1/332
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Information Security
Act of protecting data and information from unauthorized access, unlawful modification and disruption, disclosure, and corruption, and destruction
Information Systems Security
Act of protecting the systems that hold and process the critical data
Confidentiality, Integrity, Availability
CIA Triad
Confidentiality
Ensures that information is only accessible to those with the appropriate authorization
Integrity
Ensures that data remains accurate and unaltered unless modification is required
Availabilitiy
Ensures that information and resources are accessible and functional when needed by authorized users
Non-repudiation
Guaranteeing that a specific action or event has taken place and cannot be denied by the parties involved
Authentication, Authorization, and Accounting
AAA of Security
Authentication
Process of verifying the identity of a user or system
Authorization
Defines what actions or resources a user can access
Accounting
Act of tracking user activities and resources usage, typically for audit or billing purposes
Security Controls
Measures or mechanisms put in place to mitigate risks and protect the confidentiality, integrity, and availability of information systems and data
Zero Trust
Security model that operates on the principle that no one, whether inside or outside the organization, should be trusted by default
Control Plane
Consists of the adaptive identity, threat scope reduction, policy-driven access control, and secured zones
Data Plane
Focused on the subject/system, policy engine, policy administrator, and establishing policy enforcement points
Threat
Anything that could cause harm, loss, damage, or compromise to information technology systems
Vulnerability
Any weakness in the system design and implementation
Risk Management
Finding different ways to minimize the likelihood of an outcome occurring and achieve the desired outcomes
Encryption
Process of converting data into code to prevent unauthorized access
Access Controls
Ensure only authorized personnel can access certain types of data
Data Masking
Method that involves obscuring data within a database to make it inaccessible for unauthorized users while retaining the real data's authenticity and user for authorized users
Physical Security Measures
Used to ensure confidentiality for physical types of data and for digital information contained on servers and workstations
Training and Awareness
Conducting regular training on the security awareness best practices that employees can use to protect the organization's sensitive data
Hashing
Process of converting data into a fixed-size value
Checksums
Method to verify the integrity of data during transmission
Regular Audits
Involve reviewing logs and operations to ensure that only authorized changes have been made and any discrepancies are addressed
Availability
Used to ensure that information, systems, and resources are accessible and operational when needed by authorized users
Redundancy
Duplication of critical components or functions of a system with the intention of enhancing its reliability
Server Redundancy
Involves using multiple servers in a load balance so that if one is overloaded or fails, the other servers can take over the load to continue supporting end users
Data Redundancy
Involves storing data in multiple places
Network Redundancy
Ensures that if one network path fails, the data can travel through another route
Power Redundancy
Involves using backup power sources to ensure that an organization's systems remain operational during periods of power disruption or outages within a local service area
Something You Know (Knowledge Factor)
Relies on information that a user can recall
Something You Have (Possession Factor)
Relies on the user presenting a physical item to authenticate themselves
Something You Are (Inherence Factor)
Relies on the user providing a unique physical or behavioral characteristic of the person to validate that they are who they claim to be
Something You Do (Action Factor)
Relies on the user conducting a unique action to prove who they are
Somewhere You Are (Location Factor)
Relies on the user being in a certain geographic location before access is granted
Multi-factor Authentication (MFA)
Security process that requires users to provide multiple methods of identification to verify their identity
Audit Trail
Provides a chronological record of all user activities that can be used to trace changes, unauthorized access, or anomalies back to a specific user or point in time
Regulatory Compliance
Maintains a comprehensive record of all the users' activities
Forensic Analysis
Uses detailed accounting and event logs that can help cybersecurity experts understand what happened, how it happened, and how to prevent similar incidents from occurring again in the future
Resource Optimization
Organizations can optimize system performance and minimize costs by tracking resource utilization and allocation decisions
User Accountability
Thorough accounting system ensures users' actions are monitored and logged, deterring potential misuse and promoting adherence to the organization's policies
Syslog Servers
Used to aggregate logs from various network devices and systems so that system administrators can analyze them to detect patterns or anomalies in the organization's systems
Network Analyzers
Used to capture and analyze network traffic to gain detailed insights into all the data moving within a network
Security Information and Event Management
SIEM - Provides real-time analysis of security alerts generated by various hardware and software infrastructures in an organization
Technical Controls
The technologies, hardware, and software mechanisms that are implemented to manage and reduce risks
Managerial Controls
Involve the strategic planning and governance side of security
Operational Controls
Procedures and measures that are designed to protect data on a day-to-day basis and are mainly governed by internal processes and human actions
Physical Controls
Tangible, real-world measures taken to protect assets
Preventive Controls
Proactive measures implemented to thwart potential security threats or breaches
Deterrent Controls
