Google Cybersecurity Certification

Open Web Application Security Project (OWASP)

A non-profit organization focused on improving software security

Order of volatility

A sequence outlining the order of data that must be preserved from first to last

Password attack

An attempt to access password secured devices, systems, networks, or data

Personally identifiable information (PII)

Any information used to infer an individual’s identity

Phishing

The use of digital communications to trick people into revealing sensitive data or deploying malicious software

Physical attack

A security incident that affects not only digital but also physical environments where the incident is deployed

Physical social engineering

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Privacy protection

The act of safeguarding personal information from unauthorized use

Programming

A process that can be used to create a specific set of instructions for a computer to execute tasks

Protected health information (PHI)

Information that relates to the past, present, or future physical or mental health or condition of an individual

Protecting and preserving evidence

The process of properly working with fragile and volatile digital evidence

Security architecture

A type of security design composed of multiple components, such as tools and processes, that are used to protect an organization from risks and external threats

Security controls

Safeguards designed to reduce specific security risks

Security ethics

Guidelines for making appropriate decisions as a security professional

Security frameworks

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security governance

Practices that help support, define, and direct security efforts of an organization

Security information and event management (SIEM)

An application that collects and analyzes log data to monitor critical activities in an organization

Sensitive personally identifiable information (SPII)

A specific type of PII that falls under stricter handling guidelines

Social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

Social media phishing

A type of attack where a threat actor collects detailed information about their target on social media sites before initiating the attack

Spear phishing

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

SQL (Structured Query Language)

A programming language used to create, interact with, and request information from a database

Supply-chain attack

An attack that targets systems, applications, hardware, and/or software to locate a vulnerability where malware can be deployed

Technical skills

Skills that require knowledge of specific tools, procedures, and policies

Threat

Any circumstance or event that can negatively impact assets

Threat actor

Any person or group who presents a security risk

Transferable skills

Skills from other areas that can apply to different careers

USB baiting

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and install to unknowingly infect a network

Virus

refer to “computer virus”

Vishing

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Watering hole attack

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Adversarial artificial intelligence (AI)

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Antivirus software

A software program used to prevent, detect, and eliminate malware and viruses

Asset

An item perceived as having value to an organization

Authentication

The process of verifying who someone is

Availability

The idea that data is accessible to those who are authorized to access it

Business Email Compromise (BEC)

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Computer virus

Malicious code written to interfere with computer operations and cause damage to data and software

Confidentiality

Only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad

A model that helps inform how organizations consider risk when setting up systems and security policies

Cryptographic attack

An attack that affects secure forms of communication between a sender and intended recipient

Cybersecurity (or security)

The practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Database

An organized collection of information or data

Data point

A specific piece of information

Hacker

Any person or group who uses computers to gain unauthorized access to data

Hacktivist

A person who uses hacking to achieve a political goal

Health Insurance Portability and Accountability Act (HIPAA)

A U.S. federal law established to protect patients’ health information

Integrity

The idea that the data is correct, authentic, and reliable

Internal threat

A current or former employee, external vendor, or trusted partner who poses a security risk

Intrusion detection system (IDS)

An application that monitors system activity and alerts on possible intrusions

Linux

An open-source operating system

Log

A record of events that occur within an organization’s systems

Malware

Software designed to harm devices or networks

National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF)

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Network protocol analyzer (packet sniffer)

A tool designed to capture and analyze data traffic within a network

Network security

The practice of keeping an organization's network infrastructure secure from unauthorized access

Assess

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

Authorize

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization

Business continuity

An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans

Categorize

The second step of the NIST RMF that is used to develop risk management processes and tasks

External threat

Anything outside the organization that has the potential to harm organizational assets

Implement

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Internal threat

A current or former employee, external vendor, or trusted partner who poses a security risk

Monitor

The seventh step of the NIST RMF that means be aware of how systems are operating

Prepare

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Ransomware

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Risk

Anything that can impact the confidentiality, integrity, or availability of an asset

Risk mitigation

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Security posture

An organization’s ability to manage its defense of critical assets and data and react to change

Select

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Shared responsibility

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables

Vulnerability

A weakness that can be exploited by a threat

Asset

An item perceived as having value to an organization

Attack vectors

The pathways attackers use to penetrate security defenses

Authentication

The process of verifying who someone is

Authorization

The concept of granting access to specific resources in a system

Availability

The idea that data is accessible to those who are authorized to access it

Biometrics

The unique physical characteristics that can be used to verify a person’s identity

Confidentiality

The idea that only authorized users can access specific assets or data

Confidentiality, integrity, availability (CIA) triad

A model that helps inform how organizations consider risk when setting up systems and security policies

Detect

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Encryption

The process of converting data from a readable format to an encoded format

Govern

A NIST core function related to ensuring an organization establishes, oversees, and improves its cybersecurity strategy, policies, roles, and risk management processes to align with business goals and regulations

Identify

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Integrity

The idea that the data is correct, authentic, and reliable

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53

A unified framework for protecting the security of information systems within the U.S. federal government

Open Web Application Security Project/Open Worldwide Application Security Project (OWASP)

A non-profit organization focused on improving software security

Protect

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Recover

A NIST core function related to returning affected systems back to normal operation

Respond

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Risk

Anything that can impact the confidentiality, integrity, or availability of an asset

Security audit

A review of an organization's security controls, policies, and procedures against a set of expectations

Security controls

Safeguards designed to reduce specific security risks

Security frameworks

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Security posture

An organization’s ability to manage its defense of critical assets and data and react to change

Threat

Any circumstance or event that can negatively impact assets

Chronicle

A cloud-native tool designed to retain, analyze, and search data

Incident response

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach