security + flashcard deck

Technical controls

Controls implemented using technology, such as firewalls, encryption, and antivirus software.

Managerial controls

Controls related to management oversight, policies, and procedures for security.

Operational controls

Controls implemented through day-to-day operations, such as backups and incident response.

Physical controls

Controls that physically protect assets, such as locks, fences, and security guards.

Preventive control

A control designed to prevent a security incident from occurring.

Deterrent control

A control intended to discourage security violations before they happen.

Detective control

A control that identifies and detects security incidents after they occur.

Corrective control

A control that mitigates or fixes the impact of a security incident.

Compensating control

A control that substitutes or reduces risk when primary controls cannot be used.

Directive control

A control that provides guidance or instructions for proper behavior or operations.

Confidentiality

Ensuring information is only accessible to authorized individuals.

Integrity

Ensuring information is accurate and unaltered.

Availability

Ensuring information and systems are accessible when needed.

Non-repudiation

Ensuring a sender cannot deny sending a message or performing an action.

Authentication

Verifying the identity of a user or system.

Authorization

Determining what an authenticated user or system is allowed to do.

Accounting (AAA)

Tracking user actions and system activity for auditing and compliance.

Authenticating people

Verifying human users’ identities through passwords, biometrics, or tokens.

Authenticating systems

Verifying devices or systems before granting access.

Authorization models

Frameworks for defining access rights, such as RBAC or DAC.

Gap analysis

Identifying differences between current security posture and desired state.

Zero Trust

Access control model that assumes no implicit trust; verification required for all.

Control Plane

Zero Trust layer that manages access policies and decisions.

Adaptive identity

Adjusting authentication based on user behavior and context.

Threat scope reduction

Minimizing potential attack surfaces and exposure.

Policy-driven access control

Access determined strictly by defined policies.

Policy Administrator

Component enforcing policy decisions in Zero Trust.

Policy Engine

Component evaluating access requests and making decisions.

Data Plane

Zero Trust layer that enforces access and handles actual data flow.

Implicit trust zones

Areas where access is granted only after verification; no assumed trust.

Subject/System

Entities requesting access to resources in a Zero Trust model.

Policy Enforcement Point

Mechanism enforcing security policies at the point of access.

Access control vestibule

Controlled entryway requiring authentication to proceed.

Fencing

Physical barrier to restrict access to secure areas.

Video surveillance

Cameras monitoring and recording activity for security.

Security guard

Personnel providing physical security and monitoring.

Access badge

ID card granting authorized access to facilities or areas.

Sensors

Devices detecting movement, pressure, or environmental changes.

Infrared sensor

Sensor detecting heat or body movement via infrared light.

Pressure sensor

Sensor detecting weight or force applied to surfaces.

Microwave sensor

Sensor detecting motion using microwave signals.

Ultrasonic sensor

Sensor detecting movement using ultrasonic waves.

Honeypot

Decoy system designed to lure attackers and monitor activity.

Honeynet

Network of honeypots used to study attacker behavior.

Honeyfile

Decoy file meant to attract attackers or detect unauthorized access.

Honeytoken

Decoy data or credentials used to detect misuse or intrusion.

Public key infrastructure (PKI)

System managing public/private key pairs and certificates.

Public key

Key used for encryption or verifying digital signatures in asymmetric cryptography.

Private key

Key kept secret for decrypting data or creating digital signatures.

Key escrow

Third-party storage of cryptographic keys for recovery purposes.

Full-disk encryption

Encrypting an entire storage device to protect data at rest.

Partition encryption

Encrypting a specific partition on a storage device.

File encryption

Encrypting individual files to protect their contents.

Volume encryption

Encrypting a storage volume, which may include multiple partitions.

Database encryption

Encrypting database contents to secure sensitive information.

Record encryption

Encrypting individual records within a database.

Transport encryption

Encrypting data in transit between systems or networks.

Asymmetric encryption

Encryption using a public/private key pair.

Symmetric encryption

Encryption using a single shared key for both encryption and decryption.

Key exchange

Method for securely exchanging cryptographic keys between parties.

Encryption algorithms

Mathematical methods used for encrypting and decrypting data.

Key length

The size of cryptographic keys, affecting security strength.

Trusted Platform Module (TPM)

Hardware module for secure key storage and cryptographic operations.

Hardware security module (HSM)

Dedicated device managing cryptographic keys securely.

Key management system

System for generating, storing, distributing, and revoking keys.

Secure enclave

Hardware-based isolated environment for secure processing and storage.

Steganography

Hiding data within other files or media to obscure its presence.

Tokenization

Replacing sensitive data with non-sensitive tokens for security.

Data masking

Obscuring specific data within datasets to protect information.

Hashing

Transforming data into a fixed-size string that represents the original content.

Salting

Adding random data to inputs before hashing to prevent attacks.

Digital signatures

Electronic signatures ensuring authenticity and integrity of data.

Key stretching

Technique to make weak keys more secure against brute-force attacks.

Blockchain

Distributed ledger storing data securely and transparently.

Open public ledger

Publicly accessible record of transactions or data entries.

Certificate authorities (CA)

Trusted entities issuing and managing digital certificates.

Certificate revocation lists (CRL)

Lists of certificates that have been revoked before expiration.

Online Certificate Status Protocol (OCSP)

Protocol to check the revocation status of a certificate in real time.

Self-signed certificate

Certificate signed by the entity that created it, not a CA.

Third-party certificate

Certificate issued by a trusted external certificate authority.

Root of trust

Trusted starting point for validating a chain of certificates.

Certificate signing request (CSR)

Request sent to a CA to obtain a digital certificate.

Wildcard certificate

Certificate valid for multiple subdomains of a domain.

Change management

Processes to control changes to systems and their impact on security.

Approval process

Formal authorization step for implementing changes.

Ownership

Identifying responsible parties for changes.

Stakeholders

Individuals or groups affected by changes.

Impact analysis

Evaluating potential effects of a change.

Test results

Results validating a change does not introduce issues.

Backout plan

Plan to revert changes if problems occur.

Maintenance window

Scheduled period for performing changes.

Standard operating procedure (SOP)

Documented procedures for consistent change execution.

Allow lists/deny lists

Permissions that restrict or permit specific activities.

Restricted activities

Tasks limited to prevent risk.

Downtime

Time systems are unavailable due to maintenance or issues.

Service restart

Restarting applications or services as part of change.

Application restart

Restarting software to apply updates or configuration.

Legacy applications

Older software with potential compatibility or security risks.

Dependencies

Systems or services that rely on each other.

Updating diagrams

Modifying system/network diagrams to reflect changes.