Module 01 Introduction to Information Security

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/68

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

69 Terms

1
New cards

Accounting

To create and preserve a record of who accessed the enterprise network, what resources they accessed, and when they disconnected from the network.

2
New cards

agentless software

Software in which no additional processes are required to run in the background.

3
New cards

applications

Software programs.

4
New cards

attack surface (threat vector)

Digital platform that threat actors target for their exploits.

5
New cards

attributes of actors

Characteristic features of the different groups of threat actors.

6
New cards

authentication

Act of verifying that credentials are authentic and not fabricated.

7
New cards

authentication, authorization, and accounting (AAA)

Providing a framework to control access to computer resources.

8
New cards

authorization

Granting permission to take an action.

9
New cards

availability

Procedures that ensure data is accessible to only authorized users and not to unapproved individuals.

10
New cards

blackmail

Threat actor's motivation of extortion or coercion by threat.

11
New cards

client-based software

Software applications installed on a computer connected to a network.

12
New cards

compensating controls

Controls that provide an alternative to normal controls that for some reason cannot be used.

13
New cards

confidentiality

Procedures that ensure only authorized parties can view the information.

14
New cards

confidentiality, integrity, and availability (CIA)

Three basic security protections that must be extended over the information.

15
New cards

control

Safeguard employed within an enterprise to protect the CIA of information. Also called a countermeasure.

16
New cards

corrective controls

Controls intended to mitigate or lessen the damage caused by the incident.

17
New cards

data exfiltration

Threat actor's motivation of unauthorized copying of data.

18
New cards

default credentials

Preselected options for authentication.

19
New cards

detective controls

Controls designed to identify any threat that has reached the system.

20
New cards

deterrent controls

Controls that attempt to discourage security violations before they occur.

21
New cards

directive controls

Controls designed to ensure that a particular outcome is achieved.

22
New cards

disruption/chaos

Threat actor's motivation to produce extreme confusion.

23
New cards

end-of-life (EOL)

End of a product's manufacturing lifespan.

24
New cards

espionage

Threat actor's motivation of spying.

25
New cards

ethical

Threat actor's motivation of sound moral principles.

26
New cards

file-based

Attacks that focus on infecting individual files on a computer.

27
New cards

financial gain

Threat actor's motivation of earning revenue.

28
New cards

firmware

Software embedded into hardware

29
New cards

hacktivists

Threat actors who are strongly motivated by philosophical or political beliefs.

30
New cards

hardware provider

Type of supply chain for distributing computer hardware.

31
New cards

image-based

Attacks that focus on an image or copy of all a computer's contents.

32
New cards

insider threat

Employees, contractors, and business partners who pose a threat from the position of a trusted entity.

33
New cards

Instant messaging (IM)

Technology that allows users to send real-time messages through a software application over the Internet and is not restricted to a cell phone.

34
New cards

integrity

Procedures that ensure that the information is correct and no unauthorized person or malicious software has altered the data.

35
New cards

internal/external

Attribute of threat actors of origination from within the enterprise or outside it.

36
New cards

legacy platform

Older hardware platform for which there is a more modern version available but for a variety of reasons has not been updated or replaced.

37
New cards

level of sophistication/capability

Attribute of threat actors of a high level of power and complexity.

38
New cards

malicious update

Attack in which a software update is infected with malware and distributed.

39
New cards

managed service providers (MSPs)

IT service providers who manage networks, computers, cloud resources, and information security for small-to-medium enterprises.

40
New cards

managerial controls

Controls that use administrative methods.

41
New cards

message-based

Communication tools that are popular threat vectors by attackers.

42
New cards

misconfigurations

Erroneous technology settings.

43
New cards

nation-state actors

Threat actors who are employed by their own government to carry out attacks.

44
New cards

open service ports

Unnecessary ports that are not disabled.

45
New cards

operational controls

Controls that are implemented and executed by people.

46
New cards

organized crime

Close-knit group of highly centralized enterprises set up for the purpose of engaging in illegal activities.

47
New cards

OS-based vulnerabilities

Vulnerabilities found within operating systems.

48
New cards

philosophical/political beliefs

Threat actor's motivation of ideology for the sake of principles.

49
New cards

physical controls

Controls that implement security in a defined structure and location.

50
New cards

preventive controls

Controls used to prevent the threat from coming in contact with the vulnerability.

51
New cards

removable devices

Media devices like a USB flash drive.

52
New cards

resources/funding

Attribute of threat actors of an extensive network of resources.

53
New cards

revenge

Threat actor's motivation of avenging by retaliation.

54
New cards

service disruption

Threat actor's motivation of obstructing the normal business electronic processes.

55
New cards

service providers

Businesses that furnish solutions or services to users and organizations.

56
New cards

shadow IT

Process of bypassing corporate approval for technology purchases.

57
New cards

Short Message Service (SMS)

Messaging that uses a cellular network and is typically sent by a cell phone.

58
New cards

software provider

Type of supply chain for distributing computer software.

59
New cards

suppliers

First step in a supply chain that provides raw materials.

60
New cards

supply chain

Network that moves a product from its creation to the end-user.

61
New cards

technical controls

Controls that are incorporated as part of hardware, software, or firmware.

62
New cards

threat actor

Individual or entity who is responsible for attacks.

63
New cards

unsecure networks

Wired and wireless networks that lack security.

64
New cards

unskilled attackers

Individuals who want to perform attacks yet lack the technical knowledge to carry them out.

65
New cards

unsupported systems and applications

Computer systems and applications no longer supported by the organization that are often ignored and do not receive security updates.

66
New cards

vendors

Entities in a supply chain who purchase products for resale.

67
New cards

vulnerable software

Software that contains one or more security vulnerabilities.

68
New cards

war

Threat actor's motivation of armed hostile combat.

69
New cards

zero-day

Vulnerability for which there are no days of advanced warning.