Extra Sec+ Stuff

Federation

Provides network access to others (other organization)

allows different organizations to share digital identities, enabling single sign-on across them.

~~~~~~~~

allows users from different organizations (or domains) to access each other’s resources using their existing credentials. This setup is commonly used in partnerships where identity management is shared or trusted between organizations, enabling Single Sign-On (SSO) across different systems.

RAID 0, RAID 1, RAID 5,

• RAID (Redundant Array of Independent Disks):

  • RAID 0 - Striping without parity: High performance, no fault tolerance

  • RAID 1 - Mirroring: Fault tolerant, requires twice the disk space

  • RAID 5 - Striping with parity: Fault tolerant, additional disk for redundancy

  • Combinations of items above

Key escrow

Hand over your private keys to a 3rd-party

~~~~~~~~~~~~~

Allows a trusted third party to hold cryptographic keys, ensuring they're available if original holders lose access or in legal scenarios.

Boards

Boards

• Definition: A formal group of individuals (like a Board of Directors) who oversee an organization's overall direction and decisions.

• Role: High-level decision-making, strategy, compliance, risk management.

• Common in: Corporations, non-profits, and some government bodies.

• Example: A cybersecurity governance board deciding on enterprise-wide security policies.

Committees

Committees are formed to focus on specific areas such as IT governance, audit, risk, or security. They are responsible for:

• Conducting in-depth analysis

• Providing expert recommendations

• Supporting the governance board in making informed strategic decisions

These committees often consist of individuals with specialized knowledge relevant to the domain they oversee.

Government Entities

Government Entities

• Definition: External regulatory or policy-setting bodies that oversee compliance with laws or regulations.

• Role: Enforce legal and regulatory requirements.

• Common in: Heavily regulated industries (e.g., healthcare, finance).

• Example: NIST, FTC, or GDPR regulators setting mandatory standards.

Centralized vs. Decentralized Governance

Centralized:

• Definition: Decisions are made by a central authority or group.

• Pros: Consistency, standardization, strong control.

• Cons: Less flexibility, slower response in local units.

• Example: A single corporate IT team controls all cybersecurity policies.

Decentralized:

• Definition: Decision-making is distributed across departments or regions.

• Pros: Flexibility, local control.

• Cons: Risk of inconsistency or duplicated efforts.

• Example: Each business unit has its own cybersecurity team and policies.

Pretexting

Lying to get your info; actor and a story

Using fabricated scenarios to obtain personal data.

Typosquatting

• Typosquatting - URL Hijacking eg: google.com vs g00gle.com

Registering domains similar to popular ones to deceive users.

Watering hole

Watering Hole: Compromising a commonly used website to target its visitors.

Pharming

• Pharming - Poisoned DNS server, redirects a legit website to a bogus site

Whaling

• Whaling - Spear phishing the CEO or other “large catch” (C level)

Key Stretching

• Key Stretching - Hashing a hash
  
  ex: PBKDF2
  
  a method used that repeatedly hashing the password to make it more random and longer than it originally appeared

Responsibility Matrix

Responsibility Matrix: Outlines who is responsible for what in a cloud environment.

Hybrid Considerations

refer to the factors that need to be taken into account when designing and deploying a hybrid cloud solution, which combines public and private cloud resources.

User Behavior Analytics (UBA)

User Behavior Analytics (UBA) is a cybersecurity technique that uses machine learning and data analysis to monitor how users typically behave on a network — and then detects suspicious or abnormal behavior that could signal a security threat.

Reflected vs Amplified

🟩 Flashcard 1: Reflected DDoS Attack

Front:

What is a Reflected DDoS attack?

Back:

A DDoS attack where the attacker sends requests to third-party servers, spoofing the victim’s IP, causing the replies to be reflected back to the victim.

🔁 Key trait: Traffic comes from legitimate servers, not directly from the attacker.

🟩 Flashcard 2: Amplified DDoS Attack

Front:

What is an Amplified DDoS attack?

Back:

A type of reflected attack where the attacker sends small requests that trigger large responses, overwhelming the victim’s system.

📢 Example: A 1KB request causes a 100KB reply — amplifying the attack power.

SPF vs DMARC vs DKIM

DKIM verifies AUTHENTICITY… uses cryptographic signatures to ensure that:
The email was not altered in transit
The sender is legitimate (matches the domain it claims to be from)

SPF prevents domain spoofing by checking if the sender's IP is authorized

Data vs Control Plane

ZTA models…
The control plane decides where traffic should go; the data plane moves it based on those decisions.

Shadow IT vs Insider threat

Flashcard 1: Shadow IT
Front: What is Shadow IT?
Back: The use of unauthorized apps, devices, or services by employees without approval from IT, posing security and compliance risks.

Flashcard 2: Insider Threat
Front: What is an Insider Threat?
Back: A security threat from someone within the organization who misuses their authorized access — either maliciously or accidentally.

Data Custodian vs Data Owner vs Data Processor vs Data Controller

• Data Owner - Accountable for specific data, often a senior officer; ie: VP of Sales owns the customer relationship data

• Data Controller - Manages the purpose and means by which personal data is processed

• Data Processor - Process data on behalf of the data controller, often a third-party

• Data Custodian/Steward - Responsible for data accuracy, privacy, and security; labels the data, ensures compliance, and manages access rights

Continuous Integration (CI)

• Continuous Integration (CI) - Code is constantly written and merged into a central repository

Continuous Delivery/Deployment (CD)

• Continuous Delivery/Deployment (CD) - Automates the process for testing and then releasing without human intervention

Cross‐site Scripting (XSS):

Attackers inject malicious scripts into websites which are then

executed by the victim's browser.

