Glossary Part 2 Flashcards
(177 cards)
1
Q
steganography
A
A technique for obscuring the presence of a message, often by embedding information within a file or other entity.
2
Q
software as a service (SaaS)
A
A cloud service model that provisions fully developed application services to users.
3
Q
Transport Layer Security virtual private network (TLS VPN)
A
Virtual private networking solution that uses digital certificates to identify, host, and establish secure tunnels for network traffic.
4
Q
role-based access control (RBAC)
A
An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.
5
Q
secure enclave
A
CPU extensions that protect data stored in system memory so that an untrusted process cannot read it.
6
Q
sensor (alarms)
A
A component in an alarm system that identifies unauthorized entry via infrared-, ultrasonic-, microwave-, or pressure-based detection of thermal changes or movement.
7
Q
self-signed certificate
A
A digital certificate that has been signed by the entity that issued it, rather than by a CA.
8
Q
vulnerability
A
A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
9
Q
vulnerability feed
A
A synchronizable list of data and scripts used to check for vulnerabilities. Also referred to as plug-ins or network vulnerability tests (NVTs).
10
Q
risk mitigation
A
The response of reducing risk to fit within an organization’s willingness to accept risk.
11
Q
sinkhole
A
A DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis.
12
Q
system/process audit
A
An audit process with a wide scope, including assessment of supply chain, configuration, support, monitoring, and cybersecurity factors.
13
Q
state table
A
Information about sessions between hosts that is gathered by a stateful firewall.
14
Q
serverless
A
A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances.
15
Q
under-voltage event
A
When the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Under-voltage events are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from the electrical power station to a building.
16
Q
subject alternative name (SAN)
A
A field in a digital certificate allowing a host to be identified by multiple host names/subdomains.
17
Q
Trojan
A
A malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.
18
Q
risk deterrence
A
In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.
19
Q
root certificate authority
A
In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.
20
Q
service disruption
A
A type of attack that compromises the availability of an asset or business process.
21
Q
SMiShing
A
A form of phishing that uses SMS text messages to trick a victim into revealing information.
22
Q
serverless computing
A
Features and capabilities of a server without needing to perform server administration tasks. Serverless computing offloads infrastructure management to the cloud service provider—for example, configuring file storage capability without the requirement of first building and deploying a file server.
23
Q
Temporal Key Integrity Protocol (TKIP)
A
The mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.
24
Q
Sender Policy Framework (SPF)
A
A DNS record identifying hosts authorized to send mail for the domain.
25
Security-Enhanced Linux (SELinux)
The default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux.
26
software composition analysis (SCA)
Tools designed to assist with identification of third-party and open-source code during software development and deployment.
27
SYN flood
A DoS attack where the attacker sends numerous SYN requests to a target server, hoping to consume enough resources to prevent the transfer of legitimate traffic.
28
risk identification
Within overall risk assessment, the specific process of listing sources of risk due to threats and vulnerabilities.
29
risk assessment
The process of identifying risks, analyzing them, developing a response strategy for them, and mitigating their future impact.
30
vertical privilege escalation
When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.
31
transparent proxy
A server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy.
32
Sarbanes-Oxley Act (SOX)
A law enacted in 2002 that dictates requirements for the storage and retention of documents relating to an organization's financial and business operations.
33
threat
A potential for an entity to exercise a vulnerability (that is, to breach security).
34
screened subnet
A segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.
35
warm site
An alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed.
36
video surveillance
Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.
37
security key
Portable HSM with a computer interface, such as USB or NFC, used for multifactor authentication.
38
supply chain
The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.
39
risk transference
In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.
40
risk reporting
A periodic summary of relevant information about a project’s current risks. It provides a summarized overview of known risks, realized risks, and their impact on the organization.
41
sensor
A monitor that records (or "sniffs") data from frames as they pass over network media, using methods such as a mirror port or TAP device.
42
web filter
A software application or gateway that filters client requests for various types of Internet content (web, FTP, IM, and so on).
43
resource consumption
A potential indicator of malicious activity where CPU, memory, storage, and/or network usage deviates from expected norms.
44
tokenization
A de-identification method where a unique token is substituted for real data.
45
secure baseline
Configuration guides, benchmarks, and best practices for deploying and maintaining a network device or application server in a secure state for its given role.
