Cyber security

Answer this SHITS

Personal Info

Stuff that identifies you, like your social security number, driver's license  details, birthday, job title, etc.

 Encryption

Turns your data into a jumbled mess that only authorized people can  unscramble and read.

 Two-Factor Authentication (2FA)

Makes sure it's really you trying to access something  by asking for two types of verification, like a password and a code sent to your phone.

Password Strength

 The complexity of a password, measured by length, character types  (uppercase, lowercase, numbers, symbols), and avoiding common phrases.

Password Manager

A secure application that stores and manages your passwords for  different accounts. 

 Biometrics

 Using unique physical characteristics (fingerprint, face recognition) for  authentication.

 Multi-Factor Authentication (MFA)

A broader term encompassing 2FA, requiring  multiple verification methods. 

 Zero-Trust Security

A security model that assumes no user or device is inherently  trustworthy and requires continuous verification. 

Data Loss Prevention (DLP)

 Strategies and tools to prevent sensitive data from being  leaked or accessed by unauthorized users. 

 Symmetric Encryption

Encryption where the same key is used for both encryption and  decryption. 

Asymmetric Encryption:

Encryption where a public key encrypts data and a private key  decrypts it. 

 Steganography

Hiding information within another file, like hiding a message within an  image. 

 Firewall

A security guard that checks all incoming and outgoing traffic on your computer  network, allowing only the safe stuff through. 

 VPN (Virtual Private Tunnel)

Creates a safe and encrypted connection over the internet,  like a secret tunnel to access a private network securely. 

Security Alarm (IDS)

Keeps an eye on your computer network and sounds the alarm if it  detects suspicious activity. 

Security Guard (IPS)

Not only sounds the alarm but also jumps in to stop suspicious  activity on your computer network.

Port

A virtual doorway on a computer that allows specific types of network traffic

DMZ (Demilitarized Zone)

 A network segment that sits between the internal network  and the public internet, often used to place web servers.

Packet Sniffer

 A tool that captures data packets traveling on a network, which can be  malicious if used by attackers. 

 Web Application Firewall (WAF)

A security system that monitors and filters traffic to  web applications, blocking malicious requests

 Malicious Software (Malware)

Bad software that can harm your computer, steal your  information, or take control of it. Examples include viruses, worms, and ransomware.

Ransomware

 A type of malware that encrypts your files or locks your system,  demanding a ransom for access.

Bluetooth Hacking

Taking advantage of weaknesses in Bluetooth to gain unauthorized

access to devices or steal information.

Denial of Service (DoS) Attack

An attempt to overwhelm a website or service with

traffic, making it unavailable to legitimate users.

Man-in-the-Middle (MitM) Attack

An attack where an attacker intercepts

communication between two parties to steal data or alter messages.

Zero-Day Exploit

A newly discovered vulnerability in software that attackers can exploit

before a patch is available.

SQL Injection

An attack that injects malicious code into a website's database queries to steal data or manipulate it.

Botnet

A network of compromised computers controlled by an attacker to launch large-scale attacks.

Double Check (2FA)

Makes sure it's really you trying to access something by asking for

two types of verification, like a password and a code sent to your phone.

Security Dashboard (SIEM)

Keeps track of all security alerts from your devices and

applications, helping you identify and respond to any problems.

Honeypot

A behavior-based detection tool, computer, or computer system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate.

Vulnerability Assessment

The practice of examining a computer system, network, or application to find vulnerabilities that an attacker could exploit.

Penetration Testing (Pen Testing)

Simulating a cyberattack to identify vulnerabilities in a

system's defenses.

Security Awareness Training

Educating employees about cybersecurity best practices to

help them identify and avoid threats.

Patch Management

The process of installing security updates to fix vulnerabilities in

software.

Access Control

Enforcing restrictions on who can access specific systems and data.

Incident Reporting

The process of documenting and reporting security incidents to the

appropriate authorities.

Digital Signature

A mathematical scheme used to verify the authenticity and integrity of a message.

Hashing

A one-way mathematical function that transforms data into a fixed-size string

of characters.

CERT

A Computer Emergency Response Team (CERT) is a team of cybersecurity professionals within an organization whose primary responsibility is to protect the organization's information systems from cyberattacks. They act as the organization's first responders in the event of a security breach.

General Data Protection Regulation (GDPR)

A regulation in EU law on data privacy and security for all individuals within the European Union.

Payment Card Industry Data Security Standard (PCI DSS)

A set of security standards designed to ensure the safe handling of credit card information.

Health Insurance Portability and Accountability Act (HIPAA)

A law in the United States that protects sensitive patient health information.

Social Engineering

Tricking people into giving up their personal information or doing

something that compromises security. It's like a con artist but for the digital world.

Phishing Attack

An attempt to trick someone into revealing personal information or

clicking malicious links, often disguised as legitimate emails or websites.

Pretexting

Creating a fake scenario to gain someone's trust and access sensitive

information.

Tailgating

Physically following someone into a restricted area without authorization.

Quid pro quo

Offering something in exchange for sensitive information.

Endpoint Detection and Response (EDR)

A security tool that monitors endpoints (devices) for suspicious activity and can take automated actions.

Sandboxing

Isolating suspicious code or files in a virtual environment to prevent them from harming the main system.

Cyberwarfare

The use of digital attacks by nation-states to disrupt or damage another country's critical infrastructure.

Dark Web

A part of the internet that is not indexed by search engines and is often used for illegal activities.