glossary of key terms Flashcards by Alan Malone

The maintenance and verification of a desired level of

quality of software, a product, or service.

quality assurance (QA)

How well did you know this?

Not at all

Perfectly

Policies that define the rules restricting how a computer, network, or other system may be used.

acceptable use policies

How well did you know this?

Not at all

Perfectly

A list of permissions attached to an object specifying what level of access a user, users, or groups have to that object. When you’re
dealing with firewalls a set of rules that apply to a list of network
names, IP addresses, and port numbers

access control list (ACL)

How well did you know this?

Not at all

Perfectly

A collection of policies to determine the level of access
that a subject (user or system) has on a resource (the system, application, or data
to be protected). There are four major types

access control model / Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary
Access Control (DAC), and Rule-Based Access Control (RBAC or RB-RBAC).

How well did you know this?

Not at all

Perfectly

In digital forensics, the process of collecting specific data related to
an attack, intrusion, or investigation, which can include computer media and other
devices that store electronic data.

acquisition

How well did you know this?

Not at all

Perfectly

A Microsoft directory service that authenticates and authorizes
users and computers.

Active Directory

How well did you know this?

Not at all

Perfectly

An attacker’s method that is carried out on a target mostly

by using network and vulnerability scanners.

active reconnaissance

How well did you know this?

Not at all

Perfectly

Assessment that measures risk by using exact monetary values. It attempts to give an expected yearly loss in dollars for any given risk.
It also defines asset values to servers, routers, and other network equipment.

quantitative risk assessment

How well did you know this?

Not at all

Perfectly

A load-balancing scenario in which each device performs work

simultaneously, thus sharing the load.

active/active

How well did you know this?

Not at all

Perfectly

A load-balancing scenario in which one device actively performs
work while the other works in a standby mode.

active/passive

How well did you know this?

Not at all

Perfectly

A programming method involving
random arrangement of different address spaces used by a program (or process). It
helps prevent the exploitation of buffer overflows, remote code execution, and memory corruption vulnerabilities. It also can aid in protecting mobile devices (and other
systems) from exploits caused by memory-management problems

address space layout randomization (ASLR)

How well did you know this?

Not at all

Perfectly

Accounts on a system with higher-level privileges. They

are similar to root accounts on a Linux system.

administrator accounts

How well did you know this?

Not at all

Perfectly

A sophisticated attack that can remain undetected for a long time. Also, a government (state actor) attack is often also referred
to

advanced persistent threat (APT)

How well did you know this?

Not at all

Perfectly

The tactics, techniques,

and procedures used by attackers to compromise a system or a network.

adversary tactics, techniques, and procedures (TTPs)

How well did you know this?

Not at all

Perfectly

A concept that refers to the gap or lack of connection between a computer
and other networks. Because the computer isn’t directly connected to the network, it
can’t be attacked through the network

air gap

How well did you know this?

Not at all

Perfectly

A list of allowed applications or functions that are accessible to a specific
resource, such as another application, a system, or a user. The list is inclusive; if the
application is not listed, access is denied

allow list

How well did you know this?

Not at all

Perfectly

A VPN client that immediately and automatically establishes a
VPN connection when an Internet connection is made.

always-on VPN

How well did you know this?

Not at all

Perfectly

The total expected loss in dollars per year due

to a specific incident.

annualized loss expectancy (ALE)

How well did you know this?

Not at all

Perfectly

The number of times per year that a

specific incident occurs.

annualized rate of occurrence (ARO)

How well did you know this?

Not at all

Perfectly

A method of obfuscating data such that the data can be used for
legitimate purposes while not exposing the identity of the data owner.

anonymization

How well did you know this?

Not at all

Perfectly

Software that protects against infections caused by many types of
malware, including all types of viruses, as well as rootkits, ransomware, and spyware.

antimalware

How well did you know this?

Not at all

Perfectly

A computer program used to prevent, detect, and remove

malware.

antivirus software

How well did you know this?

Not at all

Perfectly

Cloud-based services that don’t fall into SaaS, PaaS,
or IaaS. For example, when a large service provider integrates its security services
into the company/customer’s existing infrastructure, it is often referred to as Security as a service (SECaaS).

anything as a service (XaaS)

How well did you know this?

Not at all

Perfectly

A capability available in all cloud computing
environments. It allows for better automation of workflow deployment. These integrations typically need to be enabled in the environment to utilize them.

API inspection and integration

How well did you know this?

Not at all

Perfectly

An index of approved software applications or executable files that are permitted to be present and active on a computer system.

application approved list

An index or list of undesirable or unauthorized | programs used to prevent their execution.

application block list/deny list

Attacks that target the resources of Layer 7 applications and often leverage known vulnerabilities against specific software.

application DDoS attacks

A programmatic framework that enables other systems to interact with an application; however, lack of adequate controls and monitoring make effective security testing of _____ difficult to automate, which makes them vulnerable targets.

application programming interface (API)

A process to adequately and securely deploy an application on-premises or in the cloud.

application provisioning

Devices used to assess application-specific vulnerabilities | and operate at the upper layers of the OSI model.

application scanners

When an attacker manipulates the ARP cache on a host to | redirect traffic and perform an on-path attack.

ARP cache poisoning

Remnants of an intrusion that can be identified on a host or network

artifacts

A policy for onboarding and offboarding devices; it specifies how they are registered and activated and how they are later decommissioned.

asset management

A process that uses a public-key and private-key pair to | encrypt and decrypt messages when communicating.

asymmetric encryption

A set of matrices created by MITRE to document and explain the adversarial tactics and techniques used by attackers to compromise systems and networks.

ATT&CK

A process that serves to bear witness and to confirm, authenticate, verify, and document.

attestation

An access model that is dynamic and context-aware. Access rights are granted to users through the use of multiple policies that can combine various user, group, and resource attributes together.

attribute-based access control (ABAC)

An assessment that assigns numeric values to the | probability of a risk and the impact it can have on the system or network.

qualitative risk assessment

Characteristics that authenticate a user in either a physical or behavioral manner

attributes

A technique used to transmit hidden information by modifying an audio signal in an imperceptible manner.

audio steganography

The process or action of proving something to be true or valid, verifying the identity of a user or process.

authentication

A program that generates security codes for signing | into assets.

authentication application

As specified in RFC 4302, a protocol that defines an optional packet header to be used to guarantee connectionless integrity and data origin authentication for IP packets and to protect against replays.

Authentication Header (AH)

A nonmalicious hacker—for example, an IT person who | attempts to “hack” into a computer system before it goes live to test the system.

authorized hacker

A DevOps environment component for secure | provisioning and deprovisioning of software, services, and infrastructure.

automated courses of action

An automated way to share indicators of | compromise (IOCs) and threat intelligence information

automated indicator sharing (AIS)

The technology and processes of executing a task without human intervention.

automation

A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools. It is used by law enforcement, military, and corporate examiners to investigate what happened on a computer.

