1/28
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
CIA Triad
The foundational security model of Confidentiality, Integrity, and Availability, used to guide security policy and controls.
Confidentiality
Ensuring that information is accessible only to those authorized to view it.
Integrity
Ensuring that data remains accurate, complete, and unaltered except by authorized action.
Availability
Ensuring that systems and data are accessible to authorized users when needed.
Defense-in-Depth
A layered security strategy using multiple, overlapping controls so that if one layer fails, others still provide protection.
Risk Assessment
The process of identifying, analyzing, and evaluating risks to determine their likelihood and potential impact.
Residual Risk
The risk that remains after security controls and mitigations have been applied.
Pretexting
A social engineering technique where an attacker fabricates a false scenario to gain a victim's trust and extract information.
Authority
A persuasion principle where people comply with requests from someone perceived to hold power or legitimacy.
Consensus
A persuasion principle (social proof) where people are influenced to act because they believe others are doing the same.
Scarcity
A persuasion principle that increases compliance by suggesting an opportunity is limited in availability or time.
Familiarity
A persuasion principle where people are more easily influenced by those they like, recognize, or feel connected to.
Script Kiddie
An unskilled attacker who uses pre-written tools or scripts created by others, without deep technical knowledge.
Hacktivist
An attacker motivated by political or social causes who uses hacking to promote an ideological agenda.
Insider Threat
A security risk originating from someone within the organization who has legitimate access.
Cyberterrorist
An attacker who uses digital attacks to cause fear, disruption, or harm in furtherance of ideological or political goals.
OSINT
Open Source Intelligence; information gathered from publicly available sources used in reconnaissance.
Reconnaissance
The information-gathering phase of an attack, where an attacker learns about a target before launching an exploit.
Persistence
Techniques attackers use to maintain long-term access to a compromised system, even after reboots or credential changes.
C2
Command and Control; infrastructure used by attackers to communicate with and control compromised systems remotely.
RAT
Remote Access Trojan; malware that provides an attacker with covert remote control over an infected system.
Lateral Movement
Techniques attackers use to move through a network from an initially compromised system to other systems.
Piggybacking
Gaining unauthorized physical access to a restricted area with the knowledge or consent of an authorized person.
Tailgating
Gaining unauthorized physical access by following closely behind an authorized person, typically without their consent or awareness.
Shoulder Surfing
Observing someone's screen, keyboard, or PIN entry to steal sensitive information.
Dumpster Diving
Searching through an organization's or individual's trash to find discarded sensitive information.
Card Cloning
Illegally copying data from a legitimate access or payment card to create a duplicate for fraudulent use.
UPS
Uninterruptible Power Supply; a backup power device that provides short-term power during an outage, protecting availability of systems.
IRP
Incident Response Plan; a documented, structured approach for detecting, responding to, and recovering from security incidents.