46
workforce multiplier
A tool or automation that increases employee productivity, enabling them to perform more tasks to the same standard per unit of time.
47
signature-based detection
A network monitoring system that uses a predefined set of rules provided by a software vendor or security personnel to identify events that are unacceptable.
48
risk owner
An individual who is accountable for developing and implementing a risk response strategy for a risk documented in a risk register.
49
server-side
In a web application, input data that is executed or validated as part of a script or process running on the server.
50
software-defined networking (SDN)
APIs and compatible hardware/virtual appliances allowing for programmable network appliances and systems.
51
web application firewall (WAF)
A firewall designed specifically to protect software running on web servers and their back-end databases from code injection and DoS attacks.
52
security identifier (SID)
The value assigned to an account by Windows and that is used by the operating system to identify that account.
53
Transport Layer Security (TLS)
Security protocol that uses certificates for authentication and encryption to protect web communications and other application protocols.
54
risk analysis
Process for qualifying or quantifying the likelihood and impact of a factor.
55
server-side request forgery (SSRF)
An attack where an attacker takes advantage of the trust established between the server and the resources it can access, including itself.
56
salt
A security countermeasure that mitigates the impact of precomputed hash table attacks by adding a random value to ("salting") each plaintext input.
57
ticket granting ticket (TGT)
In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.
58
trade secrets
Intellectual property that gives a company a competitive advantage but hasn't been registered with a copyright, trademark, or patent.
59
rule-based access control
A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.
60
spyware
Software that records information about a PC and its users, often installed without the user's consent.
61
risk acceptance
The response of determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed.
62
trusted platform module (TPM)
Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.
63
virtual private cloud (VPC)
A private network segment made available to a single cloud consumer on a public cloud.
64
statement of work (SOW)
A document that defines the expectations for a specific business arrangement.
65
security information and event management (SIEM)
A solution that provides real-time or near-real-time analysis of security alerts generated by network hardware and applications.
66
user and entity behavior analytics (UEBA)
A system that can provide automated identification of suspicious activity by user accounts and computer hosts.
67
service level agreement (SLA)
An agreement that sets the service requirements and expectations between a consumer and a provider.
68
Virtual Network Computing (VNC)
Remote access tool and protocol. VNC is the basis of macOS screen sharing.
69
static analysis
The process of reviewing uncompiled source code either manually or using automated tools.
70
simulation (testing)
A testing technique that replicates the conditions of a real-world disaster scenario or security incident.
71
resilience
The ability of a system or network to recover quickly from failure events with no or minimal manual intervention.
72
security log
A target for event data related to access control, such as user authentication and privilege use.
73
vulnerability scanner
Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a host OS or particular application.
74
threat hunting
A cybersecurity technique designed to detect the presence of threats that have not been discovered by normal security monitoring.
75
Simultaneous Authentication of Equals (SAE)
Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.
76
risk threshold
Boundary for types and/or levels of risk that can be accepted.
77
watering hole attack
An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.
78
single sign-on (SSO)
Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.
79
responsibility matrix
Identifies that responsibility for the implementation of security as applications, data, and workloads are transitioned into a cloud platform are shared between the customer and the cloud service provider (CSP).
80
snapshot (backup)
Used to create the entire architectural instance/copy of an application, disk, or system. It is used in backup processes to restore the system or disk of a particular device at a specific time. A snapshot backup can also be referred to as image backup.
81
virtual private network (VPN)
A secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).
82
worm
A type of malware that replicates between processes in system memory and can spread over client/server network connections.
83
risk register
A document highlighting the results of risk assessments in an easily comprehensible format (such as a "traffic light" grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.
84
risk exception
Category of risk management that uses alternate mitigating controls to control an accepted risk factor.
85
tunneling
The practice of encapsulating data from one protocol for safe transfer over another network such as the Internet.
86
vishing
Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
87
single loss expectancy (SLE)
The amount that would be lost in a single occurrence of a particular risk factor.
88
Secure Shell (SSH)
Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.
89
scalability
Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs.
90
sandbox
A computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.
91
uninterruptible power supply (UPS)
A battery-powered device that supplies AC power that an electronic device can use in the event of power failure.
