Knowt
Note
Studied by 4017 peopleNoteStudied by 5 peopleNoteStudied by 51 peopleNoteStudied by 21 peopleNoteStudied by 22 peopleNoteStudied by 4 people
Untitled Flashcards Set
AAA Authentication, Authorization, and Accounting
ACL Access Control List
AES Advanced Encryption Standard
AES-256 Advanced Encryption Standards 256-bit
AH Authentication Header
AI Artificial Intelligence
AIS Automated Indicator Sharing
ALE Annualized Loss Expectancy
AP Access Point
API Application Programming Interface
APT Advanced Persistent Threat
ARO Annualized Rate of Occurrence
ARP Address Resolution Protocol
ASLR Address Space Layout Randomization
ATT&CK Adversarial Tactics, Techniques, and Common Knowledge
AUP Acceptable Use Policy
AV Antivirus
BASH Bourne Again Shell
BCP Business Continuity Planning
BGP Border Gateway Protocol
BIA Business Impact Analysis
BIOS Basic Input/Output System
BPA Business Partners Agreement
BPDU Bridge Protocol Data Unit
BYOD Bring Your Own Device
CA Certificate Authority
CAPTCHA Completely Automated Public Turing Test to tell Computers and Humans Apart
CAR Corrective Action Report
CASB Cloud Access Security Broker
CBC Cipher Block Chaining
CCMP Counter Mode/CBC-MAC Protocol
CCTV Closed-circuit Television
CERT Computer Emergency Response Team
CFB Cipher Feedback
CHAP Challenge Handshake Authentication Protocol
CIA Confidentiality, Integrity, Availability
CIO Chief Information Officer
CIRT Computer Incident Response Team
CMS Content Management System
COOP Continuity of Operation Planning
COPE Corporate Owned, Personally Enabled
CP Contingency Planning
CRC Cyclical Redundancy Check
CRL Certificate Revocation List
CSO Chief Security Officer
CSP Cloud Service Provider
CSR Certificate Signing Request
CSRF Cross-site Request Forgery
CSU Channel Service Unit
CTM Counter Mode
CTO Chief Technology Officer
CVE Common Vulnerability Enumeration
CVSS Common Vulnerability Scoring System
CYOD Choose Your Own Device
DAC Discretionary Access Control
DBA Database Administrator
DDoS Distributed Denial of Service
DEP Data Execution Prevention
DES Digital Encryption Standard
DHCP Dynamic Host Configuration Protocol
DHE Diffie-Hellman Ephemeral
DKIM DomainKeys Identified Mail
DLL Dynamic Link Library
DLP Data Loss Prevention
DMARC Domain Message Authentication Reporting and Conformance
DNAT Destination Network Address Translation
DNS Domain Name System
DoS Denial of Service
DPO Data Privacy Officer
DRP Disaster Recovery Plan
DSA Digital Signature Algorithm
DSL Digital Subscriber Line
EAP Extensible Authentication Protocol
ECB Electronic Code Book
ECC Elliptic Curve Cryptography
ECDHE Elliptic Curve Diffie-Hellman Ephemeral
ECDSA Elliptic Curve Digital Signature Algorithm
EDR Endpoint Detection and Response
EFS Encrypted File System
ERP Enterprise Resource Planning
ESN Electronic Serial Number
ESP Encapsulated Security Payload
FACL File System Access Control List
FDE Full Disk Encryption
FIM File Integrity Management
FPGA Field Programmable Gate Array
FRR False Rejection Rate
FTP File Transfer Protocol
FTPS Secured File Transfer Protocol
GCM Galois Counter Mode
GDPR General Data Protection Regulation
GPG Gnu Privacy Guard
GPO Group Policy Object
GPS Global Positioning System
GPU Graphics Processing Unit
GRE Generic Routing Encapsulation
HA High Availability
HDD Hard Disk Drive
HIDS Host-based Intrusion Detection System
HIPS Host-based Intrusion Prevention System
HMAC Hashed Message Authentication Code
HOTP HMAC-based One-time Password
HSM Hardware Security Module
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
HVAC Heating, Ventilation Air Conditioning
IaaS Infrastructure as a Service
IaC Infrastructure as Code
IAM Identity and Access Management
ICMP Internet Control Message Protocol
ICS Industrial Control Systems
IDEA International Data Encryption Algorithm
IDF Intermediate Distribution Frame
IdP Identity Provider
IDS Intrusion Detection System
IEEE Institute of Electrical and Electronics Engineers
IKE Internet Key Exchange
IM Instant Messaging
IMAP Internet Message Access Protocol
IoC Indicators of Compromise
IoT Internet of Things
IP Internet Protocol
IPS Intrusion Prevention System
IPSec Internet Protocol Security
IR Incident Response
IRC Internet Relay Chat
IRP Incident Response Plan
ISO International Standards Organization
ISP Internet Service Provider
ISSO Information Systems Security Officer
IV Initialization Vector
KDC Key Distribution Center
KEK Key Encryption Key
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
MaaS Monitoring as a Service
MAC (permissions context) Mandatory Access Control
MAC (network context) Media Access Control
MAC (cryptography context) Message Authentication Code
MAN Metropolitan Area Network
MBR Master Boot Record
MD5 Message Digest 5
MDF Main Distribution Frame
MDM Mobile Device Management
MFA Multifactor Authentication
MFD Multifunction Device
MFP Multifunction Printer
ML Machine Learning
MMS Multimedia Message Service
MOA Memorandum of Agreement
MOU Memorandum of Understanding
MPLS Multi-protocol Label Switching
MSA Master Service Agreement
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MSP Managed Service Provider
MSSP Managed Security Service Provider
MTBF Mean Time Between Failures
MTTF Mean Time to Failure
MTTR Mean Time to Recover
MTU Maximum Transmission Unit
NAC Network Access Control
NAT Network Address Translation
NDA Non-disclosure Agreement
NFC Near Field Communication
NGFW Next-generation Firewall
NIDS Network-based Intrusion Detection System
NIPS Network-based Intrusion Prevention System
NIST National Institute of Standards & Technology
NTFS New Technology File System
NTLM New Technology LAN Manager
NTP Network Time Protocol
OAUTH Open Authorization
OCSP Online Certificate Status Protocol
OID Object Identifier
OS Operating System
OSINT Open-source Intelligence
OSPF Open Shortest Path First
OT Operational Technology
OTA Over the Air
OVAL Open Vulnerability Assessment Language
P12 "PKCS #12"
P2P Peer to Peer
PaaS Platform as a Service
PAC Proxy Auto Configuration
PAM Privileged Access Management
PAM Pluggable Authentication Modules
PAP Password Authentication Protocol
PAT Port Address Translation
PBKDF2 Password-based Key Derivation Function 2
PBX Private Branch Exchange
PCAP Packet Capture
PCI-DSS Payment Card Industry Data Security Standard
PDU Power Distribution Unit
PEAP Protected Extensible Authentication Protocol
PED Personal Electronic Device
PEM Privacy Enhanced Mail
PFS Perfect Forward Secrecy
PGP Pretty Good Privacy
PHI Personal Health Information
PII Personally Identifiable Information
PIV Personal Identity Verification
PKCS Public Key Cryptography Standards
PKI Public Key Infrastructure
POP Post Office Protocol
POTS Plain Old Telephone Service
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
PSK Pre-shared Key
PTZ Pan-tilt-zoom
PUP Potentially Unwanted Program
RA (encryption context) Recovery Agent
RA (PKI context) Registration Authority
RACE Research and Development in Advanced Communications Technologies in Europe
RAD Rapid Application Development
RADIUS Remote Authentication Dial-in User Service
RAID Redundant Array of Inexpensive Disks
RAS Remote Access Server
RAT Remote Access Trojan
RBAC Role-based Access Control
RBAC Rule-based Access Control
RC4 Rivest Cipher version 4
RDP Remote Desktop Protocol
RFID Radio Frequency Identifier
RIPEMD RACE Integrity Primitives Evaluation Message Digest
ROI Return on Investment
RPO Recovery Point Objective
RSA Rivest, Shamir, & Adleman
RTBH Remotely Triggered Black Hole
RTO Recovery Time Objective
RTOS Real-time Operating System
RTP Real-time Transport Protocol
S/MIME Secure/Multipurpose Internet Mail Extensions
SaaS Software as a Service
SAE Simultaneous Authentication of Equals
SAML Security Assertions Markup Language
SAN Storage Area Network
SAN Subject Alternative Name
SASE Secure Access Service Edge
SCADA Supervisory Control and Data Acquisition
SCAP Security Content Automation Protocol
SCEP Simple Certificate Enrollment Protocol
SD-WAN Software-defined Wide Area Network
SDK Software Development Kit
SDLC Software Development Lifecycle
SDLM Software Development Lifecycle Methodology
SDN Software-defined Networking
SE Linux Security-enhanced Linux
SED Self-encrypting Drives
SEH Structured Exception Handler
SFTP Secured File Transfer Protocol
SHA Secure Hashing Algorithm
SHTTP Secure Hypertext Transfer Protocol
SIEM Security Information and Event Management
SIM Subscriber Identity Module
SLA Service-level Agreement
SLE Single Loss Expectancy
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SMTPS Simple Mail Transfer Protocol Secure
SNMP Simple Network Management Protocol
SOAP Simple Object Access Protocol
SOAR Security Orchestration, Automation, Response
SoC (hardware context) System on Chip
SOC (place) Security Operations Center
SOW Statement of Work
SPF Sender Policy Framework
SPIM Spam over Internet Messaging
SQL Structured Query Language
SQLi SQL Injection
SRTP Secure Real-Time Protocol
SSD Solid State Drive
SSH Secure Shell
SSL Secure Sockets Layer
SSO Single Sign-on
STIX Structured Threat Information eXchange
SWG Secure Web Gateway
TACACS+ Terminal Access Controller Access Control System
TAXII Trusted Automated eXchange of Indicator Information
TCP/IP Transmission Control Protocol/Internet Protocol
Tell Computers and Humans Apart
TGT Ticket Granting Ticket
TKIP Temporal Key Integrity Protocol
TLS Transport Layer Security
TOC Time-of-check
TOTP Time-based One-time Password
TOU Time-of-use
TPM Trusted Platform Module
TSIG Transaction Signature
TTP Tactics, Techniques, and Procedures
UAT User Acceptance Testing
UAV Unmanned Aerial Vehicle
UDP User Datagram Protocol
UEFI Unified Extensible Firmware Interface
UEM Unified Endpoint Management
UPS Uninterruptable Power Supply
URI Uniform Resource Identifier
URL Universal Resource Locator
USB Universal Serial Bus
USB OTG USB On the Go
UTM Unified Threat Management
UTP Unshielded Twisted Pair
VBA Visual Basic
VDE Virtual Desktop Environment
VDI Virtual Desktop Infrastructure
VLAN Virtual Local Area Network
VLSM Variable Length Subnet Masking
VM Virtual Machine
VoIP Voice over IP
VPC Virtual Private Cloud
VPN Virtual Private Network
VTC Video Teleconferencing
WAF Web Application Firewall
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion Detection System
WIPS Wireless Intrusion Prevention System
WO Work Order
WPA Wi-Fi Protected Access
WPS Wi-Fi Protected Setup
WTLS Wireless TLS
XDR Extended Detection and Response
XML Extensible Markup Language
XOR Exclusive Or
