Studied by 0 people
Looks like no one added any tags here yet for you.
Secure baselines
Establishing, deploying, and maintaining hardened targets to ensure a secure starting point for systems
Hardening targets
Securing various types of devices, including mobile devices, workstations, switches, routers, cloud infrastructure, servers, ICS/SCADA, embedded systems, real-time operating systems (RTOS), and Internet of Things (IoT) devices
Wireless devices
Devices that connect wirelessly, such as mobile devices, laptops, and IoT devices
Installation considerations
Factors to consider when installing wireless devices, including performing site surveys and creating heat maps to optimize coverage and minimize interference
Mobile device management (MDM)
A system used to manage and secure mobile devices within an organization, including device provisioning, configuration, and monitoring
Deployment models
Different models for deploying mobile devices, including bring your own device (BYOD), corporate-owned personally enabled (COPE), and choose your own device (CYOD)
Connection methods
Different methods for connecting wireless devices, including cellular networks, Wi-Fi, and Bluetooth
Wireless security settings
Settings and protocols used to secure wireless networks, such as Wi-Fi Protected Access 3 (WPA3), Remote Authentication Dial-In User Service (RADIUS), cryptographic protocols, and authentication protocols
Application security
Protecting applications from vulnerabilities, including input validation, secure cookies, static code analysis, and code signing
Sandboxing
Isolating applications to prevent them from accessing sensitive resources or compromising the system
Monitoring
Continuous monitoring of systems and networks for security threats and anomalies
Acquisition Process
The process of obtaining assets for an organization.
Assignment Process
The process of assigning ownership and classifying assets.
Monitoring Process
The process of tracking and managing inventory of assets.
Inventory
A detailed list of all assets owned by an organization.
Enumeration Process
The process of counting and recording the number of assets.
Disposal Process
The process of getting rid of assets that are no longer needed.
Sanitization Process
The process of removing sensitive data from assets before disposal.
Destruction Process
The process of physically destroying assets to prevent recovery of data.
Certification Process
The process of verifying that assets have been properly disposed of.
Data Retention
The process of storing and managing data for a specified period of time.
Identification methods
Techniques used to identify vulnerabilities in a system
Vulnerability scan
Process of scanning a system to identify potential vulnerabilities
Application security
Measures taken to secure applications from vulnerabilities
Static analysis
Analyzing an application's source code without executing it to identify vulnerabilities
Dynamic analysis
Analyzing an application's behavior during runtime to identify vulnerabilities
Package monitoring
Monitoring software packages for vulnerabilities
Threat feed
Source of information about current threats and vulnerabilities
Open-source intelligence (OSINT)
Gathering information from publicly available sources to identify vulnerabilities
Proprietary/third-party
Information obtained from private or external sources to identify vulnerabilities
Information-sharing organization
Group that facilitates the sharing of cybersecurity information
Dark web
Part of the internet not indexed by search engines, often used for illegal activities
Penetration testing
Simulated attack on a system to identify vulnerabilities
Responsible disclosure program
Program that encourages reporting of vulnerabilities to the system owner
Bug bounty program
Program that rewards individuals for finding and reporting vulnerabilities
System/process audit
Examination of a system/process to assess compliance and effectiveness
Analysis
Process of examining vulnerabilities and assessing their impact
Confirmation
Validating whether a vulnerability is real or not
False positive
Incorrectly identifying a non-existent vulnerability
False negative
Failing to identify an actual vulnerability
Prioritize
Ranking vulnerabilities based on their severity and potential impact
Common Vulnerability Scoring System (CVSS)
Standardized system for assessing the severity of vulnerabilities
Common Vulnerability Enumeration (CVE)
Standardized naming scheme for vulnerabilities
Vulnerability classification
Categorizing vulnerabilities based on their characteristics
Exposure factor
Measure of the potential impact of a vulnerability
Environmental variables
Factors that influence the impact of a vulnerability in a specific environment
Industry/organizational impact
Assessing the impact of vulnerabilities on specific industries or organizations
Risk tolerance
An organization's willingness to accept or mitigate risks
Vulnerability response and remediation
Actions taken to address and fix vulnerabilities
Patching
Applying updates or fixes to software to address vulnerabilities
Insurance
Coverage to mitigate financial losses due to cybersecurity incidents
Segmentation
Dividing a network into smaller segments to contain potential attacks
Compensating controls
Alternate security measures implemented to mitigate vulnerabilities
Exceptions and exemptions
Allowances made for specific cases where vulnerabilities cannot be immediately addressed
Validation of remediation
Process of verifying that vulnerabilities have been successfully addressed
Rescanning
Performing another vulnerability scan after remediation
Audit
Examination of systems/processes to ensure compliance and effectiveness
Verification
Confirming that vulnerabilities have been fixed and are no longer present
Reporting
Documenting and communicating the findings and actions taken
Monitoring computing resources
The process of tracking and observing computer systems, applications, and infrastructure to ensure their optimal performance, security, and availability.