Aim to discourage potential attackers by making the effort seem less appealing or more challenging
Detective Controls
Monitor and alert organizations to malicious activities as they occur or shortly thereafter
Corrective Controls
Mitigate any potential damage and restore the systems to their normal state
Compensating Controls
Alternative measures that are implemented when primary security controls are not feasible or effective
Directive Controls
Often rooted in policy or documentation and set the standards for behavior within an organization
Adaptive Identity
Rely on real-time validation that takes into account the user's behavior, device, location, and more
Threat Scope Reduction
Limit the users' access to only what they need for their work tasks because this drastically reduces the network's potential attack surface
Policy-Driven Access Control
Entails developing, managing, and enforcing user access policies based on their roles and responsibliities
Secured Zones
Isolated environments within a network that are designed to house sensitive data
Policy Engine
Cross-references the access request with its predefined policies
Policy Administrator
Used to establish and manage the access policies
Subject/System
Refers to the individual or entity attempting to gain access
Policy Enforcement Point
Allow or restrict access, and it will effectively act as a gatekeeper to the sensitive areas of the systems or networks
Gap Analysis
Process of evaluating the differences between an organization's current performance and its desired performance
1: Define the scope of the analysis
First step in Gap Analysis
2: Gather data on the current state of the organization
Second step in Gap Analysis
3: Analyze the data to identify the gaps
Third step in Gap Analysis
4: Develop a plan to bridge the gap
Fourth step in Gap Analysis
Technical Gap Analysis
Involves evaluating an organization's current technical infrastructure and identifying any areas where it falls short of the technical capabilities required to fully utilize their security solutions
Business Gap Analysis
Involves evaluating an organization's current business processes and identifying any areas where they fall short of the capabilities required to fully utilize cloud-based solutions
Plan of Action and Milestones
POA&M - Outlines the specific measures to address each vulnerability, allocate resources, and set up timelines for each remediation task that is needed
Threat Actor
An individual or entity responsible for incidents that impact security and data protection
Threat Actor Attributes
Specific characteristics or properties that define and differentiate various threat actors from one another
Unskilled Attackers
Individuals with limited technical expertise who use readily available tools like downloaded scripts or exploits to carry out attacks
Hacktivists
Cyber attackers who carry out their activities driven by political, social, or environmental ideologies who often want to draw attention to a specific cause
Organized Crime
Well-structured groups that execute cyberattacks for financial gain, usually through methods like ransomware, identity theft, or credit card fraud
Nation-state Actors
Highly skilled attackers that are sponsored by governments to carry out cyber espionage, sabotage, or cyber warfare against other nation states or specific targets in a variety of industries
Insider Threats
Security threats that originate from within the organization
Shadow IT
IT systems, devices, software applications, and services that are managed and utilized without explicit organizational approval
Honeypots
Decoy systems or servers designed to attract and deceive potential attackers, simulating real-world IT assets to study their techniques
Honeynets
Creates an entire network of decoy systems to observe complex-multi-stage attacks
Honeyfiles
Decoy files placed within systems to detect unauthorized access or data breaches
Honeytokens
Fake pieces of data, like a fabricated user credential, inserted into databases or systems to alert administrators when they are accessed or used
Data Exfiltration
The unauthorized transfer of data from a computer
Financial Gain
One of the most common motivations for cybercriminals
Blackmail
The attacker obtains sensitive or compromising information about an individual or an organization and threatens to release this information to the public unless certain demands are met
Service Disruption
Often achieved by conducting a DDoS attack to overwhelm a network, service, or server with excessive amounts of traffic so that it becomes unavailable to its normal users
Philosophical or Political Beliefs
Individuals or groups use hacking to promote a political agenda, social change, or to protest against organizations they perceive as unethical
Ethical Reasons
Individuals or groups motivated by a desire to improve security
Revenge
An employee who is disgruntled, or one who has recently been fired or laid off, might want to harm their current or former employer by causing a data breach, disrupting services, or leaking sensitive information
Disruption or Chaos
These actors, often referred to as Unauthorized hackers, engage in malicious activities for the thrill of it, to challenge their skills, or simply to cause harm
Espionage
Involves spying on individuals, organizations, or nations to gather sensitive or classified information
War
Cyberattacks have increasingly become a tool for nations to attack each other both on and off the battlefield
Resources and Funding
Refers to the tools, skills, and personnel at the disposal of a given threat actor
Level of Sophistication and Capability
Refers to threat actor's technical skill, the complexity of the tools and techniques they use, and their ability to evade detection and countermeasures
Unskilled Attacker/Script Kiddie
An individual who lacks the technical knowledge to develop their own hacking tools or exploits
Website Defacement
Electronic graffiti, often treated as another form of vandalism
Doxing
Public release of private information about an organization or individual
Nation-State Actors
Groups that are sponsored by a government to conduct cyber operations against other nations, organizations, or individuals