge the gap
Malware
Any software that is designed to infiltrate a computer system without the user's knowledge
Smishing (SMS Phishing)
Attack that uses text messages to deceive individuals into sharing their personal information
Brute Force
Attack where access to a system is gained by trying all of the possibilities until breaking through
Triple A's of Security
Authentication, Authorization, and Accounting
C.I.A Triad
Confidentiality, Integrity, Availability - 3 pillars of security
Hacktivists
Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause
Logic Bombs
Embed code placed in legitimate programs that executes a malicious action when a specific condition or trigger occurs
Policy-Driven Access Control
Entails developing, managing, and enforcing user access policies based on their roles and responsibilities
Data Controller
Entity that holds responsibility for deciding the purposes and methods of data storage, collection, and usage, and for guaranteeing the legality of processes
Honeytokens
Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used
Data Steward
Focused on the quality of the data and the associated metadata
Phishing
Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers
Nation-State Actors
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries
Data Sovereignty
Information is subject to the laws and governance structures within the nation it is collected
Threat Scope Reduction
Limit the users' access to only what they need for their work tasks
Hoax
Malicious deception that is often spread through social media, email, or other communication channels
Backdoors
Malicious means of bypassing normal authentication processes to gain unauthorized access to a system
Trojans
Malicious programs which appear to be legitimate software that allow unauthorized access to a victim's system when executed
Rootkits
Malicious tools that hide their activities and operate at the OS level to allow for ongoing privileged access
Botnet
Network of zombies and are often used for DDoS attacks, spam distribution, or cryptocurrency mining
Service Disruption
Often achieved by conducting a Distributed Denial of Service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users
Vishing (Voice Phishing)
Phone based attack in which the attacker deceives victims into divulging, personal or financial information
Baiting
Planting a malware infected device for victim to find an unintentionally introduced malware to their organizations system
Internet Protocol Security (IPSec)
Protocol suite used to secure IP communications by authenticating and encrypting each IP packet in a data stream
Social Proof
Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations
Keyloggers
Record a user's keystrokes and are used to capture passwords or other sensitive information
Data at rest
Refers to any data stored in databases, file systems, or other storage systems
Data in use
Refers to data in the process of being created, retrieved, updated, or deleted
Spyware
Secretly monitors and gathers user information or activities and sends data to third parties
Brand impersonation
Specific form of impersonation where an attacker pretends to represent a legitimate company or brand
Watering Hole Attacks
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use
Categories of security controls
Technical, Managerial, Operational, and Physical
DLL Injection
Technique used to run arbitrary code within the address space of another process by forcing it to load a dynamic-link library
Virtual Private Network
Technology that creates a secure connection over a less secure network (Internet)
Control Plane
The overarching framework and set of components responsible for defining, managing, and enforcing the policies related to user and system access within an organization
Data Exfiltration
Unauthorized transfer of data from a computer
Bloatware
Unnecessary or preinstalled software that consumes system resources in space, without offering any value to the user
Policy Administrator
Used to establish and manage the access policies
Typosquatting
a form of cyber-attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical errors - also known as URL hijacking or cyber-squatting
Ransomware
a type of malicious software designed to block access to a computer system until a sum of money is paid.
Information Security
act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, corruption, and destruction - the data the systems are holding, not the systems themselves
Information Systems Security
act of protecting the systems that hold and process the critical data - computer. a server, a network device - devices that hold the data
Policy Enforcement Point
allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks
Compensating Controls
alternative measures that are implemented when primary security controls are not feasible or effective
Threat Actors
an Indvidual or entity responsible for incidents that impact security and data protection
Zombies
compromised computers that are remotely controlled by attackers and used in coordination to form a botnet
Control Plane
consists of adaptive identity, threat scope reduction, policy-driven access control, and secured zones
Honeynets
creates an entire network of decoy systems to observe complex, multi-stage attacks
Intellectual Property
creations of the mind, such as inventions; literary and artistic works; designs; and symbols
Policy Engine
cross references the access request with its pre defined policies
Honeypots
decoy systems or services designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques
5 methods to ensure conidentiality
encryption, access controls, data masking, physical security measures, training and awareness
Ransomware
encrypts a user's data and holds it hostage until a ransom is paid to the attacker for decryption
Data plane
ensures that policies and procedures are properly executed
Data Plane
focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points
Whaling
form of spear phishing that targets high-profile individuals, like CEOs or CFOs
Data Processor
group or individual hired by the data controller to help with tasks like collecting, storing, or analyzing data
non-repudiation
guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved - focused on providing undeniable proof in digital transactions
5 methods to ensure data integrity
hashing, digital signatures, checksums, access controls, regular audits
Integrity
helps to ensure information and data remain accurate and unchanged from their original state unless intentionally modified by an authorized individual
Unskilled attackers
individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
Managerial Controls
involve the strategic planning and governance side of security - security policies, training programs, and incident response strategies
Espionage
involves spying on individuals, organizations, or nations to gather sensitive information or classified information
Piggybacking
involves two people, with and without access, entering a secure area
detective controls
monitor and alert organizations to malicious activities as they occur or shortly thereafter
Directive controls
often rooted in policy or documentation and set the standards for behavior within an organization
Preventive controls
proactive measures implemented to thwart potential security threats or breaches
Operational Controls
procedures and measure that are designed to protect data on day-to-day basis and are mainly governed by internal processes and human actions - backup procedures, account reviews, user training programs
Hashing
process of converting data into a fixed-size value
Gap analysis
process of evaluating the differences between an organization's current performance and its desired performance
Data in Transit/Data in Motion
refers to data actively moving from one location to another, such as across the internet or through a private network
Data Soverignty
refers to the concept that digital information is subject to the laws of the country in which it is located
Subject/System
refers to the individual or entity attempting to gain access to
Bollards
short, sturdy vertical posts designed to control or prevent access to an area or structure
Worms
standalone malware programs that replicate and spread to other systems by exploiting software vulnerabilities
Physical Controls
tangible, real-world measures taken to protect assets
Hashing
technique that converts data into a fixed size of numerical or alphanumeric characters, known as a hash value
Blackmail
the attacker obtains sensitive or compromising information about an Indvidual or an organization and threatens to release this info to the public unless certain demands are met
Doxxing
the public release of private information about an individual or organization
C.I.A.N.A
Confidentiality Integrity Availability Non-repudiation Authentication
Transport Layer Security (TLS)
Cryptographic protocols designed to provide secure communication over a computer network
GDPR
General Data Protection Regulation
Secured Zones
Isolated environments within a network that are designed to house sensitive data
Data Ownership
Process of identifying the person responsible for the confidentiality, integrity, availability, and privacy of the information assets
accounting
act of tracking user activities and resource usage, typically for audit or billing purposes
Business Email Compromise (BEC)
advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker
Deterrent Controls
aim to discourage potential attackers by making the effort seem less appealing or more challenging
