Cybersecurity Concepts Flashcards

These flashcards cover essential cybersecurity concepts and terminology from the lecture notes, providing definitions for key terms and processes in the field.

Cyber counterintelligence (CCI)

Threat intelligence collected from proactively established security infrastructure.

Configuration management and planning

Activities that involve setting directions, expectations, strategies, and formal documentation for precise configuration management.

Technical threat intelligence

Provides information about an attacker’s resources, such as command/control channels and tools, with a shorter lifespan than other types of intelligence.

Ethical hacker obligations

Must have a signed contract providing permission to perform the test.

Entity-driven hunting

A type of threat hunting prioritizing hunts over critical assets to enhance success rate and protect resources.

Host-based assessment

Vulnerability assessment involving configuration checks to identify possible vulnerabilities.

Purple team

Mediates negotiations between aggressor and defending teams in cybersecurity operations.

Incident disclosure

Post-incident activity where organizations share incident details with stakeholders after consulting legal.

Incident containment

Step in IH&R process where handlers alert service providers and manufacturers about affected resources.

Post-incident activities

IH&R activities such as documentation, impact analysis, policy review, and disclosure.

Incident classification

Triage step that involves gathering information to determine incident category and resolution time.

Information security team

Team of individuals skilled in detecting and analyzing security incidents.

Containment actions

Element of IRP that assists in preventing further damage during an incident.

IR officer

Individual overseeing all IR activities in an organization.

Gray hats

Threat actors who both help find vulnerabilities and assist vendors in improving products.

Misconfiguration

Category of vulnerabilities identified by an overall assessment of network connections.

Ransomware

Type of malware that restricts access to system files and demands payment for removal.

Unstructured external threats

Threat category demonstrated when a hacker cannot compromise a properly secured system.

Adware

Type of PUA that displays ads and can disrupt user experience.

Default password and settings

Vulnerability illustrated when credentials are left unchanged after software installation.

Drive-by downloads

Method how malware gets installed automatically when users click on a malicious advertisement.

Gaining access

Phase of hacking where the attacker exploits the system to take control.

Bluesmacking

Type of Bluetooth attack that floods target devices with oversized packets.

Active attack

Type of attack where an attacker manipulates critical information directly.

Cross-site request forgery attack

One-click attack where a hacker tricks a user’s browser into sending unauthorized requests.

Adaptive chosen-plaintext attack

Attack where the adversary has complete access to plaintext and can modify message content.

Advanced persistent threats

Network attacks aiming to gain unauthorized access and remain undetected over time.

Vishing

Technique using pre-recorded messages to deceive victims into revealing sensitive information.

Reactive approach

Network defense strategy addressing threats that preventive measures did not avert.

Preventive approach

Network defense strategy implementing biometric security techniques.

Confidentiality

Information security element allowing secure transaction details visibility.

Network security devices

Technical security controls that protect servers from DoS attacks.

Core

Component of NIST Cybersecurity Framework offering operations and activities for security outcomes.

Respond

CSF function allowing control of impacts of cybersecurity events.

Threat researcher

IH&R role responsible for gathering information on prevalent incidents.

Biometric authentication

Method using facial features to authenticate employees.

User accounts

Default operating system accounts with limited privileges.

Principle of least privilege (POLP)

Access principle ensuring users can only access necessary resources required for job tasks.

Password authentication

Common method for logging into secure portals.

Separation of duties (SoD)

Access control principle ensuring no individual has full authorization rights.

Discretionary access control (DAC)

Access control model determining user access and usage policies.

Root account

Account provided for administrative activities with elevated privileges.

Issue-specific security policy (ISSP)

Policy outlining necessary technologies and preventive measures in an organization.

Procedural security requirements

High-level security requirements demonstrated during threat mitigation activities.

SOX

Act enhancing penalties for white-collar crimes.

Unclassified

Security label requiring no access permissions for document retrieval.

