DONT USE U5 Cyber Vocabulary

defense in depth (layered security)

a cybersecurity strategy that uses multiple layers of security controls (managerial

technical

layered defense

another term for defense in depth

combines different security tools and policies to address different types of threats

lateral movement

when an adversary moves from one compromised device or account to other parts of a network

privilege escalation

when a user or attacker gains higher access rights than originally authorized

managerial controls

administrative policies and procedures that guide security practices (ex: training

policies)

technical controls

technology-based protections such as firewalls

encryption

physical controls

security measures that protect physical access to systems (locks

cameras

security policy

a formal document outlining how an organization protects its data and systems

procedure

step-by-step instructions explaining how to implement a policy

acceptable use policy (aup)

defines how users are allowed to use an organization's network and devices

password policy

rules requiring strong passwords

password changes

access control

methods used to regulate who can view or use resources

discretionary access control (dac)

access control where the data owner decides who can access resources

mandatory access control (mac)

access control where access is determined by a central authority based on classification levels

data security policy

guidelines for protecting sensitive organizational data

security awareness training

training that teaches users to recognize threats like phishing and social engineering

enterprise security

protection of data

devices

data classification

categorizing data based on sensitivity (public

internal

data at rest

stored data not currently being accessed (protected with encryption and access control)

data in transit (data in motion)

data being transferred across a network (protected with encrypted connections)

data in use

data actively being accessed or processed (protected with authorization controls)

firewall

a device or software that filters network traffic based on rules

network segmentation

dividing a network into smaller sections to improve security and limit lateral movement

logging

recording network and system events for monitoring and investigation

vulnerability

a weakness that could be exploited by a threat

misconfiguration

improper setup of systems or security controls

wireless encryption standards

security protocols for wi-fi networks

wep

weak

outdated encryption

wpa

improved but vulnerable

wpa2

strong encryption

wpa3

most secure current standard

default credentials

pre-set usernames and passwords that must be changed to prevent unauthorized access

captive portal

a web page that users must authenticate through before gaining network access (commonly used on guest wi-fi)

network monitoring

continuous observation of network activity to detect unusual behavior

intrusion detection system (ids)

a tool that passively monitors network traffic and generates alerts when suspicious activity is detected

intrusion prevention system (ips)

a tool that actively monitors and blocks suspicious traffic

log files

records of system and network events used for troubleshooting and investigations

service set identifier (ssid)

the name of a wireless network

perimeter firewall

firewall placed at the network boundary to protect internal systems from external threats

internal firewall

firewall inside a network to separate and protect different segments

host-based firewall

software firewall installed on an individual device

screened subnet / demilitarized zone (dmz)

a network segment between the internal network and the internet that hosts public-facing services

access control list (acl)

an ordered set of firewall rules that allow or deny traffic based on defined criteria

inbound traffic

traffic entering a network

outbound traffic

traffic leaving a network

port

logical communication endpoint identified by a number (ex: 22 for ssh

443 for https)

subnet

a smaller division of a larger ip network

physical segmentation

separating networks using different physical devices (routers

switches)

logical segmentation

separating networks virtually using configuration (vlans

subnetting)

vlan (virtual local area network)