Autopsy

A method used in computer programs to bypass normal authentication and other security mechanisms in place.

backdoor

A Common Vulnerability Scoring System (CVSS) group that represents the intrinsic characteristics of a vulnerability that are constant over time and do not depend on a user-specific environment.

base group

The original frequency range of transmission signal before it is modulated. It can also refer to the type of data transmission in which analog data is sent over a single nonmultiplex channel.

baseband radio

A method used to assess the current security state of computers, servers, network devices, and the network in general after a minimum desired state of security is defined.

baseline configuration (baselining)

The process of reporting the security state of computers, servers, network devices, and the network after a baseline has been determined.

baseline reporting

A Linux/UNIX-based scripting shell and framework.

Bash

Security controls that provide a unique way of making sure that people are who they say they are by monitoring/matching human characteristics such as a fingerprint, retina, or voice.

biometrics

An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.

birthday attack

A way of testing the internal workings of an application or | system where the tester has no knowledge of the system being tested.

black-box testing

An encryption method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text instead of encrypting one bit at a time as in stream ciphers.

block cipher

A list used to deny individual application access—a common | method used when working with email, and by antivirus and HIDS programs

block list/deny list

A term used to identity the defenders of an organization. ____ _____ typically include the computer security incident response team (CSIRT) and information security (InfoSec) team.

blue team

Sending unsolicited messages to Bluetooth-enabled devices such as mobile phones and tablets.

bluejacking

Accessing information without authorization from a wireless device through a Bluetooth connection.

bluesnarfing

A standalone post used for physical security purposes. It is typically steel, short, and sturdy, and anchored in a hard surface such as concrete.

bollard

A process that allows a remote platform to measure and report its system state in a secure way to a third party

boot attestation

The reliability of the operating system and loading mechanism during the booting process; it can be checked using a secure method

boot integrity

A large group of compromised systems known as robots or simply bots

botnet

``` Compromised computers (also known as zombies) that are part of a larger group called a botnet. They are used to distribute malware across the Internet. ```

bots

A password attack where every possible password is attempted.

brute-force attack

A situation that occurs when a process stores data outside the memory that the developer intended.

buffer overflow

The recognition and compensation provided by an organization to security researchers for reporting security vulnerabilities (which are basically bugs in code or hardware).

bug bounties

A current, tested plan in the hands of all personnel responsible for carrying out any part of that plan for the purpose of giving your organization the best shot at success during a disaster

business continuity plan (BCP)

Enacted in 2003, a law that requires California businesses that store computerized personal information to immediately disclose breaches of security.

California SB 1386

The complicating of source code to make it more difficult for people to understand. See also obfuscation.

camouflage

A method used by hotels, coffee shops, etc., that directs users to a web page for authentication (typically through email) prior to normal Internet use. The whole point of the technology is to be able to track users who access the free wireless network. If the user performs any suspect actions, that user can be traced by way of email address, IP address, and MAC address, in addition to other means if multifactor authentication is used.

captive portal

A method of user awareness training where students play in a red team/blue team scenario.

capture the flag

An attack method where the attacker clones a credit card, a | smartphone SIM card, or a building access badge or card.

card cloning attack

A Linux command that copies standard input to standard output

cat

an encryption protocol used with WPA2 that addresses | the vulnerabilities of TKIP and meets the requirements of IEEE 802.11i.

CCMP Counter Mode with Cipher Block Chaining Message Authentication Code (CBC-MAC) Protocol

``` An entity (usually a server) that issues certificates to users. ```

certificate authority (CA)

A list of digitally signed certificates revoked by the certificate authority for security purposes. If a certificate is compromised, it is revoked and placed on the ____. ____ are later generated and published periodically.

certificate revocation list (CRL)

Digitally signed electronic documents that bind a public key with a user identity.

certificates

A process that provides assurances that evidence has been controlled and handled properly after collection.

chain of custody

An authentication scheme used by the Point-to-Point Protocol (PPP), which in turn is the standard for dial-up connections. It uses a challenge-response mechanism with one-way encryption.

Challenge-Handshake Authentication Protocol (CHAP)

The process that is put in place to handle requests to make | changes to a system in a more efficient and coordinated manner.

change control

A structured way of changing the state of a computer | system, network, or IT procedure.

change management

The Linux command and system call that is used to change the access permissions of file system objects.

chmod

A device policy where employees select a | device from a company-approved list.

choose your own device (CYOD)

A set of algorithms that help secure a network connection that uses Transport Layer Security (TLS). The set of algorithms that _____ _____ usually contain include a key exchange algorithm, bulk encryption algorithm, and message authentication code (MAC) algorithm.

cipher suite

The process of completely removing any residual files or data from target systems after the testing phases of a penetration testing engagement are complete.

cleanup

Anything that is being performed (a command, script, or otherwise) at the client end of the communication. Typically executed on the client’s browser rather than on the web server, it allows for more responsive web applications.

client-side execution

The ability to properly handle application and user input to | prevent a security vulnerability and client-side execution.

client-side validation

A tool that is utilized in organizations to | control access to and use of cloud-based computing environments.

cloud access security broker (CASB)

A framework established by the Cloud Security Alliance | for cloud computing.

Cloud Controls Matrix

The act of reusing third-party, open-source software, or code developed internally by an organization.

code reuse

A location belonging to an organization that has tables, chairs, bathrooms, and possibly some technical setup—for example, basic phone, data, and electric lines. Otherwise, a lot of configuration of computers and data restoration is necessary before the site can be properly utilized. This type of site is used only if a company can handle the stress of being nonproductive for a week or more.

cold site

A situation that occurs when two different files end up using the same hash, which is possible with less secure hashing algorithms.

collision

The controlling master computer directing the actions of | a botnet, which distributes Internet malware.

command and control

A standard that enables different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion.

Common Security Advisory Framework (CSAF)

A standard created by MITRE (www.mitre.org) that provides a mechanism to assign an identifier to vulnerabilities so that you can correlate the reports of those vulnerabilities among sites, tools, and feeds.