92
transport/communication encryption
Encryption scheme applied to data-in-motion, such as WPA, IPsec, or TLS.
93
third-party risks
Vulnerabilities that arise from dependencies in business relationships with suppliers and customers.
94
risk exemption
Category of risk management that accepts an unmitigated risk factor.
95
supervisory control and data acquisition (SCADA)
A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.
96
resource inaccessibility
A potential indicator of malicious activity where a file or service resource that should be available is inaccessible.
97
Secure File Transfer Protocol (SFTP)
A secure version of the File Transfer Protocol that uses a Secure Shell (SSH) tunnel as an encryption method to transfer, access, and manage files.
98
self-encrypting drive (SED)
A disk drive where the controller can automatically encrypt data that is written to it.
99
write blocker
A forensic tool to prevent the capture or analysis device or workstation from changing data on a target disk or media.
100
work recovery time (WRT)
In disaster recovery, time additional to the RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event.
101
Simple Network Management Protocol (SNMP)
Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default.
102
Wired Equivalent Privacy (WEP)
A legacy mechanism for encrypting data sent over a wireless connection.
103
supplicant
In EAP architecture, the device requesting access to the network.
104
sanitization
The process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.
105
service set identifier (SSID)
A character string that identifies a particular wireless LAN (WLAN).
106
soft authentication token
OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.
107
responsiveness
The ability of a system to process a task or workload within an acceptable amount of time.
108
security control
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.
109
tabletop exercise
A discussion of simulated emergency situations and security incidents.
110
Simple Object Access Protocol (SOAP)
An XML-based web services protocol that is used to exchange messages.
111
time-of-day restrictions
Policies or configuration settings that limit a user's access to resources.
112
third party CA
In PKI, a public CA that issues certificates for multiple domains and is widely trusted as a root trust by operating systems and browsers.
113
test access point (TAP)
A hardware device inserted into a cable run to copy frames for analysis.
114
threat actor
A person or entity responsible for an event that has been identified as a security incident or as a risk.
115
software bill of materials (SBOM)
Inventory of third-party and open-source code components used in an application or package.
116
risk
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.
117
tethering
Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot).
118
timeline
In digital forensics, a tool that shows the sequence of file system events within a source image in a graphical format.
119
shadow IT
Computer hardware, software, or services used on a private network without authorization from the system owner.
120
zero trust
The security design paradigm where any request (host-to-host or container-to-container) must be authenticated before being allowed.
121
Wi-Fi Protected Access (WPA)
Standards for authenticating and encrypting access to Wi-Fi networks.
122
secure hash algorithm (SHA)
A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.
123
uniform resource locator (URL)
An application-level addressing scheme for TCP/IP, allowing for human-readable resource addressing. For example: protocol://server/file, where "protocol" is the type of resource (HTTP, FTP), "server" is the name of the computer (www.microsoft.com), and "file" is the name of the resource you wish to access.
124
security assertion markup language (SAML)
An XML-based data format used to exchange authentication information between a client and a service.
125
social engineering
An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
126
virtualization
A computing environment where multiple independent operating systems can be installed to a single hardware platform and run simultaneously.
127
rooting
Gaining superuser-level access over an Android-based mobile device.
128
System Monitor
Software that tracks the health of a computer's subsystems using metrics reported by system hardware or sensors. This provides an alerting service for faults such as high temperature, chassis intrusion, and so on.
129
reverse proxy
A type of proxy server that protects servers from direct contact with client requests.
130
resources/funding
The ability of threat actors to draw upon funding to acquire personnel, tools, and to develop novel attack types.
131
visualization
A widget showing records or metrics in a visual format, such as a graph or table.
132
site survey
Documentation about a location for the purposes of building an ideal wireless infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identify sources of interference.
133
Security Content Automation Protocol (SCAP)
A NIST framework that outlines various accepted practices for automating vulnerability scanning.
134
syslog
Application protocol and event-logging format enabling different appliances and software applications to transmit logs or event records to a central server. Syslog works over UDP port 514 by default.
135
standards
Expected outcome or state of a task that has been performed in accordance with policies and procedures. Standards can be determined internally or measured against external frameworks.
136
risk appetite
A strategic assessment of what level of residual risk is acceptable for an organization.