Log aggregation
The practice of collecting and consolidating log data from various sources, such as servers, applications, and network devices, to gain a comprehensive view of system activities and troubleshoot issues.
Alerting
The act of notifying users or administrators about potential issues or threats detected by monitoring systems, enabling timely response and mitigation.
Scanning
The process of examining computer systems or networks to identify vulnerabilities, security weaknesses, or potential risks that may compromise their integrity or confidentiality.
Reporting
The generation and presentation of information about the status or performance of computing resources, providing insights for decision-making, troubleshooting, and compliance purposes.
Archiving
The practice of storing data for long-term retention and future reference, ensuring its availability and integrity for compliance, analysis, or historical purposes.
Alert response and remediation/validation
The process of taking immediate action to address and resolve identified alerts, followed by validation to ensure the effectiveness of the response and mitigate potential risks.
Quarantine
The act of isolating potentially compromised systems or resources to prevent further harm, containing the impact of security incidents and facilitating investigation and remediation.
Alert tuning
The adjustment of alert settings to reduce false positives or improve detection accuracy, optimizing the monitoring system's ability to identify genuine threats and minimize unnecessary notifications.
Security Content Automation Protocol (SCAP)
A set of standards and specifications for automating security-related tasks, including vulnerability management, configuration assessment, and compliance checking.
Benchmarks
Reference points or standards used to evaluate and measure system performance or security, providing a basis for comparison, optimization, and adherence to industry best practices.
Agents/agentless
Software agents or methods that collect and transmit data for monitoring purposes, or monitoring without the need for dedicated agents, respectively.
Security information and event management (SIEM)
A system that collects and analyzes security event data from various sources, enabling real-time threat detection, incident response, and compliance monitoring.
Antivirus
Software designed to detect, prevent, and remove malicious software, protecting computer systems and data from viruses, worms, trojans, and other types of malware.
Data loss prevention (DLP)
Technologies and strategies aimed at preventing unauthorized access or leakage of sensitive data, ensuring its confidentiality, integrity, and availability.
Simple Network Management Protocol (SNMP) traps
Notifications sent by network devices to a central management system for monitoring and troubleshooting, providing information about network events, performance, and errors.
NetFlow
A network protocol used for monitoring and collecting IP traffic information, enabling network administrators to analyze and optimize network performance, detect anomalies, and troubleshoot issues.
Vulnerability scanners
Tools that identify and assess vulnerabilities in computer systems or networks, helping organizations proactively address security risks and strengthen their overall security posture.
Firewall
A security device that monitors and controls network traffic based on predetermined rules.
Access lists
Lists of rules that determine network traffic permissions.
Ports/protocols
Specific communication endpoints and rules for transmitting data between devices.
Screened subnets
A network architecture that separates and protects internal networks from external networks using firewalls.
IDS/IPS
Intrusion Detection System/Intrusion Prevention System - Security systems that monitor network traffic for suspicious activity and prevent attacks.
Trends
Patterns in network security threats and attacks.
Signatures
Patterns of known malicious activity used by IDS/IPS systems to identify and block threats.
Web filter
A security tool that blocks or filters web content based on predefined rules or categories.
Agent-based
A type of web filter that requires software installation on devices to enforce web filtering policies.
Centralized proxy
A server that acts as an intermediary between client devices and the internet, providing web filtering and caching.
URL scanning
The process of analyzing URLs to determine if they are safe or malicious.
Content categorization
The classification of web content into categories based on its nature or purpose.
Block rules
Rules that prevent access to specific websites or web content.
Reputation
A measure of the trustworthiness or reliability of a website or IP address based on historical data.
Operating system security
Measures and practices to protect the operating system of a computer or device from unauthorized access or attacks.
Group Policy
A feature in Windows operating systems that allows administrators to manage and enforce security settings across a network.
SELinux
Security-Enhanced Linux - A security framework for Linux that provides access control and mandatory access control policies.
Secure protocols
Configuring and using communication protocols to protect data during transmission.
Protocol selection
Choosing the appropriate network protocol based on security requirements and compatibility.
Port selection
Choosing specific network ports for communication based on security and functionality needs.
Transport method
The method used to transmit data between devices, such as wired or wireless communication.
DNS filtering
Blocking or allowing access to websites or domains based on DNS queries.
Email security
Measures and protocols to protect email communication from unauthorized access or malicious content.
Note 
Flashcard (28)