XSRF Cross-site Request Forgery
XSS Cross-site Scripting
These three protocols are associated with port ███: SSH, SCP, and SFTP. 22
These three protocols are associated with port 22: ███, SCP, and SFTP. SSH
These three protocols are associated with port 22: SSH, ███, and SFTP. SCP
These three protocols are associated with port 22: SSH, SCP, and ███. SFTP
The ███ protocol is associated with three ports: 137, 138, and 139. NetBIOS
The NetBIOS protocol is associated with three ports: 1█7, 1█8, and 1█9. (Supply the missing number.) 3 (137, 138, 139)
The NetBIOS protocol is associated with three ports: 13█, 13█, and 13█. (Supply the missing numbers.) 7, 8, 9 (137, 138, 139)
███ is associated with two ports (465 and 587). 465 is used for legacy compatibility while 587 aligns with modern best practices outlined in RFC 6409. SMTPS
SMTPS is associated with two ports (███ and 587). ███ is used for legacy compatibility while 587 aligns with modern best practices outlined in RFC 6409. 465
SMTPS is associated with two ports (465 and ███). 465 is used for legacy compatibility while ███ aligns with modern best practices outlined in RFC 6409. 587
RADIUS uses the following ports for ███: 1645 (legacy), 1812 (UDP), 2083 (TCP). authentication and authorization
RADIUS uses the following ports for authentication and authorization: ███ (legacy), 1812 (UDP), 2083 (TCP). 1645
RADIUS uses the following ports for authentication and authorization: 1645 (legacy), ███ (UDP), 2083 (TCP). 1812
RADIUS uses the following ports for authentication and authorization: 1645 (legacy), 1812 (UDP), ███ (TCP). 2083
RADIUS uses the following ports for ███: 1646 (legacy), 1813 (UDP), 2087 (TCP). accounting
RADIUS uses the following ports for accounting: ███ (legacy), 1813 (UDP), 2087 (TCP). 1646
RADIUS uses the following ports for accounting: 1646 (legacy), ███ (UDP), 2087 (TCP). 1813
RADIUS uses the following ports for accounting: 1646 (legacy), 1813 (UDP), ███ (TCP). 2087
Legacy ███ ports are 1645 (Auth) and 1646 (Accounting), but modern best practices use ports 1812 (Auth) and port 1813 (Accounting) for UDP, or ports 2083 (Auth) and port 2087 (Accounting) for TCP. RADIUS
Legacy RADIUS ports are 1645 (Auth) and 1646 (Accounting), but modern best practices use ports 1812 (Auth) and port 1813 (Accounting) for [UDP/TCP], or ports 2083 (Auth) and port 2087 (Accounting) for [UDP/TCP]. UDP -> TCP
Legacy RADIUS ports are ███ (Auth) and ███ (Accounting), but modern best practices use ports 1812 (Auth) and port 1813 (Accounting) for UDP, or ports 2083 (Auth) and port 2087 (Accounting) for TCP. 1645 & 1646
Legacy RADIUS ports are 1645 (Auth) and 1646 (Accounting), but modern best practices use ports ███ (Auth) and port ███ (Accounting) for UDP, or ports 2083 (Auth) and port 2087 (Accounting) for TCP. 1812 & 1813
Legacy RADIUS ports are 1645 (Auth) and 1646 (Accounting), but modern best practices use ports 1812 (Auth) and port 1813 (Accounting) for UDP, or ports ███ (Auth) and port 2087 (Accounting) for TCP. 2083
Legacy RADIUS ports are 1645 (Auth) and 1646 (Accounting), but modern best practices use ports 1812 (Auth) and port 1813 (Accounting) for UDP, or ports 2083 (Auth) and port ███ (Accounting) for TCP. 2087
The network protocol FTP uses port ███. 21
The network protocol ███ uses port 21. FTP
The network protocol SSH uses port ███. 22
The network protocol ███ uses port 22. SSH, SCP, SFTP
The network protocol Telnet uses port ███. 23
The network protocol ███ uses port 23. Telnet
The network protocol SMTP uses port ███. 25
The network protocol ███ uses port 25. SMTP
The network protocol DNS uses port ███. 53
The network protocol ███ uses port 53. DNS
The network protocol TFTP uses port ███. 69
The network protocol ███ uses port 69. TFTP
The network protocol HTTP uses port ███. 80
The network protocol ███ uses port 80. HTTP
The network protocol HTTPS uses port ███. 443
The network protocol ███ uses port 443. HTTPS
The network protocol Kerberos uses port ███. 88
The network protocol ███ uses port 88. Kerberos
The network protocol POP3 uses port ███. 110
The network protocol ███ uses port 110. POP3
The network protocol NNTP uses port ███. 119
The network protocol ███ uses port 119. NNTP
The network protocol RPC uses port ███. 135
The network protocol ███ uses port 135. RPC
The network protocol IMAP uses port ███. 143
The network protocol ███ uses port 143. IMAP
The network protocol SNMP uses port ███. 161
The network protocol ███ uses port 161. SNMP
The network protocol SNMP Trap uses port ███. 162
The network protocol ███ uses port 162. SNMP Trap
The network protocol LDAP uses port ███. 389
The network protocol ███ uses port 389. LDAP
The network protocol SMB uses port ███. 445
The network protocol ███ uses port 445. SMB
The network protocol SMTPS uses ports ███ and 587. 465
The network protocol SMTPS uses ports 465 and ███. 587
The network protocol ███ uses ports 465 and 587. SMPTS
The network protocol Syslog uses port ███. 514
The network protocol ███ uses port 514. Syslog
The network protocol LDAPS uses port ███. 636
The network protocol ███ uses port 636. LDAPS
The network protocol IMAPS uses port ███. 993
The network protocol ███ uses port 993. IMAPS
The network protocol POP3S uses port ███. 995
The network protocol ███ uses port 995. POP3S
The network protocol Microsoft SQL uses port ███. 1433
The network protocol ███ uses port 1433. Microsoft SQL
The network protocol RDP uses port ███. 3389
The network protocol ███ uses port 3389. RDP
The network protocol Syslog TLS uses port ███. 6514
The network protocol███ uses port 6514. Syslog TLS
Security measures implemented through technology like firewalls, encryption, or authentication systems. Technical controls
Administrative policies and procedures that guide how an organization manages security such as risk assessments and security policies. Managerial controls
Day-to-day security procedures carried out by people like security awareness training or incident response. Operational controls
Security measures that protect facilities and equipment like locks, fences, or security cameras. Physical controls
Security measures designed to stop incidents before they occur. Preventive controls
Measures that discourage potential attackers from attempting security violations. Deterrent controls
Systems that identify and record security violations when they occur. Detective controls
Measures that fix problems or restore systems after a security incident has occurred. Corrective controls
Alternative security measures used when primary controls aren't feasible (e.g. Compensating controls
Controls that direct, specify, or mandate appropriate and required security behavior. Directive controls
Security triad representing Confidentiality (data privacy), Integrity (data accuracy and trustworthiness), and Availability (access when needed) CIA
Guarantee that someone cannot deny performing an action by providing proof of origin and delivery Non-repudiation
Framework covering Authentication (proving identity), Authorization (granting access rights), and Accounting (tracking actions) AAA
Process of verifying human identity through factors like passwords, biometrics, or security tokens Authenticating persons
Verifying the identity of devices and systems through certificates, tokens, or other cryptographic means Authenticating systems
Frameworks that define how access rights are granted and managed (e.g., RBAC, MAC, DAC) Authorization models
Assessment process that compares current security state against desired security state to identify deficiencies Gap analysis
Security model that assumes no trust and requires verification of every user and device, regardless of location Zero Trust
Component of Zero Trust that handles policy decisions and authentication/authorization processes Control Plane
Dynamic identity verification that adjusts authentication requirements based on risk factors Adaptive identity
Limiting attack surface by minimizing access points and unnecessary privileges Threat scope reduction
Access decisions based on predefined security policies rather than network location Policy-driven access control
Zero Trust component that manages and maintains security policies Policy Administrator
System that evaluates access requests against security policies to make allow/deny decisions Policy Engine
Component that enforces access decisions and handles actual data flow in Zero Trust architecture Data Plane
Legacy network segments where trust is assumed based on location (concept Zero Trust eliminates) Implicit trust zones
Entities (users or devices) requesting access to resources in Zero Trust model Subject/System
Security component that implements access decisions made by Policy Engine Policy Enforcement Point
Physical barriers installed to prevent vehicle access to protected areas such as entry way doors to datacenters Bollards
Security entrance with two sets of doors (mantrap) where only one can open at a time Access control vestibule
Physical barrier surrounding facility to control access and deter intruders Fencing
Camera systems monitoring and recording activity for security purposes Video surveillance
Personnel providing physical security through monitoring, access control, and incident response Security guard
Credential card used to verify identity and control physical access to facilities Access badge
Strategic illumination to deter intruders and improve surveillance effectiveness Lighting
Devices detecting heat signatures to identify unauthorized presence Infrared sensors
Devices detecting weight or pressure changes to identify intrusion attempts Pressure sensors
Motion detectors using microwave radiation to detect movement in protected areas Microwave sensors
Devices using sound waves to detect movement or presence in monitored areas Ultrasonic sensors
Decoy system designed to attract and detect attackers while gathering intelligence Honeypot
Network of honeypots simulating a production environment to study attack patterns Honeynet
Decoy or faux file(s) designed to detect unauthorized access when accessed Honeyfile
Decoy credentials or data points employed to identify unauthorized access or credential theft. Honeytoken
Formal workflow for reviewing and authorizing security changes, involving appropriate stakeholders and documentation Approval process
Designation of individuals or teams responsible for specific security assets, processes, or decisions Ownership
Individuals or groups affected by or having interest in security decisions, including management, users, and IT staff Stakeholders