Responsibility Matrix:

Hybrid Considerations:

Responsibility Matrix: Outlines who is responsible for what in a cloud environment.

Merging on‐premises and cloud can complicate security.

Centralized vs Decentralized

✅ Centralized

• One main server or control hub for decisions, data storage, or security enforcement

• Easier to secure (one point of defense), but also riskier (if hacked, everything is compromised)

✅ Decentralized

• No single point of control

• Think peer-to-peer networks, blockchain, or multiple independent servers

• More resilient to attacks — if one node is taken down, the rest survive

• Harder to manage (less uniform control or response)

Containerization

a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system.

Fail‐open vs Fail‐closed

Fail‐open: Default to allowing traffic when a security device fails. Used where

availability is crucial.

 Fail‐closed: Default to blocking traffic when a security device fails. Used where

security is paramount.

Inline vs. Tap/Monitor

Inline vs. Tap/Monitor: Inline devices are part of the traffic flow and can block

malicious acƟvity, whereas tap/monitor devices observe traffic without direct

interacƟon.

Data Masking:

Concealing specific data within a database, making it inaccessible to unauthorized users.

Tokenization

Replace sensitive data with a non-sensitive placeholder (SSN 322-09-5366 –> 100-91-7294); this isn’t encryption or hashing

Wildcards

Certificates for securing domain and its subdomains

acquisition

is the process of creating an exact, bit-for-bit copy of digital evidence (like a hard drive, USB, or cloud storage) without altering the original data.

✅ Preserves evidence integrity — the original is never touched

✅ Ensures the copy is forensically sound (can hold up in court)

✅ Allows forensic investigators to work on the copy without risking contamination

Not just files — but everything, including:

• Deleted files

• Slack space

• File system metadata

• Hidden partitions

This is done using write blockers and hash verification (e.g., SHA-256) to prove the copy matches the original exactly.

exposure factor (EF)

the fraction of the asset value that is at risk in the event of a security incident.

EF is the percentage of the asset's value lost if a risk event occurs.

It’s a proportion (expressed as a decimal or percentage).

Example: If a $10,000 asset would lose 40% of its value in a flood, the EF = 0.4 (or 40%).

audit committee

A group within a company’s board of directors that oversees financial reporting, internal controls, audits, and compliance to ensure transparency and reduce risk.

Side Loading:

Installing apps from unofficial sources can introduce malicious

enumeration

enumeration is the process of systematically gathering detailed information about a target system or network. It's a crucial step in penetration testing and security assessments, helping identify vulnerabilities and weaknesses.

What Is Hashing Used For?

What Is Hashing Used For?

1. Password Storage

Instead of storing your actual password:

Sites store a hash of your password.

When you log in, they hash your input and compare it.

Even if the database gets hacked, your real password isn’t exposed.

✅ Protects users even if a breach happens.

2. Data Integrity

Hashing ensures that data hasn’t been changed:

You hash a file, message, or software.

Later, you hash it again — if the hash matches, the data is unchanged.

✅ Used in checksums, file verification, blockchain, etc.

3. Digital Signatures

In cryptography:

The message is hashed.

That hash is then signed with a private key.

The receiver can verify the integrity + authenticity.

✅ Common in secure emails, PDF signing, SSL certificates

4. Data Deduplication

If two inputs generate the same hash, they’re considered identical:

Used to eliminate duplicate files.

Or to compare database entries.

Obfuscation

Obfuscation: Deliberate act of creating source or machine code that's difficult for humans to understand.

Agent vs Angentless Posture Assessment

🧑‍💻 Agent-Based Posture Assessment

A method used by NAC (Network Access Control) where a small software agent is installed on the client device to collect detailed security information such as antivirus status, OS patches, firewall settings, and more.

✅ Pros: Granular, real-time data

❌ Cons: Requires software installation, harder to support all device types
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🌐 Agentless Posture Assessment

A NAC method that uses network-based scanning, authentication servers, or system APIs to assess a device’s security posture without installing any software on the client.

✅ Pros: Easier to deploy, supports BYOD and IoT

❌ Cons: Less detailed information about the device

What can a NGFW do?

Feature	Description
🔍 Deep Packet Inspection (DPI)	Inspects packet payloads, not just headers; identifies threats in data
🧬 Signature-Based IDS/IPS	Detects known threats using predefined attack signatures
🧠 Application Awareness & Control	Identifies and controls traffic by app (e.g., YouTube vs Zoom)
🌐 Web Filtering / URL Filtering	Blocks access to malicious or unwanted websites
🧱 Intrusion Prevention System (IPS)	Actively blocks detected intrusion attempts in real time
📦 Layer 7 (Application Layer) Control	Can analyze traffic at the application level (not just IP/Port)
🔗 Integration with Other Tools	Works with SIEMs, antivirus, endpoint protection, etc.
🎭 User Identity Awareness	Can enforce policies based on user identities (via AD or LDAP)
🛡 Anti-malware / Antivirus	Scans traffic for malware — often integrated with threat intelligence
📊 SSL/TLS Inspection	Decrypts and inspects HTTPS traffic for hidden threats

Steganography

Hiding data within other data (e.g., embedding a secret message in an image)

Risk Tolerance vs Risk Appetite

Risk Tolerance:

 The level of risk an organization is willing to accept, considering its objectives and

operaƟons.

6. Risk Appetite:

 Expansionary: Willing to take more risks to achieve growth.

 Conservative: Prefers to take fewer risks.

 Neutral: Neither risk‐seeking nor risk‐averse.