cyber security terms

theses are all the terms you should be studying for cyber AP exam

Sophisticated attacks

Sophisticated attacks are complex, making them difficult to detect and thwart. Sophisticated attacks:

• Use common internet tools and protocols, making it difficult to distinguish an attack from legitimate traffic.

• Vary their behavior, making the same attack appear differently each time.

Proliferation of attack software

A wide variety of attack tools are available on the internet, allowing anyone with a moderate level of technical knowledge to download the tools and run an attack.

Attack scale and velocity

The scale and velocity of an attack can grow to millions of computers in a matter of minutes or days due to its ability to proliferate on the internet. Because modern attacks are not limited to user interactions, such as using a floppy disk to spread an attack from machine to machine, the attacks often affect very large numbers of computers in a relatively short amount of time.

Security control

A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.

Managerial

A category of security control that provides oversight of information systems.

Operational

A category of security control that is implemented by people.

Technical

A category of security control that is implemented as a system.

Physical

A category of security control that is implemented by hardware used to deter or detect, such as alarms, gateways, locks, lighting, and security cameras.

Preventive

A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.

Access control lists (ACLs)

The collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

Detective

A type of security control that acts during an incident to identify or record that it is happening.

Corrective

A type of security control that acts after an incident to eliminate or minimize its impact.

Directive

A type of control that enforces a rule of behavior through a policy or contract.

Deterrent

A type of security control that discourages intrusion attempts.

Compensating

A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.

Chief Information Officer (CIO)

A company officer with the primary responsibility of managing information technology assets and procedures.

Chief Technology Officer (CTO)

A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.

Chief Security Officer (CSO)

Typically, the job title of the person with overall responsibility for information assurance and systems security.

Lab simulator

The lab simulator is a CertMaster learning tool that presents a virtual environment that you can manipulate like an actual environment.

Lab tasks

The tasks necessary to complete the lab.

Navigation bar

A lab simulation feature used to change to a new location, such as a building, floor, or office.

Shelf

An area that contains hardware components that may be used in the simulation.

Exhibits

Additional information about the simulation environment that may be useful in completing the lab.