Fundamentals of Security Practice Flashcards

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/48

flashcard set

Earn XP

Description and Tags

Vocabulary flashcards covering the fundamentals of security, including controls, threat actors, motivations, and network protocols based on the lecture notes.

Last updated 9:25 PM on 6/30/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

49 Terms

1
New cards

Technical Controls

Technologies, hardware, and software mechanisms implemented to manage and reduce risks, such as anti-virus software, firewalls, and encryption.

2
New cards

Managerial Controls

Also known as administrative controls, these involve strategic planning and governance, including risk assessments and security policies.

3
New cards

Operational Controls

Procedures and measures designed to protect data on a day-to-day basis, governed by internal processes and human actions like backup procedures and user training.

4
New cards

Physical Controls

Tangible, real-world measures taken to protect assets, such as surveillance cameras, biometrics, and security guards.

5
New cards

Preventive Controls

Proactive measures implemented to thwart potential security threats or breaches, such as a firewall.

6
New cards

Deterrent Controls

Controls intended to discourage potential attackers by making the effort seem less appealing, such as a warning sign or banner on a website.

7
New cards

Detective Controls

Measures that monitor and alert organizations to malicious activities as they occur, such as an Intrusion Detection System or the detection part of anti-virus software.

8
New cards

Corrective Controls

Measures designed to mitigate damage and restore systems to their normal state, such as the quarantine and removal functions of anti-virus software.

9
New cards

Compensating Controls

Alternative measures implemented when primary security controls are not feasible, such as using a VPN for WPA2 when WPA3 is unavailable.

10
New cards

Directive Controls

Controls that guide, inform, or mandate actions, often rooted in policy or documentation like an Acceptable Use Policy.

11
New cards

CIA Triad

The three pillars of security: Confidentiality, Integrity, and Availability.

12
New cards

Confidentiality

Ensures that information is only accessible to those with appropriate authorization; it should always be linked with encryption.

13
New cards

Integrity

Ensures that data remains accurate and unaltered unless modification is required; it should always be linked with hashing.

14
New cards

Availability

Ensures that information and resources are accessible and functional when needed by authorized users.

15
New cards

Non-repudiation

Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved, such as an e-sign on an email.

16
New cards

Authentication

The process of verifying the identity of a user or system.

17
New cards

Authorization

The process that defines what actions or resources a user can access.

18
New cards

Accounting

The act of tracking user activities and resource usage, typically for audit or billing purposes.

19
New cards

Risk Management

The process of controlling known vulnerabilities by mitigating, transferring, avoiding, or accepting the risk.

20
New cards

Zero Trust

A security model operating on the principle that no one inside or outside the organization should be trusted by default.

21
New cards

Control Plane

A component of Zero Trust that dictates policies and procedures, featuring adaptive identity, threat scope reduction, and policy-driven access control.

22
New cards

Data Plane

A component of Zero Trust focused on executing policies, involving the subject/system, policy engine, and policy enforcement points.

23
New cards

Information Security

The act of protecting data and information itself from unauthorized access or disruption, rather than the device holding it.

24
New cards

Information Systems Security

The act of protecting the devices and systems that hold and process critical data, such as computers or network devices.

25
New cards

Misinformation

Inaccurate information shared unintentionally.

26
New cards

Disinformation

The intentional spread of false information to deceive or mislead.

27
New cards

Unskilled Attackers

Individuals with limited technical expertise who use scripts or exploits to perform attacks.

28
New cards

Hacktivists

Cyber attackers who perform attacks to draw attention to a cause or promote a political agenda.

29
New cards

Organized Crime

Groups that execute cyberattacks primarily for financial gain using methods like ransomware and identity theft.

30
New cards

Nation-state Actors

Highly skilled, government-sponsored attackers who engage in cyber espionage, sabotage, or warfare.

31
New cards

Insider Threats

Security threats that originate from individuals within the organization.

32
New cards

Shadow IT

IT systems, software, or services used within an organization without official organizational approval.

33
New cards

Honeypots

Decoy systems designed to attract and deceive attackers to study their methods.

34
New cards

Honeytokens

Fake data, such as fake user credentials, used to alert administrators when accessed or used.

35
New cards

Data Exfiltration

The unauthorized transfer of data from a computer, often involving PII or trade secrets.

36
New cards

False Flag Attack

An attack orchestrated to appear as if it originated from a different source to mislead investigators.

37
New cards

Identity Fraud

Using a person's personal information without authorization to commit a crime or deceive others, such as using a victim's credit card number.

38
New cards

Identity Theft

Using someone else's identity as one's own, such as using another person's Social Security number to apply for a job.

39
New cards

DNS Cache Poisoning

Also known as DNS Spoofing, it corrupts a resolver's cache with false information to redirect users to malicious websites.

40
New cards

Port 20/2120/21

FTP (File Transfer Protocol)

41
New cards

Port 2222

SSH (Secure Shell)

42
New cards

Port 2323

Telnet (not secure)

43
New cards

Port 2525

SMTP (Simple Mail Transfer Protocol)

44
New cards

Port 5353

DNS (Domain Name System)

45
New cards

Port 8080

HTTP (Hypertext Transfer Protocol)

46
New cards

Port 443443

HTTPS (HTTP Secure)

47
New cards

Port 110110

POP3 (Post Office Protocol)

48
New cards

Port 143143

IMAP (Internet Message Access Protocol)

49
New cards

Port 33893389

RDP (Remote Desktop Protocol)