Common Vulnerabilities and Exposures (CVE)

A mix of public and private cloud deployments where multiple | organizations can share the public portion

community cloud

Mechanisms put in place to satisfy security requirements that are either impractical or too difficult to implement. For example, instead of using expensive hardware-based encryption modules, an organization might opt to use network access control (NAC), data loss prevention (DLP), and other security methods. Or, on the personnel side, instead of implementing segregation of duties, an organization might opt to do additional logging and auditing. Also known as alternative controls.

compensating controls

A program that translates, verifies, and processes source code created in a specific programming language.

compiler

Program errors that occur while the program is being | compiled.

compile-time errors

An access control model where access is granted based on specific criteria requirements.

conditional access

A classification of information where unauthorized access to the information would cause damage to national security.

confidentia

An ongoing process created with the goal of maintaining computer systems, servers, network infrastructure, and software in a desired, consistent state.

configuration management

The process of reviewing system configurations to reveal | potential security problems.

configuration reviews

The use of various tools for securing containerized cloud computing environments. Some of these tools are native to the actual cloud computing environment, and some are third-party solutions and run on those environments.

container security

Logical units of software that package applications and all the dependencies needed to run it. ______ are lightweight, standalone executable software packages that include code, runtime environments, system tools, and related software libraries. Two of the most popular examples of ______ solutions are Docker and Linux LXC

containers

The methodology whereby access to information, files, systems or networks is controlled.

containment

Using a program to screen and/or exclude access to web | pages, URLs, or email deemed objectionable.

content URL/filtering

A federal initiative to encourage people and departments to plan to address how critical operations will continue under a broad range of circumstances.

continuity of operations planning (COOP)

A software development process in which developers produce | software in short cycles while making sure that the software is reliable and secure.

continuous delivery

The automation of the application deployment, provisioning, and underlying network components and infrastructure.

continuous deployment

A software development practice in which programmers merge, test, and deploy code changes in a central repository multiple times a day or several times per week.

continuous integration

A DevOps environment component that ensures applications and systems are operating correctly and securely.

continuous monitoring

A DevOps environment component where applications | and code must be validated in an automated fashion.

continuous validation

A device policy in which the company supplies employees with a phone that can also be used for personal activities.

corporate-owned, personally enabled (COPE)

Controls used after an event. They limit the extent of damage and help the company recover from damage quickly. Tape backup, hot sites, and other fault tolerance and disaster recovery methods are also included here. They are sometimes referred to as compensating controls.

corrective controls

An encryption mode that uses an arbitrary number that changes with each block of text encrypted. The ______ is encrypted with the cipher, and the result is XOR’d (exclusive OR’d) into ciphertext. Because the _____ changes for each block, the problem of repeating ciphertext that results from the Electronic Code Book method is avoided.

counter mode

Information gathered and activities conducted to protect against espionage, other intelligence activities, or sabotage conducted by or on behalf of other elements.

counterintelligence

The attacking technique or activities of grabbing legitimate usernames and even passwords to gain access to systems to steal information or to use them for malicious purposes.

credential harvesting

Centralized enterprises run by people motivated mainly by | money (organized crime).

criminal syndicates

The point where the false rejection rate (FRR) and | the false acceptance rate (FAR) are equal.

Crossover Error Rate (CER)

A type of vulnerability where an attacker lures the targeted user to execute unwanted actions on a web application. Threat-performing _____ attacks leverage the trust that the application has in the targeted user.

cross-site request forgery (XSRF)

A web application vulnerability where an attacker can redirect a user to a malicious site, steal session cookies, or steal other sensitive information.

cross-site scripting (XSS)

Attacks against cryptographic implementations or against | crypto algorithms.

cryptographic attacks

An advanced form of ransomware that leverages advanced encryption techniques to prevent files from being decrypted without a unique key

cryptomalware

Open-source software/sandbox for automating analysis of suspicious files.

Cuckoo

A Linux command-line tool to transfer data to or from a server, using any of the supported protocols: HTTP, FTP, IMAP, POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP, or FILE

curl

an industry standard used to | convey information about the severity of vulnerabilities.

CVSS Common Vulnerability Scoring System

A series of steps that trace stages of a cyber attack from the early reconnaissance stages to the exfiltration of data. The ____ _____ allows you to understand and combat ransomware, security breaches, and advanced persistent threats (APTs).

cyber kill chain

A type of risk transference (also known as risk sharing) that an organization can purchase to protect, for example, a group of servers in a data center.

cybersecurity insurance

A subset of the deep web where many threat actors perform malicious activities, such as selling stolen credit card numbers, health records, and other personal information.

dark web

Inactive data that is archived—backed up or stored in cloud storage services.

data at rest

The individual who has the greatest responsibility for data privacy protection. This person’s main responsibility is to control how the data is used by applying specific procedures for the data processes.

data controller

The individual who performs day-to-day tasks on behalf of the data owner. This person’s main responsibility is to ensure that the information is available to the end user and that security policies, standards, and guidelines are followed.

data custodian/steward

Data that crosses the network or data that currently | resides in computer memory. Also known as data in motion.

data in transit/motion

Actively used data undergoing constant change; for example, it could be stored in databases or spreadsheets.

data in use/processing

A system that performs content inspection and is designed to prevent unauthorized use of data as well as prevent the leakage of data outside the computer (or network) in which it resides.

data loss prevention (DLP)

A privacy enhancing technology designed to protect or obfuscate sensitive data

data masking

A method of minimizing the amount of personal information | that is consumed by online entities.

data minimization

Also called the information owner; a person who is usually part of the management team and maintains ownership of and responsibility over a specific piece or subset of data.

data owner

The organizational leadership role that is responsible for the overall protection and adherence to data protection processes within the organization.

data protection officer (DPO)

The process of restoring lost data, such as restoring a corrupt file from a backup.

data recovery

A policy that states how long data must be stored by an | organization.

data retention

The process of irreversibly removing or destroying data stored on a memory device (hard drives, flash memory/SSDs, mobile devices, CDs, DVDs, and so on) or in hard copy form

data sanitization

A concept that refers to any information (data) that has been converted and stored in a digital form.

data sovereignty

A command-line utility for Linux operating systems whose primary purpose is to convert and copy files.

Software that is no longer in use, but the source code or binary for it still exists in the system and has not been removed appropriately.