Standards

Mandatory controls for enforcing security policies.

FISMA

Act providing a framework for information security effectiveness.

LEVEL 2 - Managed

Capability maturity model level characterized by managed project processes.

Standby on-line hybrid

Type of UPS used to provide power during outages.

Reception area

Common entry point for physical breaches in organizations.

Compensating controls

Alternative physical security controls used when primary measures fail.

Hot and cold aisles

Arrangement to maintain proper airflow in server rooms.

Terrorism

Physical threat involving planting bombs to impact security.

Document the entire cable infrastructure

Best practice for secured network cabling.

X-ray inspection systems

Detection devices for scanning entry points for suspect objects.

Pure honeypot

Honeypot that emulates a real production network to attract attackers.

VPN concentrator

Component responsible for maintaining each tunnel in a remote VPN.

Internal bastion host

Bastion host located in LAN facilitating local communication.

False negative

Alert condition when an IDS fails to detect an attack.

Bitdefender

Antivirus software using behavioral detection to monitor active applications.

Circuit-level gateway

Firewall technology filtering traffic based on session rules.

IPsec

Network security protocol providing authentication and encryption for VPN data.

Governance

Function assessing application security management in an organization.

Damages reputation

Impact of a successful application-level attack on organization profiles.

Intelligence

SSF domain focusing on understanding attack models for security planning.

Fault tolerance

Software design strategy enhancing robustness despite faults.

Burp Suite

Tool assisting in mapping application attack surfaces and identifying vulnerabilities.

Continuous deployment

Area of automation allowing development and testing processes to be automated.

Production

Tier in the secure application development lifecycle where applications are deployed.

Governance

SAMM function for managing application security in organizations.

CaaS

Type of cloud computing service enabling scalable containerized applications.

OS-assisted virtualization

Virtualization approach employing binary translation for resource type compatibility.

Cloud service provider

Responsible for securing shared infrastructure in cloud environments.

Edge computing

Advanced cloud technology processing small, urgent operations in milliseconds.

High availability across zones

Cloud security control ensuring application uptime during network downtimes.

Desktop virtualization

Virtualization allowing user control of a system instance in the cloud.

Perform an audit

Technique to avoid VM sprawl by tracking associated VMs.

Wireless modem

Device connecting PCs to a wireless network and the Internet via ISP.

WPA2-Enterprise

Wireless encryption technology using RADIUS for client authentication.

Hotspot

Location offering public Wi-Fi for device connectivity to the Internet.

802.11e

Standard defining QoS for wireless applications.

Shared key authentication process

Wi-Fi method securing shared keys distinct from communication channels.

WEP

Preferred encryption mode for securing wireless networks.

Keep the AP away from metal objects

Guideline for optimizing AP placement in wireless setups.

Physical risks and challenges

Security challenges related to mobile device portability and theft.

Wi-Fi Direct

Technology enabling peer-to-peer communication between devices.

Mobile threat defense solution

Solution protecting mobile endpoints from phishing and malware attacks.

Mobile content management

Security solution enabling secure data access on mobile devices.

Application-based risks

Risks arising from malicious or vulnerable mobile applications.

Set Bluetooth-enabled devices to non-discoverable mode

Security guideline for Bluetooth use in public settings.

Corporate owned, personally enabled (COPE)

Policy for employee device management within organizations.

Level 5 (enterprise network)

Corporate level in the Purdue model allowing B2B and B2C operations.

VSAT

ISO standard for long-range wireless communication via satellite.

NTP

Protocol used for clock synchronization between computer systems.

MAC authentication

Security control protecting IT/OT environments at the Purdue level 0.

Cloud layer

IoT architecture layer providing dashboards for resource monitoring.

NFC

Wireless communication technology enabling contactless transactions.

Device layer

IoT architecture layer enhancing security through data processing.

Device-to-device

IoT communication model demonstrated in health monitoring scenarios.