Assessment of how security changes might affect business operations, systems, and users before implementation Impact analysis
Documentation of security control testing outcomes used to validate effectiveness before production deployment Test results
Documented procedure for reversing security changes if implementation causes problems or fails Backout plan
Scheduled time period for implementing security updates with minimal impact on business operations Maintenance window
Documented step-by-step instructions for performing routine security tasks consistently Standard operating procedure
Security controls specifying which resources, applications, or actions are explicitly permitted or blocked Allow lists/deny lists
Business operations or system functions limited during security maintenance or incidents Restricted activities
Period when systems are unavailable due to security maintenance, updates, or incidents Downtime
Process of stopping and starting specific services during security updates or troubleshooting Service restart
Framework for managing digital certificates and public-private key pairs to enable secure communications and authentication Public key infrastructure (PKI)
Widely shared cryptographic key used to encrypt messages or verify digital signatures Public key
Secret cryptographic key kept by owner used to decrypt messages or create digital signatures Private key
Storing encryption keys with a reliable third party for emergency or legal access. Key escrow
Encryption of entire storage drive including operating system and all files Full-disk encryption
Encryption of specific disk partitions while leaving others unencrypted Partition encryption
Encryption of individual files while leaving the system and other files unencrypted File encryption
Encryption of logical storage volume that may span multiple physical drives Volume encryption
Encryption of database contents. Can be row or column level Database encryption
Encryption of specific database records or fields while leaving others in plaintext Record encryption
Encryption of data while it's being transmitted between systems (data in transit) Transport encryption
Encryption using public-private key pairs where different keys encrypt and decrypt Asymmetric encryption
Encryption using the same key for both encryption and decryption Symmetric encryption
Process of securely sharing cryptographic keys between parties Key exchange
Mathematical formulas used to perform encryption and decryption operations Algorithms
Size of cryptographic key in bits, with longer lengths generally providing stronger security Key length
Hardware chip that securely stores cryptographic keys and performs encryption operations Trusted Platform Module
Dedicated device for secure key storage and cryptographic operations Hardware security module
Platform for generating, distributing, storing, and retiring cryptographic keys Key management system
Protected hardware area for processing sensitive data and storing cryptographic keys Secure enclave
Technique of hiding information within other data to avoid detection Steganography
Replacing sensitive data with non-sensitive placeholder tokens Tokenization
Obscuring parts of sensitive data while maintaining format and usability Data masking
Creating fixed-length values from variable-length input that cannot be reversed Hashing
Adding random data to input before hashing to prevent rainbow table attacks Salting
Cryptographic way to verify authenticity and integrity of messages or documents Digital signatures
Technique to strengthen passwords by making them more resistant to brute force attacks Key stretching
Distributed ledger technology using cryptography to secure transaction records Blockchain
Transparent record of all transactions visible to all participants Open public ledger
Trusted entities that issue and verify digital certificates Certificate authorities
Lists of digital certificates that are no longer valid or trusted Certificate revocation lists
Protocol for real-time verification of digital certificate validity Online Certificate Status Protocol
Digital certificates signed by the same entity they identify Self-signed certificates
Digital certificates issued and signed by trusted certificate authorities Third-party certificates
Base security component that must be trusted implicitly Root of trust
Process of creating request for digital certificate from certificate authority CSR generation
Digital certificates that secure multiple subdomains of a domain Wildcard certificates
Government-sponsored hackers with sophisticated capabilities and extensive resources targeting strategic assets. Nation-state Actor
Person with minimal technical skills utilizing ready-made tools or simple attack techniques. Unskilled Attacker
An attacker driven by political or social causes targeting organizations to convey a message. Hacktivist
Current or former employee/contractor who misuses legitimate access to harm the organization. Insider Threat
Criminal groups conducting cyber attacks for financial gain with significant resources and coordination. Organized Crime
Unapproved technology solutions that bypass the IT department which pose security threats. Shadow IT
Threat originating from within the organization with legitimate access privileges. Internal Actor
Threat originating from outside the organization without legitimate access. External Actor
Level of financial and technical resources available to threat actors for attacks. Resources/Funding
Technical expertise and capability of threat actors to conduct complex attacks. Level of Sophistication
Unauthorized transfer of data from a computer or network to another location. Data Exfiltration
Gathering of confidential information for competitive advantage or national security. Espionage
Attacks aimed at preventing normal system or network operations. Service Disruption
Threatening to expose sensitive information for financial or other gains. Blackmail
Motivation to profit through cyber attacks or data theft. Financial Gain
Ideological motivations driving cyber attacks against specific targets. Political Beliefs
Attacks conducted based on moral principles or perceived righteousness. Ethical Motivation
Attacks motivated by desire for retaliation against perceived wrongs. Revenge
Actions aimed at causing disorder and undermining system stability. Disruption/Chaos
Cyber attacks as part of military operations or nation-state conflicts. War
Malicious messages targeting users through corporate or personal email systems. Email Attacks
Attacks delivered through text messages targeting mobile devices. SMS Attacks
Malicious content or social engineering delivered through messaging platforms. Instant Messaging Attacks
Malware or exploits embedded within or disguised as image files. Image-based Attacks
Malicious code delivered through documents or executable files. File-based Attacks
Social engineering attacks conducted through phone calls or voice messaging. Voice Call Attacks
Malware spread through USB drives or other portable storage devices. Removable Device Attacks
Security weaknesses in software running on user devices. Client-based Vulnerabilities
Security weaknesses exploitable without installing malicious software. Agentless Vulnerabilities
Systems no longer receiving security updates, creating vulnerability risks. Unsupported Systems
Wi-Fi networks with weak or no security controls. Unsecure Wireless Networks
Physical networks lacking proper security controls. Unsecure Wired Networks
Security weaknesses in Bluetooth device communications. Bluetooth Vulnerabilities
Unnecessary open network ports creating potential attack entry points. Open Service Ports
Unchanged factory-set usernames and passwords creating security risks. Default Credentials
Compromising organizations through their business partners or vendors. Supply Chain Attacks
Security risks introduced through managed service provider relationships. MSP Vulnerabilities
Security exposures from third-party service providers and software. Vendor Risk
Security vulnerabilities introduced through supply chain partners. Supplier Risk
Fraudulent attempts to obtain sensitive information by posing as trustworthy entities. Phishing
Voice phishing attacks conducted through phone calls. Vishing
SMS phishing attacks targeting users through text messages. Smishing
Spreading false information to deceive or manipulate targets. Misinformation
Deliberately created and spread false information for malicious purposes. Disinformation
Pretending to be someone else to gain unauthorized access or trust. Impersonation
Sophisticated email fraud targeting businesses and organizations. Business Email Compromise
Creating false scenarios to obtain sensitive information or access. Pretexting
Compromising websites frequently visited by targeted users. Watering Hole Attack
Fraudulent use of company names and logos to deceive victims. Brand Impersonation
Registering domains similar to legitimate ones to catch typing errors. Typosquatting
Attack that inserts malicious code into a running program's memory space. Memory Injection
Vulnerability where program writes data beyond allocated buffer limits, potentially allowing code execution. Buffer Overflow
Security flaw where system behavior depends on relative timing of events. Race Condition
Part of race condition where initial security check occurs before resource access. Time-of-check
Part of race condition when resource is actually accessed after security check. Time-of-use
Compromised software updates that deliver malware or backdoors. Malicious Update
Weaknesses in OS components. OS-based Vulnerabilities
Attack inserting malicious SQL code to manipulate database operations. SQL Injection
Vulnerability allowing injection of malicious scripts into web pages viewed by others. Cross-site Scripting
Security flaws in device firmware that can compromise hardware operation. Firmware Vulnerabilities
Systems no longer supported with security updates, creating ongoing vulnerabilities which need to be addressed. End-of-life Systems
Security risks from outdated systems that cannot be easily updated or replaced. Legacy System Risks
Attack allowing malicious code to break out of virtual machine isolation. VM Escape
Vulnerability from improperly sharing resources between virtual environments. Resource Reuse
Security weaknesses unique to cloud computing environments. Cloud-specific Vulnerabilities
Vulnerabilities introduced through third-party service providers. Service Provider Risks
