Security+

RPO (Recovery point objective)

defines the maximum acceptable amount of data loss measured in time, determining how old backup data can be to resume normal operations after a failure.

RTO (Recovery time objective)

indicates the target amount of time to restore IT and business activities post-disaster, focusing on downtime rather than data loss.

SOW

A statement of work specifies the detailed scope of work, tasks, deliverables, timelines, and costs for a specific project or engagement with the vendor.

Data Custodian

responsible for ensuring the secure transmission of data and maintaining data integrity by monitoring for inconsistencies or potential issues

Extensible Authentication Protocol (EAP)

network access authentication protocol that can handle multiple authentication methods

Committees

specialized groups that include subject matter experts who support the governance board with expert analysis and recommendations. 

DKIM (DomainKeys Identified Mail)

allows senders to associate a domain name with an email, thus vouching for its authenticity using a cryptographic signature.

UTM (unified threat management)

consolidates various security functionalities into a single appliance. It provides comprehensive protection by merging multiple security features, including intrusion detection/prevention, firewall capabilities, content filtering, and anti-malware tools, into one solution.

Sanitization

crucial process that ensures any data present on an asset, whether it's hardware or storage media, is thoroughly removed or modified to the point of being irrecoverable. This process is essential when repurposing, transferring, or disposing of assets to prevent unauthorized individuals from accessing or retrieving sensitive information.

Stream ciphers

encrypt plaintext data one byte or bit at a time, making them suitable for scenarios where the total message length is unknown. They combine the plaintext with a separate randomly generated message derived from the key and an initialization vector (IV).

Netflow

network monitoring and analysis tool that provides visibility into network traffic, allowing administrators to understand and analyze the flow of data across the network. This helps identify potential security threats and abnormal behawior.

AUP (Acceptable Use Policy)

defines the rules and guidelines for the appropriate and acceptable use of an organization's IT resources. It outlines the dos and don'ts for employees regarding the use of company devices, networks, software, and data. 

SPF (Sender Policy Framework)

helps prevent email spoofing by enabling domain owners to define which servers can send emails on their behalf.

Adaptive identity

allows for more flexible and dynamic access control by using contextual data to make dynamic access control decisions. For example, the system might grant access to a sensitive resource based on the user’s location or the time of day. 

Structured Query Language injection

a web-based attack that involves inserting malicious SQL statements into user input fields or URLs that are executed by the database server. It can allow an attacker to read, modify, delete, or execute commands on the database.

Cross-site scripting (XSS)

web-based attack that involves inserting malicious scripts into web pages that are executed by the browser of unsuspecting users. It can allow an attacker to steal cookies, session tokens, credentials, or perform other actions on behalf of the user.

Cross-site request forgery (CSRF)

web-based attack that involves tricking a user into performing an unwanted action on a website where they are already authenticated. It can allow an attacker to transfer funds, change passwords, or perform other actions without the user’s consent.

Directory traversal

web-based attack that involves exploiting a vulnerability in a web server or application to access files or directories that are outside the intended scope. It can allow an attacker to read, modify, delete, or execute files or directories on the server

A firmware vulnerability

issue that involves the ability to modify or replace the software that controls the functionality of a hardware device. It can allow an attacker to alter the behavior, performance, or security of the device, or install malware, backdoors, or spyware on it.

The exposure factor (EF)

the fraction of the asset value that is at risk in the event of a security incident. 

Session Initiation Protocol (SIP), port 5060

used for signaling in Voice over IP (VoIP) services. Unauthorized access to this port can result in toll fraud or unauthorized call control.

Wiretapping

in the context of a wired network, refers to the act of connecting directly to the network's physical infrastructure (cables) to monitor and capture data traffic. It is a direct method to eavesdrop on communications. 

Rescanning

involves running the vulnerability scan again after remediation efforts to confirm that identified vulnerabilities have been addressed properly and no longer pose a threat.

ARO (Annualized rate of occurrence)

quantifies the expected frequency of a risk occurring within a one-year time frame.

An image backup

duplicates an OS installation, either from a physical hard disk or a VM's virtual hard disk. It offers a quick means to redeploy the system without reinstalling software and settings.

Regulated data

implies that it's a category of data that adheres to specific compliance standards due to its sensitive nature.

