ITI TEST 3 KEY TERMS WEEK 6/7/8

Encryption

A mathematical process that makes a message unreadable except to someone with the decryption key.

Decryption

The process of making a scrambled message or data understandable.

Key

In cryptography, a piece of data that enables encryption or decryption of a message.

Data “at rest”

Information stored on a device like a mobile phone, laptop, or server.

Data “in transit”

Information moving over a network from one place to another.

VPN (Virtual Private Network)

Encrypts internet communications for secure connection to a network.

HTTPS (S-secure)

uses encryption to better protect the data you send to websites and the information they return to you, from prying eyes.

End-to-End Encryption

protects messages in transit all the way from sender to receiver. It ensures that information is turned into a secret message by its original sender (the first “end”) and decoded only by its final recipient (the second “end”). No one, including the app you are using, can “listen in” and eavesdrop on your activity.

Data

Collection of information, stats, facts, measurements, and descriptions.

Metadata

Information about digital communications, like email subjects and conversation length.

OPSEC

the process of protecting information about one’s activities that may be important to a potential adversary. It is a process that seldom goes beyond the digital realm.

SSD

Guide for protecting against electronic surveillance with privacy tools.

Simple Substitution Cipher

Replaces single letters with specified ones in a fixed substitution alphabet. The combination of the plaintext and ciphertext alphabet forms the key of this cipher.

Caesar Cipher

Rotates the plaintext alphabet by a fixed number of places.

ROT13

Substitution Cipher | Replaces each letter with its partner 13 characters further along the alphabet. It provides virtually no cryptographic security

ROT5

Rotates numbers 0-9 in a message, clouding numeric values in a message.

ROT18

Combination of ROT13 and ROT5, rotating letters and numbers separately.

ROT47

uses all ASCII code points that range from 33 to 126 as the plaintext alphabet and rotates it by 47 characters. It can be used to obfuscate lowercase and uppercase letters, numbers, and punctuation symbols.

ROT8000

Uses the full Unicode Basic Multilingual Plane as the plaintext alphabet, which theoretically contains 65,536 characters

Social Engineering

Influencing a person to take actions, positive or negative.

Smishing

stands for SMS phishing or phishing through text messages. With a simple click, one’s credentials could be stolen, malware could be loaded on one’s mobile device, and sometimes both.

Vishing

Voice phishing through phone calls to deceive and steal information.

Phishing

Impersonating legitimate entities to trick people into providing personal information. It is the most dangerous of the four main vectors (smishing, vishing, phishing, impersonation).

Impersonation

Pretending to be someone else for malicious purposes like identity theft.

OSINT

the lifeblood of every social engineering engagement. It is also the piece that should have the most time spent on it which is why it occupies the first and largest piece of the pyramid. Documentation is one piece of OSINT that is rarely addressed.

Pretext Development

based on the findings from the OSINT period, the next step is to begin developing your pretexts. This is a crucial piece that is best done with OSINT in mind. In this phase, you see what changes or additions need to be made to ensure success.

Attack Plan

 having a pretext does not mean you are ready. The next stage is to plan out the three Ws: what, when, and who.

Attack Launch

launching the attack requires preparation but not scripted preparation that would not allow you to be dynamic. The use of an outline is recommended

Reporting

a report on the attacks is important because it is the very pinnacle that the rest of the pyramid rests on

Hacktivism

use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change.

Aaron Swartz

An agitator for free access to information on the internet who downloaded more than four million articles and reviews onto his laptop computers from a subscription-only digital storehouse, involved in Reddit and RSS development.

Information Security

the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to ensure confidentiality, integrity, and availability

Confidentiality

preserving authorized restrictions on information access and disclosure

Integrity

guardian against improper information modification or destruction and ensuring information non-repudiation and authenticity

Availability

ensuring timely and reliable access to and use of information

Security Controls

the management, operational, and technical controls (safeguards, countermeasures) prescribed for a system to protect the confidentiality, availability, and integrity of the system and its information

Information System

discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information

Information

• Facts or ideas which can be represented (encoded) as various forms of data

• Knowledge (data instructions) in any medium or form that can be communicated between system entities

Risk

can never be completely eliminated

Risk Management

striking a balance between usability and implementation of protection

Impact Levels

• Federal organizations use these 

• High, moderate and low 

• Identify/categorize impact that a loss of confidentiality, integrity, or availability of info/system may have on organizations operation

• Allows them to identify appropriate protections

Privacy

• Past: two functions were discussed as if they cannot coexist in a system 

• Today: relationship between privacy and security is essential 

• It relates problems that individuals may experience as a result of authorized processing of their information throughout the data life cycle

Vulnerability

a weakness in a system, system security procedure, internal controls, or implementation that could be exploited by a threat source

Threat Events

• incident/situation that could potentially cause undesirable consequences/impacts 

• Example: hacker installing a keystroke monitor on an organizational system

Threat Sources (Adversarial)

 sources are individuals, groups, organizations, or entities seek to exploit and organizations dependence on cyber resources

Threat Sources (Non-Adversarial)

sources refer to natural disasters or erroneous actions taken by individuals in the course of executing day to day responsibilities

National Security Agency (NSA)

become the largest, most covert, and potentially most intrusive intelligence agency ever

Data Mining

everything a person does becomes charted on a graph so the NSA is able to paint a more detailed picture of someone’s life

Advanced Encryption Standard (AES)

Symmetric encryption and is considered so strong that the NSA has even approved its use for top-secret US government communications.

Lists (Python Concept)

ordered, changeable, allows duplicate

Sets (Python Concept)

unordered, changeable, doesn’t allow duplicates

Dictionaries (Python Concept)

ordered, changeable, doesn’t allow duplicates (except values).