Security risks from compromised hardware supply chains. Hardware Provider Risks
Vulnerabilities introduced through third-party software vendors. Software Provider Risks
Weaknesses in encryption implementation or algorithms. Cryptographic Vulnerabilities
Security weaknesses caused by improper system or application settings. Misconfiguration
Installing apps from unofficial sources on mobile devices, bypassing security controls. Side Loading
Removing manufacturer restrictions from mobile devices, potentially compromising security. Jailbreaking
Previously unknown security flaw actively exploited before patches are available. Zero-day Vulnerability
Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Ransomware
Malware that disguises itself as legitimate software while performing malicious actions in the background. Trojan
Self-replicating malware that spreads across networks without requiring user interaction or host programs. Worm
Malware that secretly monitors user activity and collects sensitive information like passwords or browsing habits. Spyware
Unnecessary software pre-installed on devices that consumes system resources and may degrade performance. Bloatware
Malicious code that attaches itself to clean files and spreads when infected files are opened. Virus
Software or hardware that records keystrokes to capture passwords and other sensitive typed information. Keylogger
Malicious code programmed to execute when specific conditions are met like a date or system event. Logic bomb
Malware that provides privileged access to a system while actively hiding its presence from detection. Rootkit
Direct attempts to access or damage systems through hands-on contact with hardware. Physical attacks
Attack that systematically attempts all possible combinations to crack passwords or encryption. Brute force
Creating unauthorized copies of RFID cards/tags by capturing and duplicating their signals. RFID cloning
Attacks that exploit or manipulate physical conditions like temperature or power to damage systems. Environmental
Overwhelming a target system with traffic from multiple sources to make it unavailable to legitimate users. DDoS
DDoS attack that uses intermediary servers to multiply the volume of attack traffic. Amplified DDoS
DDoS attack that spoofs the victim's address causing servers to flood them with response traffic. Reflected DDoS
Exploits targeting DNS servers/services to redirect traffic or disrupt name resolution. DNS attacks
Attacks targeting wireless networks through techniques like evil twin APs or deauthentication. Wireless
Attack where adversary intercepts traffic between two parties to steal or modify data. On-path
Capturing and retransmitting authentication credentials to gain unauthorized access. Credential replay
Programming that causes unintended and harmful effects when executed on a system. Malicious code
Attack that inserts malicious code into applications through unsanitized input. Injection
Exploiting programs by writing more data to a buffer than it can hold to run malicious code. Buffer overflow
Capturing and retransmitting valid network traffic to repeat a transaction or gain access. Replay
Exploiting vulnerabilities to gain higher-level permissions than originally granted. Privilege escalation
Creating fake digital artifacts like certificates or tokens to bypass security controls. Forgery
Retrieving files and directories located beyond the web root folder using altered paths. Directory traversal
Forcing systems to use weaker versions of protocols or encryption than intended. Downgrade
Finding two different inputs that produce the same hash value in cryptographic functions. Collision
Exploiting the probability principles of hash collisions based on the birthday paradox. Birthday Attack
Testing a few common passwords against many accounts to avoid lockouts. Password spraying
Systematically trying every possible password combination until finding the correct one. Password brute force
Security alert triggered when multiple failed login attempts occur on an account. Account lockout
Multiple simultaneous logins detected from different locations for the same account. Concurrent session usage
Security alert indicating filtered or prohibited content was detected and stopped. Blocked content
Alert triggered when login attempts occur from geographically impossible locations in time. Impossible travel
Division of a network into isolated segments to contain breaches and control access between different parts. Segmentation
Systems and policies that regulate who can access specific resources and what actions they can perform. Access control
Rules that specify which users or systems have access to specific resources and what permissions they have. Access control list (ACL)
Specific rights granted to users or processes defining what actions they can perform on resources. Permissions
Security policy that only permits specifically approved applications to run while blocking all others. Application allow list
Security technique that separates processes or systems from each other to prevent cross-contamination. Isolation
Process of applying updates to software and systems to fix security vulnerabilities and bugs. Patching
Converting data into encoded format that can only be read with proper decryption key. Encryption
Continuous observation of system activities and network traffic to detect security incidents. Monitoring
Security principle of giving users only the minimum access rights needed to perform their jobs. Least privilege
Ensuring systems maintain secure settings through policies and automated controls. Configuration enforcement
Secure removal of systems or data from service including proper data sanitization. Decommissioning
Methods used to reduce system vulnerability by removing unnecessary features and securing necessary ones. Hardening techniques
Implementing strong encryption protocols and proper key management to protect data. Encryption hardening
Deploying security software like antivirus and anti-malware on end-user devices. Endpoint protection installation
Software firewall installed on individual computers to control incoming and outgoing network traffic. Host-based firewall
Security software that monitors a single host for suspicious activity and blocks potential threats. Host-based IPS
Closing unnecessary network ports and disabling unneeded protocols to reduce attack surface. Disabling ports/protocols
Replacing default manufacturer passwords with strong unique passwords before deployment. Default password changes
Uninstalling unused applications and services to minimize potential vulnerabilities. Removal of unnecessary software
A computing model offering shared resources and services over the internet with specific security considerations. Cloud
A document outlining the security responsibilities that are shared by cloud providers and their customers. Responsibility Matrix
Environments combining on-premises and cloud resources with integrated security controls. Hybrid Infrastructure
External service providers. Third-party Vendors
Automated infrastructure management through code, requiring secure development practices. Infrastructure as Code
Cloud computing model where providers manage infrastructure, changing security responsibilities. Serverless
Application architecture using small, independent services with individual security requirements. Microservices
Complete separation of systems or networks through physical means for security. Physical Isolation
Networks or systems physically isolated from unsecured networks, including the internet. Air-gapped
Division of networks into separate security zones using virtual barriers. Logical Segmentation
Network design facilitating automated security oversight and administration. Software-defined Networking
Infrastructure hosted within an organization's facilities with direct security control. On-premises
Infrastructure managed from a single point with consolidated security controls. Centralized Architecture
Distributed infrastructure requiring coordinated security across multiple locations. Decentralized Architecture
Technology isolating applications with their dependencies for secure deployment. Containerization
Establishment of virtual computing resources with targeted security measures. Virtualization
Design of connected device networks with embedded security controls. IoT Architecture
Industrial control systems requiring specialized security approaches and protocols. ICS/SCADA Systems
Operating systems for time-critical applications with specific security requirements. RTOS
Computing systems integrated into devices requiring security hardening. Embedded Systems
System design ensuring continuous operation with security redundancy. High Availability
The degree to which systems and data are accessible when needed. Availability
System ability to maintain security and operations during adverse conditions. Resilience
The financial impact of adopting and sustaining security measures Cost Considerations
System performance under security controls and monitoring. Responsiveness
Ability to grow while maintaining security effectiveness. Scalability
Efficiency of implementing systems with security controls. Ease of Deployment
Shifting security risks to third parties through contracts or insurance. Risk Transference
Ability to restore systems and data after security incidents. Ease of Recovery
Access to security updates and the capability to implement them. Patch Availability
Constraints preventing security updates on certain systems. Inability to Patch
Energy needs for maintaining secure system operation. Power Requirements
Processing capacity needed for security operations and controls. Compute Resources
Strategic positioning of security devices and network components for optimal protection. Device Placement
Distinct network segments with different security levels and access controls. Security Zones
All possible points where an unauthorized user can attempt to enter or extract data from an environment. Attack Surface
Methods and protocols used to establish secure network connections between devices. Connectivity
Security device behavior where traffic is allowed to pass when the device fails. Fail-open
Security device behavior where traffic is blocked when the device fails. Fail-closed
Security devices that actively modify or block network traffic based on security policies. Active Devices
Security devices that monitor network traffic without modifying it. Passive Devices
