Studied by 0 people
Looks like no one added any tags here yet for you.
Public key infrastructure (PKI)
A system that manages the creation, distribution, and revocation of digital certificates.
Public key
A cryptographic key that is used for encryption and verifying digital signatures in asymmetric encryption.
Private key
A cryptographic key that is used for decryption and creating digital signatures in asymmetric encryption.
Key escrow
A process where a trusted third party holds a copy of an encryption key.
Encryption
The process of converting plaintext into ciphertext to protect data confidentiality.
Full-disk encryption
The process of encrypting the entire disk to protect all data stored on it.
Partition encryption
The process of encrypting a specific partition on a disk.
File encryption
The process of encrypting individual files to protect their contents.
Volume encryption
The process of encrypting a logical volume, which can span multiple disks or partitions.
Database encryption
The process of encrypting a database to protect its contents.
Record encryption
The process of encrypting individual records within a database.
Transport/communication encryption
The process of encrypting data during transmission to ensure its confidentiality.
Asymmetric encryption
A cryptographic system that uses two different keys: a public key for encryption and a private key for decryption.
Symmetric encryption
A cryptographic system that uses the same key for both encryption and decryption.
Key exchange
The process of securely sharing encryption keys between parties.
Algorithms
Mathematical functions used in encryption and decryption processes.
Key length
The size of the encryption key, measured in bits.
Trusted Platform Module (TPM)
A hardware component that provides secure storage and cryptographic functions.
Hardware security module (HSM)
A physical device that generates, stores, and manages cryptographic keys.
Key management system
A system that handles the generation, storage, and distribution of cryptographic keys.
Secure enclave
A secure area within a processor that protects sensitive data.
Obfuscation
The process of making something unclear or difficult to understand.
Steganography
The process of hiding secret information within an innocent-looking carrier file.
Tokenization
The process of replacing sensitive data with a non-sensitive token.
Data masking
The process of modifying sensitive data to protect its confidentiality.
Hashing
The process of converting data into a fixed-size string of characters.
Salting
The process of adding random data to the input of a hash function to prevent precomputed attacks.
Digital signatures
A cryptographic mechanism to verify the authenticity and integrity of digital documents.
Key stretching
A technique to make a cryptographic key more resistant to brute-force attacks.
Blockchain
A distributed ledger that records transactions across multiple computers.
Open public ledger
A transparent and publicly accessible record of all transactions in a blockchain.
Certificates
Digital documents that bind a public key to an entity.
Certificate authorities
Entities that issue and sign digital certificates.
Certificate revocation lists (CRLs)
Lists of revoked digital certificates.
Online Certificate Status Protocol (OCSP)
A protocol for checking the revocation status of digital certificates.
Self-signed
A digital certificate that is signed by its own private key.
Third-party Certificate
A digital certificate that is signed by a trusted third-party certificate authority.
Root of trust
A trusted entity or component that forms the basis of a security system.
Certificate signing request (CSR) generation
The process of creating a request for a digital certificate.
Wildcard
A type of digital certificate that can be used for multiple subdomains.
Confidentiality
The principle of protecting data from unauthorized access.
Integrity
The principle of ensuring accuracy and completeness of data.
Availability
The principle of ensuring data is accessible when needed.
Non-repudiation
The ability to prove that a specific action or event occurred and that it was performed by a specific entity.
Authentication
The process of verifying the identity of individuals or systems.
Authorization
The process of granting or denying access rights based on authenticated identity.
Accounting
The process of tracking and recording activities for auditing purposes.
Gap analysis
The assessment of the difference between the current and desired state of security measures.
Zero Trust
A security model that requires continuous verification and authentication for all users and devices, assuming no trust by default.
Control Plane
The network component that manages access to resources and enforces security policies.
Adaptive identity
A control plane component that dynamically adjusts access privileges based on user behavior and context.
Threat scope reduction
A control plane technique that limits the exposure of resources to potential threats.