dead code

``` A data destruction method involving the reduction or elimination of a magnetic field (or data) stored on tape and disk media such as computer and laptop hard drives, diskettes, reels, cassettes, and cartridge tapes. ```

degaussing

To adequately and securely remove, decommission, and purge an application and related data on-premises or in the cloud.

deprovision

Controls aimed at monitoring and detecting any unauthorized behavior or hazard. These types of controls are generally used to alert to a failure in other types of controls such as preventive, deterrent, and compensating controls.

detective controls

A control that is used by an organization to try to deter a | threat actor from executing an offensive assault on its environment.

deterrent controls

The environment where you create code on your computer or in | the cloud.

development

A security feature that protects against Layer 2 attacks such as DHCP spoofing and abuse.

DHCP snooping

A cybersecurity/threat intelligence model used to analyze and track the characteristics of cyber intrusions by advanced threat actors that emphasizes the relationships and characteristics of the adversary, capabilities, infrastructure, and victims.

Diamond Model of Intrusion Analysis

A password attack that uses a prearranged list of likely | words, trying each of them one at a time.

dictionary-based attack

Data backups that preserve data, saving only the difference | in the data since the last full backup.

differential backups

A Linux tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.

dig

The name given to a set of access control technologies that are used to control the use of proprietary hardware, software, and copyrighted works. ____ solutions are used to restrict the use, modification, and distribution of copyrighted works and the underlying systems used to enforce such policies.

digital rights management (DRM)

Mathematical schemes for verifying the authenticity of digital messages or documents.

digital signatures

A method of accessing unauthorized parent (or worse, root) directories. It is often used on web servers that have PHP files and are Linux- or UNIX-based, but it can also be perpetrated on Microsoft operating systems. This attack is designed to get access to files such as ones that contain passwords. Also known as the ../ (dot-dot-slash) attack.

directory traversal

A formal document created by organizations that contains detailed instructions on how to respond to unplanned incidents such as natural disasters, power outages, cyber attacks, or other disruptive events.

disaster recovery plan (DRP)

An access control policy generally determined by the owner. Objects such as files and printers can be created and accessed by the owner. Also, the owner decides which users are allowed to have access to the objects, and what level of access they may have. The levels of access, or permissions, are stored in access control lists (ACLs).

discretionary access control (DAC)

A technology that protects information by converting it into | unreadable code that cannot be deciphered easily by unauthorized people.

disk encryption

The principle behind writing data to two or more disks at the same time.

disk redundancy

A restricted variant of Basic Encoding Rules (BER) that allows for only one type of encoding, and has restrictive rules for length, character strings, and how elements are sorted. It is widely used for X.509 certificates.

Distinguished Encoding Rules (DER)

An attack in which a group of compromised systems attacks a single target, causing a denial of service to occur at that host.

distributed denial-of-service (DDoS) attack

Adequate distance between primary and secondary (or backup) sites; this is an important disaster recovery term.

diversity

The process of running code within the address space of another process by forcing it to load a dynamic link library. Ultimately, this can influence the behavior of a program in a way that was not originally intended.

DLL injection

a system utilized on networks to translate domain | names to IP addresses.

DNS Domain Name System

An attack that generates a high volume of packets ultimately intended to flood a target website.

DNS amplification attack

The modification of name resolution information that should be in a DNS server’s cache in order to redirect client computers to incorrect websites.

DNS poisoning

A suite of specifications that provide secure answer validation. It does this through public key cryptography. It is backward-compatible and can be deployed side by side with traditional DNS.

DNS Security Extensions (DNSSEC)

A deception and disruption technique used when you configure one or more DNS servers to provide false results to attackers and redirect them to areas in the network where you can observe their tactics and techniques

DNS sinkhole

A command-line tool that automatically identifies basic DNS records such as MX, mail exchange servers, NS, domain name servers, or the address record for a domain.

dnsenum

An attack in which the attacker changes the registration of a domain name without the permission of the original owner or registrant.

domain hijacking

A method that provides gateway-based cryptographic signing of outgoing messages. It allows you to embed verification data in an email header and for email recipients to verify the integrity of the email messages.

Domain Keys Identified Mail (DKIM)

``` The process of deleting a domain name during the five-day grace period (known as the add grace period, or AGP) and immediately reregistering it for another five-day period. This process is repeated any number of times with the end result of having the domain registered without ever actually paying for it. It is a malicious attack on the entire Domain Name System (DNS) by misusing the domain-tasting grace period. The result is that a legitimate company or organization often cannot secure the domain name of its choice. ```

domain name kiting

A technique to validate the authenticity of a domain and the | services using such domains (including websites and email messages).

domain reputation

The process the certificate authority uses to check the | rights of the applicant to use a specific domain name.

domain validation (DV)

A standard that was designed to thwart spammers from spoofing your domain to send email. Spammers can counterfeit the “From” address on an email message for it to appear to come from a user in your domain

Domain-based Message Authentication, Reporting & Conformance | DMARC

A type of attack in which a protocol (such as TLS or SSL) is downgraded from the current version to a previous version, exploiting backward compatibility

downgrade attack

Power that is supplied to the building via multiple paths; it ensures a single path failure does not interrupt power to the building.

dual supply

The process of trying to understand the source code of a program to adequately build a series of correct inputs for test coverage. Analysis software has the capability to find security issues caused by the code’s interactions with other system components.

dynamic code analysis

A method to determine if an ARP packet is valid based on IP-to-MAC address bindings stored in a trusted database.

Dynamic Host Configuration Protocol (DHCP) snooping

The capability of a cloud computing environment to efficiently allocate resources to tenants based on demand. Without this capability, a cloud-based computing environment would not be feasible.

dynamic resource allocation

A concept referring to network traffic flow within a data center between servers.

east-west traffic

An ecosystem of resources and applications in new network | services (including 5G and IoT).

edge computing

The process of identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI) in litigation.

E-discovery

The capability of an underlying infrastructure to react to a sudden increase in demand by provisioning more resources in an automated way

elasticity

The act of gaining knowledge or information from people

eliciting information

An approach to public-key cryptography | based on the algebraic structure of elliptic curves over finite fields

elliptic-curve cryptography (ECC)

Microprocessor-based computer hardware systems with software that is designed to perform a dedicated function, either as an independent system or as a part of a larger system.

embedded systems

Specified in RFC 4303; an optional packet header that can be used to provide confidentiality through encryption of the packet, as well as integrity protection, data origin authentication, access control, and optional protection against replays or traffic analysis.

Encapsulating Security Payload (ESP)

The process used to protect data by encoding plaintext data using cryptographic algorithms.

encryption

The date when a product or service will no longer be sold or | supported by a third party.

end of life (EOL)

Typically, the last day of service for a product, meaning a third party is no longer providing service if there is a failure.

end of service life (EOSL)

An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

endpoint detection and response (EDR)

Often used interchangeably with endpoint security; security solutions that address endpoint device security issues, securing and protecting endpoints against zero-day exploits, attacks, and inadvertent data leakage resulting from human error.

endpoint protection

In cybersecurity, a measure of the randomness or diversity of a datagenerating function.

entropy

Cryptographic keys that can be used more than once within a single session, such as for broadcast applications, where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key

ephemeral keys

The process of engaging senior analysts and other stakeholders during the incident response process.

escalation

An expert at breaking into systems who can attack systems on | behalf of the system’s owner and with the owner’s consent.

ethical hacker

A rogue and unauthorized wireless access point that uses the same service set identifier (SSID) name as a nearby wireless network, often a public hotspot.

evil twin

Software packages that contain reliable exploit modules | and other hacker technique tools such as agents used for successful repositioning.

exploitation frameworks

Certificates that conduct a thorough vetting of an | organization. Issuance of these certificates is strictly defined.

extended validation (EV)

Specified in IETF RFC 3748 [18]; a framework for access authentication, which supports different authentication methods that are specified as ___ methods. As described in RFC 4017 [19], it is desirable for ___ methods used for wireless LAN to support mutual authentication and key derivation.