Security appliances that process traffic directly in the network path. Inline Devices
Security devices that observe traffic without directly interfering with network flow. Tap/Monitor Devices
A hardened system used to manage other devices in different security zones. Jump Server
An intermediary server that processes requests between clients and other servers. Proxy Server
Systems that detect (IDS) and prevent (IPS) network attacks and suspicious behavior. IPS/IDS
Device that distributes network traffic across multiple servers while maintaining security. Load Balancer
Devices that monitor and collect security-related data from the network. Security Sensors
Controls that restrict network access based on physical port or device identification. Port Security
A standard for port-based network access control and authentication. 802.1X
An authentication framework frequently used in wireless networks and point-to-point connections. EAP
Firewall specifically designed to protect web applications from attacks. WAF
Security appliance combining multiple security features in a single device. UTM
Advanced firewalls that include traditional firewall capabilities plus integrated advanced security features. NGFW
Encrypted network connection that provides secure access over public networks. VPN
Secure methods for connecting to network resources from external locations. Remote Access
Secure communication protocol that provides privacy and data integrity. TLS Tunneling
Suite of protocols for securing IP communications through authentication and encryption. IPSec
Software-defined networking technology that simplifies WAN management and security. SD-WAN
Cloud architecture combining network security functions with WAN capabilities. SASE
Information subject to specific legal or compliance requirements for handling and protection. Regulated Data
Proprietary business information that requires strict confidentiality controls. Trade Secret
Creative works and innovations requiring legal protection and secure handling. Intellectual Property
Sensitive data related to legal proceedings or attorney-client communications. Legal Information
Monetary data requiring protection from unauthorized access and modification. Financial Information
Information in a format that can be directly understood by people. Human-readable Data
Information that requires processing or decoding to be understood. Non-human-readable Data
Information requiring protection from unauthorized disclosure. Sensitive Data
Information restricted to authorized individuals with a need to know. Confidential Data
Information that can be freely shared without security restrictions. Public Data
Information with strict access controls limited to specific individuals. Restricted Data
Personal information requiring protection from unauthorized access. Private Data
Essential information requiring the highest level of protection. Critical Data
Information stored on media not currently being accessed or transmitted. Data at Rest
Information being transmitted across networks or between systems. Data in Transit
Information actively being accessed, processed, or modified. Data in Use
Legal requirements governing data storage and processing in specific geographic locations. Data Sovereignty
Physical location of data storage and processing systems. Geolocation
Limitations on where data can be stored or processed based on legal requirements. Geographic Restrictions
Converting data into coded form to prevent unauthorized access. Encryption
Creating fixed-length values to verify data integrity. Hashing
Obscuring sensitive data elements while maintaining format and usability. Data Masking
Replacing sensitive data with non-sensitive placeholders. Tokenization
Making data difficult to understand without proper authorization. Obfuscation
Separating data into distinct security zones based on sensitivity. Data Segmentation
Controls limiting data access to authorized users and processes. Permission Restrictions
System design ensuring continuous operation with minimal downtime through redundancy and failover. High Availability
Distribution of workloads across multiple systems to ensure optimal performance and availability. Load Balancing
Grouping of servers working together as a single system for increased availability and reliability. Clustering
Fully equipped backup facility ready for immediate operation during emergencies. Hot Site
Backup facility with basic infrastructure but requiring equipment and setup before use. Cold Site
Partially equipped backup facility requiring some setup before becoming operational. Warm Site
Distribution of resources across different locations to minimize regional disaster impact. Geographic Dispersion
Use of different hardware/software platforms to prevent single points of failure. Platform Diversity
Use of multiple cloud providers to increase reliability and prevent vendor lock-in. Multi-cloud Systems
Plans and procedures ensuring critical functions continue during disruptions. Continuity of Operations
Process of determining future resource needs for people, technology, and infrastructure. Capacity Planning
Discussion-based sessions where teams talk through emergency response scenarios. Tabletop Exercises
Verification that systems properly switch to backup resources during failures. Failover Testing
Controlled testing of disaster scenarios without actual system disruption. Simulation Testing
Simultaneous operation of primary and backup systems to verify functionality. Parallel Processing
Data copies stored at the same location as primary systems. Onsite Backups
Data copies stored at separate locations for disaster recovery. Offsite Backups
How often data backups are performed based on business requirements. Backup Frequency
Protection of backup data through encryption to prevent unauthorized access. Backup Encryption
Point-in-time copies of data or system states for recovery purposes. Snapshots
Documented processes for restoring systems and data after failures. Recovery Procedures
Real-time copying of data to backup systems for disaster recovery. Replication
Recording of system changes to enable precise point-in-time recovery. Journaling
Backup power systems for extended electricity outages. Generators
Battery systems providing temporary power during short outages and transitions. UPS
A single point of failure (SPOF) is any system component whose failure halts the entire system, creating a critical vulnerability that must be addressed with redundancy and failover mechanisms. Single Point of Failure
Creating and managing user accounts and access rights within an organization. This includes account creation, assigning permissions based on roles, managing password policies, and ensuring proper access from hire to departure. User Provisioning
Automating IT resource deployment and management, including virtual machines, databases, and network components. This involves allocating resources, configuring security, and ensuring compliance. Resource provisioning guarantees consistent and secure deployment aligned to organizational standards. Resource Provisioning
Guardrails serve as automated safeguards enforcing security policies, compliance, and best practices during resource deployment and configuration changes, preventing actions that could cause vulnerabilities or compliance issues. Guard Rails
Security groups define collections of allowed network traffic for cloud or network resources, functioning as virtual firewalls. They control access at the protocol and port level, enabling organizations to create rules that specify permitted or denied traffic types. Security Groups
The implied cost and consequences of choosing quick but suboptimal technical solutions over better long-term approaches. Technical Debt
The phase of incident response where policies, procedures, and resources are established before an incident. This encompasses creating response plans, training staff, implementing security controls, and ensuring tools are ready. IR: Preparation
Identifying potential security incidents through monitoring systems, alerts, and reports using various tools to spot anomalies or suspicious activities indicating breaches. IR: Detection
Examine detected incidents to assess scope, impact, and nature by gathering evidence, reviewing system logs, and determining compromise extent to guide responses. IR: Analysis
Immediate actions to prevent an incident from spreading, including isolating affected systems, blocking malicious activity, and implementing security measures. IR: Containment
Removing threats from the environment by eliminating the root causes. This includes eradicating malware, closing security gaps, and addressing exploited vulnerabilities. IR: Eradication
Restoring systems and data to normal, fully functional state (availability restoration, data recovery, testing, and ensuring security and proper functionality). IR: Recovery
The post-incident review phase involves analyzing the response process, documenting findings, and implementing improvements to prevent similar incidents. This includes updating procedures, enhancing controls, and adjusting training. IR: Lessons Learned
Educating staff on security awareness, incident response roles, and procedures. This includes technical and procedural training for effective responses. IR: Training
A structured session where team members discuss simulated security scenarios to validate plans and procedures without affecting systems. Tabletop Exercise
A practical exercise simulating real security incidents for teams to practice responses, including technical, communication, and decision-making processes. Simulation
A systematic investigation of incidents to uncover underlying causes, preventing recurrence by addressing fundamental issues. Root Cause Analysis
Proactively search networks and systems to detect advanced threats evading security solutions, using various tools and techniques for potential compromise identification. Threat Hunting
Collecting, preserving, analyzing, and presenting digital evidence legally, involving technical and procedural aspects of investigating systems. Digital Forensics
Preserve all forms of relevant evidence when litigation is anticipated to prevent destruction or alteration. Legal Hold
Track and document evidence from collection to disposition, ensuring its integrity and legal admissibility. Chain of Custody
Creating a precise digital replica of electronic evidence in a forensically stable way. This method preserves the integrity of the original evidence, facilitating thorough analysis. Acquisition
