Security+ 701

Confidentiality

Ensures that unauthorized individuals are not able to gain access to sensitive information

Integrity

Ensures that there are no unauthorized modifications to info or systems

Availability

Ensures that info and systems are ready to meet the needs of legit users at the time those users request them

Non-repudiation

Someone who performed some action cannot later deny having taken that action

Security Incidents

Occur when an organization experiences a breach of the CIA triad

Disclosure

The exposure of sensitive info to unauthorized individuals otherwise known as data loss

Alteration

The unauthorized modification of info

Denial

Disruption of an authorized users legit access to info

Financial Risk

The rick of monetary damage to the organization as the result of a data breach

Reputational Risk

Occurs when the negative publicity surrounding a security breach causes the loss of goodwill among customers, stakeholders, etc.

Strategic Risk

The risk that an organization will become less effective in meeting its major goals and objectives

Operational Risk

The risk an organization’s ability to carry out its day to day

Compliance Risk

Occurs when a security breach causes an organization to run afoul of legal and regulatory requirements

Control Objectives

Requirements to maintain CIA

Security Controls

Specific measures taken to fulfill the control objectives

Gap Analysis

Review the control objectives for a particular org, system, or service and then examine the controls designed to achieve these objectives

Technical Controls

Enforce CIA in the digital space eg. firewall

Operation Controls

The processes that we put in place to manage tech in a secure manner, eg. log monitoring, user access reviews

Managerial Controls

Procedural mechanism that focus on the mechanics of the risk management process, eg. risk assessments

Physical controls

Security controls that impact the physical world, eg. fences

Preventive Controls

Intend to stop a security issue before it occurs

Deterrent Controls

Seek to prevent an attacker from attempting to violate security policies

Detective Controls

Identify security events that have already occurred

Corrective Controls

Remediate security issues that have already occurred

Compensating Controls

Controls designed to mitigate the risk associated with exceptions made to a security policy

Directive Controls

Inform employees and others what they should do to achieve security objectives

Data at Rest

Stored data that resides on hard drives, in the cloud, etc. This data is prone to theft by insiders or external attackers who gain access to systems and are able to browse their contents

Data in Transit

Data that is in motion over a network. When data travels on an untrusted network, it is open to anyone with access to those networks

DLP Systems

Helps organization enforce info handling policies and procedures to prevent data loss and theft. They search systems for stores of sensitive info that is unsecured

Agent Based DLP

Uses software agents installed on systems that search those systems for the presense of sensitive infoA

Agent-less DLP

Dedicated Devices that sit on the network and monitor outbound network traffic, watching for any transmission that contains unencrypted sensitive info

Pattern Matching

DLP Systems watch for signs of sensitive info following a certain pattern, Eg. SSN

Data Minimization

Seeks to reduce risk by reducing the amount of sensitive info

Hashing

Uses a has function to transform a value in our dataset to a corresponding hash value

Tokenization

Replaces sensitive values with an unique id using a lookup table

Data Masking

Partially redacts sensitive info by replacing some or all fields. Ex. SSN xxx-xx-1234

Geo Restrictions

Limit access to resources based on the physical location of the user or system

Permission Restrictions

Limit access to resources based on the users role or level of authorization

Segmentation

Places sensitive systems on separate networks where they can communicate but have restrictions

White hat hacker

Those who act with authorization and seek to exploit security vulnerabilities with the intent of correcting them

Black hat hacker

Those with malicious intent, they seek to defeat security controls and compromise CIA

Gray hat hacker

They act without proper authorization but they do so with the intent of informing their targets of any security vulnerabilities

Attack Surfaces

A system, app, or service that contains a vulnerability a threat actor might exploit

Threat Vector

The means that a threat actor use to obtain access

Indicators of Compromise (IOC)

Telltale signs that an attack has taken place and may include file signatures, log patterns, and other evidence left behind by attackers

OSINT

Open source intelligence you can publicly gather from available sources

Malware

Describes a wide range of software that is intentionally designed to cause harm to a system, devices, networks, or users

Ransomware

Malware that takes over a computer and then demands a ransom.

