Security+ CompTIA Cert

Information Security

Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption and destruction. (Protecting the data)

Information Systems Security

Act of protecting the systems that hold and process the critical data. (Devices that hold the data)

Confidentiality

Ensures that information is only accessible to those with the appropriate authorization. (CIA triad)

Integrity

Ensures that data remains accurate and unaltered unless modification is required. (CIA triad)

Availability

Ensures that information and resources are accessible and functional when needed by authorized users. (CIA Triad) (Associate with Redundancy)

Non-repudiation

Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved. (CIANA)

Authentication

Process of verifying the identity of a user or system. Security measure that ensures individuals or entities are who they claim to be during a communication or transaction.(CIANA)

Accounting

Act of tracking user activities and resource usage, typically for audit or billing purposes. Security measure that ensures all user activities are properly tracked and recorded.

Security Controls

Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data.

Zero Trust

Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default. Demands verification for every device, user, and transaction within the network, regardless of its origin.

Control Plane

Consists of the adaptive identity, threat scope reduction, policy-driven access control, and secured zones. (Zero Control Model) The overarching framework, instead of components, responsible for defining, managing, and enforcing the policies related to user and system access within an organization.

Data Plane

Focused on the subject/system, policy, engine, policy administrator, and establishing policy enforcement points.

Threat

Anything that could cause harm, loss, damage, or compromise to information technology systems.

Vulnerability

Any weakness in the system design or implementation.

Risk Management

Finding different ways to minimize the likelihood of an outcome occurring and achieve the desired outcomes.

Encryption

Process of converting data into code to prevent unauthorized access. (Ensures confidentiality)

Data Masking

Method that involves obscuring data within a database to make it inaccessible for unauthorized users while retaining the real data’s authenticity and use for authorized users.

Physical Security Measures

Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations.

Training and Awareness

Conducting regular training on the security awareness best practices that employees can use to protect the organizations sensitive data.

Hashing

Process of converting data into a fixed-size value. Results of hashing function are a Hash Digest which acts as a digital fingerprint to prove data integrity.

Digital Signatures

Use encryption to ensure integrity and authenticity.

Checksums

Method to verify the integrity of data during transmission.

Access Controls

Ensure that only authorized individuals can modify data and reduce risk of unintentional or malicious alterations.

Regular Audits

Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed.

Redundancy

Duplication of critical components or functions of a system with the intention of enhancing its reliability. (Types: Server, Data, Network, Power)

Server Redundancy

Involves using multiple servers in a load balance so that if one is overloaded or fails the other servers can take over the load to continue supporting end users.

Data Redundancy

Involves storing data in multiple places.

Network Redundancy

Ensures that if one network path fails, the data can travel through another route.

Power Redundancy

Involves using backup power sources to ensure that an organizations systems remain operational during periods of power disruption or outages within a local service area.

Digital Signature

Created by first hashing a particular message or communication to be digitally signed and encrypting the hash digest with the user’s private key using asymmetric encryption.(Associate with Non-repudiation)

Something you Know (Knowledge Factor)

Relies on information that a user can recall.

Something You Have (Possession Factor)

Relies on the user presenting a physical item to authenticate themselves.

Something You Are (Inherence Factor)

Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be.

Something You Do (Action Factor)

Relies on the user conducting a unique action to prove who they are.

Somewhere You Are (Location Factor)

Relies on the user being in a certain geographic location before access is granted.

Multi-factor Authentication (MFA)

Security process that requires users to provide multiple methods of identification to verify their identity.

Authorization

Set of rules and policies that are used to dictate what actions users can perform once verified.

Audit Trail

Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomaly is back to a specific user or point in time.

Regulatory Compliance

Maintains a comprehensive record of all the user’s activities.

Forensic Analysis

Uses detailed accounting and event logs that can help cyber security experts understand what happened, how it happened, and how to prevent similar incidents from occurring again in the future.

Resource Optimization

Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions.

User Accountability

Thorough accounting system ensures user’s actions are monitored and logged, deterring, potential misuse, and promoting adherence to the organization’s policies.

Syslog Servers

Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization’s systems.

Network Analyzers

Used to capture and analyze network traffic to gain detailed insights into all the data moving within a network.

Security Information and Event Management (SIEM)

Provides real-time analysis of security alerts generated by various hardware and software infrastructure in an organization.

Technical Controls

The technologies, hardware, and software mechanisms that are implemented to manage and reduce risks. (Includes firewalls, encryption, processes, and intrusion detection systems)

Managerial Controls

Involve the strategic planning and governance side of security.