Recording observations, methods, and outcomes from security incidents or forensic investigations. This encompasses technical specifics, event timelines, and suggestions for future enhancements. Reporting
Securing and protecting digital evidence from alteration, damage, or loss through physical and digital measures that maintain integrity. Preservation
Identifying, gathering, and collecting electronically stored information for legal proceedings. This encompasses emails, documents, databases, and other digital assets pertinent to legal issues. E-discovery
Firewall logs record network traffic, detailing source and destination IP addresses, used ports, employed protocols, and whether traffic was allowed or denied. They are essential for monitoring security and investigating incidents. Firewall Log
Software applications generate logs documenting user activities, system events, and application behavior. These logs capture vital information like user login attempts, application errors, data access requests, and usage patterns. They are crucial for troubleshooting and monitoring security incidents. Application Log
Records from computers, servers, and mobile devices log local activities like software installations and system changes. They are essential for understanding device activities in a network and identifying potential security threats. Endpoint Log
Specialized records focus on security events in an operating system, capturing critical information like user authentication attempts, privilege escalations, security policy changes, and system file modifications. They are essential for security monitoring and compliance. OS-specific Security Logs
Specialized security records document potential threats and attacks. They log detected patterns, blocked activities, severity of threats, and automated responses by the system. IPS/IDS Log
Records of activities in network infrastructure, documenting router/switch operations, DHCP assignments, DNS queries, and network performance metrics. They are vital for ensuring network health and investigating security incidents. Network Traffic Log
Contextual information regarding additional data sets that includes details like file creation times, modification dates, file sizes, authorship, and access permissions. Metadata
Systematic scans of devices and applications reveal security weaknesses, generating reports on vulnerabilities, missing patches, misconfigurations, and potential risks for attackers. Vulnerability Scans
Generated documents provide regular updates on system security, compliance, and performance metrics. They compile data from various tools for insights into an organization's security posture. Automated Reports
Visual interfaces show real-time security metrics in an easy-to-digest format, including key indicators, active alerts, and system status for quick decision-making and response to events. Dashboards
Network traffic recordings at the packet level offer detailed insights into communications, including content, protocol information, and timing. Packet Captures
Creating or removing user accounts and access rights in an information system. Provisioning/de-provisioning user accounts
Allocating access rights to users or groups defines their resource access and permitted actions. Permission assignments
The act of confirming an individual's identity by examining documentation, biometric information, or alternative verification techniques. Identity proofing
A system that allows users to access multiple applications or services using a single set of credentials across different organizations or domains. Federation
An authentication method allowing users to log in once and access various applications without needing to re-enter credentials. Single sign-on (SSO)
A protocol used for accessing and maintaining directory services over an IP network, commonly used for centralized authentication and authorization. Lightweight Directory Access Protocol (LDAP)
A protocol that allows applications to securely access data from other applications without sharing password credentials. Open authorization (OAuth)
An XML-based standard for exchanging authentication and authorization data between parties, particularly for web browser single sign-on. Security Assertions Markup Language (SAML)
The capacity of various systems, devices, or applications to share and utilize information with easy. Interoperability
The process of providing evidence that a system or component is genuine and unaltered, often used in trusted computing. Attestation
A security model where access rights are determined by system administrators based on security clearance levels and data classification. Mandatory access controls
An access control model where the owner of a resource determines who can access it and what privileges they have. Discretionary access controls
A method where access rights are assigned based on users' roles within an organization. Role-based access control
Access control determined by a set of rules or policies that evaluate conditions before granting access. Rule-based access control
Access control that uses various attributes (user properties, resource properties, environmental conditions) to determine access rights. Attribute-based access control
Access controls that limit system or resource access to specific time periods. Time-of-day restrictions
A security principle requiring users to have only the minimum access rights necessary to perform their job functions. Least privilege
A security system that mandates two or more verification methods from distinct categories for access approval. Multifactor authentication
Authentication using unique physical or behavioral characteristics like fingerprints, facial recognition, or voice patterns. Biometrics
Physical or digital devices that generate temporary codes for authentication purposes. Authentication tokens
Physical devices for authentication that employ cryptographic protocols. Security keys
Guidelines for creating and managing strong passwords, including length requirements, complexity rules, and regular rotation. Password best practices
Applications that securely store, generate, and manage multiple complex passwords for users. Password managers
Authentication methods that verify identity without requiring traditional passwords, often using biometrics or security keys. Passwordless authentication
Access rights granted only when needed and automatically revoked after use. Just-in-time permissions
Secure storage systems for managing and protecting privileged account credentials. Password vaulting
Temporary access credentials that automatically expire after a short period or single use. Ephemeral credentials
Security policies configured in a firewall that determine which network traffic is allowed or blocked based on specified criteria. Firewall Rules
Lists of permissions that control which users or systems can access specific network resources or services. Access Lists
Communication endpoints and standardized methods that applications use to exchange data across networks. Ports/Protocols
Network segments (also called DMZs) that act as a buffer zone between trusted internal networks and untrusted external networks. Screened Subnets
Security systems that monitor network traffic for suspicious activity (IDS) and can automatically take action to prevent threats (IPS). IDS/IPS
Network behavior patterns or security events indicating emerging threats. Trends
Specific patterns of network traffic or system behavior that match known security threats or malicious activities. Signatures
A security tool that controls access to web content by blocking malicious or unauthorized websites and content. Web Filter
Security solutions that require software installation on individual endpoints to monitor and control their activities. Agent-based
A server that acts as an intermediary between internal users and the internet, providing security filtering and caching. Centralized Proxy
Analyzing web addresses to block malicious sites. URL Scanning
The classification of web content into categories (like gambling, social media, or adult content) for filtering purposes. Content Categorization
Policies that define what types of content, websites, or network traffic should be prevented from accessing the network. Block Rules
A scoring system that rates the trustworthiness of websites, IP addresses, or email senders based on their historical behavior. Reputation
Features that protect the OS from unauthorized access and threats. Operating System Security
A Windows feature that enables centralized management and configuration of operating systems, applications, and user settings. Group Policy
Security-Enhanced Linux can enforce strict mandatory access control for Linux systems. SELinux
Standardized methods of network communication that incorporate encryption and other security measures. Secure Protocols
A security measure that blocks access to malicious domains by filtering DNS queries. DNS Filtering
Technologies and practices designed to protect email systems from unauthorized access, spam, and malware. Email Security
An email authentication protocol that helps prevent email spoofing by specifying how to handle messages that fail authentication. DMARC
A security standard that adds a digital signature to emails to verify they were sent by an authorized sender. DKIM
An email authentication method that specifies which mail servers are authorized to send email for a domain. SPF
A security appliance or service that filters incoming and outgoing email traffic for threats. Email Gateway
A security process that monitors and validates the integrity of operating system and application files. File Integrity Monitoring
Data Loss Prevention - technology that detects and prevents unauthorized transmission of sensitive information. DLP
A security approach that enforces policy on devices before allowing them to access a network. Network Access Control
Security tools that monitor endpoints for threats (EDR) and provide extended detection and response across multiple security layers (XDR). EDR/XDR
The process of tracking and analyzing user actions to detect abnormal behavior that might indicate security threats. User Behavior Analytics
The continuous observation and analysis of computer systems' performance, health, and security status to detect issues or threats. Systems Monitoring