Extensible Authentication Protocol (EAP)

A type of Extensible Authentication Protocol authentication that uses a protected access credential instead of a certificate to achieve mutual authentication.

Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST)

A type of Extensible Authentication Protocol authentication that uses Transport Layer Security, which is a certificate-based system that does enable mutual authentication. It does not work well in enterprise scenarios because certificates must be configured or managed on the client side and server side.

Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)

A type of Extensible Authentication Protocol authentication that uses Tunneled Transport Layer Security and is basically the same as TLS except that it is done through an encrypted channel and requires only server-side certificates.

Extensible Authentication Protocol - Tunneled Transport Layer Security (EAP-TTLS)

System decoys and breadcrumbs designed to lure and trick | attackers.

fake telemetry

The process of measuring the likelihood and probability that a biometric system will authorize a person who was not meant to be authorized.

false acceptance rate (FAR)

A network intrusion device’s inability to detect true security events under certain circumstances—in other words, a malicious activity that is not detected by the security device.

false negative

A situation in which a security device triggers an alarm, but no malicious activity or actual attack is taking place. In other words, ____ _____ are false alarms, and they are also called benign triggers.

false positive

The process of measuring the likelihood and probability that a biometric system fails to recognize an authorized user

false rejection rate (FRR)

An enclosure designed to block any RF signals from entering or leaving, or having effect on devices inside the cage.

Faraday cage

An array of programmable logic blocks and a hierarchy of “reconfigurable interconnects” that allow the blocks to be “wired together.” Logic blocks can be configured to perform complex combinational functions, or merely simple logic gates such as the AND gate, OR gate, and NOT gate.

Field-Programmable Gate Array (FPGA)

Systems used to store and track changes in source code | and files.

file and code repositories

A form of malware that functions without putting malicious executables within the file system and instead works in a memory-based environment.

fileless malware

The remote configuration and deployment of mobile devices performed via a messaging service, such as Short Message Service (SMS), Multimedia Messaging Service (MMS), Rich Communication Service (RCS), or Wireless Application Protocol (WAP).

firmware over-the-air (OTA) updates

The decentralization of computing infrastructure by “bringing the cloud to the ground” This architecture enables components of the edge computing concept to easily push compute power away from the public cloud to improve scalability and performance

fog computing

A by-product of attacker reconnaissance on an application, system, or network in order to find vulnerabilities that could potentially be exploited

footprinting

A process that deals with the recovery and investigation of material found in digital devices.

forensics

A proxy server that clients looking for websites, or files via an FTP connection, pass their requests through to the proxy.

forward proxy

A data preview and imaging tool that lets you quickly assess electronic evidence to determine whether further analysis with a forensic tool such as AccessData Forensic Toolkit (FTK) is warranted.

FTK Imager

A type of configuration in which all traffic is sent through the VPN tunnel back to the head end and out through the corporate network.

full tunnel

The process of encrypting data as it is written to the | disk and decrypting data as it is read off the disk. It is most applicable to laptops.

full-disk encryption (FDE)

An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.

fuzzing

A European Union (EU) law that was enacted in 2018 with an overall focus on data protection and privacy for individuals.

General Data Protection Regulation (GDPR)

The use of a virtual fence defining the boundaries of an actual geographical area.

geofencing

The process of placing compute assets in strategic locations to ensure the ability to recover in case of an attack or natural disaster.

geographical dispersal

Law enacted in 1999 that enables commercial banks, investment banks, securities firms, and insurance companies to consolidate. It protects against pretexting. Individuals need proper authority to gain access to nonpublic information such as Social Security numbers.

Gramm-Leach-Bliley Act

A Linux command for finding matching patterns, to search for a string of characters in a specified file.

grep

The act of applying levels of security to protect applications from intellectual property theft, misuse, vulnerability exploitation, tampering, or even repackaging by people with ill intentions. Also known as application shielding.

hardening

The foundation on which all secure operations of a computing system depend.

hardware root of trust

Physical devices that act as secure cryptoprocessors. This means that they are used for encryption during secure login/ authentication processes, during digital signings of data, and for payment security systems. faster than software encryption.

hardware security modules (HSMs)(or a | Trusted Platform Module, or TPM)

A cryptographic function that is a mathematical algorithm used to map data of arbitrary size to a bit array of a fixed size.

hash

A one-way function where data is mapped to a fixed-length value.

hashing

A Linux-centric command that reads the first 10 lines of any given filename.

head

Law enacted in 1996 that | governs the disclosure and protection of health information.

Health Insurance Portability and Accountability Act

Components of a wireless site survey that shows all wireless activity in an area.

heat maps

A characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period.

high availability

The components of a high availability environment deployed across multiple zones to greatly reduce the risk of an outage. In cloud computing environments, high availability is addressed using the concept of regions or zones.

high availability across zones

Hash-based password algorithm | that is used as a one-time password.

HMAC-based one-time password (HOTP)

An attempt to deceive people into believing something that is false.

hoax

A form of encryption enabling you to perform calculations on encrypted data without decrypting it first.

homomorphic encryption

Files used as bait intended to lure adversaries to access and then send alarms to security analysts for detection. They can also be used to potentially learn the tactics and techniques used by attackers.

honeyfiles

One or more computers, servers, or an area of a network that does not house any important company information and is designed to lure attackers so that you can study what tools and techniques they are using in order to discover potential network vulnerabilities.

honeynet

A computer, virtual machine (VM), or container that is used to attract attacker traffic to learn the adversary’s tactics, techniques, and procedures.

honeypot

A firewall installed on each individual desktop, laptop computer, or server that controls incoming and outgoing network traffic and determines whether to allow it into a particular device.

host-based firewall

An application that operates on information collected from individual computer systems. It can detect and alert on malicious activity but cannot stop this activity.

host-based intrusion detection system (HIDS)

A system that is capable of monitoring and analyzing the internals of a computing system “server” as well as the network packets on its network. It can prevent malware infiltration.

host-based intrusion prevention system (HIPS)

In its simplest form, a type of data center design that involves lining up server racks in alternating rows with hot air exhausts facing one way and cold air intakes facing the other.

hot aisle

A near duplicate of the original site of an organization that can be up and running within minutes (maybe longer). Computers and phones are installed and ready to go, a simulated version of the server room stands ready, and the vast majority of the data is replicated to the site on a regular basis in the event that the original site is not accessible to users for whatever reason.

hot site

A free TCP/IP packet generator, assembler, and analyzer that can be used to send large volumes of TCP traffic at a target while spoofing the source IP address, making it appear random or even originating from a specific user-defined source.

hping

A mixture of public and private clouds. Dedicated servers located within the organization and cloud servers from a third party are used together to form the collective network

hybrid cloud

A technique used to manipulate people’s sentiment (often political or religious beliefs) with potentially false information or propaganda.

hybrid warfare

The service provider that also manages the authentication | and authorization process on behalf of the other systems in a federation.

identity provider (IdP)

An IEEE standard that defines port-based network access control (PNAC). is a data link layer authentication technology used to connect devices to a LAN or WLAN. It defines EAP.