Operational Controls

Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions. (includes back up procedures, account reviews, and user training programs.)

Physical Controls

Tangible, real world measures taken to protect assets. (includes shredding documents, security guards, or locking doors.

Preventative Controls

Proactive measures implemented to thwart potential security threats, or breaches.

Deterrent Controls

Aim to discourage potential attackers by making the effort seem less appealing or more challenging.

Detective Controls

Monitor and alert organizations to malicious activities as they occur or shortly thereafter.

Corrective Controls

Mitigate any potential damage and restore the systems to their normal state.

Compensating Controls

Alternative measures that are implemented when primary security controls are not feasible or effective.

Directive Controls

Often rooted in policy or documentation and set the standards for behavior within an organization.

Adaptive Identity

Use adaptive identities that rely on real-time validation that takes into account the users behavior, device, location, and more. Part of the control plane.

Threat Scope Reduction

Limit the users access to only what they need for their work tasks because this drastically reduces the network potential attack surface. Part of control plane.

Policy Driven Access Control

Entails developing, managing, and enforcing user access policies based on their roles and responsibilities. Part of control plane.

Secured Zones

Isolated environments within a network that are designed to house sensitive data. Part of control plane.

Policy Engine

Cross-references the access request with its predefined policies. Part of control plane.

Policy Administrator

Used to establish and manage the access policies. Part of control plane.

Subject/System

Refers to the individual or entity attempted to gain access. Part of data control.

Policy Enforcement Point

Allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems are networks. Part of data plane.

Gap Analysis

Process of evaluating the differences between an organizations current performance and its desired performance.

Technical Gap Analysis

Involves evaluating an organization’s current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions.

Business Gap Analysis

Involves evaluating an organization’s current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions.

Plan of Action and Milestones (POA&M)

Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed.

Threat Actor

An individual or entity, responsible for incidents that impact security and data protection.

Threat Actor Attributes

Specific characteristics or properties that define and differentiate various actors from one another.

Internal Threat Actors

Individuals or entities within an organization who pose a threat to its security. (Angry employees, contractors).

External Threat Actors

Individuals or groups outside and organization who attempt to breach cyber it’s cybersecurity defenses.

Resources and Funding

Refers to the tools, skills, and personnel at the disposal of a given threat actor.

Level of Sophistication and Capability

Refers to their technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and encounter measures.

Data Exfiltration

The unauthorized transfer of data from a computer. (stolen data can be sold on the dark web, used for identity, theft, or leverage for competitive advantage)

Financial Gain

One of the most common motivations for cyber criminals. (Ransomware attacks, banking Trojans)

Blackmail

The attacker obtained sensitive or compromising information about an individual or an organization and threatened to release this information to the public unless certain demands are met.

Service Disruption

Often achieved by conducting a distributed denial of service (DDoS) attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users.

Philosophical or Political Beliefs

Individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical.

Ethical Reasons

Ethical hackers, also known as authorized hackers, or motivated by a desire to improve security.

Revenge

An employee who is disgruntled, or one who has recently been fired or laid off, might want to harm their current former employer by causing a data breach, disrupting services, or leaking sensitive information.

Disruption or Chaos

These actors, often referred to as unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm.

Espionage

Involves spying on individuals, organizations, or nations to gather sensitive classified information.

War

Cyber attacks have increasingly become a tool for nations to attack each each other both on and off the battlefield.

Unskilled Attackers

Individuals with limited technical expertise to use readily available tools like downloaded scripts or exploits to carry out attacks.

Hacktivists

Cyber attackers, who carry out their activities driven by political, social, or environmental ideologies, who often want to draw attention to a specific cause.

Conducts hactivism by using website defacement, distributed, denial of service attacks, docking, or leaking of sensitive information.

Organized Crime

Well, structured groups that execute cyberattacks for financial gain, usually through methods like ransom, identity, theft, or credit card fraud. (FIN7, Carbanak)

Nation-state Actors

Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nations or specific targets in a variety of industries.

Insider Threats

Security threats that originate from within the organization.

Shadow IT

IT systems, devices, software, applications, and services that are managed and utilized without explicit organizational approval.

Honeypots

Decoy systems or servers designed to attract and deceive potential attackers, simulating, real world, IT assets to study their techniques.

Honeynets

Creates an entire network of decoy systems to observe complex, multi stage attacks.

Honeyfiles

Decoy files placed within systems to detect unauthorized access or data breaches.

Honeytokens

Fake pieces of data, like a fabricated, user credential, inserted into databases or systems to alert administrators when they’re accused or used.