comptia security+ 701 : the important terms

Preventive Controls

Prevent security incidents from occurring.

Deterrent Controls

Discourage potential attackers from attempting to compromise a system.

Detective Controls

Detect and alert on security incidents as they occur.

Corrective Controls

Correct and mitigate the impact of security incidents.

Compensating Controls

Security measures implemented to provide an alternative method of protecting assets when standard controls are not feasible.

Directive Controls

Specify acceptable practices and expected behavior.

CIANA

Confidentiality, Integrity, Non-Repudiation, Authentication

Gap Analysis

Strategic tool used to compare an organization’s capabilities with its desired potential, identifying the "gap" between the two

Honeypot

Decoy system or resource designed to attract and deceive attackers, appearing to be a legitimate part of the network. Monitored to gather information about the tactics, techniques, and motives an attacker may use.

Honeynet

A network of honeypots that interconnect to create a larger and more realistic environment for attracting and monitoring attackers.

Honeyfile

File or document intentionally created and placed in network to act as bait for attackers.

Honeytoken

Piece of data or credential that is intentionally placed within an information system to serve as a decoy or indicator of unauthorized access.

Non-Repudiation

Security principle ensuring that a party cannot deny the authenticity of their signature on a document or the sending of a message that they originated, usually achieved through the use of cryptographic methods, such as digital signatures and public key infrastructure.

PTZ

Pan Tilt Zoom

Five Factors Of Authentication

Something you know, something you have, something you are, something you do, somewhere you are.

FRR

False Rejection Rate.

Chiper Locker

Mechanical locking mechanism that uses a mechanical keypad for entry

Infrared Sensor

An electronic device that emits or detects infrared radiation to detect surroundings, such as motion, proximity, or temperature.

Microwave Sensor

An active electronic device that emits high-frequency electromagnetic pulses to catch motion or presence by measuring reflected signals based on the Doppler effect

Ultrasonic Sensor

Device that measures distance or detects objects by emitting high-frequency sound waves (ultrasound) beyond human hearing and measuring the time it takes for the echo to reflect back.

Shadow IT

A type of threat actor that creates internal threats involving the use of systems, devices, software, applications, and services that are used within an organization without explicit approval or knowledge of the organization’s IT department.

Social Proof

A psychological and social phenomenon where individuals copy the actions of others in an attempt to reflect correct behavior for a given situation. This concept is often exploited in social engineering attacks.

Typosquatting

A form of cyber-attack where malicious actors register domain names that are similar to legitimate websites, often differing by a small typo or misspelling.

Watering Hole Attack

A type of cyber-attack in which attacjers compromise a specific website or set of websites that are frequently visited by a particular group, organization, or industry. The goal is to infect the visitors of these sites with malware.

Phishing

A cyber-attack where attackers send fraudulent emails or messages pretending to be from reputable sources to trick individuals into revealing sensitive information, such as usernames, passwords, and credit card details.