137
stateful inspection
A technique used in firewalls to analyze packets down to the application layer rather than filtering packets only by header information, enabling the firewall to enforce tighter and more security.
138
rules of engagement (ROE)
A definition of how a pen test will be executed and what constraints will be in place. This provides the pen tester with guidelines to consult as they conduct their tests so that they don't have to constantly ask management for permission to do something.
139
Simple Mail Transfer Protocol (SMTP)
Application protocol used to send mail between hosts on the Internet. Messages are sent between servers over TCP port 25 or submitted by a mail client over secure port TCP/587.
140
risk avoidance
In risk mitigation, the practice of ceasing activity that presents risk.
141
security zone
An area of the network (or of a connected network) where the security configuration is the same for all hosts within it. In physical security, an area separated by barriers that control entry and exit points.
142
Structured Query Language injection (SQL injection)
An attack that injects a database query into the input data directed at a server by accessing the client side of the application.
143
software defined WAN (SD-WAN)
Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over multiple types of transport network.
144
Snort
An open source NIDS. A subscription ("oinkcode") is required to obtain up-to-date rulesets, which allow the detection engine to identify the very latest threats. Non-subscribers can obtain community-authored rulesets.
145
standard configurations
In an IaC architecture, the property that an automation or orchestration action always produces the same result, regardless of the component's previous state.
146
root cause analysis
A technique used to determine the true cause of the problem that, when removed, prevents the problem from occurring again.
147
selection of effective controls
The process of choosing the type and placement of security controls to ensure the goals of the CIA triad and compliance with any framework requirements.
148
sideloading
Installing an app to a mobile device without using an app store.
149
risk tolerance
Determines the thresholds that separate different levels of risk.
150
smart card
A security device similar to a credit card that can store authentication information, such as a user's private key, on an embedded cryptoprocessor.
151
single point of failure (SPoF)
A component or system that would cause a complete interruption of a service if it failed.
152
wildcard domain
In PKI, a digital certificate that will match multiple subdomains of a parent domain.
153
Wi-Fi Protected Setup (WPS)
A feature of WPA and WPA2 that allows enrollment in a wireless network based on an eight-digit PIN.
154
unsecure network
Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.
155
version control
The practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes.
156
shellcode
A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.
157
virus
Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.
158
session affinity
A scheduling approach used by load balancers to route traffic to devices that have already established connections with the client in question.
159
risk management
The cyclical process of identifying, assessing, analyzing, and responding to risks.
160
trend analysis
The process of detecting patterns within a dataset over time, and using those patterns to make predictions about future events or to better understand past events.
161
unified threat management (UTM)
All-in-one security appliances and agents that combine the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data-loss prevention, content filtering, and so on.
162
typosquatting
An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL they enter into a browser is taken to the attacker's website.
163
responsible disclosure program
A process that allows researchers and reviewers to safely disclose vulnerabilities to a software developer.
164
tactics, techniques, and procedures (TTP)
Analysis of historical cyberattacks and adversary actions.
165
structured exception handler (SEH)
A mechanism to account for unexpected error conditions that might arise during code execution. Effective error handling reduces the chances that a program could be exploited.
166
technical debt
Costs accrued by keeping an ineffective system or product in place, rather than replacing it with a better-engineered one.
167
router firewall
A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.
168
threat feed
Signatures and pattern-matching rules supplied to analysis platforms as an automated feed.
169
software development life cycle (SDLC)
The processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development.
170
time-of-check to time-of-use (TOCTOU)
The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource.
171
unintentional insider threat
A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.
172
right to be forgotten
Principle of regulated privacy data that protects the data subject's ability to request its deletion.
173
type-safe programming language
A program that enforces strict type-checking during compilation and ensures variables and data are used correctly. It prevents memory-related vulnerabilities and injection attacks.
174
virtual local area network (VLAN)
A logical network segment comprising a broadcast domain established using a feature of managed switches to assign each port a VLAN ID. Even though hosts on two VLANs may be physically connected to the same switch, local traffic is isolated to each VLAN, so they must use a router to communicate.
175
Secure Access Service Edge (SASE)
A networking and security architecture that provides secure access to cloud applications and services while reducing complexity. It combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN.
176
zero-day
A vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.
177
skimming
Making a duplicate of a contactless access card by copying its access token and programming a new card with the same data.
