Cybersecurity Terms and Concepts

Flashcards covering key vocabulary and concepts from the cybersecurity lecture notes.

Compliance

Process of adhering to internal standards and external regulations needed to avoid fines and breaches.

Security Frameworks

Guidelines for creating policies and procedures to manage security.

Security Controls

Safeguards or countermeasures put in place to protect information and assets.

Security Posture

An organization's ability to manage defenses of information and assets and reactions; strong posture indicates lower risk.

Phishing

Use of digital communications to trick individuals into revealing sensitive data or deploying malicious software.

Whaling

A type of phishing targeted specifically at a company executive.

Spear Phishing

Targeted phishing aimed at a specific user or group of users.

Vishing

Phishing conducted through electronic voice communication.

Smishing

Phishing conducted through SMS (text messaging).

Address Resolution Protocol (ARP)

A network protocol used to determine the MAC address of the next router or device on the path.

Cloud-based Firewalls

Software firewalls that are hosted by the cloud service provider.

Controlled Zone

A subnet that protects the internal network from the uncontrolled zone.

Domain Name System (DNS)

A networking protocol that translates internet domain names into IP addresses.

Encapsulation

A process performed by a VPN service that protects data by wrapping sensitive information in other data packets.

Firewall

A network security device that monitors traffic to or from your network.

Proxy Server

A server that fulfills the requests of its clients by forwarding them to other servers.

Secure File Transfer Protocol (SFTP)

A secure protocol used to transfer files over a network.

Stateful Firewall

A firewall that keeps track of information passing through it and proactively filters out threats.

Stateless Firewall

A firewall that operates based on predefined rules and does not track information from data packets.

Denial of Service (DoS) Attack

An attack that targets a network or server and floods it with traffic.

Distributed Denial of Service (DDoS) Attack

A type of DoS attack that uses multiple devices to flood a target network with unwanted traffic.

Network Protocols

A set of rules used by two or more devices on a network to describe data delivery and structure.

Penetration Testing (Pen Test)

A simulated attack to identify vulnerabilities in systems, networks, and applications.

Security Hardening

The process of strengthening a system to reduce its vulnerabilities and attack surface.

Active Packet Sniffing

An attack where data packets are manipulated in transit.

Internal Hardware

The components required to run a computer.

Random Access Memory (RAM)

A hardware component used for short-term memory.

Kernel

The component of the Linux OS that manages processes and memory.

World-writable File

A file that can be altered by anyone.

Command-line Interface (CLI)

A text-based user interface that uses commands to interact with the computer.

Graphical User Interface (GUI)

A user interface that uses icons on the screen for interaction.

SQL (Structured Query Language)

A programming language used to create and interact with databases.