IEEE 802.1X

A command used to configure kernel-resident network interfaces. It is used at boot time to set up interfaces as necessary. It is used to view TCP/IP configurations on a Linux or macOS system.

ifconfig

A technique used to hide any kind of file inside an image | file.

image steganography

A valuation to determine the potential monetary costs related to a threat.

impact assessment

A concept related to geolocation and geofencing where a potential compromise is identified based on the fact that it would be impossible for a user to be in two places at once. For instance, if you authenticated at 3 p.m. EST from New York and 10 minutes later tried to authenticate from Florida. This would not be possible and is an indication of account compromise.

impossible travel time/risky login

A set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.

incident response plan

A group of IT professionals in charge of preparing for | and reacting to any type of organizational emergency

incident response team

A series of backup data sets in which daily changes to the data are compared to the state of the data on the previous day. They all have to be applied to the original full backup copy to come up with an up-to-date full backup copy.

incremental backups

Pieces of evidence or information that indicates a potential breach or compromise. Examples include command and control (C2) communications, IP addresses, domains, malware hashes, and other information.

indicators of compromise

The use of blended images where the surrounding scenery and the camouflaged structure appear as one, with the goal to deceive passersby to believe the structure is something else entirely

industrial camouflage

The process of protecting data or information by preventing unauthorized modification.

information assurance

A four-step process of data collection that includes collecting data, storing data, determining how data is used, and disposing of the data.

information lifecycle

Private-sector critical infrastructure organizations and government institutions that collaborate and share information between each other. exist for different industry sectors. Examples include automotive, aviation, communications, IT, natural gas, elections, electricity, financial services, health care, and many other

Information Sharing and Analysis Centers (ISACs)

A cloud service that offers computer networking, storage, load balancing, routing, and VM hosting

infrastructure as a service (IaaS)

The process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

infrastructure as code

The level of untreated risk in a process, system, or activity.

inherent risk

An attack against a cryptographic implementation used to reverse encryption methods (such as RC4) and/or recover a pre-shared key (PSK).

initialization vector (IV) attack

A category of attacks where the threat actor “injects” malicious code or malicious traffic.

injection attacks

A process that ensures the correct usage of data; it checks the data that is input by users into web forms and other similar web elements. If data is not validated correctly, it can lead to various security vulnerabilities, including sensitive data exposure and the possibility of data corruption.

input validation

A concept used by cloud access security broker solutions to | enforce policies on specific parts of an application

instance awareness

Errors that occur when arithmetic operations in a program attempt to create a numeric value that is too big for the available memory space. They create a wrap and can cause resets and undefined behavior in programming languages such as C and C++.

integer overflows

In a certificate chain, the body that signs the end-entity certificate. It then handshakes with the root certificate, which represents the root certificate authority. it not only creates the certificate but also signs it with its own private key.

intermediate certificate authority

The standards body that was originally established in 2005 and later updated in 2013 to address the topics of organizational context, involvement of leadership, planning and objectives, support including resources and communication, operational aspects, evaluation of performance, and continuous improvement.

International Organization for Standardization (ISO)

An Internet protocol that allows you | to access your email wherever you are, from any device.

Internet Message Access Protocol (IMAP)

An industry protocol created to collect and analyze network traffic flow information (metadata of the connections established between systems over a network).

Internet Protocol Flow of Information Export (IPFIX)

A Windows command-line tool that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol and Domain Name System settings.

ipconfig

A standard used to collect and analyze network flow information from infrastructure devices such as network switches and routers.

IPFIX

A principle that defines the architecture for security services for IP network traffic. Also known as Internet Protocol Security or IP Security protocol.

IPsec

The process of sending unsolicited wireless signals to cause interference or a denial of service condition.

jamming

A Linux command-line tool used for viewing logs that are collected by systemd.

journalctl

An authentication protocol designed at MIT that enables computers to prove their identity to each other in a secure manner. It is used most often in a client/server environment; the client and server both verify each other’s identity. This is known as two-way authentication or mutual authentication.

Kerberos

A process implemented to secure a copy of the user’s private key (not the public key) in case it is lost.

key escrow

A technique used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) needed to test each possible key.

key stretching

Spyware that records your keystrokes.

keylogger

Authentication of an individual based on knowledge of information associated with his or her claimed identity in public databases.

knowledge-based authentication (KBA)

Penetration test environment where the tester starts out with a significant amount of information about the organization and its infrastructure.

known environment

A post-exploitation technique, the main goal of which is to move from one device to another to avoid detection, steal sensitive data, and maintain access to these devices to exfiltrate the sensitive data. Lateral movement is also referred to as pivoting

lateral movement

A tunneling protocol used to connect virtual private networks. It does not include confidentiality or encryption on its own. It uses port 1701 and can be more secure than PPTP if used in conjunction with IPsec.

Layer 2 Tunneling Protocol (L2TP)

An attack similar to SQL injection; it uses a web form input box to gain access or exploits weak LDAP lookup configurations.

LDAP injection

An approach by which subjects are given only the necessary privileges needed to do their intended job.

least privilege

Technology solutions and platforms that are end-of-sale and | end-of-support by a vendor or considered obsolete.

legacy platforms

An encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices such as the ever-expanding IoT market.

lightweight cryptography

A protocol used to read and write information to Active Directory. By default, LDAP traffic is transmitted unsecured, but you can enable LDAPS by using certificates.

Lightweight Directory Access Protocol over SSL (LDAPS)

A USB flash drive or external hard disk drive containing a full operating system that can be booted to.

live boot media

The act of collecting logs from multiple systems in a network.

log aggregation

Software that is able to receive logs from multiple sources (data input) and in some cases offers storage capabilities and log analysis functionality.

log collector

Code that has, in some way, been inserted into software; it is meant to initiate some type of malicious function when specific criteria are met.

logic bomb

An attack in which the attacker sniffs the network for valid | MAC addresses and then uses those MAC addresses to perform other actions.

MAC cloning attack

An attack that sends numerous unknown MAC addresses to | a network switch to cause a DoS condition.

