1.0 flashcards

Technical Security Controls

Technical:

• Definition: Hardware or software systems designed to monitor and control security.

• Examples: Network IDS, biometric security devices, firewalls, antivirus software.

Administrative (Managerial): Security Controls

• Definition: Policies, procedures, and guidelines for managing security.

• Examples: Risk identification tools, security awareness training, incident response plans.

Operational Security Controls

• Definition: Human-centric, focusing on procedures and responsibilities to maintain security.

• Examples: Cybersecurity training, password policy, disaster recovery planning.

Physical Security Controls

• Definition: Manages access to premises and hardware, often more expensive than technical controls.

• Examples: Building access control systems, security cameras, fencing, gates.

Preventative control type

• Definition: Restricts unauthorized access physically or logically.

• Examples: System passwords, door locks, firewalls.

Deterrent Control Type

• Definition: Discourages attacks psychologically.

• Examples: Warning signs, security cameras.

Detective Control Type

• Definition: Identifies and records attempted or successful intrusions.

• Examples: Intrusion detection systems (IDS), security cameras, log monitoring.

Corrective Control Type

• Definition: Responds to and fixes incidents.

• Examples: Antivirus software, patch management.

Compensating Control Type

• Definition: Provides alternative means when primary controls are insufficient.

• Examples: Temporary firewalls, manual processes.

Directive Control Type

• Definition: Guides behavior with policies, procedures, and guidelines.

• Examples: Security policies, compliance regulations.

Confidentialtiy (CIA)

Ensures data is accessible only to authorized personnel.

Integrity (CIA)

Ensures data remains unaltered during storage and transfer.

Availability (CIA)

Guarantees data accessibility.

Non-repudiation

Ensures authenticity of data through mechanisms like digital signatures, code signing, comparing hashes

Authentication

(AAA)

• Verifies users or systems.

• Authorization (AAA)

• Grants appropriate access.

• Accounting (AAA)

• Tracks user actions.

• Hacktivists

• Definition: Hacktivists are individuals or groups that use hacking techniques to promote political, social, or ideological causes. They often target governments, corporations, or organizations they oppose.
  Example: A hacktivist group defaces a government website to protest internet censorship.

• nation-states,

refer to governments or state-sponsored groups that conduct cyberattacks for espionage, disruption, or warfare. They have significant resources and advanced hacking capabilities.
Example: A country's intelligence agency hacks another nation's power grid to disrupt its infrastructure.

• insider threats,

Definition:

come from employees, contractors, or business partners who misuse their access to harm an organization, either intentionally or accidentally.
Example: A disgruntled employee leaks confidential company data to a competitor before quitting.

Organized Crime

Definition: Organized crime groups use hacking for financial gain, often engaging in cyber fraud, identity theft, or ransomware attacks. They operate like businesses but focus on illegal activities.
Example: A cybercrime gang infects a hospital’s network with ransomware and demands payment to restore patient records.

Risk Assessment/Management:

• Identifying, analyzing, and prioritizing risks to mitigate potential impacts.

Principle of Least Privilege:

• Providing the minimum level of access necessary.

Security Posture:

• Overall security readiness of an organization.

Zero Trust:

• Definition: No implicit trust; continuous verification required.

Adaptive Identity:

• Definition: Adjusts user access dynamically based on behavior.

Policy-driven Access Control:

• Definition: Uses policies to maintain security.

Approval Process:

• Evaluates and authorizes changes.

Ownership

• Assigns responsibility for overseeing changes.

Stakeholders

• Individuals/groups affected by changes.

Backout Plan

• Strategy for reverting to previous system state.

Configuration Management:

• Tracking and controlling changes in the system.

Version Control:

• Definition: Managing updates to documents, software, and system settings.

• Example: A developer tracks changes to code so previous versions can be restored if needed.

Continuous Monitoring

• Definition: Watching systems for changes to detect security issues.

• Example: A security team uses software to check for unusual activity on company servers.

Allow/Deny Lists

• Definition: Lists that control what is allowed or blocked.

• Example: A company only allows approved websites to be accessed from work computers.

Downtime

Definition: A planned period when a system is unavailable for maintenance.

Example: A bank's website goes offline at midnight for scheduled updates

Service/Application Restart

Definition: Turning an app or system off and on again to apply updates.