The tracking of application behavior, performance, and security events to ensure proper functionality and detect suspicious activities. Applications Monitoring
The surveillance of network devices, servers, and other IT infrastructure components to maintain security and operational efficiency. Infrastructure Monitoring
The process of collecting and centralizing log data from multiple sources for unified analysis and threat detection. Log Aggregation
The isolation of suspicious or compromised systems, files, or network segments to prevent threat spread. Quarantine
The adjustment of alert rules and thresholds to reduce false positives and improve detection accuracy. Alert Tuning
A standardized approach for maintaining system security through automated vulnerability management and security compliance. SCAP
Standardized security configuration guidelines used to assess and improve system security posture. Benchmarks
Software components installed on monitored systems to collect and report security data. Agents
Security monitoring that collects data without requiring software installation on target systems. Agentless Monitoring
A system that collects, analyzes, and correlates security event data from multiple sources to detect and respond to threats. SIEM
Software to detect and remove malicious code. Antivirus
Technology that monitors and prevents unauthorized transmission or access to sensitive data. DLP
Automated alerts sent by network devices to management systems when specific events or conditions occur. SNMP Traps
A network protocol that collects IP traffic information to monitor network flow and detect anomalies. NetFlow
Tools that identify and assess security weaknesses in systems, networks, and applications. Vulnerability Scanners
A systematic process of identifying security weaknesses in systems and networks using automated tools. Vulnerability Scan
Security testing of application source code without executing the program to find potential vulnerabilities. Static Analysis
Security testing of running applications to identify vulnerabilities in their operational state. Dynamic Analysis
Tracking and analyzing software dependencies and libraries for known security vulnerabilities. Package Monitoring
A stream of threat intelligence about current security threats and indicators of compromise. Threat Feed
The collection and analysis of security-related information from publicly available sources. OSINT
Commercial or private threat intelligence services that provide curated security information. Proprietary/Third-party Feeds
Groups that enable the sharing of threat intelligence across different organizations and sectors. Information-sharing Organization
Surveillance of dark web activities to identify potential threats or leaked organizational data. Dark Web Monitoring
Authorized simulated attacks on systems to identify and validate security vulnerabilities. Penetration Testing
A formal process for security researchers to report vulnerabilities to organizations. Responsible Disclosure Program
A program offering rewards to security researchers for finding and reporting security vulnerabilities. Bug Bounty Program
A formal examination of systems and processes to verify security controls and compliance. System/Process Audit
An alert or finding that incorrectly indicates a security issue exists. False Positive
A failure to detect an actual security issue or vulnerability. False Negative
The process of ranking vulnerabilities based on their potential impact and likelihood of exploitation. Prioritization
A standardized scoring system for rating the severity of security vulnerabilities. CVSS
A system for identifying and cataloging known cybersecurity vulnerabilities. CVE
The categorization of vulnerabilities based on their type, severity, and potential impact. Vulnerability Classification
The percentage of an asset that would be lost if a specific threat successfully exploits a vulnerability. Exposure Factor
Local factors that affect the severity or likelihood of vulnerability exploitation. Environmental Variables
The potential effect of a vulnerability on specific business sectors or organization types. Industry/Organizational Impact
The level of risk an organization is willing to accept in pursuit of its objectives. Risk Tolerance
The standardized procedures for evaluating, purchasing, and implementing new assets while ensuring security requirements are met. Acquisition
The process of allocating and documenting responsibility for organizational assets to specific individuals or departments. Asset Assignment
The tracking and management of asset value, depreciation, and total cost of ownership throughout its lifecycle. Asset Accounting
The designation of individuals or groups responsible for maintaining and securing specific assets. Asset Ownership
The categorization of assets based on their sensitivity, value, and criticality to the organization. Asset Classification
The continuous tracking of asset location, status, and usage to maintain security and compliance. Asset Monitoring
A comprehensive list of all organizational assets, including hardware, software, and data resources. Asset Inventory
The systematic identification and cataloging of assets on a network or within an organization. Asset Enumeration
The process of removing assets from service while ensuring security and compliance requirements are met. Disposal
The systematic removal of an asset from active service, including proper data handling and documentation. Decommissioning
The process of removing sensitive data from storage media so it cannot be recovered. Sanitization
The physical destruction of assets to prevent data recovery or unauthorized reuse. Destruction
Documentation verifying that asset disposal was performed according to security and compliance requirements. Asset Certification
Policies and procedures governing how long different types of data must be kept before disposal. Data Retention
Portable computing devices like smartphones and tablets requiring specific security controls and management. Mobile Devices
Individual computer systems used by employees, requiring endpoint protection and security policies. Workstations
Network devices that connect and manage traffic between devices on a local network segment. Switches
Network devices that direct traffic between different networks and implement security policies. Routers
Virtual computing resources hosted by third-party providers requiring specific security considerations. Cloud Infrastructure
Dedicated computers that provide services to other devices while requiring robust security measures. Servers
Industrial Control Systems that manage physical processes, requiring specialized security approaches. ICS/SCADA
Purpose-built computing systems with integrated hardware and software requiring security hardening. Embedded Systems
Real-Time Operating Systems used in time-critical applications with specific security requirements. RTOS
Internet-connected devices requiring security controls to prevent unauthorized access and exploitation. IoT Devices
Physical inspections to determine optimal wireless access point placement and coverage. Site Surveys
Visual representations of wireless signal strength used for optimal network coverage planning. Heat Maps
Mobile Device Management systems enforce security policies on mobile devices. MDM
Policy allowing employees to use personal devices for work with application of security controls by policy or agent. BYOD
Corporate-owned devices that allow personal use within security boundaries. COPE
Policy where employees select from approved device options meeting security requirements. CYOD
Protection measures for mobile devices connecting via cellular networks. Cellular Security
Protocols and measures protecting wireless network communications. Wi-Fi Security
Controls protecting short-range wireless communications between devices. Bluetooth Security
The latest Wi-Fi security protocol providing enhanced encryption and protection. WPA3
Authentication, Authorization, and Accounting services for network access control. AAA/RADIUS
Standards for securing wireless communications through encryption. Cryptographic Protocols
Methods for verifying the identity of devices and users in wireless networks. Authentication Protocols
Security checks that verify data input meets expected formats and criteria. Input Validation
Web browser data storage with security controls to prevent unauthorized access. Secure Cookies
Automated testing of application source code for security vulnerabilities. Static Code Analysis
Digital signing of applications to verify their authenticity and integrity. Code Signing
Isolation of applications or processes to contain potential security threats. Sandboxing
Continuous observation of device and network activity for security issues. Security Monitoring
Formal document defining appropriate use of organizational IT resources and consequences of violations Acceptable use policy
Core documents establishing organization's approach to protecting information assets Information security policies
Policies defining how organization maintains essential functions during disruptions Business continuity
Policies specifying procedures to restore IT operations after major incidents Disaster recovery
Policies outlining how organization detects, responds to, and recovers from security incidents Incident response
Policies governing security requirements throughout application development process Software development lifecycle
Rules governing how changes to systems and infrastructure are proposed, approved, and implemented Change management policy
Technical requirements for password creation, complexity, and management Password standards
Specifications for implementing and maintaining access controls across systems Access control standards
Requirements for securing facilities, equipment, and physical assets Physical security standards
Technical specifications for implementing cryptographic controls Encryption standards
Step-by-step processes for implementing and documenting system changes Change management procedures
Detailed steps for granting new users appropriate system access and security training Onboarding procedures
Steps for removing access and securing assets when users leave organization Offboarding procedures
Documented procedures for responding to specific security incidents or scenarios Playbooks
Security requirements imposed by government regulations like HIPAA or GDPR Regulatory considerations
Security obligations arising from laws, contracts, and liability concerns Legal considerations