MAC flooding attack

A set of rules or patterns that specify how certain input could trigger a command, a series of commands, or any other operation in a system.

macros

An access control policy determined by a | computer system, not by a user or owner, as it is in DAC.

mandatory access control (MAC)

The process of reading source code line by line in an | attempt to identify potential vulnerabilities.

manual code review

The average number of failures per million hours of operation for a product in question.

mean time between failures (MTBF)

The amount of time that an asset, system, or | application takes before it fails.

mean time to failure (MTTF)

The time needed to repair a failed device.

mean time to repair (MTTR)

the process of taking all information content in | RAM and writing it to a storage drive.

memdump A memory dump

A document that outlines the terms and details of an agreement between parties, including each party’s requirements and responsibilities.

memorandum of understanding (MOU)

Data created from every activity you perform, whether it’s on your personal computer or online, every email, web search, social and public application.

metadata

Physical devices that act as secure cryptoprocessors during secure login/authentication processes, during digital signings of data, and for payment security systems

MicroSD hardware security modules (HSMs)

A tool used by many penetration testers, attackers, and even malware that can be useful for retrieving password hashes from memory; it is a useful postexploitation tool.

Mimikatz

A globally-accessible knowledge base of adversary tactics, | techniques, and procedures (TTPs) based on real-world observations of cybersecurity threats.

MITRE ATT&CK

Centralized software solutions that can control, configure, update, and secure remote mobile devices such as Android, iOS, BlackBerry, and so on, all from one administrative console.

mobile device management (MDM)

An authentication method that requires the user to | provide two or more verification factors to gain access to a resource.

multifactor authentication

An Internet of Things implementation based on low-power wide-area (LPWA) technology developed to enable a wide range of new IoT devices and services.

NarrowBand-Internet of Things (NB-IoT)

A remote security scanning tool that scans a computer and notifies the practitioner if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer connected to a network.

Nessus

A back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through _____ or use it as a backdoor into other networked systems

netcat

A session flow protocol that collects and analyzes network traffic data that can be used to help you understand which applications, users, and protocols might be consuming the most network bandwidth or if a DoS activity is taking place and who the actors are.

NetFlow

A Windows and Linux command-line tool that generates a display showing network status and protocol statistics. It is used to view the current TCP/IP connections on a system.

netstat

Attacks that target network infrastructure resources (for example, bandwidth, CPU, and memory utilization of the underlying network infrastructure).

network DDoS attacks

The process of combining two or more | network interfaces to increase network capacity

network interface card (NIC) teaming

The process of adding additional instances of network devices and connections to help ensure network availability and decrease the risk of failure

network redundancy

A type of IDS that attempts to detect malicious network activities—for example, port scans and DoS attacks—by constantly monitoring network traffic.

network-based intrusion detection system (NIDS)

A type of IPS designed to inspect traffic and, based on its configuration or security policy, remove, detain, or redirect malicious traffic.

network-based intrusion prevention system (NIPS)

A popular vulnerability scanner.

nmap

A random number issued by an authentication protocol that can be used only one time.

nonce

The assurance that someone cannot deny the validity of something; where a statement’s author cannot dispute its authorship.

nonrepudiation

he capability to avoid or reduce data redundancies and anomalies— a core concept within relational databases.

normalization

A simple but practical command-line tool, that is principally used to find the IP address that corresponds to a host or the domain name that corresponds to an IP address.

nslookup

A situation that occurs when a program dereferences a pointer that it expects to be valid, but is null, which can cause the application to exit or the system to crash.

null pointer dereference

A tool that is used for centralized logging across various platforms and supports a myriad of different log types and formats.

NXLog

The complicating of source code to make it more difficult for people to understand. See also camouflage.

obfuscation

Removing an employee from a federated identity management system, typically when he or she leaves an organization.

offboarding

A dedicated system or application used to crack hashed | or encrypted passwords offline.

offline password cracker

Adding a new employee to an organization and to its identity and access management system. This process is associated with user training, federated identity management, and role-based access control (RBAC).

onboarding

An alternative to certificate revocation lists (CRLs) that contains less information than a CRL does, and the client side of the communication is less complex. does not require encryption, making it less secure than CRLs.

Online Certificate Status Protocol (OCSP)

An application used to crack passwords while interacting with the targeted system.

online password cracker

Previously known as man-in-the-middle (MITM) or man-in-thebrowser (MITB) attack, this type of attack intercepts all data between a client and server, sometimes using a Trojan to infect a vulnerable web browser for later nefarious purposes.

on-path attack

An implementation profile for storage devices built to protect the confidentiality of stored user data against unauthorized access after it leaves the owner’s control (involving a power cycle and subsequent deauthentication).

Opal

Information that can be used for reconnaissance from public records, social media sites, DNS records, and other open sources. It applies to offensive security (ethical hacking/penetration testing) and defensive security

open-source intelligence (OSINT)

A nonprofit organization that has chapters all over the world that focus on application and software security. It has numerous well-known and comprehensive projects designed to increase the awareness of secure coding and testing, as well as creating tools to help find and prevent security vulnerabilities.

Open Web Application Security Project (OWASP)

A popular SSO protocol for federated systems. In the 2.0 version, the authentication and authorization process is similar to the one in SAML.

OpenID

A full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.

OpenSSL

This category of controls includes the controls executed by people. They are designed to increase individual and group system security. They include user awareness and training, fault tolerance and disaster recovery plans, incident handling, computer support, baseline configuration development, and environmental security. The people who carry out the specific requirements of these controls must have technical expertise and understand how to implement what management desires of them.

operational controls

The term used to describe physical items that can be programmed and connected to a network or the Internet. Typically, these devices are used to control electrical grids, pipelines, automobiles, manufacturing plant robots, and other critical infrastructure.

operational technology (OT)

The order in which digital evidence is collected from high | volatility (where data is more vulnerable to loss) to low volatility.

order of volatility

A portion of a hard disk or similar media that is reserved as an extension of RAM.

pagefile

Penetration test environment where the penetration testers may be provided credentials but not full documentation of the network infrastructure.

partially known environment

A type of attack in which, instead of trying to figure out what the user’s password is, the attacker just uses a password hash collected from a compromised system and then uses the same hash to log in to another client or server system. This is done because password hashes cannot be reversed.

pass the hash attack

An attacker method that can be carried out by researching information about the victim’s public records, social media sites, and other personal information.

passive reconnaissance

A protocol that sends usernames | and passwords in clear text. Obviously, this protocol is insecure and to be avoided.

Password Authentication Protocol (PAP)

An application program that is used to identify an unknown or forgotten password to a computer or network resources.

password cracker

A technology typically deployed by corporations when implementing two-factor authentication. The primary use case is remote access to the organization’s environment

password keys

The practice of reusing the same password or part of it, which consequently increases the risk of password compromise.

password reuse

A type of password brute-force attack where the attacker uses a single password against targeted user accounts before performing a second attempt to remain undetected.

password spraying

A central system or piece of software that stores and manages various sets of credentials in a secure management system. helps solve the issue of credential storage. has its own set of credentials and possibly another authentication factor that is used to access

password vault

The process of keeping up with fixes that address software | bugs

patch management

Software bug fixes.

patches

A utility that sends packets to each router on the way to a final destination over a period of time and computes results based on the packets that return from each hop.

pathping

A standard enacted in 2006 as a joint effort by the credit card industry with the overall goal to enhance the security around payment card data processing. The requirement applies to any organization that processes payment card data and enforces penalties for noncompliance on such organizations.