Example: After installing security patches, an IT team restarts the company’s email server.

Public Key Infrastructure (PKI)

• Definition: A system for managing digital certificates to verify identities online.

• Example: A website uses PKI to provide a secure HTTPS connection.

Public/Private Keys

• Definition: The public key encrypts data, and the private key decrypts it.

• Example: When sending an encrypted email, the recipient uses their private key to read it.

Data at Rest:

Encrypts stored data, such as files or databases.

• Example: A laptop uses full-disk encryption to protect its contents if stolen.

Data in Transit:

Protects data while being transmitted.

• Example: A VPN encrypts internet traffic to secure browsing.

Symmetric Encryption:

Uses the same key for encryption and decryption

• Example: Wi-Fi networks use AES encryption to secure connections.

Asymmetric Encryption:

Uses a public key to encrypt and a private key to decrypt.

• Example: HTTPS websites use asymmetric encryption to protect login details.

Hybrid Encryption:

Uses both symmetric and asymmetric encryption for efficiency.

• Example: Secure messaging apps use hybrid encryption for speed and security.

Hashing:

Converts data into a fixed-length value to check integrity

• Example: A website stores passwords as hashed values (SHA-256) instead of plain text.

Digital Signatures:

Verifies the authenticity and integrity of a document.

• Example: A contract is digitally signed to confirm it hasn’t been altered.

TLS/SSL:

Secures communication between web browsers and servers.

• Example: Online banking sites use TLS to encrypt user transactions.

transport layer security / secure socket layer

Block vs. Stream Ciphers

• Definition:

  • Block ciphers encrypt fixed-size chunks of data (e.g., AES).

  • Stream ciphers encrypt data one bit at a time (e.g., RC4).

• Example: AES (block cipher) is used for file encryption, while RC4 (stream cipher) was used for older wireless security.

Trusted Platform Module (TPM)

• Example: Laptops use TPM to store BitLocker encryption keys securely.

: A built-in security chip that protects encryption keys.

Hardware Security Module (HSM)

A dedicated device for managing encryption keys.

• Example: Banks use HSMs to secure ATM transactions.

Quantum Cryptography

• Definition: Uses quantum mechanics to create ultra-secure encryption.

• Example: Future networks could use quantum cryptography to prevent hacking.

Perimeter Security

• Definition: Barriers and patrols that protect a facility’s outer boundaries.

• Example: A company installs fences and security gates around its office building.

Bollards

• Definition: Steel or concrete posts that block vehicle access.

• Example: Bollards are placed in front of a bank entrance to prevent ram-raiding attacks.

Access Control Vestibule (Mantrap)

Definition: A small, enclosed entryway with two interlocking doors to control access.

• Example: Employees scan their badges to enter the first door, which must close before the second door unlocks.

Video Surveillance (CCTV)

• Definition: Cameras that monitor and record activity for security purposes.

• Example: CCTV cameras in a parking lot help security teams spot suspicious behavior.

Lighting

• Definition: Bright illumination to improve visibility and deter intruders.

• Example: A warehouse installs floodlights to discourage break-ins at night.

Access Badges

• Definition: ID cards that grant access to restricted areas.

• Example: Employees must scan their access badges to enter the data center.

Biometric Systems

• Definition: Security systems that use fingerprints, iris scans, or facial recognition for authentication.

• Example: A company uses fingerprint scanners to restrict access to the research lab.

Environmental Controls

• Definition: Systems that protect against fire, temperature changes, and air quality issues.

• Example: A data center has fire suppression systems and HVAC units to prevent overheating.

Honeypot

• Definition: A fake system designed to attract hackers and study their behavior.

• Example: A company sets up a honeypot that looks like a real database to trick cybercriminals into revealing their attack methods.

Honeynet

• Definition: A network of honeypots that simulate a real environment to detect and analyze threats.

• Example: A cybersecurity team deploys a honeynet to monitor large-scale attacks targeting financial systems.

Honeyfile

• Definition: A fake document designed to look valuable and trigger alerts when accessed.

• Example: A company creates a fake payroll file with tracking mechanisms to detect unauthorized access.

Honeytoken

• Definition: A decoy credential or data entry used to detect attackers.

• Example: A system places fake admin login credentials in logs—if someone tries to use them, an alert is triggered.