Security requirements specific to business sector or industry standards Industry considerations
Security requirements from local or regional authorities Local/regional considerations
Security requirements imposed by national governments or standards National considerations
International security requirements affecting multinational operations Global considerations
Process of reviewing and updating security policies to maintain effectiveness Monitoring and revision
Governance bodies providing high-level security oversight and strategy Boards
Groups responsible for specific aspects of security governance Committees
Official bodies that create and potentially enforce security regulations Government entities
Security decision-making concentrated in single authority Centralized governance
Security decision-making distributed across multiple units or locations Decentralized governance
Individuals or entities with ultimate responsibility for data assets Data owners
Entities determining purposes and means of processing personal data Data controllers
Entities processing data on behalf of controllers Data processors
Personnel responsible for implementing security controls and maintaining data Data custodians
Individuals ensuring data quality and policy compliance in their areas Data stewards
Process of discovering and documenting potential security threats and vulnerabilities to an organization Risk identification
Risk evaluation performed as needed in response to specific events or concerns Ad hoc assessment
Regular, scheduled risk evaluations performed at defined intervals Recurring assessment
Single risk evaluation performed for a specific purpose or project One-time assessment
Ongoing, real-time monitoring and evaluation of risks Continuous assessment
Risk evaluation based on subjective ratings (e.g., high/medium/low) and expert judgment Qualitative analysis
Risk evaluation using numerical values and statistical methods to calculate potential losses Quantitative analysis
Expected monetary loss from a single occurrence of a risk event Single loss expectancy
Expected yearly monetary loss from risk events (SLE × ARO) Annualized loss expectancy
Expected frequency of a risk event occurring within one year Annualized rate of occurrence
Statistical likelihood of a risk event occurring Probability
Estimated chance of a risk occurring based on historical data and current conditions Likelihood
Percentage of asset value likely to be lost if a risk event occurs Exposure factor
Magnitude of harm that could result from a risk event Impact
Documented inventory of identified risks, their characteristics, and response plans Risk register
Metrics used to monitor risk levels and trigger responses Key risk indicators
Individuals or groups responsible for managing specific risks Risk owners
Maximum level of risk an organization is willing to accept before taking action Risk threshold
Amount of risk an organization can handle while still achieving objectives Risk tolerance
Willingness to accept higher risks for potential greater returns Expansionary risk appetite
Preference for lower risks even if it means reduced potential returns Conservative risk appetite
Balanced approach to risk-taking based on careful cost-benefit analysis Neutral risk appetite
Moving (or transferring) risk to another party through insurance or contracts Risk transfer
Conscious decision to take no action or no further action against a known risk. Accepting the controls in place, if any. Risk acceptance
Formal approval to operate outside normal risk parameters temporarily Risk exemption
Documented deviation from standard risk management procedures Risk exception
Eliminating risk by avoiding activities that could cause it Risk avoidance
Implementing controls to reduce probability or impact of risks Risk mitigation
Regular communication of risk status to stakeholders Risk reporting
Assessment of how disruptions affect critical business functions Business impact analysis
Maximum acceptable time to restore business function after disruption RTO: Recovery time objective
Maximum acceptable data loss measured in time before disruption RPO: Recovery point objective
Average time required to fix a failed system MTTR: Mean time to repair
Average time between system failures under normal operation MTBF: Mean time between failures
Authorized simulated attacks to evaluate vendor's security controls and identify vulnerabilities Penetration testing
Contract provision allowing customer to examine vendor's security controls and practices Right-to-audit clause
Documentation proving vendor conducts regular security self-assessments Evidence of internal audits
Security evaluations of vendor performed by qualified third-party organizations Independent assessments
Evaluation of security risks in vendor's entire supply and delivery network Supply chain analysis
Comprehensive investigation of vendor's security practices before establishing business relationship Due diligence
Situation where vendor's other business relationships could compromise security obligations Conflict of interest
Contract defining specific performance metrics and security requirements vendor must meet Service-level agreement
Binding document outlining security responsibilities between organizations Memorandum of agreement
Non-binding document describing security expectations between organizations Memorandum of understanding
Primary contract establishing overall terms for security and business relationship Master service agreement
Document specifying security requirements for specific tasks or projects Work order
Detailed document defining security deliverables, timelines, and requirements for specific project Statement of work
Legal contract requiring parties to protect confidential information shared between them Non-disclosure agreement
Contract defining security obligations in ongoing business relationship Business partners agreement
Comprehensive evaluation of vendor's security capabilities, risks, and compliance Vendor assessment
Assessment of security risks throughout vendor's supplier and delivery network Supply chain analysis
Documentation and communication of compliance status to organization's leadership and stakeholders Internal compliance reporting
Required reporting of compliance status to regulators, auditors, or other outside authorities External compliance reporting
Monetary penalties imposed for failing to meet compliance requirements Fines
Official penalties or restrictions imposed for compliance violations Sanctions
Harm to organization's public image and trustworthiness due to compliance failures Reputational damage
Revocation of authority to conduct business due to severe compliance violations Loss of license
Penalties or contract terminations resulting from compliance failures Contractual impacts
Reasonable steps taken to ensure and maintain compliance with requirements Due diligence
Demonstrating prudent actions to meet compliance obligations Due care
Formal declaration that compliance requirements are being met Attestation
Documented recognition of compliance responsibilities Acknowledgement
The organization's internal methods for monitoring compliance status Internal monitoring
Third-party oversight of compliance activities by a trusted and knowledgable service auditor External monitoring
Using technology to automatically track, report, and enforce compliance Compliance automation
Privacy requirements specific to city or regional jurisdiction Local privacy laws
Privacy requirements enforced at country level National privacy laws
International privacy requirements affecting cross-border operations Global privacy laws
Individual whose personal data is being collected or processed Data subject
Entity that determines purposes and means of processing personal data Data controller
Entity that processes personal data on behalf of the controller Data processor
Rights and responsibilities regarding collected personal information Data ownership
Comprehensive catalog of what personal data is collected and stored Data inventory
Rules governing how long personal data can be kept Data retention
Individual's right to have personal data erased upon request Right to be forgotten
Formal verification of security controls by organization's own personnel or departments Internal attestation
Documentation certifying adherence to specific security requirements or standards Compliance attestation
Internal group responsible for overseeing security audits and attestation processes Audit committee
Organization's internal evaluation of its security controls and compliance status Self-assessments
Verification of security controls by outside organizations or authorities External attestation
Official review of security controls by government or regulatory bodies Regulatory examination
Systematic evaluation of security controls against defined criteria Assessment
Security evaluation conducted by neutral external organization Independent third-party audit
Testing physical security controls through attempted facility access Physical penetration testing
Actively attempting to exploit security vulnerabilities to assess defenses Offensive penetration testing
Testing organization's ability to detect and respond to attacks Defensive penetration testing
Combined testing of physical, technical, and procedural security controls Integrated penetration testing
Penetration testing with full knowledge of target environment Known environment testing
Testing with limited information about target environment (grey box) Partially known testing
Testing without prior knowledge of target environment (black box) Unknown environment testing
Gathering target information without direct interaction (e.g., public records) Passive reconnaissance
Direct probing of target systems to gather security information Active reconnaissance
Results and recommendations from security assessments or audits Audit findings
Defined boundaries and limitations of security testing activities Testing scope
Structured approach and procedures used in security testing Testing methodology
Agreed-upon guidelines and restrictions for penetration testing Rules of engagement
Documentation of security testing processes and results Evidence collection
Confirming that identified security issues have been properly fixed Remediation verification
NoteStudied by 4017 peopleNoteStudied by 5 peopleNoteStudied by 51 peopleNoteStudied by 21 peopleNoteStudied by 22 peopleNoteStudied by 4 people