Policy-driven access control
A control plane approach that enforces access rules based on predefined policies.
Policy Administrator
A control plane component responsible for managing and defining security policies.
Policy Engine
A control plane component that evaluates and enforces security policies.
Data Plane
The network component that handles data traffic
Implicit trust zones
Data plane areas where trust is assumed, allowing communication without additional authentication.
Subject/System
Entities within the data plane that interact with each other.
Policy Enforcement Point
A data plane component that enforces security policies and controls access to resources.
Physical security
Measures taken to protect physical assets and prevent unauthorized access.
Bollards
Physical barriers used to control or block vehicle access.
Access control vestibule
A small enclosed area designed to control access to a building or secure area.
Fencing
Physical barriers used to enclose and protect an area.
Video surveillance
The use of cameras to monitor and record activities in a specific area.
Security guard
A person responsible for monitoring and protecting a specific area or property.
Access badge
A physical or electronic card used to grant access to a secure area.
Lighting
Illumination used to enhance visibility and deter unauthorized access.
Sensors
Devices used to detect and respond to specific environmental conditions.
Infrared
A type of sensor that detects heat radiation.
Pressure
A type of sensor that detects changes in pressure.
Microwave
A type of sensor that uses microwave radiation to detect movement.
Ultrasonic
A type of sensor that uses sound waves to detect objects or movement.
Deception and disruption technology
Techniques and tools used to mislead or disrupt attackers.
Honeypot
A decoy system designed to attract and monitor unauthorized access attempts.
Honeynet
A network of honeypots used to gather information about attackers.
Honeyfile
A file that appears valuable to attackers but is actually monitored.
Honeytoken
A piece of information that appears valid but is actually a trap for attackers.
Technical Control
A control category that utilizes technology or tools to prevent or detect risks in a system or process.
Managerial Control
A control category that involves the implementation of policies and procedures to manage risks within an organization.
Operational Control
A control category that focuses on the day-to-day activities and processes to mitigate risks and ensure smooth operations.
Physical Control
A control category that utilizes physical barriers or safeguards to protect assets and prevent unauthorized access.
Preventive Control
A control type that aims to proactively stop risks from occurring by implementing measures and safeguards.
Deterrent Control
A control type that discourages individuals from engaging in risky behavior through the presence of deterrent measures.
Detective Control
A control type that identifies risks or incidents after they have occurred, allowing for timely response and mitigation.
Corrective Control
A control type that addresses risks or incidents and takes appropriate actions to rectify them and prevent recurrence.
Compensating Control
A control type that provides an alternative measure to mitigate risks when primary controls are not effective or feasible.
Directive Control
A control type that provides guidance or instructions to individuals to ensure compliance with organizational policies or procedures.
Business processes impacting security operation
Processes that affect security operations, including approval, ownership, stakeholders, impact analysis, test results, backout plan, maintenance window, and standard operating procedure.
Approval process
Process for obtaining approval for security-related activities.
Ownership
Responsibility and accountability for security-related activities.
Stakeholders
Individuals or groups with an interest or involvement in security operations.
Impact analysis
Assessment of the potential effects of security-related activities on the system or organization.
Test results
Outcomes of security testing to evaluate the effectiveness of security measures.
Backout plan
Plan to revert security-related changes in case of issues or failures.
Maintenance window
Scheduled period of time during which security maintenance activities can be performed without impacting normal operations.
Standard operating procedure
Documented set of step-by-step instructions for performing security-related tasks.
Technical implications
Technical considerations and consequences of security operations, including allow lists/deny lists, restricted activities, downtime, service restart, application restart, legacy applications, and dependencies.
Allow lists/deny lists
Lists of allowed or denied entities (e.g., IP addresses, users) for security purposes.
Restricted activities
Activities limited or controlled due to security requirements.
Downtime
Periods of time when a system or service is not available for use.
Note 
Flashcard (28)