Trojans

Type of malware that is typically disguised as legit software

Worms

Malware that spreads itself, often associated with spreading via attacks on vulnerable services

Spyware

Malware that is designed to obtain info about an individual, organization, or system

Bloatware

All encompassing term used to describe unwanted apps installed on systems by manufacturers

Viruses

Malware that self copy and self replicate, they typically have a trigger which determines when the malware will execute and a payload which is what the malware does/delivers/or the action performed

Keyloggers

Programs that capture keystrokes from a keyboard, can also capture mouse movement, touch screen inputs, credit card swipes

Logic Bombs

Functions or code placed inside other programs that will activate when set conditions are met

Rootkits

Malware designed to allow attackers to access a system through a backdoor

Social Engineering

The practice of manipulating people through a variety of strategies to accomplish desired actions

Phishing

Broad term used to describe the fraudulent acquisition of info

Vishing

Phishing accomplished via voice or voicemail

Smishing

Relies on text messages as part of the phishing scam

Business Email Compromises

Relies on using apparently legit email addresses to conduct scams and other attacks

Watering Hole Attacks

Uses websites that targets frequent often

TypoSquatting

Use Misspelled and slightly off but similar to the legit site URLS

Brute Force Password Attack

Iterate through passwords until they find one that works

Password Spraying

Attempts to use a single password or small set of passwords against many accounts

Vulnerability Management

Plays a crucial role in identifying, prioritizing, and remediating vulnerabilities in our environment

Vulnerability scanning

Use to detect new vulnerabilities as they arise and then implement a remediation workflow that addresses the highest priority vulnerabilities

Risk Appetite

Willingness to tolerate risk within the environment

Regulatory Requirements

May dictate a minimum frequency for scans

Technical Constraints

Scanning Systems may only be capable of performing x amount of scans per day

Static Testing

Analyzes code without executing it

Dynamic Testing

executes codes as part of the test

Interactive Testing

Combines static and dynamic code testing

CVSS

industry standard for assessing the severity of security vulnerabilities

Attack Vector Metric (AV)

Describes how an attack would exploit a vulnerability

Attack complexity metric (AC)

Describes the difficulty of exploiting a vulnerability

Privileges Required Metric (PR)

The type of account access needed to exploit a vulnerability

User Interaction Metric

Whether the attacker need to involve another human to exploit a vulnerability

Confidentiality Metric

The type of info disclosure that might occur if an attacker successfully exploits a vulnerability

Integrity Metric

Type of info alteration that might occur if an attacker successfully exploits a vulnerability

Availability Metric

Type of disruption that might occur if an attacker successfully exploits a vulnerability

Scope Metric

Whether the vulnerability can affect system components beyond the scope of the vulnerability

None Severity Scale

0.0 CVSS Score

Low Severity Scale

0.1 - 3.9 CVSS Score

Medium Severity Scale

4.0-6.9 CVSS Score

High Severity Scale

7.0 - 8.9 CVSS Score

Critical Severity Scale

9.0 - 10.0 CVSS Score

Penetration Testing

Seeks to bridge the gap between the use of tech tools to test and organizations security and the power of those tool when placed in the hands of an attacker

Threat Hunting

Seek to adopt the attackers mindset and imagine how hackers might seek to defeat an organization

Physical Penetration Test

Focuses on identifying and exploiting vulnerabilities in an organizations physical security controls

Offensive Penetration Test

Proactive approach where security professionals act as attackers to identify and exploit vulnerabilities

Defensive Penetration

Focuses on evaluating an organizations ability to defend against cyberattacks. Involves assessing the effectiveness of policies, procedures, and tech in detecting and mitigating threats

Integrated Penetration Test

Combines aspects of both offensive and defensive pen tests

Known Environments

Pen tests performed with full knowledge of the underlying tech, configurations, and settings that make up the target

Unknown Environments

Pen Tests intended to replicate what an attackers would encounter. Testers not provided access of info

Rules of Engagement

Formal, written guidelines that define how a pen test or operation is conducted

Passive Pen Test Recon

Seeks to gather info without directly engaging with the pen test target

Active Pen Test Recon

Directly engaging with the target in intelligence gathering for pen test

Privilege Escalation

Uses hacking techniques to shift from initial access to more advanced privileges

Pivoting/Lateral Movement

Attacker uses the initial system compromise to gain access to other systems on the target network