A UPS (Uninterruptible Power Supply)

provides immediate power protection from input power interruptions by supplying short-term battery power. This ensures that devices can either be properly shut down or switched to an alternative power source like a generator.

MTBF (Mean time between failures)

predicts the average time intervals between system failures, indicating the reliability of a system or component.

A Memorandum of understanding (MOU)

formal agreement between two or more parties that outlines their mutual understanding and intentions to collaborate. It serves as a precursor to a legally binding contract and establishes a framework for future negotiations

Discretionary Access Control (DAC)

an authorization model where the owner of the resource decides who is allowed to access it.

End-of-life vulnerability

can allow a hardware attack that involves exploiting vulnerabilities in devices that are no longer supported or updated by the manufacturer. It can allow an attacker to compromise the security or functionality of the device, or use it as a gateway to access other systems or networks.

Risk identification

the first step in the risk management process. It involves identifying potential threats and vulnerabilities that could pose a risk to an organization's assets or operations.

Confidential data

information that is restricted and should be kept secret; hence, its access is limited to specific people or systems. Data under non-disclosure agreements (NDAs) typically falls under this classification.

SNMP

ensures secure communication among software applications and allows security analysts to monitor these communications

S/MIME (Secure Multipart Internet Message Extensions)

leverages email certificates to both sign and encrypt email content, ensuring both authenticity and confidentiality.

Journaling

keeps track of all transactions and changes that occur within a system. In the event of a crash or failure, this record allows for precise recovery to the moment before the disruption.

E-discovery

essential component of incident response and primarily relates to the collection and handling of electronic data. It is designed to be used as evidence in legal cases and includes in its scope anything that is stored electronically - emails, documents, databases, presentation files, voicemails, video/audio files, social media posts, and more.

A risk threshold

the limit of acceptable risk that an organization establishes, which once exceeded, triggers a response to reduce the risk to an acceptable level.

Concurrent session usage

an indicator of malicious activity that shows that an attacker or malware has compromised an account and is using it simultaneously with the legitimate user, creating multiple sessions from different locations or devices. 

Due diligence/care

refers to the diligent and proactive efforts made by an organization to meet and maintain compliance requirements. This includes implementing necessary policies, procedures, and controls to align with regulatory mandates.

Software Defined Networking (SDN)

separates network control from the physical infrastructure, centralizing management and offering flexibility.

PKI (Public Key Infrastructure)

set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

The CCPA (California Consumer Privacy Act)

a state legislation that provides comprehensive data protection rights to consumers, much like the GDPR. It's considered "horizontal" as it applies across sectors.

Embedded systems

computer systems that are integrated into larger devices or machines, such as cars, medical devices, or cameras.

RTO (Recovery time objective)

sets the goal for the time taken to recover business operations after an outage, essential for continuity planning.

MTTR (Mean time to repair)

average repair time for a failed system or component, not the timeframe for full business recovery.

BCP (Business continuity planning)

overarching process that includes recovery time objectives, but it is not a time-specific recovery target.

RPO (Recovery point objective)

assesses the maximum tolerable data age for recovery purposes, unrelated to the duration for restoring operations.

Secure web gateways (SWGs)

tailored to handle user traffic and can filter URLs based on content blacklists. They also provide threat analysis and integrate features like DLP and CASB to guard against various unauthorized egress threats.

Hybrid warfare

a strategy where state actors use a mix of espionage, disinformation, hacking, and soft power to achieve their objectives, offering a multifaceted approach to conflict.

National legal implications

laws and regulations set at the country level that outline the requirements and boundaries for data protection and privacy.

Ad hoc assessments

performed as necessary, often triggered by specific events or detected threats, providing flexibility in the risk management process. 

SNMP

a network monitoring and management protocol that enables devices to send and receive alerts and data about their performance and status. It allows network administrators to monitor network devices, identify potential issues, and proactively address them.

A WAF

designed to filter, monitor, and block HTTP traffic to and from a web application, making it the most appropriate choice for temporary mitigation against a known vulnerability. 

An exposure factor

measures the proportion of an asset’s value that would be lost if a vulnerability is exploited. It is essential for organizations to assess the potential impact of specific vulnerabilities and prioritize remediation efforts accordingly.