Payment Card Industry Data Security Standard (PCI DSS)

a common format that uses base64-encoded ASCII files and can be identified with the .pem file extension, though the format might also use .crt (for example, Microsoft), .cer, or .key extensions.

PEM Privacy-enhanced Electronic Mail (PEM)

The process of analyzing the security posture of a network’s or system’s infrastructure in an effort to identify and possibly exploit any security vulnerabilities found.

penetration testing

A feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.

perfect forward secrecy

The act of maintaining a foothold in a compromised system after the exploitation phase in order to perform additional tasks such as installing and/or modifying services to connect back to the compromised system. It is used in a loadbalancing environment, when various mechanisms are used to maintain the preservation of data during transmission between the client and server.

persistence

Information used to uniquely identify, contact, or locate a person. This type of information could be a name, birthday, Social Security number, biometric information, and so on.

personally identifiable information (PII)

An organization’s system of ensuring employees are who they say they are. The most common type of authentication is the username/ password combination. Usernames are usually based on a person’s real name.

personnel credential policy

A type of attack in which an attacker redirects one website’s traffic to another website that is bogus and possibly malicious. The threat actor redirects a victim from a valid website or resource to a malicious one that could be made to appear as the valid site to the user. From there, an attempt is made to extract confidential information from the user or to install malware in the victim’s system.

pharming

An attempt at fraudulently obtaining private information, usually done electronically.

phishing

A verification system in which a user receives an automated phone call that requires him or her to press a certain button or code.

phone call authentication

A physical security system used to control access to organization. It can be considered the first line of defense, sort of like a firewall is the first line of defense for a network. Implementing physical access security methods should be a top priority for an organization. Proper building entrance access and secure access to physical equipment are vital. And anyone coming and going should be logged and surveyed.

physical controls

A type of attack in which an unauthorized person tags along with an authorized person to gain entry to a restricted area. Also known as tailgating

piggybacking

A TCP/IP command used to verify IP-level connectivity to another TCP/ IP computer by sending Internet Control Message Protocol (ICMP) echo request messages. Corresponding echo reply messages are displayed, along with round-trip times. This command is used to test connectivity between two devices on a network with IPv4

ping

A method of adding security to the certificate validation process. You can help detect and block many types of on-path attacks by adding an extra step beyond normal X.509 certificate validation.

pinning

pivoting

A cloud service that provides various software solutions to organizations, especially the ability to develop applications in a virtual environment without the cost or administration of a physical platform. This model provides everything except applications. Services provided by this model include all phases of the system development lifecycle (SDLC) and can use application programming interfaces (APIs), website portals, or gateway software. These solutions tend to be proprietary, which can cause problems if the customer moves away from the provider’s platform.

platform as a service (PaaS)

Linear style electronic checklists of required steps and actions needed to successfully respond to specific incident types or threats.

playbook

A security feature present in routers and switches that is used to provide access control by restricting the Media Access Control (MAC) addresses that can be connected to a given port.

port security

Configuring one or more ports on a switch to forward all packets to another port. This procedure is often used when capturing packets

port spanning/port mirroring

A hardware device utilized to provide access to all traffic on a network segment.

port tap

The use of cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer.

post-quantum cryptography

A form of spyware that typically | includes grayware, adware, or jokes.

potentially unwanted programs (PUPs)

A scripting framework used in Windows operating systems.

PowerShell

A machine learning solution to help discover security threats in your network.

predictive analysis

Adding a message in an email’s subject line to identify emails that come from outside the organization. You can often configure your email servers or email cloud services to use this technique.

prepending

The act of making sure that | digital evidence is acquired, handled, and analyzed properly and without any contamination or modification.

preservation of evidence (evidence preservation)

A complex passphrase used to enable connectivity between wireless clients and the WAP. automatically used when you select WPA2- Personal in the Security Mode section.

preshared key (PSK)

the act of impersonating or “spoofing” someone else’s | identity.

pretexting

Controls that are employed before an event and are designed to prevent an incident. Examples include biometric systems designed to keep unauthorized persons out, NIPSs to prevent malicious activity, and RAID 1 to prevent loss of data. These are also sometimes referred to as deterrent controls.

preventive controls

A type of cloud system designed for a particular organization in mind. As security administrator, you have more control over the data and infrastructure. A limited number of people have access to the cloud, and they are usually located behind a firewall of some sort in order to gain access

private cloud

The process of elevating the level of authority (privileges) of a compromised user or a compromised application.

privilege escalation

A system used to centrally manage access | to privileged accounts. It’s primarily based on the concept of least privilege.

privileged access management (PAM)

The environment where your code fulfills its destiny (where users access the final code after all of the updates and testing). When you hear people talk about making their “code go live,” this is the environment they are talking about.

production

Running a network interface or system in monitoring mode | only.

promiscuous mode

A system designed to deter, detect, and/or make difficult physical access to the communication lines carrying data and/ or voice communications.

protected cable distribution system (PDS)

An authentication protocol used to encapsulate Extensible Authentication Protocol (EAP) packets in order to safeguard sensitive data.

Protected Extensible Authentication Protocol (PEAP)

Tools that allow network engineers and security teams to capture network traffic and perform analysis on the captured data to identify potential malicious activity or problems with network traffic.

protocol analyzers

The establishment of a chain of custody for information that can describe its generation and all subsequent modifications that have led to its current state.

provenance

A method of obfuscating sensitive data while not anonymizing the nonsensitive data so that it can be used for other business purposes.

pseudo-anonymization

Application and storage space offered to the general public over the Internet by a service provider.

public cloud

An entire system of hardware and software, policies and procedures, and people. It is used to create, distribute, manage, store, and revoke digital certificates. If you have connected to a secure website in the past, you have utilized

public key infrastructure (PKI)

Information organized into a long chain of blocks. When a buyer and seller engage in a transaction, the blockchain verifies the authenticity of their accounts.

public ledger

A data destruction method where paper is first shredded and then reduced to pulp.

pulping

Grinding or shredding media and paper multiple times beyond | recognition.

pulverizing

A team that integrates the defensive capabilities of a blue team with the adversarial techniques used by the red team. In most cases is not a separate team, but a solid dynamic between the blue and red teams.

purple team

When software triggers and provides certain information such as alerts, authentication attempts, updates, or any other notifications to a device (mobile device, laptop, or desktop) without the user deliberately requesting it.

push notifications